如何从 Odoo 自动操作导入库
How to import libraries from Odoo Automated Action
我正在尝试通过 Odoo 中的自动操作向服务器发送请求。即,假设创建了一个销售订单。我想将它的一些数据发送到服务器并在其他地方处理它。
我使用“执行 Python 代码”选项创建了一个自动操作。当我尝试导入请求库时出现错误:
"forbidden opcode(s) in 'import requests\n\nprint("test")': IMPORT_NAME"
是否可以通过 Odoo 自动操作导入库?如果不能,可以采取哪些替代方案或解决方法?
这里有一张图片可以更清楚地说明:
提前致谢
丹尼斯·勒杜:
import
is indeed prevented in automated/server actions.
This is expected in Odoo for security concerns: Adding it would mean
anyone having the Settings access to your Odoo database would be able
to import any Python module, and therefore do about anything they want
with your database and server filesystem.
e.g. import shutil shutil.rmtree('.') # Deleting all folders and files of current directory
This is even more problematic when your Odoo server hosts multiple
databases: Any administrator of any database would be able to do about
anything in all other databases and filestores. It does not apply to
Odoo.sh, as each server is isolated and only host one database at a
time. But, this behavior is a restriction of the standard Odoo server,
which can have multiple databases hosted by the server, and this is
therefore important to mention this case.
Why don't you just create a custom module that overrides the create
and write
method of the model you want monitored, to contact this
REST API endpoint ?
- It will be safer,
- It will scale better as your business/customization grows. Indeed, you will use the versioning of Git and have a history of what is done
for which reason by who.
If you still want to be able to use imports in automated actions,
which is STRICTLY UNADVISED for the reason stated above, you can
create a custom module overriding the _SAFE_OPCODES
list to add the
given opcode IMPORT_NAME
.
https://github.com/odoo/odoo/blob/d7cfa8c502f27bee5c2fccb35db47b08e3b3804b/odoo/tools/safe_eval.py#L95
我正在尝试通过 Odoo 中的自动操作向服务器发送请求。即,假设创建了一个销售订单。我想将它的一些数据发送到服务器并在其他地方处理它。
我使用“执行 Python 代码”选项创建了一个自动操作。当我尝试导入请求库时出现错误:
"forbidden opcode(s) in 'import requests\n\nprint("test")': IMPORT_NAME"
是否可以通过 Odoo 自动操作导入库?如果不能,可以采取哪些替代方案或解决方法?
这里有一张图片可以更清楚地说明:
提前致谢
丹尼斯·勒杜:
import
is indeed prevented in automated/server actions.This is expected in Odoo for security concerns: Adding it would mean anyone having the Settings access to your Odoo database would be able to import any Python module, and therefore do about anything they want with your database and server filesystem.
e.g.
import shutil shutil.rmtree('.') # Deleting all folders and files of current directory
This is even more problematic when your Odoo server hosts multiple databases: Any administrator of any database would be able to do about anything in all other databases and filestores. It does not apply to Odoo.sh, as each server is isolated and only host one database at a time. But, this behavior is a restriction of the standard Odoo server, which can have multiple databases hosted by the server, and this is therefore important to mention this case.
Why don't you just create a custom module that overrides the
create
andwrite
method of the model you want monitored, to contact this REST API endpoint ?
- It will be safer,
- It will scale better as your business/customization grows. Indeed, you will use the versioning of Git and have a history of what is done for which reason by who.
If you still want to be able to use imports in automated actions, which is STRICTLY UNADVISED for the reason stated above, you can create a custom module overriding the
_SAFE_OPCODES
list to add the given opcodeIMPORT_NAME
. https://github.com/odoo/odoo/blob/d7cfa8c502f27bee5c2fccb35db47b08e3b3804b/odoo/tools/safe_eval.py#L95