ODOO路由里面的auth="user" 的使用
一、controller介绍:Controller层在odoo里面可以认为是控制器,根据url地址来控制后端的业务和前端的内容展示,我们一般偏向于叫路由控制,
它相当于内网和外网之间的防火墙,外网的请求到达控制器后,由控制器解析请求的url,再来匹配合适的内网业务方法。
二、auth:定义请求的权限,其值有'user','public','none'三种,
1、如果路由权限为user,则需要验证了登录用户信息后才可以访问;
2、如果路由权限为public,用户如果没有通过身份验证,当前请求将使用共享的Public用户访问;
3、如果路由权限为none,则表示开放访问,没有权限验证,使用这种方式要特殊注意,
有可能你访问odoo的时候还没有确定数据库连接资源;
最简单的例子:像这两种例子系统不会验证,直接请求路由就能进到接口里面去,这里不再赘述
from odoo import http class Academy(http.Controller): @http.route('/academy/academy', auth='public',type='http') def index(self, **kw): """这里认证是public""" return "Hello, world" @http.route('/academy/academy/objects', auth='none',type='json') def list(self, **kw):
"""这里没有认证"""
return http.request.render('academy.listing', { 'root': '/academy/academy', 'objects': http.request.env['academy.academy'].search([]), })
三、功能点介绍: auth="user"的路由接口用法
则需要验证了登录用户信息后才可以访问
@http.route(['/data_test'], type='http', auth="user", csrf=False, website=True, sitemap=True, cors="*") def data_iot(self, **kw): """ auth="user" 用户验证在请求头中加入 headers = {'X-Openerp-Session-Id': session_id} :param kw: :return: """return 'True'
案例:
1、假如请求头中不加入 headers = {'X-Openerp-Session-Id': session_id},系统会返回一个登录界面,
2、加入headers = {'X-Openerp-Session-Id': session_id}后接口返回的值为 True
总结:所以使用auth="user"认证,一定需要用户登录后才可以执行路由里面的逻辑
注意点:这里的session_id怎么获取,这里写了一个函数,调用原生登录的函数获取session
@http.route('/melon/web/authenticate', type='json', auth='none', methods=["POST"], csrf=False) def melon_web_authenticate(self, *args, **post): """ 请求参数格式: { "jsonrpc": "2.0", "params": { "login": "admin", "password": "admin", "db": "odoo15001" } } 在调用其他 auth="user"的路由接口时,在请求头中添加: X-Openerp-Session-Id即可 """ data = request.jsonrequest data = data.get('params') try: login = data["login"] except KeyError: raise exceptions.AccessDenied(message='`login` is required.') try: password = data["password"] except KeyError: raise exceptions.AccessDenied(message='`password` is required.') try: db = data["db"] except KeyError: raise exceptions.AccessDenied(message='`db` is required.') url_root = request.httprequest.url_root AUTH_URL = "%sweb/session/authenticate/" % url_root headers = {'Content-type': 'application/json'} data = { "jsonrpc": "2.0", "params": { "login": login, "password": password, "db": db } } res = requests.post( AUTH_URL, data=json.dumps(data), headers=headers ) print(res.content) try: session_id = res.cookies["session_id"] user = json.loads(res.text) user["result"]["session_id"] = session_id except Exception: return "Invalid credentials." return user["result"]
postman返回的参数是:
{
"jsonrpc": "2.0",
"id": null,
"result": {
"uid": 2,
"is_system": true,
"is_admin": true,
"user_context": {
"lang": "zh_CN",
"tz": "Europe/Brussels",
"uid": 2
},
"db": "odoo15001",
"server_version": "15.0",
"server_version_info": [
15,
0,
0,
"final",
0,
""
],
"support_url": "https://www.odoo.com/buy",
"name": "Mitchell Admin",
"username": "admin",
"partner_display_name": "YourCompany, Mitchell Admin",
"company_id": 1,
"partner_id": 3,
"web.base.url": "http://127.0.0.1:8080",
"active_ids_limit": 20000,
"profile_session": null,
"profile_collectors": null,
"profile_params": null,
"max_file_upload_size": 134217728,
"home_action_id": false,
"cache_hashes": {
"translations": "5ad06e487c185f5f4a80c72120c954fa70a279a8",
"load_menus": "db05f3845859cfac0bc400bd13512ceacf41cd75e2478019bc1db62a266ef1cc",
"qweb": "b3981763272f1f1b9af47113922db3b93606d3681ae38162b15d73250e66e92c",
"assets_discuss_public": "e63e0ca54f65545b732a321ae202434cd70a902b81666851d74d86082bd48e1c"
},
"currencies": {},
"user_companies": {
"current_company": 1,
"allowed_companies": {
"1": {
"id": 1,
"name": "YourCompany",
"sequence": 0
}
}
},
"show_effect": "True",
"display_switch_company_menu": false,
"user_id": [
2
],
"web_tours": [],
"tour_disable": true,
"notification_type": "email",
"session_id": "333fb09a92b5f0ad333ffae2059cea44091ad7e0"
}
}
最后将session_id放到 上面接口即可
心有猛虎,细嗅蔷薇
