New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] 9.0 website_base_multi_image #252
Conversation
This PR will be merged with website_multi_image when it has been ported to 9.0 |
Hi @sergio-teruel , travis fails |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good start, thanks!
|
||
.. image:: https://odoo-community.org/website/image/ir.attachment/5784_f2813bd/datas | ||
:alt: Try me on Runbot | ||
:target: https://runbot.odoo-community.org/runbot/{id} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Put right id
======================== | ||
|
||
This module extends the functionality of 'base_multi_image' module | ||
to show winery data in website |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
winery?
Bug Tracker | ||
=========== | ||
|
||
Bugs are tracked on `GitHub Issues <https://github.com/OCA/xxx/issues>`_. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
xxx?
Bugs are tracked on `GitHub Issues <https://github.com/OCA/xxx/issues>`_. | ||
In case of trouble, please check there if your issue has already been reported. | ||
If you spotted it first, help us smashing it by providing a detailed and welcomed feedback | ||
`here <https://github.com/OCA/website/issues/new?body=module:%mypopwine_website_portal_purchase_winery%0Aversion:%209.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Use newer template.
mission is to support the collaborative development of Odoo features and | ||
promote its widespread use. | ||
|
||
To contribute to this module, please visit http://odoo-community.org. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https
|
||
<t t-name="website_base_multi_image.image_preview"> | ||
<img id="image_preview" | ||
class="img img-responsive product_detail_img" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
product? is this not a base module?
|
||
<t t-name="website_base_multi_image.image_preview_thumb"> | ||
<div class="col-md-3 mt8 mb8"> | ||
<img class="img img-responsive winery-image-thumb" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
winery?
</div> | ||
</t> | ||
|
||
</templates> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EOF
<template id="assets_frontend" inherit_id="website.assets_frontend"> | ||
<xpath expr="."> | ||
<link rel="stylesheet" | ||
href="/website_base_multi_image/static/src/css/theme.css"/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not a theme, could you change the file name?
<odoo> | ||
|
||
<template id="base_multi_image_fields"> | ||
<t t-set="owner_model" t-value="owner_model or 'product.template'"/> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is base module, so add no defaults please. Let it die if variable is missing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I understand this is a base addon... Do you think it could include some demo data to see it working?
|
||
<template id="image_main"> | ||
<label>Image</label> | ||
<div class="carousel-inner container" style="padding: 0;"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No inline styles please.
width: 130px; | ||
float: left; | ||
margin-top: 5px; | ||
}*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do not leave useless code around please.
result = {} | ||
try: | ||
secondary_images.write({'sequence': 20}) | ||
except Exception, e: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Exception as e
]) | ||
result = {} | ||
try: | ||
secondary_images.write({'sequence': 20}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can drop this controller and use /web/dataset/resequence
instead.
#------------------------------------------------------ | ||
# remove images | ||
#------------------------------------------------------ | ||
@http.route('/website/image/remove', type='json', auth='user') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one controller could be replaced by a JS call to unlink
too. Not so hard to do, and I believe it's good to get used to use built-in standard RPC methods instead of creating a controller for everything.
e3a54fd
to
233dcf2
Compare
@return: List of images to add | ||
""" | ||
images_to_add = [] | ||
for key in post.keys(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not for key, image in post.iteritems()
. IMO it would make the list check and new_image
assignment block much cleaner.
""" | ||
images_to_add = [] | ||
for key in post.keys(): | ||
if 'new_image_' in key: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
key.startswith('new_image_')
would better match with the documented/intended logic
'file_db_store': base64.encodestring(new_image.read()), | ||
'owner_model': model_name, | ||
'name': new_image.filename, | ||
'extension': 'jpg', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mimetype
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, but base_multi_image.image does not have mimetype field.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think @lasley means that you should guess the mimetype from the incoming bytes and then choose the right extension instead of hardcoding jpg
, right?
} | ||
|
||
#base_multi_image .carousel-indicators .active { | ||
/*display: none;*/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove this (see @yajo useless code comment)
var _t = core._t; | ||
var $ = require("$"); | ||
|
||
animation.registry.website_base_multi_image = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMO this is really hard to read with 3 namespaces in the same tab level
}); | ||
}, | ||
image_preview: function (event) { | ||
var image = event.target.files[0]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
event.currentTarget
reader.readAsDataURL(image); | ||
}, | ||
reader_load: function (event) { | ||
var filename = event.target.fileName; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
event.currentTarget
e.stopPropagation(); | ||
var self = this; | ||
self.notify_clear(); | ||
var $a = $(e.target); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
e.currentTarget
image_make_main: function(e){ | ||
var self = this; | ||
self.notify_clear(); | ||
var $a = $(e.target); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
e.currentTarget
</div> | ||
</t> | ||
|
||
</templates> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add newline
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems fixed.
