odoo-rest-api icon indicating copy to clipboard operation
odoo-rest-api copied to clipboard

Published 20 hours ago verified publisher icon yezyilomo

without authentication

Open armdan opened this issue 5 years ago • 7 comments

Can this be used only to get a product list and price without any authentication? like https://domain.com/api/product.template/?query={name,qty_available}

armdan avatar Feb 02 '20 02:02 armdan

Obtain session_id from a cookie created(Not the one from a response). It'll be a long string something like "62dd55784cb0b1f69c584f7dc1eea6f587e32570", Use this as a parameter to all requests.

hxgqh avatar Feb 07 '20 23:02 hxgqh

How should I send the session_id? Only as Url parameter stg like: https://example.com/api/product.template/5?session_id=that_looooong_string Is it secure? There are lots of url hunters.. Is there any other way to send it?

mdemirbilek avatar Feb 08 '20 00:02 mdemirbilek

good question

armdan avatar Feb 08 '20 00:02 armdan

How should I send the session_id? Only as Url parameter stg like: https://example.com/api/product.template/5?session_id=that_looooong_string Is it secure? There are lots of url hunters.. Is there any other way to send it?

@mdemirbilek, @armdan Yes, you can use cookie.

yezyilomo avatar Feb 10 '20 07:02 yezyilomo

Can this be used only to get a product list and price without any authentication? like https://domain.com/api/product.template/?query={name,qty_available}

@armdan You can accomplish this with a little tweak on controllers.py file, Just add this above /api/<string:model> route

    @http.route(
        '/api/product.template/', 
        auth='public', methods=['GET'], csrf=False)
    def get_product_template(self, **params):
        return self.get_model_data('product.template', **params)

yezyilomo avatar Feb 10 '20 07:02 yezyilomo

Can this be used only to get a product list and price without any authentication? like https://domain.com/api/product.template/?query={name,qty_available}

@armdan You can accomplish this with a little tweak on controllers.py file, Just add this above /api/<string:model> route

    @http.route(
        '/api/product.template/', 
        auth='public', methods=['GET'], csrf=False)
    def get_product_template(self, **params):
        return self.get_model_data('product.template', **params)

did not work

odoo.exceptions.AccessError: ("Sorry, you are not allowed to access documents of type 'Warehouse' (stock.warehouse). This operation is allowed for the groups:\n\t- Inventory/Administrator\n\t- Purchase/Administrator\n\t- Purchase/User\n\t- Sales/User: Own Documents Only\n\t- User types/Internal User - (Operation: read, User: 4)", None) - - -```

armdan avatar Feb 11 '20 05:02 armdan

#64 fixed #54 and this one.

jeffery9 avatar Apr 05 '21 13:04 jeffery9