Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

without authentication #21

Open
armdan opened this issue Feb 2, 2020 · 7 comments
Open

without authentication #21

armdan opened this issue Feb 2, 2020 · 7 comments

Comments

@armdan
Copy link

armdan commented Feb 2, 2020

Can this be used only to get a product list and price without any authentication?
like https://domain.com/api/product.template/?query={name,qty_available}
@hxgqh
Copy link

hxgqh commented Feb 7, 2020

Obtain session_id from a cookie created(Not the one from a response). It'll be a long string something like "62dd55784cb0b1f69c584f7dc1eea6f587e32570", Use this as a parameter to all requests.

@mdemirbilek
Copy link

How should I send the session_id?
Only as Url parameter stg like:
https://example.com/api/product.template/5?session_id=that_looooong_string
Is it secure? There are lots of url hunters..
Is there any other way to send it?

@armdan
Copy link
Author

armdan commented Feb 8, 2020

good question

@yezyilomo
Copy link
Owner

yezyilomo commented Feb 10, 2020
edited
Loading

How should I send the session_id?
Only as Url parameter stg like:
https://example.com/api/product.template/5?session_id=that_looooong_string
Is it secure? There are lots of url hunters..
Is there any other way to send it?

@mdemirbilek, @armdan Yes, you can use cookie.

@yezyilomo
Copy link
Owner

yezyilomo commented Feb 10, 2020
edited
Loading

Can this be used only to get a product list and price without any authentication?
like https://domain.com/api/product.template/?query={name,qty_available}

@armdan You can accomplish this with a little tweak on controllers.py file, Just add this above /api/<string:model> route

    @http.route(
        '/api/product.template/', 
        auth='public', methods=['GET'], csrf=False)
    def get_product_template(self, **params):
        return self.get_model_data('product.template', **params)

@armdan
Copy link
Author

armdan commented Feb 11, 2020

Can this be used only to get a product list and price without any authentication?
like https://domain.com/api/product.template/?query={name,qty_available}

@armdan You can accomplish this with a little tweak on controllers.py file, Just add this above /api/<string:model> route

    @http.route(
        '/api/product.template/', 
        auth='public', methods=['GET'], csrf=False)
    def get_product_template(self, **params):
        return self.get_model_data('product.template', **params)

did not work

odoo.exceptions.AccessError: ("Sorry, you are not allowed to access documents of type 'Warehouse' (stock.warehouse). This operation is allowed for the groups:\n\t- Inventory/Administrator\n\t- Purchase/Administrator\n\t- Purchase/User\n\t- Sales/User: Own Documents Only\n\t- User types/Internal User - (Operation: read, User: 4)", None) - - -```

@jeffery9
Copy link
Contributor

jeffery9 commented Apr 5, 2021

#64 fixed #54 and this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jeffery9 @hxgqh @mdemirbilek @armdan @yezyilomo