Prevent URL manipulation in portal for vps

2024-08-05 00:01:31 +02:00
parent da325f0c79
commit 44a91358ff
6 changed files with 60 additions and 20 deletions
--- a/ow_vm_management/models/pycache/vps_server.cpython-39.pyc
+++ b/ow_vm_management/models/pycache/vps_server.cpython-39.pyc
--- a/ow_vm_management/models/vps_server.py
+++ b/ow_vm_management/models/vps_server.py
@@ -1,5 +1,5 @@
 from odoo import models, fields, api, _
-from odoo.exceptions import UserError
+from odoo.exceptions import UserError, AccessError
 import requests
 import urllib3
 import ipaddress
@@ -89,6 +89,12 @@ class VPSServer(models.Model):
            status = self._proxmox_request('GET', f'nodes/pve/{vm_type}/{vm_id}/status/current')
            server.state = 'running' if status['data']['status'] == 'running' else 'stopped'

+    def check_access_rule(self, operation):
+        if self.env.user.has_group('base.group_portal'):
+            if operation != 'read' or self.customer_id != self.env.user.partner_id:
+                raise AccessError(_("You don't have access to this VPS server."))
+        return super(VPSServer, self).check_access_rule(operation)
+
    def action_restart_from_portal(self):
        self.ensure_one()
        if self.env.user.partner_id != self.customer_id: