diff --git a/website_page_redirect/models/ir_http.py b/website_page_redirect/models/ir_http.py
index af3d9226b0..9d7e22009a 100644
--- a/website_page_redirect/models/ir_http.py
+++ b/website_page_redirect/models/ir_http.py
@@ -18,6 +18,13 @@ def _serve_page(cls):
if not response and getattr(response, "status_code", 0) != 200:
return response
+ if (
+ http.request.db
+ and http.request.session.uid
+ and http.request.env.user.has_group("website.group_website_designer")
+ ):
+ return response
+
page = (
http.request.env["website.page"]
.sudo()
@@ -33,6 +40,7 @@ def _serve_page(cls):
if not page.is_redirect or page.redirect_method != "http":
return response
+
return http.request.redirect(
page.redirect_url,
code=int(page.redirect_http_code) if page.redirect_http_code else 301,
diff --git a/website_page_redirect/tests/test_ir_http.py b/website_page_redirect/tests/test_ir_http.py
index f2760767cb..852f34cc0d 100644
--- a/website_page_redirect/tests/test_ir_http.py
+++ b/website_page_redirect/tests/test_ir_http.py
@@ -1,6 +1,7 @@
# Copyright 2024 CorporateHub (https://corporatehub.eu)
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
-from odoo.tests import HttpCase
+from odoo import http
+from odoo.tests import HOST, HttpCase, Opener, get_db_name, new_test_user
class TestIrHttp(HttpCase):
@@ -9,13 +10,23 @@ def setUpClass(cls):
super().setUpClass()
cls.website = cls.env["website"].sudo().get_current_website()
+ cls.website_designer = new_test_user(
+ cls.env, "website_designer", groups="website.group_website_designer"
+ )
+
+ def setUp(self):
+ super().setUp()
+ self.session = http.root.session_store.new()
+ self.session.update(http.get_default_session(), db=get_db_name())
+ self.opener = Opener(self.env.cr)
+ self.opener.cookies.set("session_id", self.session.sid, domain=HOST, path="/")
def test_404(self):
- response = self.url_open(
+ redirect_response = self.url_open(
"/non-existing-page",
allow_redirects=False,
)
- self.assertEqual(response.status_code, 404)
+ self.assertEqual(redirect_response.status_code, 404)
def test_http_redirect(self):
http_redirect_page = self.env["website.page"].create(
@@ -33,17 +44,50 @@ def test_http_redirect(self):
}
)
- response = self.url_open(
+ redirect_response = self.url_open(
http_redirect_page.url,
allow_redirects=False,
)
- self.assertEqual(response.status_code, 301)
+ self.assertEqual(redirect_response.status_code, 301)
self.assertEqual(
"https://corporatehub.eu",
- response.headers["Location"],
+ redirect_response.headers["Location"],
+ )
+
+ def test_no_http_redirect_for_website_designer(self):
+ http_redirect_page = self.env["website.page"].create(
+ {
+ "website_id": self.website.id,
+ "name": "http-redirect",
+ "url": "/http-redirect",
+ "type": "qweb",
+ "arch": "http-redirect",
+ "is_published": True,
+ "is_redirect": True,
+ "redirect_method": "http",
+ "redirect_http_code": "301",
+ "redirect_url": "https://corporatehub.eu",
+ }
)
+ login_response = self.url_open(
+ "/web/login",
+ data={
+ "login": self.website_designer.login,
+ "password": self.website_designer.login,
+ "csrf_token": http.Request.csrf_token(self),
+ },
+ )
+ login_response.raise_for_status()
+
+ redirect_response = self.url_open(
+ http_redirect_page.url,
+ allow_redirects=False,
+ )
+
+ self.assertEqual(redirect_response.status_code, 200)
+
def test_meta_redirect(self):
http_redirect_page = self.env["website.page"].create(
{
@@ -60,16 +104,54 @@ def test_meta_redirect(self):
}
)
- response = self.url_open(http_redirect_page.url)
+ redirect_response = self.url_open(http_redirect_page.url)
- self.assertEqual(response.status_code, 200)
+ self.assertEqual(redirect_response.status_code, 200)
self.assertIn(
(
"'
),
- response.content.decode("utf-8"),
+ redirect_response.content.decode("utf-8"),
+ )
+
+ def test_no_meta_redirect_for_website_designer(self):
+ http_redirect_page = self.env["website.page"].create(
+ {
