1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
|
# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.
import logging
from lxml import etree
import os
import unittest
import time
import pytz
import werkzeug
import werkzeug.routing
import werkzeug.utils
from functools import partial
import odoo
from odoo import api, models
from odoo import registry, SUPERUSER_ID
from odoo.http import request
from odoo.tools.safe_eval import safe_eval
from odoo.osv.expression import FALSE_DOMAIN
from odoo.addons.http_routing.models.ir_http import ModelConverter, _guess_mimetype
from odoo.addons.portal.controllers.portal import _build_url_w_params
logger = logging.getLogger(__name__)
def sitemap_qs2dom(qs, route, field='name'):
""" Convert a query_string (can contains a path) to a domain"""
dom = []
if qs and qs.lower() not in route:
needles = qs.strip('/').split('/')
# needles will be altered and keep only element which one is not in route
# diff(from=['shop', 'product'], to=['shop', 'product', 'product']) => to=['product']
unittest.util.unorderable_list_difference(route.strip('/').split('/'), needles)
if len(needles) == 1:
dom = [(field, 'ilike', needles[0])]
else:
dom = FALSE_DOMAIN
return dom
def get_request_website():
""" Return the website set on `request` if called in a frontend context
(website=True on route).
This method can typically be used to check if we are in the frontend.
This method is easy to mock during python tests to simulate frontend
context, rather than mocking every method accessing request.website.
Don't import directly the method or it won't be mocked during tests, do:
```
from odoo.addons.website.models import ir_http
my_var = ir_http.get_request_website()
```
"""
return request and getattr(request, 'website', False) or False
class Http(models.AbstractModel):
_inherit = 'ir.http'
@classmethod
def routing_map(cls, key=None):
key = key or (request and request.website_routing)
return super(Http, cls).routing_map(key=key)
@classmethod
def clear_caches(cls):
super(Http, cls)._clear_routing_map()
return super(Http, cls).clear_caches()
@classmethod
def _slug_matching(cls, adapter, endpoint, **kw):
for arg in kw:
if isinstance(kw[arg], models.BaseModel):
kw[arg] = kw[arg].with_context(slug_matching=True)
qs = request.httprequest.query_string.decode('utf-8')
try:
return adapter.build(endpoint, kw) + (qs and '?%s' % qs or '')
except odoo.exceptions.MissingError:
raise werkzeug.exceptions.NotFound()
@classmethod
def _match(cls, path_info, key=None):
key = key or (request and request.website_routing)
return super(Http, cls)._match(path_info, key=key)
@classmethod
def _generate_routing_rules(cls, modules, converters):
website_id = request.website_routing
logger.debug("_generate_routing_rules for website: %s", website_id)
domain = [('redirect_type', 'in', ('308', '404')), '|', ('website_id', '=', False), ('website_id', '=', website_id)]
rewrites = dict([(x.url_from, x) for x in request.env['website.rewrite'].sudo().search(domain)])
cls._rewrite_len[website_id] = len(rewrites)
for url, endpoint, routing in super(Http, cls)._generate_routing_rules(modules, converters):
routing = dict(routing)
if url in rewrites:
rewrite = rewrites[url]
url_to = rewrite.url_to
if rewrite.redirect_type == '308':
logger.debug('Add rule %s for %s' % (url_to, website_id))
yield url_to, endpoint, routing # yield new url
if url != url_to:
logger.debug('Redirect from %s to %s for website %s' % (url, url_to, website_id))
_slug_matching = partial(cls._slug_matching, endpoint=endpoint)
routing['redirect_to'] = _slug_matching
yield url, endpoint, routing # yield original redirected to new url
elif rewrite.redirect_type == '404':
logger.debug('Return 404 for %s for website %s' % (url, website_id))
continue
else:
yield url, endpoint, routing
@classmethod
def _get_converters(cls):
""" Get the converters list for custom url pattern werkzeug need to
match Rule. This override adds the website ones.
"""
return dict(
super(Http, cls)._get_converters(),
model=ModelConverter,
)
@classmethod
def _auth_method_public(cls):
""" If no user logged, set the public user of current website, or default
public user as request uid.
After this method `request.env` can be called, since the `request.uid` is
set. The `env` lazy property of `request` will be correct.
"""
if not request.session.uid:
env = api.Environment(request.cr, SUPERUSER_ID, request.context)
website = env['website'].get_current_website()
request.uid = website and website._get_cached('user_id')
if not request.uid:
super(Http, cls)._auth_method_public()
@classmethod
def _register_website_track(cls, response):
if getattr(response, 'status_code', 0) != 200:
return False
template = False
if hasattr(response, 'qcontext'): # classic response
main_object = response.qcontext.get('main_object')
website_page = getattr(main_object, '_name', False) == 'website.page' and main_object
template = response.qcontext.get('response_template')
elif hasattr(response, '_cached_page'):
website_page, template = response._cached_page, response._cached_template
view = template and request.env['website'].get_template(template)
if view and view.track:
request.env['website.visitor']._handle_webpage_dispatch(response, website_page)
return False
@classmethod
def _dispatch(cls):
"""
In case of rerouting for translate (e.g. when visiting odoo.com/fr_BE/),
_dispatch calls reroute() that returns _dispatch with altered request properties.
The second _dispatch will continue until end of process. When second _dispatch is finished, the first _dispatch
call receive the new altered request and continue.
At the end, 2 calls of _dispatch (and this override) are made with exact same request properties, instead of one.
As the response has not been sent back to the client, the visitor cookie does not exist yet when second _dispatch call
is treated in _handle_webpage_dispatch, leading to create 2 visitors with exact same properties.
To avoid this, we check if, !!! before calling super !!!, we are in a rerouting request. If not, it means that we are
handling the original request, in which we should create the visitor. We ignore every other rerouting requests.
"""
is_rerouting = hasattr(request, 'routing_iteration')
if request.session.db:
reg = registry(request.session.db)
with reg.cursor() as cr:
env = api.Environment(cr, SUPERUSER_ID, {})
request.website_routing = env['website'].get_current_website().id
response = super(Http, cls)._dispatch()
if not is_rerouting:
cls._register_website_track(response)
return response
@classmethod
def _add_dispatch_parameters(cls, func):
# DEPRECATED for /website/force/<website_id> - remove me in master~saas-14.4
# Force website with query string paramater, typically set from website selector in frontend navbar and inside tests
force_website_id = request.httprequest.args.get('fw')
if (force_website_id and request.session.get('force_website_id') != force_website_id
and request.env.user.has_group('website.group_multi_website')
and request.env.user.has_group('website.group_website_publisher')):
request.env['website']._force_website(request.httprequest.args.get('fw'))
context = {}
if not request.context.get('tz'):
context['tz'] = request.session.get('geoip', {}).get('time_zone')
try:
pytz.timezone(context['tz'] or '')
except pytz.UnknownTimeZoneError:
context.pop('tz')
request.website = request.env['website'].get_current_website() # can use `request.env` since auth methods are called
context['website_id'] = request.website.id
# This is mainly to avoid access errors in website controllers where there is no
# context (eg: /shop), and it's not going to propagate to the global context of the tab
# If the company of the website is not in the allowed companies of the user, set the main
# company of the user.
website_company_id = request.website._get_cached('company_id')
if website_company_id in request.env.user.company_ids.ids:
context['allowed_company_ids'] = [website_company_id]
else:
context['allowed_company_ids'] = request.env.user.company_id.ids
# modify bound context
request.context = dict(request.context, **context)
super(Http, cls)._add_dispatch_parameters(func)
if request.routing_iteration == 1:
request.website = request.website.with_context(request.context)
@classmethod
def _get_frontend_langs(cls):
if get_request_website():
return [code for code, *_ in request.env['res.lang'].get_available()]
else:
return super()._get_frontend_langs()
@classmethod
def _get_default_lang(cls):
if getattr(request, 'website', False):
return request.env['res.lang'].browse(request.website._get_cached('default_lang_id'))
return super(Http, cls)._get_default_lang()
@classmethod
def _get_translation_frontend_modules_name(cls):
mods = super(Http, cls)._get_translation_frontend_modules_name()
installed = request.registry._init_modules | set(odoo.conf.server_wide_modules)
return mods + [mod for mod in installed if mod.startswith('website')]
@classmethod
def _serve_page(cls):
req_page = request.httprequest.path
page_domain = [('url', '=', req_page)] + request.website.website_domain()
published_domain = page_domain
# specific page first
page = request.env['website.page'].sudo().search(published_domain, order='website_id asc', limit=1)
# redirect withtout trailing /
if not page and req_page != "/" and req_page.endswith("/"):
return request.redirect(req_page[:-1])
if page:
# prefetch all menus (it will prefetch website.page too)
request.website.menu_id
if page and (request.website.is_publisher() or page.is_visible):
need_to_cache = False
cache_key = page._get_cache_key(request)
if (
page.cache_time # cache > 0
and request.httprequest.method == "GET"
and request.env.user._is_public() # only cache for unlogged user
and 'nocache' not in request.params # allow bypass cache / debug
and not request.session.debug
and len(cache_key) and cache_key[-1] is not None # nocache via expr
):
need_to_cache = True
try:
r = page._get_cache_response(cache_key)
if r['time'] + page.cache_time > time.time():
response = werkzeug.Response(r['content'], mimetype=r['contenttype'])
response._cached_template = r['template']
response._cached_page = page
return response
except KeyError:
pass
_, ext = os.path.splitext(req_page)
response = request.render(page.view_id.id, {
'deletable': True,
'main_object': page,
}, mimetype=_guess_mimetype(ext))
if need_to_cache and response.status_code == 200:
r = response.render()
page._set_cache_response(cache_key, {
'content': r,
'contenttype': response.headers['Content-Type'],
'time': time.time(),
'template': getattr(response, 'qcontext', {}).get('response_template')
})
return response
