odoo 12 中 ir.config_paramenter 的权限
Permission of ir.config_paramenter in odoo 12
我遇到了这个问题。为什么会出现此访问错误,我该如何解决?
Odoo Server Error - Access Error
Sorry, you are not allowed to access
this document. Only users with the following access level are
currently allowed to do that:
- Administration/Settings
(Document model: ir.config_parameter) - (Operation: read, User: 21)
这是我的代码:
按钮提交:
<button string="Confirm" name="button_submit" states="draft" type="object" class="oe_highlight"/>
我的python代码:
def send_email(self, subject, message_body, email_from, email_to):
template_obj = self.env['mail.mail']
template_data = {
'subject': subject,
'body_html': message_body,
'email_from': email_from,
'email_to': email_to
}
template_id = template_obj.create(template_data)
template_obj.send(template_id)
template_id.send()
@api.multi
def request_recuitment_send_mail(self):
""" Send mail with wizard """
base_url = request.env['ir.config_parameter'].get_param('web.base.url')
base_url += '/web#id=%d&view_type=form&model=%s' % (self.id, self._name)
subject = '''Request recuitment for {}'''.format(self.job_id.name)
message_body = '''
<div style="font-size: medium;">
Dear {},
Please check this link for more information <a href="{}">Click here</a>
'''.format(
self.user_id.name,
base_url,
)
email_from = '''HR Recruiment <{}>'''.format(self.approver_id.work_email)
email_to = self.user_id.email
self.send_email(subject, message_body, email_from, email_to)
@api.multi
def button_approve(self):
subject = "Request recruitment for {self.job_id.name} has been approved "
body = '''
Position Request: {}
Quantity of Position: {}
Department: {}
Expected Gross Salary: {}
'''.format(
self.job_id.name,
self.quantity,
self.department_id.name,
self.salary_cross_expected
)
self.env['mail.message'].create({'message_type': "notification",
"subtype": self.env.ref("mail.mt_comment").id,
'body': body,
'subject': subject,
'needaction_partner_ids': [(4, self.user_id.partner_id.id,)],
'model': self._name,
'res_id': self.id,
})
self.request_recuitment_approved_send_mail()
self.write({'state': 'approved'})
在这种情况下使用 sudo() 应该是安全的:
request.env['ir.config_parameter'].sudo().get_param('web.base.url')
“普通”用户对模型 ir.config_parameter(系统参数)没有任何权限。只有管理员(其默认访问组之一)或超级用户才能读取此类参数。
关于 sudo([flag=True]) 来自 current documentation (Odoo 15):
Returns a new version of this recordset with superuser mode enabled or disabled, depending on flag. The superuser mode does not change the current user, and simply bypasses access rights checks.
重要提示:我不完全确定它何时更改,但 IIRC 自 Odoo 13 以来删除了“当前用户更改”。因此对于 Odoo 12 sudo 将更改当前用户,例如将对创建时的默认值、创建的消息作者等产生影响。
在你的情况下这是无关紧要的,因为你只是得到基础 url 或参数值,仅此而已。
我遇到了这个问题。为什么会出现此访问错误,我该如何解决?
Odoo Server Error - Access Error
Sorry, you are not allowed to access this document. Only users with the following access level are currently allowed to do that:
- Administration/Settings
(Document model: ir.config_parameter) - (Operation: read, User: 21)
这是我的代码:
按钮提交:
<button string="Confirm" name="button_submit" states="draft" type="object" class="oe_highlight"/>
我的python代码:
def send_email(self, subject, message_body, email_from, email_to):
template_obj = self.env['mail.mail']
template_data = {
'subject': subject,
'body_html': message_body,
'email_from': email_from,
'email_to': email_to
}
template_id = template_obj.create(template_data)
template_obj.send(template_id)
template_id.send()
@api.multi
def request_recuitment_send_mail(self):
""" Send mail with wizard """
base_url = request.env['ir.config_parameter'].get_param('web.base.url')
base_url += '/web#id=%d&view_type=form&model=%s' % (self.id, self._name)
subject = '''Request recuitment for {}'''.format(self.job_id.name)
message_body = '''
<div style="font-size: medium;">
Dear {},
Please check this link for more information <a href="{}">Click here</a>
'''.format(
self.user_id.name,
base_url,
)
email_from = '''HR Recruiment <{}>'''.format(self.approver_id.work_email)
email_to = self.user_id.email
self.send_email(subject, message_body, email_from, email_to)
@api.multi
def button_approve(self):
subject = "Request recruitment for {self.job_id.name} has been approved "
body = '''
Position Request: {}
Quantity of Position: {}
Department: {}
Expected Gross Salary: {}
'''.format(
self.job_id.name,
self.quantity,
self.department_id.name,
self.salary_cross_expected
)
self.env['mail.message'].create({'message_type': "notification",
"subtype": self.env.ref("mail.mt_comment").id,
'body': body,
'subject': subject,
'needaction_partner_ids': [(4, self.user_id.partner_id.id,)],
'model': self._name,
'res_id': self.id,
})
self.request_recuitment_approved_send_mail()
self.write({'state': 'approved'})
在这种情况下使用 sudo() 应该是安全的:
request.env['ir.config_parameter'].sudo().get_param('web.base.url')
“普通”用户对模型 ir.config_parameter(系统参数)没有任何权限。只有管理员(其默认访问组之一)或超级用户才能读取此类参数。
关于 sudo([flag=True]) 来自 current documentation (Odoo 15):
Returns a new version of this recordset with superuser mode enabled or disabled, depending on flag. The superuser mode does not change the current user, and simply bypasses access rights checks.
重要提示:我不完全确定它何时更改,但 IIRC 自 Odoo 13 以来删除了“当前用户更改”。因此对于 Odoo 12 sudo 将更改当前用户,例如将对创建时的默认值、创建的消息作者等产生影响。
在你的情况下这是无关紧要的,因为你只是得到基础 url 或参数值,仅此而已。