Techsystech
/
server-tools
mirror of https://github.com/OCA/server-tools.git
3
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge PR #2577 into 16.0 

Signed-off-by simahawk
pull/2624/head
OCA-git-bot 2023-05-10 09:30:27 +00:00
parent 2579c69657 220ec5964b
commit bfe17d2b53
23 changed files with 1168 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

141
rpc_helper/README.rst 100644
View File

@ -0,0 +1,141 @@
===========
Disable RPC
===========
.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.. |badge1| image:: https://img.shields.io/badge/maturity-Alpha-red.png
:target: https://odoo-community.org/page/development-status
:alt: Alpha
.. |badge2| image:: https://img.shields.io/badge/licence-LGPL--3-blue.png
:target: http://www.gnu.org/licenses/lgpl-3.0-standalone.html
:alt: License: LGPL-3
.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github
:target: https://github.com/OCA/server-tools/tree/14.0/rpc_helper
:alt: OCA/server-tools
.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
:target: https://translation.odoo-community.org/projects/server-tools-14-0/server-tools-14-0-rpc_helper
:alt: Translate me on Weblate
.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
:target: https://runbot.odoo-community.org/runbot/149/14.0
:alt: Try me on Runbot
|badge1| |badge2| |badge3| |badge4| |badge5|
Provide helpers to authorize RPC calls.
.. IMPORTANT::
This is an alpha version, the data model and design can change at any time without warning.
Only for development or testing purpose, do not use in production.
`More details on development status <https://odoo-community.org/page/development-status>`_
**Table of contents**
.. contents::
:local:
Configuration
=============
Enable debug mode and go to "Technical -> Database Structure -> Models".
Open the model that you like to configure and go to the tab "RPC config".
There you see a text field which supports JSON configuration.
The configuration is the same you can pass via decorator.
The only difference is that you have to wrap values in a dictionary
like `{"disable": [...values...]}`.
To disable all calls::
{
"disable": ["all"],
}
To disable only some methods::
{
"disable": ["create", "write", "another_method"],
}
NOTE: on the resulting JSON will be automatically formatted on save for better readability.
Usage
=====
Via code
~~~~~~~~
Decorate an Odoo model class like this::
from odoo.addons.rpc_helper.decorator import disable_rpc
@disable_rpc()
class AverageModel(models.Model):
_inherit = "avg.model"
This will disable ALL calls.
To selectively disable only some methods::
@disable_rpc("create", "write", "any_method")
class AverageModel(models.Model):
_inherit = "avg.model"
Via `ir.model` configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
See "Configuration" section.
Bug Tracker
===========
Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us smashing it by providing a detailed and welcomed
`feedback <https://github.com/OCA/server-tools/issues/new?body=module:%20rpc_helper%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
Do not contact contributors directly about support or help with technical issues.
Credits
=======
Authors
~~~~~~~
* Camptocamp
Contributors
~~~~~~~~~~~~
* Simone Orsi <simone.orsi@camptocamp.com>
Maintainers
~~~~~~~~~~~
This module is maintained by the OCA.
.. image:: https://odoo-community.org/logo.png
:alt: Odoo Community Association
:target: https://odoo-community.org
OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.
.. |maintainer-simahawk| image:: https://github.com/simahawk.png?size=40px
:target: https://github.com/simahawk
:alt: simahawk
Current `maintainer <https://odoo-community.org/page/maintainer-role>`__:
|maintainer-simahawk|
This module is part of the `OCA/server-tools <https://github.com/OCA/server-tools/tree/14.0/rpc_helper>`_ project on GitHub.
You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

2
rpc_helper/__init__.py 100644
View File

@ -0,0 +1,2 @@
from . import models
from .hooks import post_load_hook

17
rpc_helper/__manifest__.py 100644
View File

@ -0,0 +1,17 @@
# Copyright 2022 Camptocamp SA
# @author: Simone Orsi <simone.orsi@camptocamp.com>
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
{
"name": "Disable RPC",
"summary": """Helpers for disabling RPC calls""",
"version": "16.0.1.0.0",
"development_status": "Beta",
"license": "LGPL-3",
"website": "https://github.com/OCA/server-tools",
"author": "Camptocamp, Odoo Community Association (OCA)",
"maintainers": ["simahawk"],
"depends": ["base_sparse_field"],
"data": ["views/ir_model_views.xml"],
"post_load": "post_load_hook",
}

