Rudoo/portal
13
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
portal/controllers/mail.py
Данил Воробьев c5833477ca initial commit
2024-05-03 09:57:08 +00:00

281 lines
14 KiB
Python
Raw Permalink Blame History

# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.
from werkzeug import urls
from werkzeug.exceptions import NotFound, Forbidden
from odoo import http
from odoo.http import request
from odoo.osv import expression
from odoo.tools import consteq, plaintext2html
from odoo.addons.mail.controllers import mail
from odoo.exceptions import AccessError
def _check_special_access(res_model, res_id, token='', _hash='', pid=False):
record = request.env[res_model].browse(res_id).sudo()
if _hash and pid: # Signed Token Case: hash implies token is signed by partner pid
return consteq(_hash, record._sign_token(pid))
elif token: # Token Case: token is the global one of the document
token_field = request.env[res_model]._mail_post_token_field
return (token and record and consteq(record[token_field], token))
else:
raise Forbidden()
def _message_post_helper(res_model, res_id, message, token='', _hash=False, pid=False, nosubscribe=True, **kw):
""" Generic chatter function, allowing to write on *any* object that inherits mail.thread. We
distinguish 2 cases:
1/ If a token is specified, all logged in users will be able to write a message regardless
of access rights; if the user is the public user, the message will be posted under the name
of the partner_id of the object (or the public user if there is no partner_id on the object).
2/ If a signed token is specified (`hash`) and also a partner_id (`pid`), all post message will
be done under the name of the partner_id (as it is signed). This should be used to avoid leaking
token to all users.
Required parameters
:param string res_model: model name of the object
:param int res_id: id of the object
:param string message: content of the message
Optional keywords arguments:
:param string token: access token if the object's model uses some kind of public access
using tokens (usually a uuid4) to bypass access rules
:param string hash: signed token by a partner if model uses some token field to bypass access right
post messages.
:param string pid: identifier of the res.partner used to sign the hash
:param bool nosubscribe: set False if you want the partner to be set as follower of the object when posting (default to True)
The rest of the kwargs are passed on to message_post()
"""
record = request.env[res_model].browse(res_id)
# check if user can post with special token/signed token. The "else" will try to post message with the
# current user access rights (_mail_post_access use case).
if token or (_hash and pid):
pid = int(pid) if pid else False
if _check_special_access(res_model, res_id, token=token, _hash=_hash, pid=pid):
record = record.sudo()
else:
raise Forbidden()
else: # early check on access to avoid useless computation
record.check_access_rights('read')
record.check_access_rule('read')
# deduce author of message
author_id = request.env.user.partner_id.id if request.env.user.partner_id else False
# Signed Token Case: author_id is forced
if _hash and pid:
author_id = pid
# Token Case: author is document customer (if not logged) or itself even if user has not the access
elif token:
if request.env.user._is_public():
# TODO : After adding the pid and sign_token in access_url when send invoice by email, remove this line
# TODO : Author must be Public User (to rename to 'Anonymous')
author_id = record.partner_id.id if hasattr(record, 'partner_id') and record.partner_id.id else author_id
else:
if not author_id:
raise NotFound()
email_from = None
if author_id and 'email_from' not in kw:
partner = request.env['res.partner'].sudo().browse(author_id)
email_from = partner.email_formatted if partner.email else None
message_post_args = dict(
body=message,
message_type=kw.pop('message_type', "comment"),
subtype_xmlid=kw.pop('subtype_xmlid', "mail.mt_comment"),
author_id=author_id,
**kw
)
# This is necessary as mail.message checks the presence
# of the key to compute its default email from
if email_from:
message_post_args['email_from'] = email_from
return record.with_context(mail_create_nosubscribe=nosubscribe).message_post(**message_post_args)
class PortalChatter(http.Controller):
def _portal_post_filter_params(self):
return ['token', 'pid']
def _portal_post_check_attachments(self, attachment_ids, attachment_tokens):
request.env['ir.attachment'].browse(attachment_ids)._check_attachments_access(attachment_tokens)
def _portal_post_has_content(self, res_model, res_id, message, attachment_ids=None, **kw):
""" Tells if we can effectively post on the model based on content. """
return bool(message) or bool(attachment_ids)
@http.route('/mail/avatar/mail.message/<int:res_id>/author_avatar/<int:width>x<int:height>', type='http', auth='public')
def portal_avatar(self, res_id=None, height=50, width=50, access_token=None, _hash=None, pid=None):
""" Get the avatar image in the chatter of the portal """
if access_token or (_hash and pid):
message = request.env['mail.message'].browse(int(res_id)).exists().filtered(
lambda msg: _check_special_access(msg.model, msg.res_id, access_token, _hash, pid and int(pid))
).sudo()
else:
message = request.env.ref('web.image_placeholder').sudo()
# in case there is no message, it creates a stream with the placeholder image
stream = request.env['ir.binary']._get_image_stream_from(
message, field_name='author_avatar', width=int(width), height=int(height),
)
return stream.get_response()
@http.route(['/mail/chatter_post'], type='json', methods=['POST'], auth='public', website=True)
def portal_chatter_post(self, res_model, res_id, message, attachment_ids=None, attachment_tokens=None, **kw):
"""Create a new `mail.message` with the given `message` and/or `attachment_ids` and return new message values.
The message will be associated to the record `res_id` of the model
`res_model`. The user must have access rights on this target document or
must provide valid identifiers through `kw`. See `_message_post_helper`.
