allow portal user to access feature or navigate to the page odoo 12

638 views Asked by At

I have created a module in odoo 12 which allows portal users to manage their timesheet.
from the controller all the available features of module, I used sudo() so that the portal user does not get any access right issue.
when creating a new timesheet controller directly calls the create() function, when delete it calls unlink() but when the user wants to edit the timesheet, I redirect the user to another page, on that page, there is an edit form, but it shows me 403 forbidden error message when the portal user navigates to that page.
the issue occurs only if I create a new portal user, it allows Joel Willis who is already in odoo.
I have added sudo() in that edit timesheet template too, but it did not work.
like this..

class EditTimesheet(http.Controller):

    @http.route(['/edit_timesheet/<model("account.analytic.line"):timesheet>'], type='http', auth="public", website=True)
    def _edit_timesheet(self, timesheet, category='', search='', **kwargs):
        self.sudo().edit_timesheet(timesheet, category='', search='', **kwargs)

    def edit_timesheet(self, timesheet, category='', search='', **kwargs):
        return request.render("timesheet_module.edit_timesheet",{'timesheet':timesheet.sudo()})

error in logger.
Traceback (most recent call last):
  File "/home/milan/workspace/odoo/odoo12/odoo/api.py", line 1049, in get
    value = self._data[key][field][record._ids[0]]
KeyError: 6

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/milan/workspace/odoo/odoo12/odoo/fields.py", line 1012, in __get__
    value = record.env.cache.get(record, self)
  File "/home/milan/workspace/odoo/odoo12/odoo/api.py", line 1051, in get
    raise CacheMiss(record, field)
odoo.exceptions.CacheMiss: ('account.analytic.line(6,).display_name', None)

odoo.exceptions.AccessError: ('The requested operation cannot be completed due to security restrictions. Please contact your system administrator.\n\n(Document type: Analytic Line, Operation: read) - (Records: [6], User: 8)', None)
1

There are 1 answers

0
Den Den On

When you use <model("account.analytic.line"):timesheet> in the route I believe it checks the permissions for the model/logged in user when the route is hit. So it is throwing the error before you even get to the sudo call. I would recommend taking in an accout.analytic.line id instead (make sure you pass in just id then) and combine your 2 routes into 1 like such...

@http.route(['/edit_timesheet/<int:timesheet_id>'], type='http', auth="public", website=True)
    def edit_timesheet(self, timesheet_id, category='', search='', **kwargs):
        timsheet = env['account.analytic.line'].sudo().browse(timesheet_id)
        return request.render("timesheet_module.edit_timesheet",{'timesheet':timesheet})