Odoo - OpenERP - how to show the "manage database" page for particular user (like administrator) in Openerp V8?

Support
Support
5000
| 2 1 2
Asked on 7/24/15, 10:56 AM
0
vote
8898 Views

In  Odoo version 8 Select database / Manage Databases view using the below URL:-

http://localhost:8069/web/database/selector

Note: Default Port No 8069. change Url based on your port no configuration.

EDIT:

GitHub Source Code  https://github.com/prakashsukraj/Odoo-DBRestrict

I just finished a new module "web_dbrestrict" that Database Manager page restrict redirect to password page.

__openerp__.py

{
    'name': 'Web DB Restrict',
    'category': 'Hidden',
    'version': '1.0',
    'description': """
OpenERP Web core module.
========================
This module provides Database Manager page restrict redirect to password page.
        """,
    'depends': ['web'],
    'data': [     
        'views/web_dbrestrict.xml',        
    ],
    'installable': True,
    'application': True,
}

views/web_dbrestrict.xml

 

<?xml version="1.0" encoding="utf-8"?>
<openerp>
    <data>

    <template id="dbmanager_password" name="DB Password">
            <t t-call="web.login_layout">            
                <form  class="oe_login_form"  role="form" action="/web/dbmanager_password" method="post">
                    <div class="form-group field-password">
                        <label for="password" class="control-label">Password</label>
                        <input type="password" name="password" id="password" class="form-control" required="required" t-att-autofocus="'autofocus' if login else None"/>
                    </div>
                    <p class="alert alert-danger" t-if="error">
                        <t t-esc="error"/>
                    </p>
                    <p class="alert alert-success" t-if="message">
                        <t t-esc="message"/>
                    </p>
                    <div class="clearfix oe_login_buttons">
                        <button type="submit" class="btn btn-primary">Log in</button>
                    </div>
                </form>
            </t>
        </template>

    </data>
</openerp>

web_dbrestrict/controllers/main.py

import jinja2
import os
import simplejson
import sys
import openerp
import openerp.modules.registry
from openerp.tools import topological_sort
from openerp import http
from openerp.http import request, serialize_exception as _serialize_exception

if hasattr(sys, 'frozen'):
    # When running on compiled windows binary, we don't have access to package loader.
    path = os.path.realpath(os.path.join(os.path.dirname(__file__), '..', 'views'))
    loader = jinja2.FileSystemLoader(path)
else:
    loader = jinja2.PackageLoader('openerp.addons.web', "views")

env = jinja2.Environment(loader=loader, autoescape=True)
env.filters["json"] = simplejson.dumps

db_monodb = http.db_monodb

def module_installed_bypass_session(dbname):
    loadable = http.addons_manifest.keys()
    modules = {}
    try:
        registry = openerp.modules.registry.RegistryManager.get(dbname)
        with registry.cursor() as cr:
            m = registry.get('ir.module.module')
            # TODO The following code should move to ir.module.module.list_installed_modules()
            domain = [('state','=','installed'), ('name','in', loadable)]
            ids = m.search(cr, 1, [('state','=','installed'), ('name','in', loadable)])
            for module in m.read(cr, 1, ids, ['name', 'dependencies_id']):
                modules[module['name']] = []
                deps = module.get('dependencies_id')
                if deps:
                    deps_read = registry.get('ir.module.module.dependency').read(cr, 1, deps, ['name'])
                    dependencies = [i['name'] for i in deps_read]
                    modules[module['name']] = dependencies
    except Exception,e:
        pass
    sorted_modules = topological_sort(modules)
    return sorted_modules
    
def module_boot(db=None):
    server_wide_modules = openerp.conf.server_wide_modules or ['web']
    serverside = []
    dbside = []
    for i in server_wide_modules:
        if i in http.addons_manifest:
            serverside.append(i)
    monodb = db or db_monodb()
    if monodb:
        dbside = module_installed_bypass_session(monodb)
        dbside = [i for i in dbside if i not in serverside]
    addons = serverside + dbside
    return addons
 # In the above code Import and method copy and paste from the web/main.py file  
class Database_Password(openerp.addons.web.controllers.main.Database):

    @http.route('/web/database/manager', type='http', auth="none")
    def manager(self, **kw):
        request.session.logout()
        return http.local_redirect('/web/password')

    @http.route('/web/password', type='http', auth='public', website=True)
    def pasword(self, redirect=None, **post):    
        return request.render('web_dbrestrict.dbmanager_password', {'url_root': request.httprequest.url_root})
                
    @http.route('/web/dbmanager_password', type='http', auth='public', website=True)
    def dbmanager_password(self, cert_type=None, **post):
        password = request.params['password']    
        if password == 'Your_Password': #user enter password matched redirect to DBManager page
            return env.get_template("database_manager.html").render({
                'modules': simplejson.dumps(module_boot()),
            })    
        else:
            values = request.params.copy()        
            values['error'] = "Wrong password"                
            return request.render('web_dbrestrict.dbmanager_password', values)        
        
  web_dbrestrict/views

  copy and paste the "database_manager.html" File from the location web/views to  web_dbrestrict/views

 

OR Another Solution is:

In order to restrict access to  /web/database/selector and /web/database/manager I have setup nginx as a frontend proxy in front of Odoo's webserver and applied the following rules to the /sites-enabled/examplewebsite.com (add inside server {}):

location ~ ^ /web/database(manager|selector) { 
                      allow 1.2.3.4;
                      deny all;
}

simply replace 1.2.3.4 with an ip (preferably fixed ip) of your choice. I have replaced it with an ip address inside my internal LAN. This will provide anyone who is not trying to access that URL from that IP address a 403 Forbidden error from nginx.

In order to setup Nginx as a frontend proxy for Odoo I have used the following steps on Debian 7.6:

1) sudo apt-get install nginx
2) sudo pico -w /etc/nginx/sites-enabled/examplewebsite.com
3) paste the following and replace examplewebsite.com with your domain, and 1.2.3.4 with the fixed IP address you would like to access your /web/database/manager and /web/database/selector links from:

server {
           
          listen 80;
          server_name  www.examplewebsite.com examplewebsite.com;
          charset utf-8;
                                                                                                                                                                     
          access_log  /var/log/nginx/prolv-access.log;                         

          error_log   /var/log/nginx/prolv-error.log;  

  location ~ ^/web/database/(manager|selector) {
                allow 1.2.3.4;
                deny all;
  }

                location / {
                    proxy_pass         http://127.0.0.1:8072/;
                    proxy_redirect     off;

                    proxy_set_header   Host             $host;
                    proxy_set_header   X-Real-IP        $remote_addr;
                    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
                    proxy_set_header   X-OpenERP-dbfilter prolv;

                    client_max_body_size       200m;

                #    proxy_connect_timeout      90;
                #    proxy_send_timeout         90;
                #    proxy_read_timeout         90;

                    proxy_buffer_size          128k;
                    proxy_buffers              16 64k;
                #    proxy_busy_buffers_size    64k;
                #    proxy_temp_file_write_size 64k;
                }

                # Static files location
                #location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
                #    root   /spool/www/members_ng;
                #}

               

 


}


Credit to Viktor for his basic Nginx config for Odoo 8.0 here
http://www.prolv.net/forum/help-1/question/nginix-setup-for-odoo-6

and NixCraft for their explanation of Nginx Access rules here:
http://www.cyberciti.biz/faq/nginx-block-url-access-all-except-one-ip-address/


Although this is by no means a complete or production ready configuration it has at least helped me to achieve restricting access to those URL's to a specific IP. I will be rolling a more complete nginx configuration into my Odoo 8.0 install script (forked and modified from Andre Schenkel's here - https://github.com/lukebranch/openerp-install-scripts/blob/master/odoo-saas4/ubuntu-14-04/odoo_install.sh).

There are probably better ways to do this and I welcome any comments on how this might be better implemented.

 

OR for APACHE Web Server:

 

If you're using Apache, you could do something like this:

<Location /web/database>
    Order deny,allow
    Deny from all
    Allow from 1.2.3.4
</Location>

in your site configuration file.

This way, only the IP 1.2.3.4 can access the /web/database path. And the /web/database/manager uses this path, so...

 

Support
Support
5000
| 2 1 2
Answered on 7/24/15, 11:01 AM
0
vote

Your answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

Ask a Question

Keep Informed

About This Forum

This forum is for HiTechnologia Employees & just Odoo general knowledge purpose only.

Read Guidelines

Question tools

3 follower(s)

Stats

Asked: 7/24/15, 10:56 AM
Seen: 8898 times
Last updated: 7/24/15, 11:01 AM