odoo/addons/website_mail/controllers/main.py

145 lines
6.8 KiB
Python
Raw Normal View History

# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.
from hashlib import sha1
from time import time
from werkzeug.exceptions import NotFound
from odoo import http
from odoo.http import request
def object_shasign(record=False, res_model='', res_id=None, **kw):
""" Generate a sha signature using the current time, database secret and the
record object or the res_model and res_id parameters
Return the sha signature and the time of generation in a tuple
:deprecated: Support for this SHA1-based signature was discontinued
in `_message_post_helper()`, use the `token` parameter
to allow posting from public sessions instead.
"""
secret = request.env['ir.config_parameter'].sudo().get_param('database.secret')
shasign = False
timestamp = int(time())
if record:
shasign = sha1('%s%s%s%s' % (record._name, record.id, secret, timestamp)).hexdigest()
elif res_model and res_id:
shasign = sha1('%s%s%s%s' % (res_model, res_id, secret, timestamp)).hexdigest()
return (shasign, timestamp)
def _message_post_helper(res_model='', res_id=None, message='', token='', token_field='token', sha_in='', sha_time=None, nosubscribe=True, **kw):
""" Generic chatter function, allowing to write on *any* object that inherits mail.thread.
If a token is specified, all logged in users will be able to write a message regardless
of access rights; if the user is the public user, the message will be posted under the name
of the partner_id of the object (or the public user if there is no partner_id on the object).
:param string res_model: model name of the object
:param int res_id: id of the object
:param string message: content of the message
optional keywords arguments:
:param string token: access token if the object's model uses some kind of public access
using tokens (usually a uuid4) to bypass access rules
:param string token_field: name of the field that contains the token on the object (defaults to 'token')
:param string sha_in: Deprecated, use `token` and `token_field` instead
:param str sha_time: Deprecated, use `token` and `token_field` instead
:param bool nosubscribe: set False if you want the partner to be set as follower of the object when posting (default to True)
The rest of the kwargs are passed on to message_post()
"""
record = request.env[res_model].browse(res_id)
author_id = request.env.user.partner_id.id if request.env.user.partner_id else False
if token and record and token == getattr(record.sudo(), token_field, None):
record = record.sudo()
if request.env.user == request.env.ref('base.public_user'):
author_id = record.partner_id.id if hasattr(record, 'partner_id') else author_id
else:
if not author_id:
raise NotFound()
kw.pop('csrf_token', None)
return record.with_context(mail_create_nosubscribe=nosubscribe).message_post(body=message,
message_type=kw.pop('message_type', "comment"),
subtype=kw.pop('subtype', "mt_comment"),
author_id=author_id,
**kw)
class WebsiteMail(http.Controller):
@http.route(['/website_mail/follow'], type='json', auth="public", website=True)
def website_message_subscribe(self, id=0, object=None, message_is_follower="on", email=False, **post):
# TDE FIXME: check this method with new followers
res_id = int(id)
is_follower = message_is_follower == 'on'
record = request.env[object].browse(res_id)
# search partner_id
if request.env.user != request.website.user_id:
partner_ids = request.env.user.partner_id.ids
else:
# mail_thread method
partner_ids = record.sudo()._find_partner_from_emails([email], check_followers=True)
if not partner_ids or not partner_ids[0]:
name = email.split('@')[0]
partner_ids = request.env['res.partner'].sudo().create({'name': name, 'email': email}).ids
# add or remove follower
if is_follower:
record.check_access_rule('read')
record.sudo().message_unsubscribe(partner_ids)
return False
else:
record.check_access_rule('read')
# add partner to session
request.session['partner_id'] = partner_ids[0]
record.sudo().message_subscribe(partner_ids)
return True
@http.route(['/website_mail/is_follower'], type='json', auth="public", website=True)
def is_follower(self, model, res_id, **post):
user = request.env.user
partner = None
public_user = request.website.user_id
if user != public_user:
partner = request.env.user.partner_id
elif request.session.get('partner_id'):
partner = request.env['res.partner'].sudo().browse(request.session.get('partner_id'))
values = {
'is_user': user != public_user,
'email': partner.email if partner else "",
'is_follower': False,
'alias_name': False,
}
record = request.env[model].sudo().browse(int(res_id))
if record and partner:
values['is_follower'] = bool(request.env['mail.followers'].search_count([
('res_model', '=', model),
('res_id', '=', record.id),
('partner_id', '=', partner.id)
]))
return values
@http.route(['/website_mail/post/json'], type='json', auth='public', website=True)
def chatter_json(self, res_model='', res_id=None, message='', **kw):
try:
msg = _message_post_helper(res_model, int(res_id), message, **kw)
except Exception:
return False
data = {
'id': msg.id,
'body': msg.body,
'date': msg.date,
'author': msg.author_id.name,
'image_url': '/mail/%s/%s/avatar/%s' % (msg.model, msg.res_id, msg.author_id.id)
}
return data
@http.route(['/website_mail/post/post'], type='http', methods=['POST'], auth='public', website=True)
def chatter_post(self, res_model='', res_id=None, message='', redirect=None, **kw):
url = request.httprequest.referrer
if message:
message = _message_post_helper(res_model, int(res_id), message, **kw)
url = url + "#message-%s" % (message.id,)
return request.redirect(url)