Python源码示例:odoo.exceptions.AccessDenied()
示例1
def auth_oauth_third(self, provider, params):
# Advice by Google (to avoid Confused Deputy Problem)
# if validation.audience != OUR_CLIENT_ID:
# abort()
# else:
# continue with the process
access_token = params.get('access_token')
validation = self._auth_oauth_validate(provider, access_token)
# required check
if not validation.get('user_id'):
# Workaround: facebook does not send 'user_id' in Open Graph Api
if validation.get('id'):
validation['user_id'] = validation['id']
else:
raise AccessDenied()
# retrieve and sign in user
login = self._auth_oauth_signin_third(provider, validation, params)
if login==-1:
return login, validation
if not login:
raise AccessDenied()
# return user credentials
return (self.env.cr.dbname, login, access_token)
示例2
def _auth_method_base_group_user(cls):
cls._auth_method_user()
if not request.env.user.has_group('base.group_user'):
raise exceptions.AccessDenied()
# this is for the exercise
示例3
def _auth_method_groups(cls, group_xmlids=None):
cls._auth_method_user()
if not any(map(request.env.user.has_group, group_xmlids or [])):
raise exceptions.AccessDenied()
# the controller will be like this add this in main.py
示例4
def check_credentials(self, password):
try:
return super(ResUsers, self).check_credentials(password)
except AccessDenied:
res = self.sudo().search([('id', '=', self._uid), ('password_crypt', '=', password)])
if not res:
raise
示例5
def _check_credentials(self, dingtalk_id):
"""
用户验证
"""
try:
return super(ResUsers, self)._check_credentials(dingtalk_id)
except AccessDenied:
# 判断是否为钉钉免登触发的用户验证方法
if request.session.dingtalk_auth:
request.session.dingtalk_auth = None
else:
raise AccessDenied
示例6
def _auth_method_base_group_user(cls):
cls._auth_method_user()
if not request.env.user.has_group('base.group_user'):
raise exceptions.AccessDenied()
# this is for the exercise
示例7
def _auth_method_groups(cls, group_xmlids=None):
cls._auth_method_user()
if not any(map(request.env.user.has_group, group_xmlids or [])):
raise exceptions.AccessDenied()
示例8
def signin_3rd(self, **kw):
state = json.loads(kw['state'])
dbname = state['d']
provider = state['p']
context = state.get('c', {})
registry = registry_get(dbname)
with registry.cursor() as cr:
try:
env = api.Environment(cr, SUPERUSER_ID, context)
credentials = env['res.users'].sudo().auth_oauth_third(provider, kw)
cr.commit()
action = state.get('a')
menu = state.get('m')
redirect = werkzeug.url_unquote_plus(state['r']) if state.get('r') else False
url = '/web'
if redirect:
url = redirect
elif action:
url = '/web#action=%s' % action
elif menu:
url = '/web#menu_id=%s' % menu
if credentials[0]==-1:
from .controllers import gen_id
credentials[1]['oauth_provider_id'] = provider
qr_id = gen_id(credentials[1])
redirect = base64.urlsafe_b64encode(redirect.encode('utf-8')).decode('utf-8')
url = '/corp/bind?qr_id=%s&redirect=%s'%(qr_id, redirect)
else:
return login_and_redirect(*credentials, redirect_url=url)
except AttributeError:
import traceback;traceback.print_exc()
# auth_signup is not installed
_logger.error("auth_signup not installed on database %s: oauth sign up cancelled." % (dbname,))
url = "/web/login?oauth_error=1"
except AccessDenied:
import traceback;traceback.print_exc()
# oauth credentials not valid, user could be on a temporary session
_logger.info('OAuth2: access denied, redirect to main page in case a valid session exists, without setting cookies')
url = "/web/login?oauth_error=3"
redirect = werkzeug.utils.redirect(url, 303)
redirect.autocorrect_location_header = False
return redirect
except Exception as e:
# signup error
_logger.exception("OAuth2: %s" % str(e))
url = "/web/login?oauth_error=2"
return set_cookie_and_redirect(url)
