# -*- coding: utf-8 -*-
-import base64
import cStringIO
+import contextlib
import hashlib
import json
import logging
import os
+import datetime
+
+from sys import maxint
import psycopg2
import werkzeug
from PIL import Image
import openerp
-from openerp.addons.website import website
+from openerp.osv import fields
+from openerp.addons.website.models import website
from openerp.addons.web import http
-from openerp.addons.web.http import request
+from openerp.addons.web.http import request, LazyResponse
logger = logging.getLogger(__name__)
-
-def auth_method_public():
- registry = openerp.modules.registry.RegistryManager.get(request.db)
- if not request.session.uid:
- request.uid = registry['website'].get_public_user().id
- else:
- request.uid = request.session.uid
-http.auth_methods['public'] = auth_method_public
-
-NOPE = object()
-# PIL images have a type flag, but no MIME. Reverse type flag to MIME.
-PIL_MIME_MAPPING = {'PNG': 'image/png', 'JPEG': 'image/jpeg', 'GIF': 'image/gif', }
# Completely arbitrary limits
MAX_IMAGE_WIDTH, MAX_IMAGE_HEIGHT = IMAGE_LIMITS = (1024, 768)
+
class Website(openerp.addons.web.controllers.main.Home):
- @website.route('/', type='http', auth="admin", multilang=True)
+ #------------------------------------------------------
+ # View
+ #------------------------------------------------------
+ @http.route('/', type='http', auth="public", website=True, multilang=True)
def index(self, **kw):
+ try:
+ main_menu = request.registry['ir.model.data'].get_object(request.cr, request.uid, 'website', 'main_menu')
+ first_menu = main_menu.child_id and main_menu.child_id[0]
+ # Dont 302 loop on /
+ if first_menu and not ((first_menu.url == '/') or first_menu.url.startswith('/#') or first_menu.url.startswith('/?')):
+ return request.redirect(first_menu.url)
+ except:
+ pass
return self.page("website.homepage")
- @http.route('/admin', type='http', auth="none")
- def admin(self, *args, **kw):
- return super(Website, self).index(*args, **kw)
+ @http.route(website=True, auth="public", multilang=True)
+ def web_login(self, *args, **kw):
+ response = super(Website, self).web_login(*args, **kw)
+ if isinstance(response, LazyResponse):
+ values = dict(response.params['values'], disable_footer=True)
+ response = request.website.render(response.params['template'], values)
+ return response
- # FIXME: auth, if /pagenew known anybody can create new empty page
- @website.route('/pagenew/<path:path>', type='http', auth="admin")
- def pagenew(self, path, noredirect=NOPE):
- if '.' in path:
- module, idname = path.split('.', 1)
- else:
- module = 'website'
- idname = path
- path = "%s.%s" % (module, idname)
+ @http.route('/page/<page:page>', type='http', auth="public", website=True, multilang=True)
+ def page(self, page, **opt):
+ values = {
+ 'path': page,
+ }
+ # allow shortcut for /page/<website_xml_id>
+ if '.' not in page:
+ page = 'website.%s' % page
- request.cr.execute('SAVEPOINT pagenew')
- imd = request.registry['ir.model.data']
- view = request.registry['ir.ui.view']
- view_model, view_id = imd.get_object_reference(
- request.cr, request.uid, 'website', 'default_page')
- newview_id = view.copy(
- request.cr, request.uid, view_id, context=request.context)
- newview = view.browse(
- request.cr, request.uid, newview_id, context=request.context)
- newview.write({
- 'arch': newview.arch.replace("website.default_page", path),
- 'name': "page/%s" % path,
- 'page': True,
- })
- # Fuck it, we're doing it live
try:
- imd.create(request.cr, request.uid, {
- 'name': idname,
- 'module': module,
- 'model': 'ir.ui.view',
- 'res_id': newview_id,
- 'noupdate': True
- }, context=request.context)
- except psycopg2.IntegrityError:
- request.cr.execute('ROLLBACK TO SAVEPOINT pagenew')
- else:
- request.cr.execute('RELEASE SAVEPOINT pagenew')
- url = "/page/%s" % path
- if noredirect is not NOPE:
+ request.website.get_template(page)
+ except ValueError, e:
+ # page not found
+ if request.context['editable']:
+ page = 'website.page_404'
+ else:
+ return request.registry['ir.http']._handle_exception(e, 404)
+
+ return request.website.render(page, values)
+
+ @http.route(['/robots.txt'], type='http', auth="public", website=True)
+ def robots(self):
+ response = request.website.render('website.robots', {'url_root': request.httprequest.url_root})
+ response.mimetype = 'text/plain'
+ return response
+
+ @http.route('/sitemap', type='http', auth='public', website=True, multilang=True)
+ def sitemap(self):
+ return request.website.render('website.sitemap', {
+ 'pages': request.website.enumerate_pages()
