diff --git a/addons/calendar/controllers/main.py b/addons/calendar/controllers/main.py index 11ca7675daf00..2512b1e59990f 100644 --- a/addons/calendar/controllers/main.py +++ b/addons/calendar/controllers/main.py @@ -3,30 +3,22 @@ import werkzeug -from odoo.api import Environment import odoo.http as http from odoo.http import request -from odoo import SUPERUSER_ID -from odoo import registry as registry_get from odoo.tools.misc import get_lang class CalendarController(http.Controller): @http.route('/calendar/meeting/accept', type='http', auth="calendar") - def accept(self, db, token, action, id, **kwargs): - registry = registry_get(db) - with registry.cursor() as cr: - env = Environment(cr, SUPERUSER_ID, {}) - attendee = env['calendar.attendee'].search([('access_token', '=', token), ('state', '!=', 'accepted')]) - if attendee: - attendee.do_accept() - return self.view(db, token, action, id, view='form') + def accept(self, token, action, id, **kwargs): + attendee = request.env['calendar.attendee'].search([('access_token', '=', token), ('state', '!=', 'accepted')]) + attendee.do_accept() + return self.view(token, action, id, view='form') @http.route('/calendar/recurrence/accept', type='http', auth="calendar") - def accept_recurrence(self, db, token, action, id, **kwargs): - # LUL TODO db required? + def accept_recurrence(self, token, action, id, **kwargs): attendee = request.env['calendar.attendee'].sudo().search([('access_token', '=', token), ('state', '!=', 'accepted')]) if attendee: attendees = request.env['calendar.attendee'].sudo().search([ @@ -35,11 +27,10 @@ def accept_recurrence(self, db, token, action, id, **kwargs): ('state', '!=', 'accepted'), ]) attendees.do_accept() - return self.view(db, token, action, id, view='form') + return self.view(token, action, id, view='form') @http.route('/calendar/recurrence/decline', type='http', auth="calendar") - def decline_recurrence(self, db, token, action, id, **kwargs): - # LUL TODO db required? + def decline_recurrence(self, token, action, id, **kwargs): attendee = request.env['calendar.attendee'].sudo().search([('access_token', '=', token), ('state', '!=', 'declined')]) if attendee: attendees = request.env['calendar.attendee'].sudo().search([ @@ -48,46 +39,38 @@ def decline_recurrence(self, db, token, action, id, **kwargs): ('state', '!=', 'declined'), ]) attendees.do_decline() - return self.view(db, token, action, id, view='form') + return self.view(token, action, id, view='form') @http.route('/calendar/meeting/decline', type='http', auth="calendar") - def declined(self, db, token, action, id): - registry = registry_get(db) - with registry.cursor() as cr: - env = Environment(cr, SUPERUSER_ID, {}) - attendee = env['calendar.attendee'].search([('access_token', '=', token), ('state', '!=', 'declined')]) - if attendee: - attendee.do_decline() - return self.view(db, token, action, id, view='form') + def decline(self, token, action, id, **kwargs): + attendee = request.env['calendar.attendee'].search([('access_token', '=', token), ('state', '!=', 'declined')]) + attendee.do_decline() + return self.view(token, action, id, view='form') @http.route('/calendar/meeting/view', type='http', auth="calendar") - def view(self, db, token, action, id, view='calendar'): - registry = registry_get(db) - with registry.cursor() as cr: - # Since we are in auth=none, create an env with SUPERUSER_ID - env = Environment(cr, SUPERUSER_ID, {}) - attendee = env['calendar.attendee'].search([('access_token', '=', token), ('event_id', '=', int(id))]) - if not attendee: - return request.not_found() - timezone = attendee.partner_id.tz - lang = attendee.partner_id.lang or get_lang(request.env).code - event = env['calendar.event'].with_context(tz=timezone, lang=lang).browse(int(id)) + def view(self, token, action, id, view='calendar'): + attendee = request.env['calendar.attendee'].search([('access_token', '=', token), ('event_id', '=', int(id))]) + if not attendee: + return request.not_found() + timezone = attendee.partner_id.tz + lang = attendee.partner_id.lang or get_lang(request.env).code + event = request.env['calendar.event'].with_context(tz=timezone, lang=lang).browse(int(id)) - # If user is internal and logged, redirect to form view of event - # otherwise, display the simplifyed web page with event informations - if request.session.uid and request.env['res.users'].browse(request.session.uid).user_has_groups('base.group_user'): - return werkzeug.utils.redirect('/web?db=%s#id=%s&view_type=form&model=calendar.event' % (db, id)) + # If user is internal and logged, redirect to form view of event + # otherwise, display the simplifyed web page with event informations + if request.session.uid and request.env['res.users'].browse(request.session.uid).user_has_groups('base.group_user'): + return werkzeug.utils.redirect('/web?db=%s#id=%s&view_type=form&model=calendar.event' % (self.env.cr.dbname, id)) - # NOTE : we don't use request.render() since: - # - we need a template rendering which is not lazy, to render before cursor closing - # - we need to display the template in the language of the user (not possible with - # request.render()) - response_content = env['ir.ui.view'].with_context(lang=lang).render_template( - 'calendar.invitation_page_anonymous', { - 'event': event, - 'attendee': attendee, - }) - return request.make_response(response_content, headers=[('Content-Type', 'text/html')]) + # NOTE : we don't use request.render() since: + # - we need a template rendering which is not lazy, to render before cursor closing + # - we need to display the template in the language of the user (not possible with + # request.render()) + response_content = request.env['ir.ui.view'].with_context(lang=lang).render_template( + 'calendar.invitation_page_anonymous', { + 'event': event, + 'attendee': attendee, + }) + return request.make_response(response_content, headers=[('Content-Type', 'text/html')]) # Function used, in RPC to check every 5 minutes, if notification to do for an event or not @http.route('/calendar/notify', type='json', auth="user") diff --git a/addons/calendar/models/ir_http.py b/addons/calendar/models/ir_http.py index 07441f151355b..224cd0f0de367 100644 --- a/addons/calendar/models/ir_http.py +++ b/addons/calendar/models/ir_http.py @@ -3,7 +3,6 @@ from odoo import models from odoo.http import request -from odoo.api import Environment from werkzeug.exceptions import BadRequest @@ -13,22 +12,18 @@ class IrHttp(models.AbstractModel): @classmethod def _auth_method_calendar(cls): - token = request.params['token'] - dbname = request.params['db'] + token = request.params.get('token', '') - registry = odoo.registry(dbname) error_message = False - with registry.cursor() as cr: - env = Environment(cr, SUPERUSER_ID, {}) - - attendee = env['calendar.attendee'].sudo().search([('access_token', '=', token)], limit=1) - if not attendee: - error_message = """Invalid Invitation Token.""" - elif request.session.uid and request.session.login != 'anonymous': - # if valid session but user is not match - user = env['res.users'].sudo().browse(request.session.uid) - if attendee.partner_id != user.partner_id: - error_message = """Invitation cannot be forwarded via email. This event/meeting belongs to %s and you are logged in as %s. Please ask organizer to add you.""" % (attendee.email, user.email) + + attendee = request.env['calendar.attendee'].sudo().search([('access_token', '=', token)], limit=1) + if not attendee: + error_message = """Invalid Invitation Token.""" + elif request.session.uid and request.session.login != 'anonymous': + # if valid session but user is not match + user = request.env['res.users'].sudo().browse(request.session.uid) + if attendee.partner_id != user.partner_id: + error_message = """Invitation cannot be forwarded via email. This event/meeting belongs to %s and you are logged in as %s. Please ask organizer to add you.""" % (attendee.email, user.email) if error_message: raise BadRequest(error_message)