search

yezyilomo / odoo-rest-api

Module which expose Odoo as a REST API
MIT License
208 stars 167 forks source link

without authentication #21

Open armdan opened 4 years ago

armdan commented 4 years ago

Can this be used only to get a product list and price without any authentication? like https://domain.com/api/product.template/?query={name,qty_available}

hxgqh commented 4 years ago

Obtain session_id from a cookie created(Not the one from a response). It'll be a long string something like "62dd55784cb0b1f69c584f7dc1eea6f587e32570", Use this as a parameter to all requests.

mdemirbilek commented 4 years ago

How should I send the session_id? Only as Url parameter stg like: https://example.com/api/product.template/5?session_id=that_looooong_string Is it secure? There are lots of url hunters.. Is there any other way to send it?

armdan commented 4 years ago

good question

yezyilomo commented 4 years ago

How should I send the session_id? Only as Url parameter stg like: https://example.com/api/product.template/5?session_id=that_looooong_string Is it secure? There are lots of url hunters.. Is there any other way to send it?

@mdemirbilek, @armdan Yes, you can use cookie.

yezyilomo commented 4 years ago

Can this be used only to get a product list and price without any authentication? like https://domain.com/api/product.template/?query={name,qty_available}

@armdan You can accomplish this with a little tweak on controllers.py file, Just add this above /api/<string:model> route

    @http.route(
        '/api/product.template/', 
        auth='public', methods=['GET'], csrf=False)
    def get_product_template(self, **params):
        return self.get_model_data('product.template', **params)
armdan commented 4 years ago

Can this be used only to get a product list and price without any authentication? like https://domain.com/api/product.template/?query={name,qty_available}

@armdan You can accomplish this with a little tweak on controllers.py file, Just add this above /api/<string:model> route

    @http.route(
        '/api/product.template/', 
        auth='public', methods=['GET'], csrf=False)
    def get_product_template(self, **params):
        return self.get_model_data('product.template', **params)

did not work 


odoo.exceptions.AccessError: ("Sorry, you are not allowed to access documents of type 'Warehouse' (stock.warehouse). This operation is allowed for the groups:\n\t- Inventory/Administrator\n\t- Purchase/Administrator\n\t- Purchase/User\n\t- Sales/User: Own Documents Only\n\t- User types/Internal User - (Operation: read, User: 4)", None) - - -```
jeffery9 commented 3 years ago

64 fixed #54 and this one.