[FIX] app_odoo_customize: security

2025-02-23 04:11:36 +02:00 · 2024-03-11 18:16:14 +08:00
parent d59965ca05
commit 1f0669b71b
3 changed files with 33 additions and 28 deletions
--- a/app_odoo_customize/manifest.py
+++ b/app_odoo_customize/manifest.py
@@ -23,7 +23,7 @@
 {
    'name': 'odoo17 Tweak,Ai Employee,Boost,Customize All in One. Customize,UI,Boost,Security,Data,Development Enhance',
-    'version': '24.02.29',
+    'version': '24.03.11',
    'author': 'odooai.cn',
    'category': 'Extra Tools',
    'website': 'https://www.odooai.cn',
--- a/app_odoo_customize/models/res_config_settings.py
+++ b/app_odoo_customize/models/res_config_settings.py
@@ -69,17 +69,22 @@ class ResConfigSettings(models.TransientModel):
    @api.model
    def set_module_url(self, rec=None):
        if not self._app_check_sys_op():
            raise UserError(_('Not allow.'))
        config_parameter = self.env['ir.config_parameter'].sudo()
        app_enterprise_url = config_parameter.get_param('app_enterprise_url', 'https://www.odooai.cn')
-        sql = "UPDATE ir_module_module SET website = '%s' WHERE license like '%s' and website <> ''" % (app_enterprise_url, 'OEEL%')
+        modules = self.env['ir.module.module'].search([('license', 'like', 'OEEL%'), ('website', '!=', False)])
        if modules:
            sql = "UPDATE ir_module_module SET website = '%s' WHERE id IN %s" % (app_enterprise_url, tuple(modules.ids))
            try:
                self._cr.execute(sql)
            self._cr.commit()
            except Exception as e:
                pass
    # 清数据，o=对象, s=序列 
-    def remove_app_data(self, o, s=[]):
+    def _remove_app_data(self, o, s=[]):
        if not self._app_check_sys_op():
            raise UserError(_('Not allow.'))
        for line in o:
            # 检查是否存在
            try:
@@ -131,7 +136,7 @@ class ResConfigSettings(models.TransientModel):
        seqs = [
            'sale',
        ]
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_product(self):
        to_removes = [
@@ -142,7 +147,7 @@ class ResConfigSettings(models.TransientModel):
        seqs = [
            'product.product',
        ]
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_product_attribute(self):
        to_removes = [
@@ -151,7 +156,7 @@ class ResConfigSettings(models.TransientModel):
            'product.attribute',
        ]
        seqs = []
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_pos(self):
        to_removes = [
@@ -164,12 +169,12 @@ class ResConfigSettings(models.TransientModel):
        seqs = [
            'pos.',
        ]
-        res = self.remove_app_data(to_removes, seqs)
+        res = self._remove_app_data(to_removes, seqs)
        # 更新要关帐的值，因为 store=true 的计算字段要重置
        try:
-            statement = self.env['account.bank.statement'].sudo().search([])
+            statement = self.env['account.bank.statement'].search([])
            for s in statement:
                s._end_balance()
        except Exception as e:
@@ -187,7 +192,7 @@ class ResConfigSettings(models.TransientModel):
        seqs = [
            'purchase.',
        ]
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_expense(self):
        to_removes = [
@@ -200,7 +205,7 @@ class ResConfigSettings(models.TransientModel):
        seqs = [
            'hr.expense.',
        ]
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_mrp(self):
        to_removes = [
@@ -219,7 +224,7 @@ class ResConfigSettings(models.TransientModel):
        seqs = [
            'mrp.',
        ]
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_mrp_bom(self):
        to_removes = [
@@ -228,7 +233,7 @@ class ResConfigSettings(models.TransientModel):
            'mrp.bom',
        ]
        seqs = []
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_inventory(self):
        to_removes = [
@@ -256,7 +261,7 @@ class ResConfigSettings(models.TransientModel):
            'product.tracking.default',
            'WH/',
        ]
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_account(self):
        to_removes = [
@@ -277,7 +282,7 @@ class ResConfigSettings(models.TransientModel):
            'hr.expense.sheet',
            'account.move',
        ]
-        res = self.remove_app_data(to_removes, [])
+        res = self._remove_app_data(to_removes, [])
        # extra 更新序号
        domain = [
@@ -393,7 +398,7 @@ class ResConfigSettings(models.TransientModel):
        seqs = []
-        res = self.remove_app_data(to_removes, seqs)
+        res = self._remove_app_data(to_removes, seqs)
        return res
    def remove_project(self):
@@ -412,7 +417,7 @@ class ResConfigSettings(models.TransientModel):
            'project.task.stage.personal',
        ]
        seqs = []
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_quality(self):
        to_removes = [
@@ -431,7 +436,7 @@ class ResConfigSettings(models.TransientModel):
            'quality.alert',
            # 'quality.point',
        ]
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_quality_setting(self):
        to_removes = [
@@ -443,7 +448,7 @@ class ResConfigSettings(models.TransientModel):
            'quality.reason',
            'quality.tag',
        ]
-        return self.remove_app_data(to_removes)
+        return self._remove_app_data(to_removes)
    def remove_website(self):
        to_removes = [
@@ -464,7 +469,7 @@ class ResConfigSettings(models.TransientModel):
            # 'website',
        ]
        seqs = []
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_message(self):
        to_removes = [
@@ -474,7 +479,7 @@ class ResConfigSettings(models.TransientModel):
            'mail.activity',
        ]
        seqs = []
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_workflow(self):
        to_removes = [
@@ -483,7 +488,7 @@ class ResConfigSettings(models.TransientModel):
            # 'wkf.instance',
        ]
        seqs = []
-        return self.remove_app_data(to_removes, seqs)
+        return self._remove_app_data(to_removes, seqs)
    def remove_all_biz(self):
        self.remove_account()
@@ -519,7 +524,7 @@ class ResConfigSettings(models.TransientModel):
        return True
    def action_set_app_doc_root_to_my(self):
-        base_url = self.env['ir.config_parameter'].sudo().get_param('web.base.url')
+        base_url = self.env['ir.config_parameter'].get_param('web.base.url')
        self.app_doc_root_url = base_url
    # def action_set_all_to_app_doc_root_url(self):
--- a/app_odoo_customize/static/description/index.html
+++ b/app_odoo_customize/static/description/index.html
@@ -20,7 +20,7 @@
 <section class="container app">
    <div class="oe_row oe_spaced" style="max-width: 95%;">
        <div class="row">
-            <h2 class="oe_slogan">This is a Long Term Support Apps.Update: v17.24.03.01</h2>
+            <h2 class="oe_slogan">This is a Long Term Support Apps.Update: v17.24.03.11</h2>
            <div class="oe_demo" style=" margin: 30px auto 0; padding: 0 15px 0 0; border:none; width: 96%;">
                <ul class="list-group">
                    <li class="list-group-item">1. Deletes Odoo label in footer</li>