From 410d5142f268ca0474cd515d2a9244ba76963cde Mon Sep 17 00:00:00 2001 From: Chill Date: Mon, 11 Mar 2024 18:29:32 +0800 Subject: [PATCH] [FIX] app_common: security --- app_common/__manifest__.py | 2 +- app_common/models/base.py | 10 +++++++++- app_common/static/description/index.html | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/app_common/__manifest__.py b/app_common/__manifest__.py index 13bb47a9..62ef1326 100644 --- a/app_common/__manifest__.py +++ b/app_common/__manifest__.py @@ -39,7 +39,7 @@ { 'name': "odooai Odooapp Common Func", - 'version': '15.23.09.28', + 'version': '15.24.03.11', 'author': 'odooai.cn', 'category': 'Base', 'website': 'https://www.odooai.cn', diff --git a/app_common/models/base.py b/app_common/models/base.py index 70472217..6e993f75 100644 --- a/app_common/models/base.py +++ b/app_common/models/base.py @@ -52,6 +52,12 @@ EXCLU_FIELDS = [ class Base(models.AbstractModel): _inherit = 'base' + @api.model + def _app_check_sys_op(self): + if self.env.user.has_group('base.group_erp_manager'): + return True + return False + @api.model def _get_normal_fields(self): f_list = [] @@ -100,8 +106,10 @@ class Base(models.AbstractModel): return dt.astimezone(pytz_timezone).strftime(return_format) @api.model - def get_image_from_url(self, url): + def _get_image_from_url(self, url): # 返回这个图片的base64编码 + if not self._app_check_sys_op(): + return False return get_image_from_url(url) def get_ua_type(self): diff --git a/app_common/static/description/index.html b/app_common/static/description/index.html index e5c1b48f..e184eff9 100644 --- a/app_common/static/description/index.html +++ b/app_common/static/description/index.html @@ -4,7 +4,7 @@

-

Lastest update: v15.23.09.28

+

Lastest update: v15.24.03.11