19
rpc_helper/decorator.py 100644
View File

@ -0,0 +1,19 @@
# Copyright 2022 Camptocamp SA
# @author: Simone Orsi <simone.orsi@camptocamp.com>
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
def disable_rpc(*config):
"""Decorate classes to disable RPC calls.
Possible values:
* none, block all methods
* *("$method_name1", "$method_name2"), blocks calls to specific methods
"""
def _decorator(target):
target._disable_rpc = ("all",) if len(config) == 0 else config
return target
return _decorator

22
rpc_helper/hooks.py 100644
View File

@ -0,0 +1,22 @@
# Copyright 2022 Camptocamp SA
# @author: Simone Orsi <simone.orsi@camptocamp.com>
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
import logging
from odoo.service import model
from .patch import protected__execute_cr
_logger = logging.getLogger(__name__)
def patch__model_execute_cr():
"""Patch rpc model handler."""
protected__execute_cr._orig__execute_cr = model.execute_cr
model.execute_cr = protected__execute_cr
_logger.info("PATCHED odoo.service.model.execute")
def post_load_hook():
patch__model_execute_cr()

106
rpc_helper/i18n/es_AR.po 100644
View File

@ -0,0 +1,106 @@
# Translation of Odoo Server.
# This file contains the translation of the following modules:
# * rpc_helper
#
msgid ""
msgstr ""
"Project-Id-Version: Odoo Server 14.0\n"
"Report-Msgid-Bugs-To: \n"
"PO-Revision-Date: 2022-09-02 16:07+0000\n"
"Last-Translator: Ignacio Buioli <ibuioli@gmail.com>\n"
"Language-Team: none\n"
"Language: es_AR\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: \n"
"Plural-Forms: nplurals=2; plural=n != 1;\n"
"X-Generator: Weblate 4.3.2\n"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__changeset_change_ids
msgid "Changeset Changes"
msgstr "Cambios del Conjunto de Cambios"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__changeset_ids
msgid "Changesets"
msgstr "Conjunto de Cambios"
#. module: rpc_helper
#: model:ir.model.fields,help:rpc_helper.field_ir_model__rpc_config_edit
msgid ""
"Configure RPC config via JSON. Value must be a list of methods to disable "
"wrapped by a dict with key `disable`. Eg: {'disable': ['search', "
"'do_this']}To disable all methods, use `{'disable: ['all']}`"
msgstr ""
"Configure los ajustes de RPC a través de JSON. El valor debe ser una lista "
"de métodos para deshabilitar envueltos por un dict con la clave "
"`deshabilitar`. Por ejemplo: {'disable': ['search', 'do_this']} Para "
"deshabilitar todos los métodos, use `{'disable: ['all']}`"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__count_pending_changeset_changes
msgid "Count Pending Changeset Changes"
msgstr "Cuenta de los Cambios Pendientes de los Conjuntos de Cambios"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__count_pending_changesets
msgid "Count Pending Changesets"
msgstr "Cuenta de los Conjuntos de Cambios Pendientes"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__display_name
msgid "Display Name"
msgstr "Mostrar Nombre"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__id
msgid "ID"
msgstr "ID"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model____last_update
msgid "Last Modified on"
msgstr "Última modificación en"
#. module: rpc_helper
#: model:ir.model,name:rpc_helper.model_ir_model
msgid "Models"
msgstr "Modelos"
#. module: rpc_helper
#: code:addons/rpc_helper/patch.py:0
#, python-format
msgid "Object %s doesn't exist"
msgstr "El Objeto %s no existe"
#. module: rpc_helper
#: code:addons/rpc_helper/patch.py:0
#, python-format
msgid "RPC call on %s is not allowed"
msgstr "Las llamadas RPC en %s no están permitidas"
#. module: rpc_helper
#: model_terms:ir.ui.view,arch_db:rpc_helper.view_model_form
msgid "RPC config"
msgstr "Configuración RPC"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__rpc_config
msgid "Rpc Config"
msgstr "Configuración Rpc"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__rpc_config_edit
msgid "Rpc Config Edit"
msgstr "Editar la Configuración Rpc"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__smart_search
msgid "Smart Search"
msgstr "Búsqueda Inteligente"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__user_can_see_changeset
msgid "User Can See Changeset"
msgstr "El Usuario Puede ver Conjuntos de Cambios"

99
rpc_helper/i18n/rpc_helper.pot 100644
View File

@ -0,0 +1,99 @@
# Translation of Odoo Server.
# This file contains the translation of the following modules:
# * rpc_helper
#
msgid ""
msgstr ""
"Project-Id-Version: Odoo Server 14.0\n"
"Report-Msgid-Bugs-To: \n"
"Last-Translator: \n"
"Language-Team: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: \n"
"Plural-Forms: \n"
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__changeset_change_ids
msgid "Changeset Changes"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__changeset_ids
msgid "Changesets"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,help:rpc_helper.field_ir_model__rpc_config_edit
msgid ""
"Configure RPC config via JSON. Value must be a list of methods to disable "
"wrapped by a dict with key `disable`. Eg: {'disable': ['search', "
"'do_this']}To disable all methods, use `{'disable: ['all']}`"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__count_pending_changeset_changes
msgid "Count Pending Changeset Changes"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__count_pending_changesets
msgid "Count Pending Changesets"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__display_name
msgid "Display Name"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__id
msgid "ID"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model____last_update
msgid "Last Modified on"
msgstr ""
#. module: rpc_helper
#: model:ir.model,name:rpc_helper.model_ir_model
msgid "Models"
msgstr ""
#. module: rpc_helper
#: code:addons/rpc_helper/patch.py:0
#, python-format
msgid "Object %s doesn't exist"
msgstr ""
#. module: rpc_helper
#: code:addons/rpc_helper/patch.py:0
#, python-format
msgid "RPC call on %s is not allowed"
msgstr ""
#. module: rpc_helper
#: model_terms:ir.ui.view,arch_db:rpc_helper.view_model_form
msgid "RPC config"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__rpc_config
msgid "Rpc Config"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__rpc_config_edit
msgid "Rpc Config Edit"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__smart_search
msgid "Smart Search"
msgstr ""
#. module: rpc_helper
#: model:ir.model.fields,field_description:rpc_helper.field_ir_model__user_can_see_changeset
msgid "User Can See Changeset"
msgstr ""

1
rpc_helper/models/__init__.py 100644
View File

@ -0,0 +1 @@
from . import ir_model

44
rpc_helper/models/ir_model.py 100644
View File

@ -0,0 +1,44 @@
# Copyright 2022 Camptocamp SA
# @author: Simone Orsi <simone.orsi@camptocamp.com>
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
import json
from odoo import api, fields, models, tools
from odoo.addons.base_sparse_field.models.fields import Serialized
class IrModel(models.Model):
_inherit = "ir.model"
rpc_config = Serialized(compute="_compute_rpc_config", default={})
# Allow editing via UI
rpc_config_edit = fields.Text(
help="Configure RPC config via JSON. "
"Value must be a list of methods to disable "
"wrapped by a dict with key `disable`. "
"Eg: {'disable': ['search', 'do_this']}"
"To disable all methods, use `{'disable: ['all']}`",
inverse="_inverse_rpc_config_edit",
)
@api.depends("rpc_config_edit")
def _compute_rpc_config(self):
for rec in self:
rec.rpc_config = rec._load_rpc_config()
def _inverse_rpc_config_edit(self):
for rec in self:
# Make sure options_edit is always readable
rec.rpc_config_edit = json.dumps(
rec.rpc_config or {}, indent=4, sort_keys=True
)
def _load_rpc_config(self):
return json.loads(self.rpc_config_edit or "{}")
@tools.ormcache("model")
def _get_rpc_config(self, model):
rec = self._get(model)
return rec.rpc_config or {}

