将数据从 POST 请求写入模型 (Odoo 9.0) [英] Writing data to model from POST request (Odoo 9.0)
问题描述
我有以下模型:
class LibraryBook(models.Model):
_name = 'library.book'
name = fields.Char('Title', required=True)
date_release = fields.Date("Release Date")
author_ids = fields.Many2many("res.partner", string="Authors")
我是 Odoo 的新手,并试图了解如何从如下所示的 POST 请求中将数据保存到我的模型中
I'm new to Odoo and trying to understand the basics of how to save data to my model from a POST request like the following
curl -i -X POST --data "name=Odoo%20-%20Much%20Mystery,%20Wow&author_id=Doge" http://0.0.0.0:8069/test
我找到了一种方法,将控制器中的 csrf 参数设置为 false,如下所示:
I found a way doing this by setting the csrf parameter in my controller to false like so:
[...]
@http.route('/test', type='http', auth='public',methods=['POST'], website=True, csrf=False)
def test(self, **kwargs):
record = request.env['library.book'].sudo()
record.create(kwargs)
我现在想知道是否有一种方法可以避免设置 csrf=false,因为我读到一般来说这样做是个坏主意.另外,我需要什么来摆脱那个 .sudo() ?不设置 csrf=false 会导致 400 BAD REQUEST 和 Invalid CSRF 令牌.删除 sudo() 会导致 500 INTERNAL SERVER ERROR.在 Odoo Development Cookbook 中,它在一个示例中说明了 auth='none'
I'm wondering now if there is a way to avoid setting csrf=false since I've read that it's a bad idea to do so in general. Also, what would I need to get rid of that .sudo()? Not setting csrf=false leads to a 400 BAD REQUEST with Invalid CSRF token. Removing sudo() leads to a 500 INTERNAL SERVER ERROR. In Odoo Development Cookbook it says in one example with auth='none'
缺少用户也是我们必须在示例代码中对所有模型方法调用 sudo() 的原因
Lack of a user is also why we have to sudo() all our calls to model methods in the example code
假设我期望来自 API 的 POST 请求,是否可以将其与用户关联,这样我就不必 sudo()?
Assuming I would expect a POST request from an API, is it possible to associate it with a user so I don't have to sudo()?
我非常感谢您对此进行澄清.
I would very much appreciate any clarification on this.
更新
所以我刚刚找到了this(第 817 行):
So I just found this (line 817):
- 如果表单被外部第三方(例如 REST API 端点、支付网关回调)访问,您将需要禁用 CSRF
保护(并在必要时实施您自己的保护)
将csrf=False参数传递给route装饰器.
- if the form is accessed by an external third party (e.g. REST API endpoint, payment gateway callback) you will need to disable CSRF
protection (and implement your own protection if necessary) by
passing thecsrf=Falseparameter to theroutedecorator.
我想只留下一个问题,关于 sudo.
which I guess leaves only one question open, regarding sudo.
推荐答案
SUDO()
使用提供的用户集创建一个新环境,如果没有提供则使用管理员(在安全上下文中绕过访问权限/规则),返回使用新环境调用它的记录集的副本:
creates a new environment with the provided user set, uses the administrator if none is provided (to bypass access rights/rules in safe contexts), returns a copy of the recordset it is called on using the new environment:
Odoo 不允许公共用户创建、更新、删除记录.如果我们想从公共用户创建一条记录,那么我们需要使用 sudo() 创建一条记录.
Odoo does not allow public users to create, update, delete a record. If we want to create a record from the public users then we need to create a record with the sudo().
以管理员身份创建记录对象
request.env['library.book'].sudo().create(vals)
希望对你有帮助.有关更多信息,您可以导航到以下链接:https://www.odoo.com/documentation/9.0/reference/orm.html
I hope this may help you. for more information you can navigate to following links : https://www.odoo.com/documentation/9.0/reference/orm.html
谢谢
这篇关于将数据从 POST 请求写入模型 (Odoo 9.0)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
