diff --git a/auditlog_security/README.rst b/auditlog_security/README.rst new file mode 100644 index 00000000000..4d2873382aa --- /dev/null +++ b/auditlog_security/README.rst @@ -0,0 +1,98 @@ +========================== +Audit Log User Permissions +========================== + +.. + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! This file is generated by oca-gen-addon-readme !! + !! changes will be overwritten. !! + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + !! source digest: sha256:f98c0209d43e543c4900a35144d6189d6a65aa2a3e462333582408b79f57c733 + !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png + :target: https://odoo-community.org/page/development-status + :alt: Beta +.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png + :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html + :alt: License: AGPL-3 +.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github + :target: https://github.com/OCA/server-tools/tree/16.0/auditlog_security + :alt: OCA/server-tools +.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png + :target: https://translation.odoo-community.org/projects/server-tools-16-0/server-tools-16-0-auditlog_security + :alt: Translate me on Weblate +.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png + :target: https://runboat.odoo-community.org/builds?repo=OCA/server-tools&target_branch=16.0 + :alt: Try me on Runboat + +|badge1| |badge2| |badge3| |badge4| |badge5| + +This module allows extends auditlog, allowing specific log lines to be viewed only +by users belonging to specific views, while all other lines are allowed only to +administrator. + +**Table of contents** + +.. contents:: + :local: + +Usage +===== + +Go to `Settings / Technical / Audit / Rules` to subscribe rules. A rule defines +which operations to log for a given data model. +The rule is now extended with a new field permission_ids, that tells us wich groups will +be allowed to read the lines produced by this rule. +If permission_ids is left empty, the default will be: +"auditlog lines visible only by user in Settings group, which is the default +for the auditlog module" + + +Then, check logs in the `Settings / Technical / Audit / Logs` menu. You can +group them by user sessions, date, data model , HTTP requests. + +Known issues / Roadmap +====================== + + + +Bug Tracker +=========== + +Bugs are tracked on `GitHub Issues `_. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +`feedback `_. + +Do not contact contributors directly about support or help with technical issues. + +Credits +======= + +Authors +~~~~~~~ + +* Therp B.V. + +Contributors +~~~~~~~~~~~~ + +* Giovanni Francesco Capalbo + +Maintainers +~~~~~~~~~~~ + +This module is maintained by the OCA. + +.. image:: https://odoo-community.org/logo.png + :alt: Odoo Community Association + :target: https://odoo-community.org + +OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use. + +This module is part of the `OCA/server-tools `_ project on GitHub. + +You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute. diff --git a/auditlog_security/__init__.py b/auditlog_security/__init__.py new file mode 100644 index 00000000000..31660d6a965 --- /dev/null +++ b/auditlog_security/__init__.py @@ -0,0 +1,3 @@ +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from . import models diff --git a/auditlog_security/__manifest__.py b/auditlog_security/__manifest__.py new file mode 100644 index 00000000000..7af1284b967 --- /dev/null +++ b/auditlog_security/__manifest__.py @@ -0,0 +1,25 @@ +# Copyright 2021 Therp B.V. +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +{ + "name": "Audit Log User Permissions", + "version": "16.0.1.0.0", + "author": "Therp B.V.,Odoo Community Association (OCA)", + "license": "AGPL-3", + "website": "https://github.com/OCA/server-tools", + "category": "Tools", + "summary": """Allow regular users to view Audit log lines + via the form view of the relevant model""", + "depends": [ + "auditlog", + "contacts", + ], + "data": [ + "security/res_groups.xml", + "views/auditlog_view.xml", + "security/ir.model.access.csv", + "security/ir_rule.xml", + ], + "application": True, + "installable": True, +} diff --git a/auditlog_security/models/__init__.py b/auditlog_security/models/__init__.py new file mode 100644 index 00000000000..7f9a8f0baed --- /dev/null +++ b/auditlog_security/models/__init__.py @@ -0,0 +1,6 @@ +# Copyright 2021-2025 Therp B.V. +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from . import