30
rpc_helper/patch.py 100644
View File

@ -0,0 +1,30 @@
# Copyright 2022 Camptocamp SA
# @author: Simone Orsi <simone.orsi@camptocamp.com>
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
import odoo
from odoo.exceptions import UserError
from odoo.tools.translate import _
def protected__execute_cr(cr, uid, obj, method, *args, **kw):
# Same as original func in odoo.service.model.execute_cr
cr.reset()
recs = odoo.api.Environment(cr, uid, {}).get(obj)
if recs is None:
raise UserError(_("Object %s doesn't exist", obj))
# custom code starts here
if not _rpc_allowed(recs, method):
raise UserError(_("RPC call on %s is not allowed", obj))
return protected__execute_cr._orig__execute_cr(cr, uid, obj, method, *args, **kw)
def _rpc_allowed(recordset, method):
config = getattr(recordset, "_disable_rpc", None)
if config is None:
config = (
recordset.env["ir.model"]._get_rpc_config(recordset._name).get("disable")
)
if config is None:
return True
return "all" not in config and method not in config

23
rpc_helper/readme/CONFIGURE.rst 100644
View File

@ -0,0 +1,23 @@
Enable debug mode and go to "Technical -> Database Structure -> Models".
Open the model that you like to configure and go to the tab "RPC config".
There you see a text field which supports JSON configuration.
The configuration is the same you can pass via decorator.
The only difference is that you have to wrap values in a dictionary
like `{"disable": [...values...]}`.
To disable all calls::
{
"disable": ["all"],
}
To disable only some methods::
{
"disable": ["create", "write", "another_method"],
}
NOTE: on the resulting JSON will be automatically formatted on save for better readability.

1
rpc_helper/readme/CONTRIBUTORS.rst 100644
View File

@ -0,0 +1 @@
* Simone Orsi <simone.orsi@camptocamp.com>

1
rpc_helper/readme/DESCRIPTION.rst 100644
View File

@ -0,0 +1 @@
Provide helpers to authorize RPC calls.

