website_search_products: Fix permissions

2024-02-20 10:27:45 +01:00 · 2024-02-20 10:27:45 +01:00 · 846235f9ca
commit 846235f9ca
parent fdf4e1c2a7
3 changed files with 71 additions and 58 deletions
--- a/website_search_products/controllers/controller.py
+++ b/website_search_products/controllers/controller.py
@ -1,34 +1,47 @@
-  # -*- coding: utf-8 -*-
+# -*- coding: utf-8 -*-
 from odoo import http
 from odoo.http import request
 from odoo.addons.website.controllers.main import Website

 import logging
+
 _logger = logging.getLogger(__name__)

+
 class IntentoryForm(http.Controller):

-    @http.route(['/inventory/search'], type='http', auth="user", website=True)
+    @http.route(["/inventory/search"], type="http", auth="user", website=True)
    def inventory_form(self, **post):
-        if not request.env['res.users'].browse(request.uid).has_group('base.group_portal')\
-                and not request.env['res.users'].browse(request.uid).has_group('base.group_user'):
-            redirect = b'/web?'
+        if not request.env["res.users"].browse(request.uid).has_group(
+            "base.group_portal"
+        ) and not request.env["res.users"].browse(request.uid).has_group(
+            "base.group_user"
+        ):
+            redirect = b"/web?"
            return http.redirect_with_hash(redirect)

-        products = request.env["product.template"].search([('active', '=', 'True'), ('available_in_pos', '=', 'True')])
-        vals = {'products': products}
+        products = (
+            request.env["product.template"]
+            .sudo()
+            .search([("active", "=", "True"), ("available_in_pos", "=", "True")])
+        )
+        vals = {"products": products}
        return request.render("website_search_products.web_list_products", vals)

-        
+
 class Website(Website):

    @http.route(website=True, auth="public")
    def web_login(self, redirect=None, *args, **kw):
        response = super(Website, self).web_login(redirect=redirect, *args, **kw)
-        if not redirect and request.params['login_success']:
-            if request.env['res.users'].browse(request.uid).has_group('base.group_user'):
-                redirect = b'/web?' + request.httprequest.query_string
+        if not redirect and request.params["login_success"]:
+            if (
+                request.env["res.users"]
+                .browse(request.uid)
+                .has_group("base.group_user")
+            ):
+                redirect = b"/web?" + request.httprequest.query_string
            else:
-                redirect = '/inventory/search'
+                redirect = "/inventory/search"
            return http.redirect_with_hash(redirect)
        return response