[IMP] estate: revised security, learned new - website, controller, wizards

Revised security concept and solved one error occured while installing demo data
in estate_account module.
After that started new topic wizard which allow buyer to add same offers to many
peoperties at once. taken refrece of codebase , docs and chatgpt and completed
Learned  controllers which opens end points for website to comunicate with
modules. created endpoints and controller for active property page and property
page (to display all metadata of property).
Added new field to estate.property updated views and form to set image for
properties. displayed image on website too.
Updated demo data as per new fields, topics and verified everything by creating
new database.

Author: djip-odoo

estate/__init__.py

@@ -1,2 +1,3 @@
-# -*- coding: utf-8 -*-
-from . import models
+from . import models
+from . import controllers
+from . import wizards

estate/__manifest__.py

@@ -2,31 +2,33 @@
     "version": "1.0",
     "name": "Real Estate",
     "category": "Real Estate/Brokerage",
-    "depends": ["base"],
+    "depends": ["base", "website", "mail"],
     "author": "djip-odoo",
     "description": """
         part of technical training
     """,
     "data": [
-        # security
         "security/security.xml",
         "security/ir.model.access.csv",
-        # reports
         "report/paperformat.xml",
         "report/company_details_templates.xml",
         "report/estate_property_offers_templates.xml",
         "report/res_users_reports.xml",
         "report/res_users_templates.xml",
         "report/estate_property_reports.xml",
         "report/estate_property_templates.xml",
-        # views
+        "wizards/wizard_add_offers.xml",
         "views/actions_menu_and_button.xml",
         "views/menu_views.xml",
         "views/estate_property_views.xml",
         "views/estate_property_type_views.xml",
         "views/estate_property_tag_views.xml",
         "views/estate_property_offer_views.xml",
         "views/res_users_views.xml",
+        "views/website_menu.xml",
+        "views/website_properties_templates.xml",
+        "views/website_property_page_template.xml",
+        "views/website_contact_form_template.xml",
     ],
     "demo": [
         "demo/demo_res_company.xml",

estate/controllers/__init__.py

@@ -0,0 +1,2 @@
+from . import main
+from . import postreq

estate/controllers/main.py

@@ -0,0 +1,107 @@
+from odoo.http import Controller, request, route
+
+
+class EstatePropertyControllers(Controller):
+    @route("/active_properties", auth="public", website=True)
+    def list_active_properties(self, page=1):
+        page = int(page)
+        limit = 3
+        offset = (page - 1) * limit
+
+        properties = (
+            request.env["estate.property"]
+            .sudo()
+            .search_read(
+                [
+                    "&",
+                    ("active", "=", True),
+                    ("state", "in", ["new", "offer_received"]),
+                ],
+                fields=["name", "expected_price", "description"],
+                limit=limit,
+                offset=offset,
+            )
+        )
+        total_properties = (
+            request.env["estate.property"]
+            .sudo()
+            .search_count(
+                ["&", ("active", "=", True), ("state", "in", ["new", "offer_received"])]
+            )
+        )
+        total_pages = (total_properties + limit - 1) // limit
+
+        return request.render(
+            "estate.property_list_template",
+            {
+                "properties": properties,
+                "current_page": page,
+                "total_pages": total_pages,
+            },
+        )
+
+    @route("/property/<int:property_id>", auth="public", website=True)
+    def property_detail(self, property_id, **kw):
+        property = request.env["estate.property"].sudo().browse(property_id)
+        if property.exists():
+            # print("*-*-" * 100)
+            # print(property.image)
+            return request.render(
+                "estate.property_detail_template", {"property": property}
+            )
+        else:
+            return request.not_found()
+
+    # Route for logged-in users
+    @route("/private_page", auth="user")
+    def private_page(self):
+        """
+        Route accessible only to logged-in users.
+        - Authentication is required.
+        - Useful for internal interfaces or APIs where user identification is necessary.
+        """
+        return """
+            <h1>Private Page</h1>
+            <p>This page is for logged-in users only.</p>
+            <p>Authentication is required to access this route.</p>
+            <p>It is commonly used for internal user interfaces or secure APIs.</p>
+        """
+
+    # Route with no authentication or session required
+    @route("/none_type", auth="none", methods=["GET"], csrf=False)
+    def api_data(self):
+        return """
+        Stateless API route with no authentication or session.
+        <p><i><b>- Auth type: 'none' (no user/session context).</p></i></b>
+        <p><i><b>- CSRF disabled for this route.</p></i></b>
+        <p><i><b>- Suitable for integration scenarios requiring lightweight stateless operations.</p></i></b>
+        """
+
+    # Route accessible only to administrators
+    @route("/admin_page", auth="admin")
+    def admin_page(self):
+        """
+        Route accessible only to administrators.
+        - Auth type: 'admin'.
+        - Suitable for pages or actions restricted to users with admin rights.
+        """
+        return """
+            <h1>Admin Page</h1>
+            <p>This page is restricted to administrators only.</p>
+            <p>It is used for critical or sensitive backend operations.</p>
+        """
+
+    # Route for portal users with website context
+    @route("/portal_users", auth="portal", website=True)
+    def my_orders(self):
+        """
+        Route for portal users with website context.
+        - Auth type: 'portal' (only users with portal access can view).
+        - Includes website context for frontend integration.
+        - Common use case: showing customer-specific data like orders or invoices.
+        """
+        return """
+            <h1>Portal Users Page</h1>
+            <p>This page is only accessible to portal users (e.g., customers or suppliers).</p>
+            <p>It is integrated with the website module for a frontend display.</p>
+        """