24
rpc_helper/readme/USAGE.rst 100644
View File

@ -0,0 +1,24 @@
Via code
~~~~~~~~
Decorate an Odoo model class like this::
from odoo.addons.rpc_helper.decorator import disable_rpc
@disable_rpc()
class AverageModel(models.Model):
_inherit = "avg.model"
This will disable ALL calls.
To selectively disable only some methods::
@disable_rpc("create", "write", "any_method")
class AverageModel(models.Model):
_inherit = "avg.model"
Via `ir.model` configuration
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
See "Configuration" section.

15
rpc_helper/rpc_test_example.py 100644
View File

@ -0,0 +1,15 @@
"""Basic example script you can use to test your own models for real.
"""
from xmlrpc import client
HOST = "127.0.0.1"
PORT = 8069
DB_NAME = "odoodb"
url = "http://%s:%d/xmlrpc/2/" % (HOST, PORT)
xmlrpc_common = client.ServerProxy(url + "common")
xmlrpc_db = client.ServerProxy(url + "db")
xmlrpc_object = client.ServerProxy(url + "object")
uid = xmlrpc_common.login(DB_NAME, "admin", "admin")
res = xmlrpc_object.execute(DB_NAME, uid, "admin", "res.partner", "search", [])

BIN
rpc_helper/static/description/icon.png 100644
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.2 KiB

480
rpc_helper/static/description/index.html 100644
View File

@ -0,0 +1,480 @@
<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="generator" content="Docutils 0.15.1: http://docutils.sourceforge.net/" />
<title>Disable RPC</title>
<style type="text/css">
/*
:Author: David Goodger (goodger@python.org)
:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
:Copyright: This stylesheet has been placed in the public domain.
Default cascading style sheet for the HTML output of Docutils.
See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
customize this style sheet.
*/
/* used to remove borders from tables and images */
.borderless, table.borderless td, table.borderless th {
border: 0 }
table.borderless td, table.borderless th {
/* Override padding for "table.docutils td" with "! important".
The right padding separates the table cells. */
padding: 0 0.5em 0 0 ! important }
.first {
/* Override more specific margin styles with "! important". */
margin-top: 0 ! important }
.last, .with-subtitle {
margin-bottom: 0 ! important }
.hidden {
display: none }
.subscript {
vertical-align: sub;
font-size: smaller }
.superscript {
vertical-align: super;
font-size: smaller }
a.toc-backref {
text-decoration: none ;
color: black }
blockquote.epigraph {
margin: 2em 5em ; }
dl.docutils dd {
margin-bottom: 0.5em }
object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
overflow: hidden;
}
/* Uncomment (and remove this text!) to get bold-faced definition list terms
dl.docutils dt {
font-weight: bold }
*/
div.abstract {
margin: 2em 5em }
div.abstract p.topic-title {
font-weight: bold ;
text-align: center }
div.admonition, div.attention, div.caution, div.danger, div.error,
div.hint, div.important, div.note, div.tip, div.warning {
margin: 2em ;
border: medium outset ;
padding: 1em }
div.admonition p.admonition-title, div.hint p.admonition-title,
div.important p.admonition-title, div.note p.admonition-title,
div.tip p.admonition-title {
font-weight: bold ;
font-family: sans-serif }
div.attention p.admonition-title, div.caution p.admonition-title,
div.danger p.admonition-title, div.error p.admonition-title,
div.warning p.admonition-title, .code .error {
color: red ;
font-weight: bold ;
font-family: sans-serif }
/* Uncomment (and remove this text!) to get reduced vertical space in
compound paragraphs.
div.compound .compound-first, div.compound .compound-middle {
margin-bottom: 0.5em }
div.compound .compound-last, div.compound .compound-middle {
margin-top: 0.5em }
*/
div.dedication {
margin: 2em 5em ;
text-align: center ;
font-style: italic }
div.dedication p.topic-title {
font-weight: bold ;
font-style: normal }
div.figure {
margin-left: 2em ;
margin-right: 2em }
div.footer, div.header {
clear: both;
font-size: smaller }
div.line-block {
display: block ;
margin-top: 1em ;
margin-bottom: 1em }
div.line-block div.line-block {
margin-top: 0 ;
margin-bottom: 0 ;
margin-left: 1.5em }
div.sidebar {
margin: 0 0 0.5em 1em ;
border: medium outset ;
padding: 1em ;
background-color: #ffffee ;
width: 40% ;
float: right ;
clear: right }
div.sidebar p.rubric {
font-family: sans-serif ;
font-size: medium }
div.system-messages {
margin: 5em }
div.system-messages h1 {
color: red }
div.system-message {
border: medium outset ;
padding: 1em }
div.system-message p.system-message-title {
color: red ;
font-weight: bold }
