[FIX] app_common, app_odoo_customize: security 13

2025-02-23 04:11:36 +02:00 · 2024-03-11 17:27:22 +08:00
parent 0637e4d0c3
commit 7677f839c3
6 changed files with 51 additions and 34 deletions
--- a/app_common/models/base.py
+++ b/app_common/models/base.py
@@ -51,6 +51,12 @@ EXCLU_FIELDS = [
 class Base(models.AbstractModel):
    _inherit = 'base'

+    @api.model
+    def _app_check_sys_op(self):
+        if self.env.user.has_group('base.group_erp_manager'):
+            return True
+        return False
+
    @api.model
    def _get_normal_fields(self):
        f_list = []
@@ -99,7 +105,9 @@ class Base(models.AbstractModel):
        return dt.astimezone(pytz_timezone).strftime(return_format)

    @api.model
-    def get_image_from_url(self, url):
+    def _get_image_from_url(self, url):
+        if not self._app_check_sys_op():
+            return False
        if not url:
            return None
        try: