Skip to content

Commit

Permalink
TA#66806 [16.0][MIG] ir_attachment_access_token_portal (#149)
Browse files Browse the repository at this point in the history 
Co-authored-by: Majda EL MARIOULI <[email protected]>
  • Loading branch information
@lanto-razafindrabe @majouda
lanto-razafindrabe and majouda committed Sep 3, 2024
1 parent 2e87dcc commit fcda1d4
Show file tree
Hide file tree
Showing 6 changed files with 61 additions and 0 deletions.
16 changes: 16 additions & 0 deletions ir_attachment_access_token_portal/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
=================================
Ir Attachment Access Token Portal
=================================
This module grant access to documents to the portal user.
Due to security restriction, the portal user would see a error 500 if it tries to
read a task that have a document.
The error comes from the write required by the update of the access token.

This module sudo the write to allow the portal user to have access to the documents.

See TA#6109


Contributors
------------
* Numigi (tm) and all its contributors (https://bit.ly/numigiens)
4 changes: 4 additions & 0 deletions ir_attachment_access_token_portal/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Copyright 2024-today Numigi and all its contributors (https://bit.ly/numigiens)
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).

from . import models
13 changes: 13 additions & 0 deletions ir_attachment_access_token_portal/__manifest__.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Copyright 2024-today Numigi and all its contributors (https://bit.ly/numigiens)
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).

{
"name": "IR Attachment Token Access Portal",
"version": "16.0.1.0.0",
"author": "Numigi",
"maintainer": "Numigi",
"license": "LGPL-3",
"category": "base",
"summary": "This module grant access to documents to the portal user.",
"installable": True,
}
4 changes: 4 additions & 0 deletions ir_attachment_access_token_portal/models/__init__.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Copyright 2024-today Numigi and all its contributors (https://bit.ly/numigiens)
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).

from . import ir_attachment
24 changes: 24 additions & 0 deletions ir_attachment_access_token_portal/models/ir_attachment.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Copyright 2024-today Numigi and all its contributors (https://bit.ly/numigiens)
# License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).

from odoo import models, fields


class IrAttachmentTokenAccessPortal(models.Model):
"""
Allow portal user to access the ir.attachments of tasks.
see ref: TA#6109
"""

_inherit = "ir.attachment"

access_token = fields.Char(groups="base.group_user,base.group_portal")

def generate_access_token(self):
"""
Grant sudo access to the field ir_attachment.access_token
It prevents to give write rights to ir.attachments and project.task to group_portal.
see ref: TA#6109
"""
return super(IrAttachmentTokenAccessPortal, self.sudo()).generate_access_token()
Binary file added ir_attachment_access_token_portal/static/description/icon.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit fcda1d4

Please sign in to comment.