audrius/app-odoo
1
0
Fork 0
mirror of https://github.com/guohuadeng/app-odoo.git synced 2025-02-23 04:11:36 +02:00
Code Issues Packages Projects Releases Wiki Activity

[FIX] app_odoo_customize: security

Browse Source
This commit is contained in:
Chill
2024-03-11 18:16:14 +08:00
parent d59965ca05
commit 1f0669b71b
3 changed files with 33 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
app_odoo_customize/models/res_config_settings.py
View File

@@ -69,17 +69,22 @@ class ResConfigSettings(models.TransientModel):
@api.model
def set_module_url(self, rec=None):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
config_parameter = self.env['ir.config_parameter'].sudo()
app_enterprise_url = config_parameter.get_param('app_enterprise_url', 'https://www.odooai.cn')
sql = "UPDATE ir_module_module SET website = '%s' WHERE license like '%s' and website <> ''" % (app_enterprise_url, 'OEEL%')
try:
self._cr.execute(sql)
self._cr.commit()
except Exception as e:
pass
modules = self.env['ir.module.module'].search([('license', 'like', 'OEEL%'), ('website', '!=', False)])
if modules:
sql = "UPDATE ir_module_module SET website = '%s' WHERE id IN %s" % (app_enterprise_url, tuple(modules.ids))
try:
self._cr.execute(sql)
except Exception as e:
pass
# 清数据o=对象, s=序列
def remove_app_data(self, o, s=[]):
def _remove_app_data(self, o, s=[]):
if not self._app_check_sys_op():
raise UserError(_('Not allow.'))
for line in o:
# 检查是否存在
try:
@@ -131,7 +136,7 @@ class ResConfigSettings(models.TransientModel):
seqs = [
'sale',
]
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_product(self):
to_removes = [
@@ -142,7 +147,7 @@ class ResConfigSettings(models.TransientModel):
seqs = [
'product.product',
]
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_product_attribute(self):
to_removes = [
@@ -151,7 +156,7 @@ class ResConfigSettings(models.TransientModel):
'product.attribute',
]
seqs = []
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_pos(self):
to_removes = [
@@ -164,12 +169,12 @@ class ResConfigSettings(models.TransientModel):
seqs = [
'pos.',
]
res = self.remove_app_data(to_removes, seqs)
res = self._remove_app_data(to_removes, seqs)
# 更新要关帐的值,因为 store=true 的计算字段要重置
try:
statement = self.env['account.bank.statement'].sudo().search([])
statement = self.env['account.bank.statement'].search([])
for s in statement:
s._end_balance()
except Exception as e:
@@ -187,7 +192,7 @@ class ResConfigSettings(models.TransientModel):
seqs = [
'purchase.',
]
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_expense(self):
to_removes = [
@@ -200,7 +205,7 @@ class ResConfigSettings(models.TransientModel):
seqs = [
'hr.expense.',
]
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_mrp(self):
to_removes = [
@@ -219,7 +224,7 @@ class ResConfigSettings(models.TransientModel):
seqs = [
'mrp.',
]
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_mrp_bom(self):
to_removes = [
@@ -228,7 +233,7 @@ class ResConfigSettings(models.TransientModel):
'mrp.bom',
]
seqs = []
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_inventory(self):
to_removes = [
@@ -256,7 +261,7 @@ class ResConfigSettings(models.TransientModel):
'product.tracking.default',
'WH/',
]
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_account(self):
to_removes = [
@@ -277,7 +282,7 @@ class ResConfigSettings(models.TransientModel):
'hr.expense.sheet',
'account.move',
]
res = self.remove_app_data(to_removes, [])
res = self._remove_app_data(to_removes, [])
# extra 更新序号
domain = [
@@ -393,7 +398,7 @@ class ResConfigSettings(models.TransientModel):
seqs = []
res = self.remove_app_data(to_removes, seqs)
res = self._remove_app_data(to_removes, seqs)
return res
def remove_project(self):
@@ -412,7 +417,7 @@ class ResConfigSettings(models.TransientModel):
'project.task.stage.personal',
]
seqs = []
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_quality(self):
to_removes = [
@@ -431,7 +436,7 @@ class ResConfigSettings(models.TransientModel):
'quality.alert',
# 'quality.point',
]
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_quality_setting(self):
to_removes = [
@@ -443,7 +448,7 @@ class ResConfigSettings(models.TransientModel):
'quality.reason',
'quality.tag',
]
return self.remove_app_data(to_removes)
return self._remove_app_data(to_removes)
def remove_website(self):
to_removes = [
@@ -464,7 +469,7 @@ class ResConfigSettings(models.TransientModel):
# 'website',
]
seqs = []
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_message(self):
to_removes = [
@@ -474,7 +479,7 @@ class ResConfigSettings(models.TransientModel):
'mail.activity',
]
seqs = []
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_workflow(self):
to_removes = [
@@ -483,7 +488,7 @@ class ResConfigSettings(models.TransientModel):
# 'wkf.instance',
]
seqs = []
return self.remove_app_data(to_removes, seqs)
return self._remove_app_data(to_removes, seqs)
def remove_all_biz(self):
self.remove_account()
@@ -519,7 +524,7 @@ class ResConfigSettings(models.TransientModel):
return True
def action_set_app_doc_root_to_my(self):
base_url = self.env['ir.config_parameter'].sudo().get_param('web.base.url')
base_url = self.env['ir.config_parameter'].get_param('web.base.url')
self.app_doc_root_url = base_url
# def action_set_all_to_app_doc_root_url(self):