Skip to content
Snippets Groups Projects
Commit 40667755 authored by Martin Trigaux's avatar Martin Trigaux
Browse files

[FIX] website: restrict access to route 


This route was public by mistake, probably introduced to test during
ddf32f4f but no reason to make it public, public user has not the write
access on models anyway.

Courtesy of Swapnesh Shah

closes odoo/odoo#44915

X-original-commit: 66ac96b2
Signed-off-by: default avatarMartin Trigaux (mat) <mat@odoo.com>
parent 16525d5b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
addons/website/controllers/main.py
+ 1
1
View file @ 40667755
......@@ -307,7 +307,7 @@ class Website(Home):
view.with_context(website_id=None).reset_arch(mode)
return request.redirect(redirect)
@http.route(['/website/publish'], type='json', auth="public", website=True)
@http.route(['/website/publish'], type='json', auth="user", website=True)
def publish(self, id, object):
Model = request.env[object]
record = Model.browse(int(id))
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment