NextERP/runbot
5
0
Fork 0
mirror of https://github.com/odoo/runbot.git synced 2025-03-27 13:25:47 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

[FIX] limit /force route to advanced users

Browse Source 
The force buttons were hidden because unfortunately miss used as a
rebuild in some case instead. The position of the button was to obvious
and used as a "magic fix" when the intended behavior was only for really
specific cases.

Unfortunately the routes were know and still used manually. This commit
blocs the access giving a message to ask for the group if needed.

Those feature would benefit for some documentation.
This commit is contained in:
Xavier-Do 2023-03-24 11:00:23 +01:00 committed by Christophe Monniez
parent 30c74e2434
commit 0edc0bce3a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
runbot/controllers/frontend.py
View File

@ -210,6 +210,8 @@ class Runbot(Controller):
'/runbot/bundle/<model("runbot.bundle"):bundle>/force/<int:auto_rebase>', '/runbot/bundle/<model("runbot.bundle"):bundle>/force/<int:auto_rebase>',
], type='http', auth="user", methods=['GET', 'POST'], csrf=False) ], type='http', auth="user", methods=['GET', 'POST'], csrf=False)
def force_bundle(self, bundle, auto_rebase=False, **_post): def force_bundle(self, bundle, auto_rebase=False, **_post):
if not self.env.user.has_group('runbot.group_runbot_advanced_user'):
raise Forbidden("Only users with a specific group can do that. Please contact runbot administrators")
_logger.info('user %s forcing bundle %s', request.env.user.name, bundle.name) # user must be able to read bundle _logger.info('user %s forcing bundle %s', request.env.user.name, bundle.name) # user must be able to read bundle
batch = bundle.sudo()._force() batch = bundle.sudo()._force()
batch._log('Batch forced by %s', request.env.user.name) batch._log('Batch forced by %s', request.env.user.name)