div.topic {
margin: 2em }
h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
margin-top: 0.4em }
h1.title {
text-align: center }
h2.subtitle {
text-align: center }
hr.docutils {
width: 75% }
img.align-left, .figure.align-left, object.align-left, table.align-left {
clear: left ;
float: left ;
margin-right: 1em }
img.align-right, .figure.align-right, object.align-right, table.align-right {
clear: right ;
float: right ;
margin-left: 1em }
img.align-center, .figure.align-center, object.align-center {
display: block;
margin-left: auto;
margin-right: auto;
}
table.align-center {
margin-left: auto;
margin-right: auto;
}
.align-left {
text-align: left }
.align-center {
clear: both ;
text-align: center }
.align-right {
text-align: right }
/* reset inner alignment in figures */
div.align-right {
text-align: inherit }
/* div.align-center * { */
/* text-align: left } */
.align-top {
vertical-align: top }
.align-middle {
vertical-align: middle }
.align-bottom {
vertical-align: bottom }
ol.simple, ul.simple {
margin-bottom: 1em }
ol.arabic {
list-style: decimal }
ol.loweralpha {
list-style: lower-alpha }
ol.upperalpha {
list-style: upper-alpha }
ol.lowerroman {
list-style: lower-roman }
ol.upperroman {
list-style: upper-roman }
p.attribution {
text-align: right ;
margin-left: 50% }
p.caption {
font-style: italic }
p.credits {
font-style: italic ;
font-size: smaller }
p.label {
white-space: nowrap }
p.rubric {
font-weight: bold ;
font-size: larger ;
color: maroon ;
text-align: center }
p.sidebar-title {
font-family: sans-serif ;
font-weight: bold ;
font-size: larger }
p.sidebar-subtitle {
font-family: sans-serif ;
font-weight: bold }
p.topic-title {
font-weight: bold }
pre.address {
margin-bottom: 0 ;
margin-top: 0 ;
font: inherit }
pre.literal-block, pre.doctest-block, pre.math, pre.code {
margin-left: 2em ;
margin-right: 2em }
pre.code .ln { color: grey; } /* line numbers */
pre.code, code { background-color: #eeeeee }
pre.code .comment, code .comment { color: #5C6576 }
pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
pre.code .literal.string, code .literal.string { color: #0C5404 }
pre.code .name.builtin, code .name.builtin { color: #352B84 }
pre.code .deleted, code .deleted { background-color: #DEB0A1}
pre.code .inserted, code .inserted { background-color: #A3D289}
span.classifier {
font-family: sans-serif ;
font-style: oblique }
span.classifier-delimiter {
font-family: sans-serif ;
font-weight: bold }
span.interpreted {
font-family: sans-serif }
span.option {
white-space: nowrap }
span.pre {
white-space: pre }
span.problematic {
color: red }
span.section-subtitle {
/* font-size relative to parent (h1..h6 element) */
font-size: 80% }
table.citation {
border-left: solid 1px gray;
margin-left: 1px }
table.docinfo {
margin: 2em 4em }
table.docutils {
margin-top: 0.5em ;
margin-bottom: 0.5em }
table.footnote {
border-left: solid 1px black;
margin-left: 1px }
table.docutils td, table.docutils th,
table.docinfo td, table.docinfo th {
padding-left: 0.5em ;
padding-right: 0.5em ;
vertical-align: top }
table.docutils th.field-name, table.docinfo th.docinfo-name {
font-weight: bold ;
text-align: left ;
white-space: nowrap ;
padding-left: 0 }
/* "booktabs" style (no vertical lines) */
table.docutils.booktabs {
border: 0px;
border-top: 2px solid;
border-bottom: 2px solid;
border-collapse: collapse;
}
table.docutils.booktabs * {
border: 0px;
}
table.docutils.booktabs th {
border-bottom: thin solid;
text-align: left;
}
h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
font-size: 100% }
ul.auto-toc {
list-style-type: none }
</style>
</head>
<body>
<div class="document" id="disable-rpc">
<h1 class="title">Disable RPC</h1>
<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!! This file is generated by oca-gen-addon-readme !!
!! changes will be overwritten. !!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Alpha" src="https://img.shields.io/badge/maturity-Alpha-red.png" /></a> <a class="reference external" href="http://www.gnu.org/licenses/lgpl-3.0-standalone.html"><img alt="License: LGPL-3" src="https://img.shields.io/badge/licence-LGPL--3-blue.png" /></a> <a class="reference external" href="https://github.com/OCA/server-tools/tree/14.0/rpc_helper"><img alt="OCA/server-tools" src="https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github" /></a> <a class="reference external" href="https://translation.odoo-community.org/projects/server-tools-14-0/server-tools-14-0-rpc_helper"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external" href="https://runbot.odoo-community.org/runbot/149/14.0"><img alt="Try me on Runbot" src="https://img.shields.io/badge/runbot-Try%20me-875A7B.png" /></a></p>