+ })
+
+ @http.route('/sitemap.xml', type='http', auth="public", website=True)
+ def sitemap_xml(self):
+ response = request.website.render('website.sitemap_xml', {
+ 'pages': request.website.enumerate_pages()
+ })
+ response.headers['Content-Type'] = 'application/xml;charset=utf-8'
+ return response
+
+ #------------------------------------------------------
+ # Edit
+ #------------------------------------------------------
+ @http.route('/website/add/<path:path>', type='http', auth="user", website=True)
+ def pagenew(self, path, noredirect=False, add_menu=None):
+ xml_id = request.registry['website'].new_page(request.cr, request.uid, path, context=request.context)
+ if add_menu:
+ model, id = request.registry["ir.model.data"].get_object_reference(request.cr, request.uid, 'website', 'main_menu')
+ request.registry['website.menu'].create(request.cr, request.uid, {
+ 'name': path,
+ 'url': "/page/" + xml_id,
+ 'parent_id': id,
+ }, context=request.context)
+ url = "/page/" + xml_id
+ if noredirect:
return werkzeug.wrappers.Response(url, mimetype='text/plain')
return werkzeug.utils.redirect(url)
- @website.route('/website/theme_change', type='http', auth="admin")
+ @http.route('/website/theme_change', type='http', auth="user", website=True)
def theme_change(self, theme_id=False, **kwargs):
imd = request.registry['ir.model.data']
view = request.registry['ir.ui.view']
return request.website.render('website.themes', {'theme_changed': True})
- @website.route('/page/<path:path>', type='http', auth="admin", multilang=True)
- def page(self, path, **kwargs):
- values = {
- 'path': path,
- }
- try:
- html = request.website.render(path, values)
- except ValueError:
- html = request.website.render('website.404', values)
- return html
-
- @website.route('/website/customize_template_toggle', type='json', auth='admin') # FIXME: auth
+ @http.route(['/website/snippets'], type='json', auth="public", website=True)
+ def snippets(self):
+ return request.website._render('website.snippets')
+
+ @http.route('/website/reset_templates', type='http', auth='user', methods=['POST'], website=True)
+ def reset_template(self, templates, redirect='/'):
+ templates = request.httprequest.form.getlist('templates')
+ modules_to_update = []
+ for temp_id in templates:
+ view = request.registry['ir.ui.view'].browse(request.cr, request.uid, int(temp_id), context=request.context)
+ if view.page:
+ continue
+ view.model_data_id.write({
+ 'noupdate': False
+ })
+ if view.model_data_id.module not in modules_to_update:
+ modules_to_update.append(view.model_data_id.module)
+
+ if modules_to_update:
+ module_obj = request.registry['ir.module.module']
+ module_ids = module_obj.search(request.cr, request.uid, [('name', 'in', modules_to_update)], context=request.context)
+ if module_ids:
+ module_obj.button_immediate_upgrade(request.cr, request.uid, module_ids, context=request.context)
+ return request.redirect(redirect)
+
+ @http.route('/website/customize_template_toggle', type='json', auth='user', website=True)
def customize_template_set(self, view_id):
view_obj = request.registry.get("ir.ui.view")
view = view_obj.browse(request.cr, request.uid, int(view_id),
}, context=request.context)
return True
- @website.route('/website/customize_template_get', type='json', auth='admin') # FIXME: auth
+ @http.route('/website/customize_template_get', type='json', auth='user', website=True)
def customize_template_get(self, xml_id, optional=True):
imd = request.registry['ir.model.data']
view_model, view_theme_id = imd.get_object_reference(
request.cr, request.uid, 'website', 'theme')
+ user = request.registry['res.users'].browse(request.cr, request.uid, request.uid, request.context)
+ group_ids = [g.id for g in user.groups_id]
+
view = request.registry.get("ir.ui.view")
- views = view._views_get(request.cr, request.uid, xml_id, request.context)
+ views = view._views_get(request.cr, request.uid, xml_id, context=request.context)
done = {}
result = []
for v in views:
+ if v.groups_id and [g for g in v.groups_id if g.id not in group_ids]:
+ continue
if v.inherit_option_id and v.inherit_option_id.id != view_theme_id or not optional:
if v.inherit_option_id.id not in done:
result.append({
'name': v.inherit_option_id.name,
'id': v.id,
+ 'xml_id': v.xml_id,
+ 'inherit_id': v.inherit_id.id,
'header': True,
'active': False
})
result.append({
'name': v.name,
'id': v.id,
+ 'xml_id': v.xml_id,
+ 'inherit_id': v.inherit_id.id,
'header': False,
'active': (v.inherit_id.id == v.inherit_option_id.id) or (not optional and v.inherit_id.id)
})
return result