estate/controllers/postreq.py

@@ -0,0 +1,59 @@
+from odoo import http
+from odoo.http import request, route
+import json
+
+
+class WebsiteContactForm(http.Controller):
+
+    @http.route("/website/contact_form", auth="public", website=True)
+    def contact_form(self):
+        # Render the contact form template
+        return request.render("estate.contact_form_template")
+
+    @route(
+        "/website/contact_form_submit",
+        auth="user",
+        methods=["POST"],
+        type="http",
+        website=True,
+    )
+    def submit_contact_form(self, **post):
+        name = post.get("name")
+        email = post.get("email")
+
+        request.env["res.partner"].sudo().create({"name": name, "email": email})
+
+        return request.render("estate.thank_you")
+
+    @http.route(
+        "/ext_website/contact_form/submit",
+        auth="public",
+        methods=["POST"],
+        type="json",
+        website=True,
+        csrf=False,
+        cors="*",
+    )
+    def submit_contact_form_ext(self, **post):
+        print("post:", post)
+        if not post:
+            try:
+                post = json.loads(request.httprequest.data.decode("utf-8"))
+            except Exception as e:
+                _logger.error(f"Fallback JSON Parsing Error: {e}")
+                return {"error": "Invalid request format"}
+
+        name = post.get("name")
+        email = post.get("email")
+
+        # Debugging - check the received data
+        print(f"Received data: {name}, {email}")
+
+        if name and email:
+            # Create a new partner record with the provided data
+            partner = (
+                request.env["res.partner"].sudo().create({"name": name, "email": email})
+            )
+            return "Partner created successfully!"
+        else:
+            return "Error: Please provide both name and email."

estate/demo/estate.property.tags.csv

@@ -8,4 +8,4 @@
 "tag_green","Green","7"
 "tag_waterfront","Waterfront","8"
 "tag_mountain_view","Mountain View","9"
-"tag_city_center","City Center","10"
+"tag_city_center","City Center","10"

estate/demo/estate.property.types.csv

@@ -4,4 +4,4 @@
 "estate_property_type_land","Land","3"
 "estate_property_type_industrial","Industrial","4"
 "estate_property_type_villa","Villa","5"
-"estate_property_type_apartment","Apartment","6"
+"estate_property_type_apartment","Apartment","6"

estate/demo/estate_property_demo.xml

@@ -18,6 +18,7 @@
             <field name="company_id" ref="base.main_company" />
             <field name="garden_orientation">south</field>
             <field name="property_type_id" ref="estate_property_type_villa" />
+            <field name="image" type="base64" file="estate/static/images/img_9.jpeg" />
         </record>
 
         <record id="estate_property_trailer_home" model="estate.property">
@@ -38,6 +39,7 @@
             <field name="company_id" ref="base.main_company" />
             <field name="garden_orientation" />
             <field name="property_type_id" ref="estate_property_type_apartment" />
+            <field name="image" type="base64" file="estate/static/images/img_8.jpeg" />
         </record>
 
         <record id="estate_property_my_home" model="estate.property">
@@ -51,8 +53,8 @@
             <field name="bedrooms">15</field>
             <field name="living_area">10000</field>
             <field name="facades">4</field>
-            <field name="user_id" ref="estate.estate_agent_user_1" />
-            <field name="company_id" ref="base.main_company" />
+            <field name="user_id" ref="estate.estate_agent_user_2" />
+            <field name="company_id" ref="estate_company_2" />
             <field name="garage">False</field>
             <field name="garden">False</field>
             <field name="garden_area">0</field>
@@ -78,6 +80,7 @@
                     })
                 ]"
             />
+            <field name="image" type="base64" file="estate/static/images/img_7.jpeg" />
         </record>
 
 
@@ -101,6 +104,7 @@
             <field name="property_type_id" ref="estate_property_type_villa" />
             <field name="tag_ids"
                 eval="[(6, 0, [ref('tag_modern'), ref('tag_luxury'), ref('tag_spacious')])]" />
+            <field name="image" type="base64" file="estate/static/images/img_6.jpg" />
         </record>
 