auditlog_rule +from . import auditlog_log +from . import auditlog_log_line diff --git a/auditlog_security/models/auditlog_log.py b/auditlog_security/models/auditlog_log.py new file mode 100644 index 00000000000..8c2fa107b53 --- /dev/null +++ b/auditlog_security/models/auditlog_log.py @@ -0,0 +1,19 @@ +# Copyright 2025 Therp B.V. +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from odoo import api, fields, models + + +class AuditlogLog(models.Model): + _inherit = "auditlog.log" + + rule_id = fields.Many2one( + "auditlog.rule", compute="_compute_rule_id", store=True, readonly=True + ) + + @api.depends("model_id") + def _compute_rule_id(self): + for log in self: + log.rule_id = self.env["auditlog.rule"].search( + [("model_id", "=", log.model_id.id)] + ) diff --git a/auditlog_security/models/auditlog_log_line.py b/auditlog_security/models/auditlog_log_line.py new file mode 100644 index 00000000000..a8499bd8829 --- /dev/null +++ b/auditlog_security/models/auditlog_log_line.py @@ -0,0 +1,44 @@ +# Copyright 2022-2024 Therp B.V. +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from odoo import api, fields, models + + +class AuditlogLogLine(models.Model): + _inherit = "auditlog.log.line" + _order = "create_date desc" + + user_id = fields.Many2one( + "res.users", + compute="_compute_user_id", + store=True, + index=True, + string="User", + ) + method = fields.Char(compute="_compute_method", store=True, index=True) + model_id = fields.Many2one( + "ir.model", compute="_compute_model_id", store=True, index=True + ) + res_id = fields.Integer(compute="_compute_res_id", store=True, index=True) + + rule_id = fields.Many2one(related="log_id.rule_id") + + @api.depends("log_id.method") + def _compute_method(self): + for this in self: + this.method = this.log_id.method + + @api.depends("log_id.user_id") + def _compute_user_id(self): + for this in self: + this.user_id = this.log_id.user_id + + @api.depends("log_id.model_id") + def _compute_model_id(self): + for this in self: + this.model_id = this.log_id.model_id + + @api.depends("log_id.res_id") + def _compute_res_id(self): + for this in self: + this.res_id = this.log_id.res_id diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py new file mode 100644 index 00000000000..282b3e0c501 --- /dev/null +++ b/auditlog_security/models/auditlog_rule.py @@ -0,0 +1,91 @@ +# Copyright 2021-2024 Therp B.V. +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from odoo import _, api, fields, models +from odoo.exceptions import ValidationError + + +class AuditlogRule(models.Model): + _inherit = "auditlog.rule" + + allowed_group_ids = fields.Many2many("res.groups", string="Allowed Groups") + server_action_id = fields.Many2one( + "ir.actions.server", + "Server Action", + ) + log_selected_fields_only = fields.Boolean( + default=True, + help="Log only the selected fields, to save space avoid large DB data.", + ) + + @api.constrains("model_id") + def unique_model(self): + if self.search_count([("model_id", "=", self.model_id.id)]) > 1: + raise ValidationError(_("A rule for this model already exists")) + + def write(self, values): + if "state" in values.keys(): + self.clear_caches() + return super().write(values) + + @api.onchange("model_id") + def onchange_model_id(self): + # if model changes we must wipe out all field ids + self.auditlog_line_access_rule_ids.unlink() + + @api.model + def _get_view_log_lines_action(self): + assert self.env.context.get("active_model") + assert self.env.context.get("active_ids") + model = ( + self.env["ir.model"] + .sudo() + .search([("model", "=", self.env.context.get("active_model"))]) + ) + domain = [ + ("model_id", "=", model.id), + ("res_id", "in", self.env.context.get("active_ids")), + ] + return { + "name": _("View Log Lines"), + "res_model": "auditlog.log.line", + "view_mode": "tree,form", + "view_id": False, + "domain": domain, + "type": "ir.actions.act_window", + } + + def _create_server_action(self): + self.ensure_one() + code = "action = env['auditlog.rule']._get_view_log_lines_action()" + server_action = ( + self.env["ir.actions.server"] + .sudo() + .create( + { + "name": "View Log Lines", + "model_id": self.model_id.id, + "state": "code", + "code": code, + } + ) + ) + self.write({"server_action_id": server_action.id}) + return server_action + + def subscribe(self): + for rule in self: + server_action = rule._create_server_action() + server_action.create_action() + res = super(AuditlogRule, self).subscribe() + # rule now will have "View