- @website.route('/website/get_view_translations', type='json', auth='admin')
+ @http.route('/website/get_view_translations', type='json', auth='public', website=True)
def get_view_translations(self, xml_id, lang=None):
lang = lang or request.context.get('lang')
views = self.customize_template_get(xml_id, optional=False)
irt = request.registry.get('ir.translation')
return irt.search_read(request.cr, request.uid, domain, ['id', 'res_id', 'value'], context=request.context)
- @website.route('/website/set_translations', type='json', auth='admin')
+ @http.route('/website/set_translations', type='json', auth='public', website=True)
def set_translations(self, data, lang):
irt = request.registry.get('ir.translation')
for view_id, trans in data.items():
'value': new_content,
}
irt.create(request.cr, request.uid, new_trans)
- irt._get_source.clear_cache(irt) # FIXME: find why ir.translation does not invalidate
return True
- # # FIXME: auth, anybody can upload an attachment if URL known/found
- @website.route('/website/attach', type='http', auth='admin')
+ @http.route('/website/attach', type='http', auth='user', methods=['POST'], website=True)
def attach(self, func, upload):
- req = request.httprequest
- if req.method != 'POST':
- return werkzeug.exceptions.MethodNotAllowed(valid_methods=['POST'])
url = message = None
try:
- attachment_id = request.registry['ir.attachment'].create(request.cr, request.uid, {
+ image_data = upload.read()
+ image = Image.open(cStringIO.StringIO(image_data))
+ w, h = image.size
+ if w*h > 42e6: # Nokia Lumia 1020 photo resolution
+ raise ValueError(
+ u"Image size excessive, uploaded images must be smaller "
+ u"than 42 million pixel")
+
+ Attachments = request.registry['ir.attachment']
+ attachment_id = Attachments.create(request.cr, request.uid, {
'name': upload.filename,
- 'datas': base64.encodestring(upload.read()),
+ 'datas': image_data.encode('base64'),
'datas_fname': upload.filename,
'res_model': 'ir.ui.view',
}, request.context)
- # FIXME: auth=user... no good.
- url = '/website/attachment/%d' % attachment_id
+
+ [attachment] = Attachments.read(
+ request.cr, request.uid, [attachment_id], ['website_url'],
+ context=request.context)
+ url = attachment['website_url']
except Exception, e:
logger.exception("Failed to upload image to attachment")
- message = str(e)
+ message = unicode(e)
return """<script type='text/javascript'>
window.parent['%s'](%s, %s);
</script>""" % (func, json.dumps(url), json.dumps(message))
- @website.route('/website/attachment/<int:id>', type='http', auth="admin")
- def attachment(self, id):
- # TODO: provide actual thumbnails?
- # FIXME: can't use Binary.image because auth=user and website attachments need to be public
- attachment = request.registry['ir.attachment'].browse(
- request.cr, request.uid, id, request.context)
+ @http.route(['/website/publish'], type='json', auth="public", website=True)
+ def publish(self, id, object):
+ _id = int(id)
+ _object = request.registry[object]
+ obj = _object.browse(request.cr, request.uid, _id)
- buf = cStringIO.StringIO(base64.decodestring(attachment.datas))
+ values = {}
+ if 'website_published' in _object._all_columns:
+ values['website_published'] = not obj.website_published
+ if 'website_published_datetime' in _object._all_columns and values.get('website_published'):
+ values['website_published_datetime'] = fields.datetime.now()
+ _object.write(request.cr, request.uid, [_id],
+ values, context=request.context)
- image = Image.open(buf)
- mime = PIL_MIME_MAPPING[image.format]
+ obj = _object.browse(request.cr, request.uid, _id)
+ return bool(obj.website_published)
- w, h = image.size
- resized = w > MAX_IMAGE_WIDTH or h > MAX_IMAGE_HEIGHT
+ #------------------------------------------------------
+ # Helpers
+ #------------------------------------------------------
+ @http.route(['/website/kanban/'], type='http', auth="public", methods=['POST'], website=True)
+ def kanban(self, **post):
+ return request.website.kanban_col(**post)
- # If saving unnecessary, just send the image buffer, don't go through
- # Image.save() (especially as it breaks animated gifs)
- if not resized:
- buf.seek(0)
- return werkzeug.wrappers.Response(buf, status=200, mimetype=mime)
+ def placeholder(self, response):
+ # file_open may return a StringIO. StringIO can be closed but are
+ # not context managers in Python 2 though that is fixed in 3
+ with contextlib.closing(openerp.tools.misc.file_open(
+ os.path.join('web', 'static', 'src', 'img', 'placeholder.png'),
+ mode='rb')) as f:
+ response.data = f.read()