+ "website_id": self.website.id,
+ "name": "meta-redirect",
+ "url": "/meta-redirect",
+ "type": "qweb",
+ "arch": "meta-redirect",
+ "is_published": True,
+ "is_redirect": True,
+ "redirect_method": "meta",
+ "redirect_delay": 5,
+ "redirect_url": "https://corporatehub.eu",
+ }
+ )
+
+ login_response = self.url_open(
+ "/web/login",
+ data={
+ "login": self.website_designer.login,
+ "password": self.website_designer.login,
+ "csrf_token": http.Request.csrf_token(self),
+ },
+ )
+ login_response.raise_for_status()
+
+ redirect_response = self.url_open(http_redirect_page.url)
+
+ self.assertEqual(redirect_response.status_code, 200)
+ self.assertNotIn(
+ (
+ "'
+ ),
+ redirect_response.content.decode("utf-8"),
)
def test_js_href_redirect(self):
@@ -88,9 +170,9 @@ def test_js_href_redirect(self):
}
)
- response = self.url_open(http_redirect_page.url)
+ redirect_response = self.url_open(http_redirect_page.url)
- self.assertEqual(response.status_code, 200)
+ self.assertEqual(redirect_response.status_code, 200)
self.assertIn(
(
"setTimeout(\n"
@@ -99,7 +181,47 @@ def test_js_href_redirect(self):
" 5000,\n"
");"
),
- response.content.decode("utf-8"),
+ redirect_response.content.decode("utf-8"),
+ )
+
+ def test_no_js_href_redirect_for_website_designer(self):
+ http_redirect_page = self.env["website.page"].create(
+ {
+ "website_id": self.website.id,
+ "name": "js-href-redirect",
+ "url": "/js-href-redirect",
+ "type": "qweb",
+ "arch": "js-href-redirect",
+ "is_published": True,
+ "is_redirect": True,
+ "redirect_method": "js-href",
+ "redirect_delay": 5,
+ "redirect_url": "https://corporatehub.eu",
+ }
+ )
+
+ login_response = self.url_open(
+ "/web/login",
+ data={
+ "login": self.website_designer.login,
+ "password": self.website_designer.login,
+ "csrf_token": http.Request.csrf_token(self),
+ },
+ )
+ login_response.raise_for_status()
+
+ redirect_response = self.url_open(http_redirect_page.url)
+
+ self.assertEqual(redirect_response.status_code, 200)
+ self.assertNotIn(
+ (
+ "setTimeout(\n"
+ " function() {"
+ " window.location.href = 'https://corporatehub.eu'; },\n"
+ " 5000,\n"
+ ");"
+ ),
+ redirect_response.content.decode("utf-8"),
)
def test_js_replace_redirect(self):
@@ -118,9 +240,9 @@ def test_js_replace_redirect(self):
}
)
- response = self.url_open(http_redirect_page.url)
+ redirect_response = self.url_open(http_redirect_page.url)
- self.assertEqual(response.status_code, 200)
+ self.assertEqual(redirect_response.status_code, 200)
self.assertIn(
(
"setTimeout(\n"
@@ -129,5 +251,45 @@ def test_js_replace_redirect(self):
" 5000,\n"
");"
),
- response.content.decode("utf-8"),
+ redirect_response.content.decode("utf-8"),
+ )
+
+ def test_no_js_replace_redirect_for_website_designer(self):
+ http_redirect_page = self.env["website.page"].create(
+ {
+ "website_id": self.website.id,
+ "name": "js-replace-redirect",
+ "url": "/js-replace-redirect",
+ "type": "qweb",
+ "arch": "js-replace-redirect",
+ "is_published": True,
+ "is_redirect": True,
+ "redirect_method": "js-replace",
+ "redirect_delay": 5,
+ "redirect_url": "https://corporatehub.eu",
+ }
+ )
+
+ login_response = self.url_open(
+ "/web/login",
+ data={
+ "login": self.website_designer.login,
+ "password": self.website_designer.login,
+ "csrf_token": http.Request.csrf_token(self),
+ },
+ )
+ login_response.raise_for_status()
+
+ redirect_response = self.url_open(http_redirect_page.url)
+
+ self.assertEqual(redirect_response.status_code, 200)
+ self.assertNotIn(
+ (
+ "setTimeout(\n"
+ " function() {"
+ " window.location.replace('https://corporatehub.eu'); },\n"
+ " 5000,\n"
+ ");"
+ ),
+ redirect_response.content.decode("utf-8"),
)
diff --git a/website_page_redirect/views/website_layout.xml b/website_page_redirect/views/website_layout.xml
index 2c559405d8..5286b36202 100644
--- a/website_page_redirect/views/website_layout.xml
+++ b/website_page_redirect/views/website_layout.xml
@@ -8,7 +8,7 @@