[FIX] app_common: security

2025-02-23 04:11:36 +02:00 · 2024-03-11 18:38:34 +08:00
parent dbe8aea1aa
commit 82fc6463f2
3 changed files with 11 additions and 3 deletions
--- a/app_common/manifest.py
+++ b/app_common/manifest.py
@@ -33,7 +33,7 @@

 {
    'name': "odooai Odooapp Common Func",
-    'version': '14.21.10.18',
+    'version': '14.24.03.11',
    'author': 'odooai.cn',
    'category': 'Base',
    'website': 'https://www.odooai.cn',
--- a/app_common/models/base.py
+++ b/app_common/models/base.py
@@ -51,6 +51,12 @@ EXCLU_FIELDS = [
 class Base(models.AbstractModel):
    _inherit = 'base'

+    @api.model
+    def _app_check_sys_op(self):
+        if self.env.user.has_group('base.group_erp_manager'):
+            return True
+        return False
+
    @api.model
    def _get_normal_fields(self):
        f_list = []
@@ -97,7 +103,9 @@ class Base(models.AbstractModel):
        return dt.astimezone(pytz_timezone).strftime(return_format)

    @api.model
-    def get_image_from_url(self, url):
+    def _get_image_from_url(self, url):
+        if not self._app_check_sys_op():
+            return False
        if not url:
            return None
        try:
--- a/app_common/static/description/index.html
+++ b/app_common/static/description/index.html
@@ -4,7 +4,7 @@
            <h2 class="oe_slogan"> </h2>
            <h3 class="oe_slogan"> </h3>
            <div class="oe_row">
-                <h3>Lastest update: v13.20.01.01</h3>
+                <h3>Lastest update: v14.24.03.11</h3>
                <div class="oe_span12">
                    <img class="oe_demo  oe_screenshot"  style="max-height: 100%;" src="banner.png">
                </div>