URL Generation Using Access Token in Odoo

November 1, 2024 by
admin


                                                                                                                 


URL Generation Using Access Token


In this blog, we'll explore the importance of managing file attachments securely in Odoo.Often, there's a need to share attachments as downloadable links, but if not managed carefully, these attachments can expose sensitive information. A common solution involves making attachments publicly accessible, yet this approach can lead to serious security risks. Public access not only exposes private files but can also bypass Odoo's built-in permission system, potentially granting access to unauthorized users.
In the following sections, we'll examine these risks and show a secure way to handle attachment URLs in Odoo using access tokens.
Below are the steps and code to set up secure attachment URLs with access tokens.
1. Setting Up the attachment_url Field in the Model
  • First, import the necessary libraries.


  • Add a computed field attachment_url in your model.This field will store the secure URL for each attachment.
  • Here’s how we generate a secure URL with a unique access token for each attachment. If the record has an attachment, we create an ir.attachment record and generate an access_token. 


  • In this code,We retrieve the base URL and parse it, ensuring it’s properly formatted with the scheme (http or https) and net location.
  • If  a record has an attachment, we encode its data, create an ir.attachment record, and include an access token generated by _generate_access_token().
  • The  attachment_url field is populated with the secure URL, which includes the access_token as a query parameter. This token allows Odoo to verify access permissions on each request, adding an important layer of security.
  • _generate_access_token() function generates a unique access token for each url.The attachment_url is constructed using the access_token, allowing Odoo to verify access permissions on each request.
An example url generated for a job using this method is depicted below.


This URL provides controlled access to the attachment, ensuring only users with valid access tokens can download the file.


Conclusion
By replacing public access with access tokens, we can manage attachments securely in Odoo. This approach helps protect sensitive information, leverages Odoo's permission system, and creates a seamless experience for users. Access tokens are a powerful tool for safeguarding attachments and are a recommended best practice when handling files in Odoo. 
If you are looking for an ERP implementation partner with diverse industry experience feel free to contact us. We have proven track record of successful implementations across various sectors including Odoo for Manufacturing, Odoo for Trading, Odoo for FMCG, Odoo for Oil & Gas, Odoo for Diary, Odoo for Pharma, Odoo for Cosmetic Clinic, Odoo for Contracting Companies, Odoo for HVAC, Odoo for Logistics, Odoo for Automobile, Odoo for Laundry, Odoo for Field Service, Odoo for E-Commerce & many more


ZestyBeanz offers Developer / Consultant outsourcing programs, Chat with us in Whatsapp and Hire Odoo Developers, Mobile Application Developers, Odoo Consultants.
#Odoo Kerala #Odoo Kochi #Odoo Trivandrum #Odoo ERP #Project Management #OdooVansales #HireOdooDeveloper