Thanks for the submission @sergio-teruel - comments inline |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
security flaw detected 🔓 😊
@@ -0,0 +1,3 @@ | |||
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink | |||
access_portal_supplier_base_multi_image,access_portal_supplier_base_multi_image,base_multi_image.model_base_multi_image_image,base.group_portal,1,1,1,0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So any portal users can modify any image? 👎
write/create/unlink perms must be ir.rule-constrained, and I guess that should be made per submodule, so delete this please.
…eate and edit ACL's
@@ -1,3 +1,3 @@ | |||
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink | |||
access_portal_supplier_base_multi_image,access_portal_supplier_base_multi_image,base_multi_image.model_base_multi_image_image,base.group_portal,1,1,1,0 | |||
access_portal_base_multi_image,access_portal_base_multi_image,base_multi_image.model_base_multi_image_image,base.group_portal,1,0,0,0 | |||
access_public_base_multi_image,access_public_base_multi_image,base_multi_image.model_base_multi_image_image,base.group_public,1,0,0,0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could use a single rule for this, with no group.
BTW keep in mind you are giving access to every multi image in the database. No matter if it belongs to a partner, product, human resource, or whatever...
Given this is a website_base module, I think it would be a good idea to add a "published" button to the model, and a ir.rule that constrains public access to published images.
Hi all, @sergio-teruel what's pending to this module? |
@rafaelbn is pending to do a zoom controller. |
Hi @sergio-teruel , are the changes requested by @lasley and @yajo done? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My comments look attended to, and functional seems good.
IMO we should add zoom controller, and whatever else is left in terms of featureset to roadmap in the interest of getting merge.
Although more test coverage would be nice 😉
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Many improvements required, including security ones. I know this is WIP, but at least you know now where to start. Good work in general OTOH 😉.
'file_db_store': base64.encodestring(new_image.read()), | ||
'owner_model': model_name, | ||
'name': new_image.filename, | ||
'extension': 'jpg', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think @lasley means that you should guess the mimetype from the incoming bytes and then choose the right extension instead of hardcoding jpg
, right?
|
||
To use this module, you need to: | ||
|
||
#. Go to ... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🔥
@@ -0,0 +1,29 @@ | |||
<?xml version="1.0" encoding="utf-8"?> | |||
<odoo> | |||
<data noupdate="0"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<odoo>
@api.model | ||
def get_images_to_add(self, post, model_name): | ||
""" | ||
@param post: dict with images in format 'new_image_xxx' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
'new_image_xxx'
is not a dict format nor an image format, I don't understand this doc line. Besides, add a general description for what the method does in its 1st line please.
else: | ||
new_image = image | ||
images_to_add.append((0, 0, { | ||
'storage': 'db', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could get this from context (self.env.context.get("default_storage", "db")
) or from a method argument. Not a blocker.
@@ -0,0 +1,3 @@ | |||
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink | |||
access_portal_base_multi_image,access_portal_base_multi_image,base_multi_image.model_base_multi_image_image,base.group_portal,1,0,0,0 | |||
access_public_base_multi_image,access_public_base_multi_image,base_multi_image.model_base_multi_image_image,base.group_public,1,0,0,0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are still giving access to public and portal users to every image in the database.
As this is right now, this is a 👎 blocking security issue. I think the best fix you could apply is something similar to what I do here for base_custom_info
: giving access to images by checking access to their owners.
That IMP should go direclty into base_multi_image
, BTW.
height: 0px; | ||
width: 110px; | ||
margin-left: 5px; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All this line would become more readable/reusable if written into less/sass. Not blocking 😉
</div> | ||
</t> | ||
|
||
</templates> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems fixed.
<div class="carousel-inner container" style="padding: 0;"> | ||
<t t-foreach="srcs" t-as="src"> | ||
<div t-attf-class="item #{src_index == index and 'active' or ''}" | ||
t-attf-data-slide-to="#{src_index}"> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd use t-att-data-slide-to="src_index"
instead.
Hi @sergio-teruel about #252 (comment) zoom controller, I think better to add that issue to known issues and merger this as is. Still pending yajo's comments but IMHO this is OK |
@yajo please could you review again ? If any change needed it could be very nice is you make it directly. Thanks for help. |
@sergio-teruel please attend @yajo's comments. |
Closing as the project is no longer active and v10 includes native support for this. |
This module extends the functionality of 'base_multi_image' module to show image data in website
Port from v8
@Tecnativa