[IMP] make auth_api_key compatible in multi-db

Api key is now based on the new version of server env Key belong to a specifiv database that can be requested based on the domain name. Just setup the db_filter with "%d^" to filter based on domain name
BT-cjimeno · Oct 12, 2020 · a76db1e · a76db1e
1 parent b0bbd84
commit a76db1e
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 37 deletions.
diff --git a/auth_api_key/__manifest__.py b/auth_api_key/__manifest__.py
@@ -12,6 +12,6 @@
     "website": "https://acsone.eu/",
     "development_status": "Beta",
     "depends": ["server_environment"],
-    "data": [],
+    "data": ['security/ir.model.access.csv'],
     "demo": [],
 }
diff --git a/auth_api_key/models/auth_api_key.py b/auth_api_key/models/auth_api_key.py
@@ -1,7 +1,7 @@
 # Copyright 2018 ACSONE SA/NV
 # License LGPL-3.0 or later (http://www.gnu.org/licenses/lgpl).
 
-from odoo import api, models, tools, _
+from odoo import api, fields, models, tools, _
 
 from odoo.tools import consteq
 
@@ -15,52 +15,52 @@ class AuthApiKey(models.Model):
 
     name = fields.Char(required=True)
     key = fields.Char(required=True)
-    user = fields.Char(required=True)
-
-    _sql_constraints = [
-        ('key_uniq', 'unique(key)', 'API Key Retriever must be unique !'),
-    ]
+    user_id = fields.Many2one(
+        comodel_name="res.users",
+        string="User",
+        required=True)
 
     @property
     def _server_env_fields(self):
         base_fields = super()._server_env_fields
         api_key_fields = {
             "key": {},
-            "user": {},
         }
         api_key_fields.update(base_fields)
         return api_key_fields
 
     @api.model
-    @tools.ormcache("api_key")
-    def _retrieve_api_key(self, api_key):
+    def _retrieve_api_key(self, key):
+        return self.browse(self._retrieve_api_key_id(key))
+
+    @api.model
+    @tools.ormcache("key")
+    def _retrieve_api_key_id(self, key):
         if not self.env.user.has_group("base.group_system"):
             raise AccessError(_("User is not allowed"))
-        ap_keys = self.search([])
-        # api key are a computed field in the context of server env
-        # so we can't use a domain in search method
-        key = False
-        for ap_key in ap_keys:
-            if consteq(api_key, ap_key.key):
-                key = ap_key
-
-        if not key:
-            raise ValidationError(
-                _("The key %s is not defined") % api_key)
-
-        return key
+        for api_key in self.search([]):
+            if consteq(key, api_key.key):
+                return api_key.id
+        raise ValidationError(_("The key %s is not allowed") % key)
 
     @api.model
-    @tools.ormcache("api_key")
-    def _retrieve_uid_from_api_key(self, api_key):
-        ap_key = self._retrieve_api_key(api_key)
-        uid = self.env["res.users"].search(
-                    [("login", "=", ap_key.user)]).id
+    @tools.ormcache("key")
+    def _retrieve_uid_from_api_key(self, key):
+        return self._retrieve_api_key(key).user_id.id
 
-        if not uid:
-            raise ValidationError(
-                _("No user found with login %s") % ap_key.user)
+    def _clear_key_cache(self):
+        self._retrieve_api_key_id.clear_cache()
+        self._retrieve_uid_from_api_key.clear_cache()
 
-        return uid
-    return False
+    @api.model
+    def create(self, vals):
+        record = super(AuthApikey, self).create(vals)
+        if 'key' in vals:
+            self._clear_key_cache()
+        return record
 
+    def write(self, vals):
+        super(AuthApikey, self).write(vals)
+        if 'key' in vals:
+            self._clear_key_cache()
+        return True
diff --git a/auth_api_key/models/ir_http.py b/auth_api_key/models/ir_http.py
@@ -22,16 +22,16 @@ def _auth_method_api_key(cls):
         api_key = headers.get("HTTP_API_KEY")
         if api_key:
             request.uid = 1
-            uid = request.env["auth.api.key"]._retrieve_uid_from_api_key(
-                api_key)
-            if uid:
+            api = request.env["auth.api.key"]._retrieve_api_key(api_key)
+            if api:
                 # reset _env on the request since we change the uid...
                 # the next call to env will instantiate an new
                 # odoo.api.Environment with the user defined on the
                 # auth.api_key
                 request._env = None
-                request.uid = uid
+                request.uid = api.user_id.id
                 request.auth_api_key = api_key
+                request.auth_api_key_id = api.id
                 return True
         _logger.error("Wrong HTTP_API_KEY, access denied")
         raise AccessDenied()
diff --git a/auth_api_key/security/ir.model.access.csv b/auth_api_key/security/ir.model.access.csv
@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_auth_api_key,access_auth_api_key,model_auth_api_key,base.group_system,1,1,1,1
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
		access_auth_api_key,access_auth_api_key,model_auth_api_key,base.group_system,1,1,1,1