"""
if not self._portal_post_has_content(res_model, res_id, message,
attachment_ids=attachment_ids, attachment_tokens=attachment_tokens,
**kw):
return
res_id = int(res_id)
self._portal_post_check_attachments(attachment_ids or [], attachment_tokens or [])
result = {'default_message': message}
# message is received in plaintext and saved in html
if message:
message = plaintext2html(message)
post_values = {
'res_model': res_model,
'res_id': res_id,
'message': message,
'send_after_commit': False,
'attachment_ids': False, # will be added afterward
}
post_values.update((fname, kw.get(fname)) for fname in self._portal_post_filter_params())
post_values['_hash'] = kw.get('hash')
message = _message_post_helper(**post_values)
result.update({'default_message_id': message.id})
if attachment_ids:
# _message_post_helper already checks for pid/hash/token -> use message
# environment to keep the sudo mode when activated
record = message.env[res_model].browse(res_id)
attachments = record._process_attachments_for_post(
[], attachment_ids,
{'res_id': res_id, 'model': res_model}
)
# sudo write the attachment to bypass the read access verification in
# mail message
if attachments.get('attachment_ids'):
message.sudo().write(attachments)
result.update({'default_attachment_ids': message.attachment_ids.sudo().read(['id', 'name', 'mimetype', 'file_size', 'access_token'])})
return result
@http.route('/mail/chatter_init', type='json', auth='public', website=True)
def portal_chatter_init(self, res_model, res_id, domain=False, limit=False, **kwargs):
is_user_public = request.env.user.has_group('base.group_public')
message_data = self.portal_message_fetch(res_model, res_id, domain=domain, limit=limit, **kwargs)
display_composer = False
if kwargs.get('allow_composer'):
display_composer = kwargs.get('token') or not is_user_public
return {
'messages': message_data['messages'],
'options': {
'message_count': message_data['message_count'],
'is_user_public': is_user_public,
'is_user_employee': request.env.user._is_internal(),
'is_user_publisher': request.env.user.has_group('website.group_website_restricted_editor'),
'display_composer': display_composer,
'partner_id': request.env.user.partner_id.id
}
}
@http.route('/mail/chatter_fetch', type='json', auth='public', website=True)
def portal_message_fetch(self, res_model, res_id, domain=False, limit=10, offset=0, **kw):
if not domain:
domain = []
# Only search into website_message_ids, so apply the same domain to perform only one search
# extract domain from the 'website_message_ids' field
model = request.env[res_model]
field = model._fields['website_message_ids']
field_domain = field.get_domain_list(model)
domain = expression.AND([
domain,
field_domain,
[('res_id', '=', res_id), '|', ('body', '!=', ''), ('attachment_ids', '!=', False)]
])
# Check access
Message = request.env['mail.message']
if kw.get('token'):
access_as_sudo = _check_special_access(res_model, res_id, token=kw.get('token'))
if not access_as_sudo: # if token is not correct, raise Forbidden
raise Forbidden()
# Non-employee see only messages with not internal subtype (aka, no internal logs)
if not request.env['res.users'].has_group('base.group_user'):
domain = expression.AND([Message._get_search_domain_share(), domain])
Message = request.env['mail.message'].sudo()
return {
'messages': Message.search(domain, limit=limit, offset=offset).portal_message_format(options=kw),
'message_count': Message.search_count(domain)
}
@http.route(['/mail/update_is_internal'], type='json', auth="user", website=True)
def portal_message_update_is_internal(self, message_id, is_internal):
message = request.env['mail.message'].browse(int(message_id))
message.write({'is_internal': is_internal})
return message.is_internal
class MailController(mail.MailController):
@classmethod
def _redirect_to_record(cls, model, res_id, access_token=None, **kwargs):
""" If the current user doesn't have access to the document, but provided
a valid access token, redirect them to the front-end view.
If the partner_id and hash parameters are given, add those parameters to the redirect url
to authentify the recipient in the chatter, if any.
:param model: the model name of the record that will be visualized
:param res_id: the id of the record
:param access_token: token that gives access to the record
bypassing the rights and rules restriction of the user.
:param kwargs: Typically, it can receive a partner_id and a hash (sign_token).
If so, those two parameters are used to authentify the recipient in the chatter, if any.
:return:
"""
# no model / res_id, meaning no possible record -> direct skip to super
if not model or not res_id or model not in request.env:
return super(MailController, cls)._redirect_to_record(model, res_id, access_token=access_token, **kwargs)
if isinstance(request.env[model], request.env.registry['portal.mixin']):
uid = request.session.uid or request.env.ref('base.public_user').id
record_sudo = request.env[model].sudo().browse(res_id).exists()
try:
record_sudo.with_user(uid).check_access_rights('read')
record_sudo.with_user(uid).check_access_rule('read')
except AccessError:
if record_sudo.access_token and access_token and consteq(record_sudo.access_token, access_token):
record_action = record_sudo._get_access_action(force_website=True)
if record_action['type'] == 'ir.actions.act_url':
pid = kwargs.get('pid')
hash = kwargs.get('hash')
url = record_action['url']
if pid and hash:
url = urls.url_parse(url)
url_params = url.decode_query()
url_params.update([("pid", pid), ("hash", hash)])
url = url.replace(query=urls.url_encode(url_params)).to_url()
return request.redirect(url)
return super(MailController, cls)._redirect_to_record(model, res_id, access_token=access_token, **kwargs)
# Add website=True to support the portal layout
@http.route('/mail/unfollow', type='http', website=True)
def mail_action_unfollow(self, model, res_id, pid, token, **kwargs):
return super().mail_action_unfollow(model, res_id, pid, token, **kwargs)
Reference in New Issue View Git Blame Copy Permalink