+ return response.make_conditional(request.httprequest)
+
+ @http.route([
+ '/website/image',
+ '/website/image/<model>/<id>/<field>'
+ ], auth="public", website=True)
+ def website_image(self, model, id, field, max_width=maxint, max_height=maxint):
+ Model = request.registry[model]
- image.thumbnail(IMAGE_LIMITS, Image.ANTIALIAS)
- response = werkzeug.wrappers.Response(status=200, mimetype=mime)
- image.save(response.stream, image.format)
- return response
+ response = werkzeug.wrappers.Response()
- @website.route('/website/image', type='http', auth="public")
- def image(self, model, id, field, **kw):
- last_update = '__last_update'
- Model = request.registry[model]
- headers = [('Content-Type', 'image/png')]
- etag = request.httprequest.headers.get('If-None-Match')
- hashed_session = hashlib.md5(request.session_id).hexdigest()
- retag = hashed_session
- try:
- if etag:
- date = Model.read(request.cr, request.uid, [id], [last_update], request.context)[0].get(last_update)
- if hashlib.md5(date).hexdigest() == etag:
- return werkzeug.wrappers.Response(status=304)
-
- res = Model.read(request.cr, request.uid, [id], [last_update, field], request.context)[0]
- retag = hashlib.md5(res.get(last_update)).hexdigest()
- image_base64 = res.get(field)
-
- if kw.get('resize'):
- resize = kw.get('resize').split(',')
- if len(resize) == 2 and int(resize[0]) and int(resize[1]):
- width = int(resize[0])
- height = int(resize[1])
- # resize maximum 500*500
- if width > 500:
- width = 500
- if height > 500:
- height = 500
- image_base64 = openerp.tools.image_resize_image(base64_source=image_base64, size=(width, height), encoding='base64', filetype='PNG')
-
- image_data = base64.b64decode(image_base64)
- except Exception:
- image_data = open(os.path.join(http.addons_manifest['web']['addons_path'], 'web', 'static', 'src', 'img', 'placeholder.png'), 'rb').read()
-
- headers.append(('ETag', retag))
- headers.append(('Content-Length', len(image_data)))
- try:
- ncache = int(kw.get('cache'))
- headers.append(('Cache-Control', 'no-cache' if ncache == 0 else 'max-age=%s' % (ncache)))
- except:
- pass
- return request.make_response(image_data, headers)
+ id = int(id)
- @website.route(['/website/publish/'], type='http', auth="public")
- def publish(self, **post):
- _id = int(post['id'])
- _object = request.registry[post['object']]
+ ids = Model.search(request.cr, request.uid,
+ [('id', '=', id)], context=request.context) \
+ or Model.search(request.cr, openerp.SUPERUSER_ID,
+ [('id', '=', id), ('website_published', '=', True)], context=request.context)
- obj = _object.browse(request.cr, request.uid, _id)
- _object.write(request.cr, request.uid, [_id],
- {'website_published': not obj.website_published},
- context=request.context)
- obj = _object.browse(request.cr, request.uid, _id)
+ if not ids:
+ return self.placeholder(response)
- return obj.website_published and "1" or "0"
+ concurrency = '__last_update'
+ [record] = Model.read(request.cr, openerp.SUPERUSER_ID, [id],
+ [concurrency, field], context=request.context)
+
+ if concurrency in record:
+ server_format = openerp.tools.misc.DEFAULT_SERVER_DATETIME_FORMAT
+ try:
+ response.last_modified = datetime.datetime.strptime(
+ record[concurrency], server_format + '.%f')
+ except ValueError:
+ # just in case we have a timestamp without microseconds
+ response.last_modified = datetime.datetime.strptime(
+ record[concurrency], server_format)
+
+ # Field does not exist on model or field set to False
+ if not record.get(field):
+ # FIXME: maybe a field which does not exist should be a 404?
+ return self.placeholder(response)
+
+ response.set_etag(hashlib.sha1(record[field]).hexdigest())
+ response.make_conditional(request.httprequest)
+
+ # conditional request match
+ if response.status_code == 304:
+ return response
+
+ data = record[field].decode('base64')
+ fit = int(max_width), int(max_height)
+
+ buf = cStringIO.StringIO(data)
+
+ image = Image.open(buf)
+ image.load()
+ response.mimetype = Image.MIME[image.format]
+
+ w, h = image.size
+ max_w, max_h = fit
+
+ if w < max_w and h < max_h:
+ response.data = data
+ else:
+ image.thumbnail(fit, Image.ANTIALIAS)
+ image.save(response.stream, image.format)
+ # invalidate content-length computed by make_conditional as writing
+ # to response.stream does not do it (as of werkzeug 0.9.3)
+ del response.headers['Content-Length']
+
+ return response
- @website.route(['/website/kanban/'], type='http', auth="public")
- def kanban(self, **post):
- return request.website.kanban_col(**post)
# vim:expandtab:tabstop=4:softtabstop=4:shiftwidth=4: