如何从Android应用程序连接到Odoo数据库 [英] How to connect to Odoo database from an android application

问题描述

我正在开发一个Android应用程序，我想从Odoo服务器中检索数据.

I am developping an Android application, and I'd like to retrieve data from an Odoo server.

为此，我在Odoo中开发了一个自定义模块，在其中创建了一个控制器.

For that I developped a custom module in Odoo, in which I created a controller.

import json
import xmlrpc.client as xmlrpclib
from odoo import http
from openerp.http import Response

class resUserController(http.Controller):
    url = '<my url>'
    db = '<name of my database>'

    @http.route('/user/login', type='json', method='GET', auth='public')
    def get_login(self, **kwargs):
        username = kwargs.get('email')
        password = kwargs.get('password')
        common = xmlrpclib.ServerProxy('{}/xmlrpc/2/common'.format(self.url), allow_none=True)

        uid = common.authenticate(self.db, username, password, {})
        if uid:
            Response.status = '200 Succesful operation'
            json_result = {'token': uid}
            return json.dumps(json_result)
        Response.status = '400 Invalid credentials'
        return

当我从python脚本中调用它进行尝试时，它可以正常工作，并且我得到一个<Response [200]>和一个json {u'jsonrpc': u'2.0', u'result': u'{"token": 8}', u'id': None}以及我所连接帐户的ID.

When I call it from a python script to try it, it works fine and I get a <Response [200]> and a json {u'jsonrpc': u'2.0', u'result': u'{"token": 8}', u'id': None} with the id of the account I connect to.

但是我有另一个函数，这次是在同一控制器中用其他路由调用的，但是这次是auth='user'，因为我希望用户只能看到他有权使用的信息.

But then I have an other function I call with an other route in the same controller, but with auth='user' this time, because I want the user to be able to see only informations he has rights on.

@http.route('/user/getInfo', type='json', method='GET', auth='user')
def get_info(self, **kwargs):
    uid = 1
    password = '<my admin password>'
    models = xmlrpclib.ServerProxy('{}/xmlrpc/2/object'.format(self.url), allow_none=True)
    info = models.execute_kw(self.db, uid, password, 'res.users',
                             'search_read', [[['id', '=', kwargs.get('token')]]],
                             {'fields': ['info']})[0]['invite_code']
    if info:
        Response.status = '200 Succesful operation'
        json_result = {'info': info}
        return json.dumps(json_result)
    Response.status = '404 User not found'
    return

当我使用auth='public'时，此功能工作正常，但是当我使用auth='user'时，会收到以下json响应:

This function works fine when I use auth='public', but when I go for auth='user', I get the following json response :

响应[200]

Response [200]

{  
    u'jsonrpc': u'2.0',   
    u'id': None,   
    u'error': {  
        u'message': u'Odoo Session Expired',   
        u'code': 100,  
        u'data': {  
            u'debug': u'Traceback (most recent call last):  
                      File "/usr/lib/python3/dist-packages/odoo/http.py", line 650, in _handle_exception  
                      return super(JsonRequest, self)._handle_exception(exception)  
                      File "/usr/lib/python3/dist-packages/odoo/http.py", line 310, in _handle_exception  
                      raise pycompat.reraise(type(exception), exception, sys.exc_info()[2])  
                      File "/usr/lib/python3/dist-packages/odoo/tools/pycompat.py", line 87, in reraise  
                      raise value  
                      File "/usr/lib/python3/dist-packages/odoo/addons/http_routing/models/ir_http.py", line 342, in _dispatch  
                      cls._authenticate(func.routing[\'auth\'])  
                      File "/usr/lib/python3/dist-packages/odoo/addons/base/ir/ir_http.py", line 117, in _authenticate  
                      getattr(cls, "_auth_method_%s" % auth_method)()  
                      File "/usr/lib/python3/dist-packages/odoo/addons/base/ir/ir_http.py", line 90, in _auth_method_user  
                      raise http.SessionExpiredException("Session expired")  
                      odoo.http.SessionExpiredException: Session expired',   
            u'exception_type': u'internal_error',   
            u'message': u'Session expired',   
            u'name': u'odoo.http.SessionExpiredException',  
            u'arguments': [u'Session expired'] 
        }  
    }  
}

我的工作基于本文档，它是官方的Odoo文档，但这是问题所在:

I based my work on This documentation, which is an official Odoo doc, but here are the problems :

1 它要求我在每个功能中写管理员密码，这似乎很危险.

1 It ask me to write my admin password in each function, which seems dangerous.

2 身份验证后，我得到了我的用户的ID，但没有会话令牌.那么如何通过auth='user'通知我的功能我已连接以及与哪个用户连接?

2 After authentication, I get the id of my user, but no session token. Then how can I inform my function with auth='user' that I'm connected and to which user?

这是我的脚本，可以测试我的通话:

Here is my script to test my calls :

import requests
import json

url_connect = "<my url>/user/login"
url = "<my url>/user/getInfo"
headers = {'Content-Type': 'application/json'}
data_connect = {
                "params": {
                           "email": "<my test account email>",
                           "password": "<my test account password>",
                }
    }
data = {
        "params": {
                   "token": <my test account id>,
            }
       }
data_json = json.dumps(data)
r = requests.get(url=url_connect, data=json.dumps(data_connect), headers=headers)
print(r)
print(r.json())
r = requests.get(url=url, data=data_json, headers=headers)
print(r)
print(r.json())

推荐答案

注意事项:

• 永远不要在GET请求中发送凭据
• 所有Odoo RPC请求都是 POST 请求
• 如果您使用/web/session/authenticate
，则不需要自定义登录路径
• 外部API 旨在在odoo框架之外使用.开发模块时，请使用self.env ['< model>'](如果在模型或http.request.env ['<型号>'](如果在控制器中)
• 对/web/session/authenticate 的调用将返回一个包含session_id的json，您必须将其通过 cookies 传递给后续请求，直到您调用/web/session/destroy 退出.

• Never send credentials in a GET request
• All Odoo RPC requests are POST requests
• You don't need a custom login route if you use /web/session/authenticate
• The External API is intended to be used outside of odoo framework. When developing a module use self.env['< model >'] if inside a model or http.request.env['< model >'] if in a controller
• The call to /web/session/authenticate returns a json containing the session_id, which you have to pass it in the cookies to subsequent requests until you call /web/session/destroy to logout.

以下是使用/web/session/autenticate 的示例:

import requests
import json

url_connect = "http://localhost:8069/web/session/authenticate"
url = "http://localhost:8069/web/session/get_session_info"

headers = {'Content-Type': 'application/json'}

data_connect = {
    "params": {
        "db": "demo1",
        "login": "admin",
        "password": "admin",
    }
}

data = {}

session = requests.Session()

r = session.post(url=url_connect, data=json.dumps(data_connect), headers=headers)

if r.ok:
    result = r.json()['result']

    if result.get('session_id'):
        session.cookies['session_id'] = result.get('session_id')

r = session.post(url=url, data=json.dumps(data), headers=headers)
print(r)
print(r.json())

要从您的控制器获取信息，您可以使用request.env.user，它保留当前登录的用户，并且由于您指定auth ='user'，因此它必须是有效的.示例代码可能类似于:

To get the info from your controller you could use request.env.user which holds the logged user at the moment and since you specify auth='user' it is required to be a valid. The sample code might look like:

from odoo.http import request

class UserController(http.Controller):
  @http.route('/user/getInfo', type='json', method='POST', auth='user')
  def get_info(self, **kwargs):
    current_user = request.env.user

    Response.status = '200 Succesful operation'
    json_result = {'info': current_user.info}
    return json.dumps(json_result)

这篇关于如何从Android应用程序连接到Odoo数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！