<p>Provide helpers to authorize RPC calls.</p>
<div class="admonition important">
<p class="first admonition-title">Important</p>
<p class="last">This is an alpha version, the data model and design can change at any time without warning.
Only for development or testing purpose, do not use in production.
<a class="reference external" href="https://odoo-community.org/page/development-status">More details on development status</a></p>
</div>
<p><strong>Table of contents</strong></p>
<div class="contents local topic" id="contents">
<ul class="simple">
<li><a class="reference internal" href="#configuration" id="id1">Configuration</a></li>
<li><a class="reference internal" href="#usage" id="id2">Usage</a><ul>
<li><a class="reference internal" href="#via-code" id="id3">Via code</a></li>
<li><a class="reference internal" href="#via-ir-model-configuration" id="id4">Via <cite>ir.model</cite> configuration</a></li>
</ul>
</li>
<li><a class="reference internal" href="#bug-tracker" id="id5">Bug Tracker</a></li>
<li><a class="reference internal" href="#credits" id="id6">Credits</a><ul>
<li><a class="reference internal" href="#authors" id="id7">Authors</a></li>
<li><a class="reference internal" href="#contributors" id="id8">Contributors</a></li>
<li><a class="reference internal" href="#maintainers" id="id9">Maintainers</a></li>
</ul>
</li>
</ul>
</div>
<div class="section" id="configuration">
<h1><a class="toc-backref" href="#id1">Configuration</a></h1>
<p>Enable debug mode and go to “Technical -&gt; Database Structure -&gt; Models”.</p>
<p>Open the model that you like to configure and go to the tab “RPC config”.</p>
<p>There you see a text field which supports JSON configuration.</p>
<p>The configuration is the same you can pass via decorator.
The only difference is that you have to wrap values in a dictionary
like <cite>{“disable”: […values…]}</cite>.</p>
<p>To disable all calls:</p>
<pre class="literal-block">
{
&quot;disable&quot;: [&quot;all&quot;],
}
</pre>
<p>To disable only some methods:</p>
<pre class="literal-block">
{
&quot;disable&quot;: [&quot;create&quot;, &quot;write&quot;, &quot;another_method&quot;],
}
</pre>
<p>NOTE: on the resulting JSON will be automatically formatted on save for better readability.</p>
</div>
<div class="section" id="usage">
<h1><a class="toc-backref" href="#id2">Usage</a></h1>
<div class="section" id="via-code">
<h2><a class="toc-backref" href="#id3">Via code</a></h2>
<p>Decorate an Odoo model class like this:</p>
<pre class="literal-block">
from odoo.addons.rpc_helper.decorator import disable_rpc
&#64;disable_rpc()
class AverageModel(models.Model):
_inherit = &quot;avg.model&quot;
</pre>
<p>This will disable ALL calls.</p>
<p>To selectively disable only some methods:</p>
<pre class="literal-block">
&#64;disable_rpc(&quot;create&quot;, &quot;write&quot;, &quot;any_method&quot;)
class AverageModel(models.Model):
_inherit = &quot;avg.model&quot;
</pre>
</div>
<div class="section" id="via-ir-model-configuration">
<h2><a class="toc-backref" href="#id4">Via <cite>ir.model</cite> configuration</a></h2>
<p>See “Configuration” section.</p>
</div>
</div>
<div class="section" id="bug-tracker">
<h1><a class="toc-backref" href="#id5">Bug Tracker</a></h1>
<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-tools/issues">GitHub Issues</a>.
In case of trouble, please check there if your issue has already been reported.
If you spotted it first, help us smashing it by providing a detailed and welcomed
<a class="reference external" href="https://github.com/OCA/server-tools/issues/new?body=module:%20rpc_helper%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
<p>Do not contact contributors directly about support or help with technical issues.</p>
</div>
<div class="section" id="credits">
<h1><a class="toc-backref" href="#id6">Credits</a></h1>
<div class="section" id="authors">
<h2><a class="toc-backref" href="#id7">Authors</a></h2>
<ul class="simple">
<li>Camptocamp</li>
</ul>
</div>
<div class="section" id="contributors">
<h2><a class="toc-backref" href="#id8">Contributors</a></h2>
<ul class="simple">
<li>Simone Orsi &lt;<a class="reference external" href="mailto:simone.orsi&#64;camptocamp.com">simone.orsi&#64;camptocamp.com</a>&gt;</li>
</ul>
</div>
<div class="section" id="maintainers">
<h2><a class="toc-backref" href="#id9">Maintainers</a></h2>
<p>This module is maintained by the OCA.</p>