return False
@classmethod
def _serve_redirect(cls):
req_page = request.httprequest.path
domain = [
('redirect_type', 'in', ('301', '302')),
# trailing / could have been removed by server_page
'|', ('url_from', '=', req_page.rstrip('/')), ('url_from', '=', req_page + '/')
]
domain += request.website.website_domain()
return request.env['website.rewrite'].sudo().search(domain, limit=1)
@classmethod
def _serve_fallback(cls, exception):
# serve attachment before
parent = super(Http, cls)._serve_fallback(exception)
if parent: # attachment
return parent
if not request.is_frontend:
return False
website_page = cls._serve_page()
if website_page:
return website_page
redirect = cls._serve_redirect()
if redirect:
return request.redirect(_build_url_w_params(redirect.url_to, request.params), code=redirect.redirect_type)
return False
@classmethod
def _get_exception_code_values(cls, exception):
code, values = super(Http, cls)._get_exception_code_values(exception)
if isinstance(exception, werkzeug.exceptions.NotFound) and request.website.is_publisher():
code = 'page_404'
values['path'] = request.httprequest.path[1:]
if isinstance(exception, werkzeug.exceptions.Forbidden) and \
exception.description == "website_visibility_password_required":
code = 'protected_403'
values['path'] = request.httprequest.path
return (code, values)
@classmethod
def _get_values_500_error(cls, env, values, exception):
View = env["ir.ui.view"]
values = super(Http, cls)._get_values_500_error(env, values, exception)
if 'qweb_exception' in values:
try:
# exception.name might be int, string
exception_template = int(exception.name)
except ValueError:
exception_template = exception.name
view = View._view_obj(exception_template)
if exception.html and exception.html in view.arch:
values['view'] = view
else:
# There might be 2 cases where the exception code can't be found
# in the view, either the error is in a child view or the code
# contains branding (<div t-att-data="request.browse('ok')"/>).
et = etree.fromstring(view.with_context(inherit_branding=False).read_combined(['arch'])['arch'])
node = et.xpath(exception.path)
line = node is not None and etree.tostring(node[0], encoding='unicode')
if line:
values['view'] = View._views_get(exception_template).filtered(
lambda v: line in v.arch
)
values['view'] = values['view'] and values['view'][0]
# Needed to show reset template on translated pages (`_prepare_qcontext` will set it for main lang)
values['editable'] = request.uid and request.website.is_publisher()
return values
@classmethod
def _get_error_html(cls, env, code, values):
if code in ('page_404', 'protected_403'):
return code.split('_')[1], env['ir.ui.view']._render_template('website.%s' % code, values)
return super(Http, cls)._get_error_html(env, code, values)
def binary_content(self, xmlid=None, model='ir.attachment', id=None, field='datas',
unique=False, filename=None, filename_field='name', download=False,
mimetype=None, default_mimetype='application/octet-stream',
access_token=None):
obj = None
if xmlid:
obj = self._xmlid_to_obj(self.env, xmlid)
elif id and model in self.env:
obj = self.env[model].browse(int(id))
if obj and 'website_published' in obj._fields:
if self.env[obj._name].sudo().search([('id', '=', obj.id), ('website_published', '=', True)]):
self = self.sudo()
return super(Http, self).binary_content(
xmlid=xmlid, model=model, id=id, field=field, unique=unique, filename=filename,
filename_field=filename_field, download=download, mimetype=mimetype,
default_mimetype=default_mimetype, access_token=access_token)
@classmethod
def _xmlid_to_obj(cls, env, xmlid):
website_id = env['website'].get_current_website()
if website_id and website_id.theme_id:
domain = [('key', '=', xmlid), ('website_id', '=', website_id.id)]
Attachment = env['ir.attachment']
if request.env.user.share:
domain.append(('public', '=', True))
Attachment = Attachment.sudo()
obj = Attachment.search(domain)
if obj:
return obj[0]
return super(Http, cls)._xmlid_to_obj(env, xmlid)
@api.model
def get_frontend_session_info(self):
session_info = super(Http, self).get_frontend_session_info()
session_info.update({
'is_website_user': request.env.user.id == request.website.user_id.id,
})
if request.env.user.has_group('website.group_website_publisher'):
session_info.update({
'website_id': request.website.id,
'website_company_id': request.website._get_cached('company_id'),
})
return session_info
class ModelConverter(ModelConverter):
def to_url(self, value):
if value.env.context.get('slug_matching'):
return value.env.context.get('_converter_value', str(value.id))
return super().to_url(value)
def generate(self, uid, dom=None, args=None):
Model = request.env[self.model].with_user(uid)
# Allow to current_website_id directly in route domain
args.update(current_website_id=request.env['website'].get_current_website().id)
domain = safe_eval(self.domain, (args or {}).copy())
if dom:
domain += dom
for record in Model.search(domain):
# return record so URL will be the real endpoint URL as the record will go through `slug()`
# the same way as endpoint URL is retrieved during dispatch (301 redirect), see `to_url()` from ModelConverter
yield record
|