         <record id="estate_property_commercial_office" model="estate.property">
@@ -122,6 +126,7 @@
             <field name="garden_orientation" />
             <field name="property_type_id" ref="estate_property_type_commercial" />
             <field name="tag_ids" eval="[(6, 0, [ref('tag_city_center'), ref('tag_spacious')])]" />
+            <field name="image" type="base64" file="estate/static/images/img_5.jpeg" />
         </record>
 
         <record id="estate_property_residential_apartment" model="estate.property">
@@ -160,6 +165,7 @@
                         ]"
             />
             <field name="tag_ids" eval="[(6, 0, [ref('tag_modern'), ref('tag_economical')])]" />
+            <field name="image" type="base64" file="estate/static/images/img_4.jpeg" />
         </record>
 
         <record id="estate_property_land_for_sale" model="estate.property">
@@ -173,20 +179,21 @@
             <field name="bedrooms">0</field>
             <field name="living_area">0</field>
             <field name="facades">4</field>
-            <field name="user_id" ref="estate.estate_agent_user_2" />
-            <field name="company_id" ref="estate_company_2" />
+            <field name="user_id" ref="estate.estate_agent_user_1" />
+            <field name="company_id" ref="base.main_company" />
             <field name="partner_id" ref="base.res_partner_18" />
             <field name="garage">False</field>
             <field name="garden">False</field>
             <field name="garden_area">0</field>
             <field name="garden_orientation" />
             <field name="property_type_id" ref="estate_property_type_land" />
             <field name="tag_ids" eval="[(6, 0, [ref('tag_green'), ref('tag_waterfront')])]" />
+            <field name="image" type="base64" file="estate/static/images/img_1.jpeg" />
         </record>
 
         <record id="estate_property_industrial_warehouse" model="estate.property">
             <field name="name">Industrial Warehouse</field>
-            <field name="state">sold</field>
+            <field name="state">offer_received</field>
             <field name="description">An industrial warehouse with large storage capacity.</field>
             <field name="postcode">98765</field>
             <field name="date_availability">2024-04-10</field>
@@ -204,6 +211,7 @@
             <field name="garden_orientation" />
             <field name="property_type_id" ref="estate_property_type_industrial" />
             <field name="tag_ids" eval="[(6, 0, [ref('tag_spacious')])]" />
+            <field name="image" type="base64" file="estate/static/images/img_2.jpeg" />
         </record>
 
         <record id="estate_property_luxury_mountain_view_villa" model="estate.property">
@@ -219,14 +227,14 @@
             <field name="facades">5</field>
             <field name="garage">True</field>
             <field name="active">false</field>
-            <field name="user_id" ref="estate.estate_agent_user_2" />
-            <field name="company_id" ref="estate_company_2" />
+            <field name="user_id" ref="estate.estate_agent_user_1" />
+            <field name="company_id" ref="base.main_company" />
             <field name="partner_id" ref="base.res_partner_4" />
             <field name="garden_area">2000</field>
             <field name="garden_orientation">west</field>
             <field name="property_type_id" ref="estate_property_type_villa" />
             <field name="tag_ids" eval="[(6, 0, [ref('tag_luxury'), ref('tag_mountain_view')])]" />
+            <field name="image" type="base64" file="estate/static/images/img_3.jpeg" />
         </record>
     </data>
 </odoo>
-        

estate/demo/estate_property_offers_demo.xml

@@ -33,7 +33,7 @@
                 eval="(datetime.now() + timedelta(days=20)).strftime('%Y-%m-%d')" />
         </record>
         <record id="offer_1_modern_villa" model="estate.property.offers">
-            <field name="price">25000000</field>            
+            <field name="price">25000000</field>
             <field name="partner_id" ref="base.res_partner_1" />
             <field name="property_id" ref="estate_property_modern_villa" />
             <field name="validity">30</field>
@@ -92,14 +92,12 @@
         </record>
         <record id="offer_1_industrial_warehouse" model="estate.property.offers">
             <field name="price">10550000</field>
-            <field name="status">accepted</field>
             <field name="partner_id" ref="base.res_partner_12" />
             <field name="property_id" ref="estate_property_industrial_warehouse" />
             <field name="validity">30</field>
         </record>
         <record id="offer_2_industrial_warehouse" model="estate.property.offers">
             <field name="price">11050000</field>
-            <field name="status">refused</field>
             <field name="partner_id" ref="base.res_partner_3" />
             <field name="property_id" ref="estate_property_industrial_warehouse" />
             <field name="validity">15</field>
@@ -119,4 +117,4 @@
             <field name="validity">30</field>
         </record>
     </data>
-</odoo>
+</odoo>

estate/models/__init__.py

@@ -2,4 +2,4 @@
 from . import estate_property
 from . import estate_property_type
 from . import estate_property_tag
-from . import res_users
+from . import res_users