You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

99 lines
3.7 KiB

  1. # -*- coding: utf-8 -*-
  2. # Copyright 2016 SYLEAM
  3. # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
  4. from openerp import models, api, fields, exceptions, _
  5. class OAuthProviderToken(models.Model):
  6. _name = 'oauth.provider.token'
  7. _description = 'OAuth Provider Token'
  8. _rec_name = 'token'
  9. token = fields.Char(required=True, help='The token itself.')
  10. token_type = fields.Selection(
  11. selection=[('Bearer', 'Bearer')], required=True, default='Bearer',
  12. help='Type of token stored. Currently, only the bearer token type is '
  13. 'available.')
  14. refresh_token = fields.Char(
  15. help='The refresh token, if applicable.')
  16. client_id = fields.Many2one(
  17. comodel_name='oauth.provider.client', string='Client', required=True,
  18. help='Client associated to this token.')
  19. user_id = fields.Many2one(
  20. comodel_name='res.users', string='User', required=True,
  21. help='User associated to this token.')
  22. scope_ids = fields.Many2many(
  23. comodel_name='oauth.provider.scope', string='Scopes',
  24. help='Scopes allowed by this token.')
  25. expires_at = fields.Datetime(
  26. required=True, help='Expiration time of the token.')
  27. active = fields.Boolean(
  28. compute='_compute_active', search='_search_active',
  29. help='A token is active only if it has not yet expired.')
  30. _sql_constraints = [
  31. ('token_unique', 'UNIQUE (token, client_id)',
  32. 'The token must be unique per client !'),
  33. ('refresh_token_unique', 'UNIQUE (refresh_token, client_id)',
  34. 'The refresh token must be unique per client !'),
  35. ]
  36. @api.multi
  37. def _compute_active(self):
  38. for token in self:
  39. token.active = fields.Datetime.now() < token.expires_at
  40. @api.model
  41. def _search_active(self, operator, operand):
  42. domain = []
  43. if operator == 'in':
  44. if True in operand:
  45. domain += self._search_active('=', True)
  46. if False in operand:
  47. domain += self._search_active('=', False)
  48. if len(domain) > 1:
  49. domain = [(1, '=', 1)]
  50. elif operator == 'not in':
  51. if True in operand:
  52. domain += self._search_active('!=', True)
  53. if False in operand:
  54. domain += self._search_active('!=', False)
  55. if len(domain) > 1:
  56. domain = [(0, '=', 1)]
  57. elif operator in ('=', '!='):
  58. operators = {
  59. ('=', True): '>',
  60. ('=', False): '<=',
  61. ('!=', False): '>',
  62. ('!=', True): '<=',
  63. }
  64. domain = [('expires_at', operators[operator, operand],
  65. fields.Datetime.now())]
  66. else:
  67. raise exceptions.UserError(
  68. _('Invalid operator {operator} for field active!').format(
  69. operator=operator))
  70. return domain
  71. @api.multi
  72. def generate_user_id(self):
  73. """ Generates a unique user identifier for this token """
  74. self.ensure_one()
  75. return self.client_id.generate_user_id(self.user_id)
  76. @api.multi
  77. def get_data_for_model(self, model, res_id=None, all_scopes_match=False):
  78. """ Returns the data of the accessible records of the requested model,
  79. Data are returned depending on the allowed scopes for the token
  80. If the all_scopes_match argument is set to True, return only records
  81. allowed by all token's scopes
  82. """
  83. self.ensure_one()
  84. # Retrieve records allowed from all scopes
  85. return self.sudo(user=self.user_id).scope_ids.get_data_for_model(
  86. model, res_id=res_id, all_scopes_match=all_scopes_match)