Files
project_v19/auth_oauth_company_website/controllers/controllers.py
T
2026-07-01 14:41:49 +07:00

43 lines
1.7 KiB
Python

from odoo import http
from odoo.addons.auth_oauth.controllers.main import OAuthLogin
from odoo.http import request
class CustomOAuthLogin(OAuthLogin):
def list_providers(self):
"""
Override the standard list_providers to filter by current website.
SECURITY FIX: Use sudo() to read provider config as public users
do not have read access to auth.oauth.provider model.
"""
# Get the original list from super()
providers = super().list_providers()
# Get the current website from the request context
current_website = request.website
# If we are in a website context, filter the providers
if current_website and current_website.id:
filtered_providers = []
for provider in providers:
# SECURITY: Use sudo() to avoid AccessError for public users
# We search by client_id because the list_providers returns dicts with client_id
provider_rec = self.env['auth.oauth.provider'].sudo().search(
[('client_id', '=', provider['client_id'])],
limit=1
)
if provider_rec:
# Logic: Show if Website ID matches OR if Website ID is empty (Global)
match_website = not provider_rec.website_id or provider_rec.website_id.id == current_website.id
# Optional: Add Company Check if needed
# match_company = not provider_rec.company_id or provider_rec.company_id.id == request.env.company.id
if match_website:
filtered_providers.append(provider)
return filtered_providers
return providers