# -*- coding: utf-8 -*-
# Part of Odoo. See LICENSE file for full copyright and licensing details.
from werkzeug.exceptions import Forbidden, NotFound
from odoo import _
from odoo.http import Controller, request, Response, route
from odoo.tools import consteq
class DigestController(Controller):
# csrf is disabled here because it will be called by the MUA with unpredictable session at that time
@route('/digest/<int:digest_id>/unsubscribe_oneclik', type='http', website=True, auth='public',
methods=['POST'], csrf=False)
def digest_unsubscribe_oneclick(self, digest_id, token=None, user_id=None):
""" Propose a one click button to the user to unsubscribe as defined in
Only POST method is allowed preventing the risk that anti-spam trigger unwanted
unsubscribe (scenario explained in the same rfc). Note: this method
must support encoding method 'multipart/form-data' and 'application/x-www-form-urlencoded'.
self.digest_unsubscribe(digest_id, token=token, user_id=user_id)
return Response(status=200)
@route('/digest/<int:digest_id>/unsubscribe', type='http', website=True, auth='public', methods=['GET', 'POST'])
def digest_unsubscribe(self, digest_id, token=None, user_id=None, one_click=None):
""" Unsubscribe a given user from a given digest
:param int digest_id: id of digest to unsubscribe from
:param str token: token preventing URL forgery
:param user_id: id of user to unsubscribe
:param int one_click: set it to 1 when using the URL in the header of
the email to allow mail user agent to propose a one click button to the
user to unsubscribe as defined in rfc8058. When set to True, only POST
method is allowed preventing the risk that anti-spam trigger unwanted
unsubscribe (scenario explained in the same rfc). Note: this method
must support encoding method 'multipart/form-data' and 'application/x-www-form-urlencoded'.
if one_click and int(one_click) and request.httprequest.method != "POST":
raise Forbidden()
digest_sudo = request.env['digest.digest'].sudo().browse(digest_id).exists()
# new route parameters
if digest_sudo and token and user_id:
correct_token = digest_sudo._get_unsubscribe_token(int(user_id))
if not consteq(correct_token, token):
raise NotFound()
# old route was given without any token or user_id but only for auth users
elif digest_sudo and not token and not user_id and not request.env.user.share:
raise NotFound()
return request.render('digest.portal_digest_unsubscribed', {
'digest': digest_sudo,
@route('/digest/<int:digest_id>/set_periodicity', type='http', website=True, auth='user')
def digest_set_periodicity(self, digest_id, periodicity='weekly'):
if not request.env.user.has_group('base.group_erp_manager'):
raise Forbidden()
if periodicity not in ('daily', 'weekly', 'monthly', 'quarterly'):
raise ValueError(_('Invalid periodicity set on digest'))
digest = request.env['digest.digest'].browse(digest_id).exists()
url = f"/odoo/{digest._name}/{digest.id}"
return request.redirect(url)