initial commit 2

1 files changed, 39 insertions, 0 deletions

diff --git a/addons/portal/models/mail_thread.py b/addons/portal/models/mail_thread.py
new file mode 100644
index 00000000..0e9b58b9
--- /dev/null
+++ b/addons/portal/models/mail_thread.py
@@ -0,0 +1,39 @@
+# -*- coding: utf-8 -*-
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+import hashlib
+import hmac
+
+from odoo import api, fields, models, _
+
+
+class MailThread(models.AbstractModel):
+    _inherit = 'mail.thread'
+
+    _mail_post_token_field = 'access_token' # token field for external posts, to be overridden
+
+    website_message_ids = fields.One2many('mail.message', 'res_id', string='Website Messages',
+        domain=lambda self: [('model', '=', self._name), '|', ('message_type', '=', 'comment'), ('message_type', '=', 'email')], auto_join=True,
+        help="Website communication history")
+
+    def _sign_token(self, pid):
+        """Generate a secure hash for this record with the email of the recipient with whom the record have been shared.
+
+        This is used to determine who is opening the link
+        to be able for the recipient to post messages on the document's portal view.
+
+        :param str email:
+            Email of the recipient that opened the link.
+        """
+        self.ensure_one()
+        # check token field exists
+        if self._mail_post_token_field not in self._fields:
+            raise NotImplementedError(_(
+                "Model %(model_name)s does not support token signature, as it does not have %(field_name)s field.",
+                model_name=self._name,
+                field_name=self._mail_post_token_field
+            ))
+        # sign token
+        secret = self.env["ir.config_parameter"].sudo().get_param("database.secret")
+        token = (self.env.cr.dbname, self[self._mail_post_token_field], pid)
+        return hmac.new(secret.encode('utf-8'), repr(token).encode('utf-8'), hashlib.sha256).hexdigest()