<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
mission is to support the collaborative development of Odoo features and
promote its widespread use.</p>
<p>Current <a class="reference external" href="https://odoo-community.org/page/maintainer-role">maintainer</a>:</p>
<p><a class="reference external" href="https://github.com/simahawk"><img alt="simahawk" src="https://github.com/simahawk.png?size=40px" /></a></p>
<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-tools/tree/14.0/rpc_helper">OCA/server-tools</a> project on GitHub.</p>
<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
</div>
</div>
</div>
</body>
</html>

2
rpc_helper/tests/__init__.py 100644
View File

@ -0,0 +1,2 @@
from . import test_xmlrpc
from . import test_decorator

34
rpc_helper/tests/test_decorator.py 100644
View File

@ -0,0 +1,34 @@
# Copyright 2022 Camptocamp SA
# @author: Simone Orsi <simone.orsi@camptocamp.com>
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
import unittest
from ..decorator import disable_rpc
@disable_rpc()
class All:
pass
@disable_rpc("create")
class One:
pass
@disable_rpc("create", "write")
class Multi:
pass
class TestDecorator(unittest.TestCase):
def test_all(self):
self.assertEqual(All._disable_rpc, ("all",))
def test_one(self):
self.assertEqual(One._disable_rpc, ("create",))
def test_multi(self):
self.assertEqual(Multi._disable_rpc, ("create", "write"))

77
rpc_helper/tests/test_xmlrpc.py 100644
View File

@ -0,0 +1,77 @@
# Copyright 2022 Camptocamp SA
# @author: Simone Orsi <simone.orsi@camptocamp.com>
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
import json
import xmlrpc
from odoo.tests import common
@common.tagged("post_install", "-at_install")
class TestXMLRPC(common.HttpCase):
@classmethod
def setUpClass(cls):
super().setUpClass()
cls.admin_uid = cls.env.ref("base.user_admin").id
def _set_disable(self, val):
type(self.env["res.partner"])._disable_rpc = val
def _set_disable_on_model(self, val):
self.env["ir.model"]._get("res.partner").rpc_config_edit = json.dumps(
{"disable": val}
)
self.env.flush_all()
def tearDown(self):
klass = type(self.env["res.partner"])
if hasattr(klass, "_disable_rpc"):
delattr(klass, "_disable_rpc")
super().tearDown()
def _rpc_call(self, method, vals=None):
o = self.xmlrpc_object
db_name = common.get_db_name()
return o.execute(
db_name, self.admin_uid, "admin", "res.partner", method, vals or []
)
def test_xmlrpc_search_normal(self):
res = self._rpc_call("search")
self.assertTrue(isinstance(res, list))
def test_xmlrpc_all_blocked(self):
self._set_disable(("all",))
msg = "RPC call on res.partner is not allowed"
with self.assertRaisesRegex(xmlrpc.client.Fault, msg):
self._rpc_call("search")
with self.assertRaisesRegex(xmlrpc.client.Fault, msg):
self._rpc_call("create", vals=[{"name": "Foo"}])
def test_xmlrpc_can_search_create_blocked(self):
self._set_disable(("create",))
self._rpc_call("search")
msg = "RPC call on res.partner is not allowed"
with self.assertRaisesRegex(xmlrpc.client.Fault, msg):
self._rpc_call("create", vals=[{"name": "Foo"}])
def test_xmlrpc_all_blocked__ir_model(self):
self._set_disable_on_model(("all",))
msg = "RPC call on res.partner is not allowed"
with self.assertRaisesRegex(xmlrpc.client.Fault, msg):
self._rpc_call("search")
with self.assertRaisesRegex(xmlrpc.client.Fault, msg):
self._rpc_call("create", vals=[{"name": "Foo"}])
def test_xmlrpc_can_search_create_blocked__ir_model(self):
self._set_disable_on_model(("create",))
self._rpc_call("search")
msg = "RPC call on res.partner is not allowed"
with self.assertRaisesRegex(xmlrpc.client.Fault, msg):
self._rpc_call("create", vals=[{"name": "Foo"}])

23
rpc_helper/views/ir_model_views.xml 100644
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="utf-8" ?>
<!--
Copyright 2022 Camptocamp SA
License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl.html).
-->
<odoo>
<record id="view_model_form" model="ir.ui.view">
<field name="name">rpc_helper view_model_form</field>
<field name="model">ir.model</field>
<field name="inherit_id" ref="base.view_model_form" />
<field name="arch" type="xml">
<xpath expr="//notebook/page[@name='views']" position="after">
<page name="rpc_config" string="RPC config">
<field
name="rpc_config_edit"
groups="base.group_no_one"
widget="ace"
/>
</page>
</xpath>
</field>
</record>
</odoo>

1
setup/rpc_helper/odoo/addons/rpc_helper 120000
View File

@ -0,0 +1 @@
../../../../rpc_helper

6
setup/rpc_helper/setup.py 100644
View File

@ -0,0 +1,6 @@
import setuptools
setuptools.setup(
setup_requires=['setuptools-odoo'],
odoo_addon=True,
)