Log" Action, make that visible only for admin + if res: + self.action_id.write( + {"groups_id": [(6, 0, [self.env.ref("base.group_system").id])]} + ) + return res + + def unsubscribe(self): + for rule in self: + rule.server_action_id.unlink() + return super(AuditlogRule, self).unsubscribe() diff --git a/auditlog_security/readme/CONTRIBUTORS.rst b/auditlog_security/readme/CONTRIBUTORS.rst new file mode 100644 index 00000000000..addcc3f4a2b --- /dev/null +++ b/auditlog_security/readme/CONTRIBUTORS.rst @@ -0,0 +1 @@ +* Giovanni Francesco Capalbo diff --git a/auditlog_security/readme/CREDITS.rst b/auditlog_security/readme/CREDITS.rst new file mode 100644 index 00000000000..e69de29bb2d diff --git a/auditlog_security/readme/DESCRIPTION.rst b/auditlog_security/readme/DESCRIPTION.rst new file mode 100644 index 00000000000..2d056774e16 --- /dev/null +++ b/auditlog_security/readme/DESCRIPTION.rst @@ -0,0 +1,3 @@ +This module allows extends auditlog, allowing specific log lines to be viewed only +by users belonging to specific views, while all other lines are allowed only to +administrator. diff --git a/auditlog_security/readme/ROADMAP.rst b/auditlog_security/readme/ROADMAP.rst new file mode 100644 index 00000000000..8b137891791 --- /dev/null +++ b/auditlog_security/readme/ROADMAP.rst @@ -0,0 +1 @@ + diff --git a/auditlog_security/readme/USAGE.rst b/auditlog_security/readme/USAGE.rst new file mode 100644 index 00000000000..f4cfaeca2cf --- /dev/null +++ b/auditlog_security/readme/USAGE.rst @@ -0,0 +1,11 @@ +Go to `Settings / Technical / Audit / Rules` to subscribe rules. A rule defines +which operations to log for a given data model. +The rule is now extended with a new field permission_ids, that tells us wich groups will +be allowed to read the lines produced by this rule. +If permission_ids is left empty, the default will be: +"auditlog lines visible only by user in Settings group, which is the default +for the auditlog module" + + +Then, check logs in the `Settings / Technical / Audit / Logs` menu. You can +group them by user sessions, date, data model , HTTP requests. diff --git a/auditlog_security/security/ir.model.access.csv b/auditlog_security/security/ir.model.access.csv new file mode 100644 index 00000000000..0bf28fefb34 --- /dev/null +++ b/auditlog_security/security/ir.model.access.csv @@ -0,0 +1,2 @@ +id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink +access_auditlog_log_line_user,auditlog_log_line_user,auditlog.model_auditlog_log_line,base.group_user,1,0,0,0 diff --git a/auditlog_security/security/ir_rule.xml b/auditlog_security/security/ir_rule.xml new file mode 100644 index 00000000000..28ada39c135 --- /dev/null +++ b/auditlog_security/security/ir_rule.xml @@ -0,0 +1,20 @@ + + + + + Access to auditlog.log + + [('rule_id.allowed_group_ids', 'in', user.groups_id.ids)] + + + + Access to auditlog.log.line + + [('rule_id.allowed_group_ids', 'in', user.groups_id.ids)] + + + diff --git a/auditlog_security/security/res_groups.xml b/auditlog_security/security/res_groups.xml new file mode 100644 index 00000000000..2b4fd7171c9 --- /dev/null +++ b/auditlog_security/security/res_groups.xml @@ -0,0 +1,6 @@ + + + + View Audit Logs + + diff --git a/auditlog_security/static/description/index.html b/auditlog_security/static/description/index.html new file mode 100644 index 00000000000..80174bc2755 --- /dev/null +++ b/auditlog_security/static/description/index.html @@ -0,0 +1,442 @@ + + + + + +Audit Log User Permissions + + + +
+

Audit Log User Permissions

+ + +

Beta License: AGPL-3 OCA/server-tools Translate me on Weblate Try me on Runboat

+

This module allows extends auditlog, allowing specific log lines to be viewed only +by users belonging to specific views, while all other lines are allowed only to +administrator.

+

Table of contents

+ +
+

Usage

+

Go to Settings / Technical / Audit / Rules to subscribe rules. A rule defines +which operations to log for a given data model. +The rule is now extended with a new field permission_ids, that tells us wich groups will +be allowed to read the lines produced by this rule. +If permission_ids is left empty, the default will be: +“auditlog lines visible only by user in Settings group, which is the default +for the auditlog module”

+

Then, check logs in the Settings / Technical / Audit / Logs menu. You can +group them by user sessions, date, data model , HTTP requests.

+
+ +
+

Bug Tracker

+

Bugs are tracked on GitHub Issues. +In case of trouble, please check there if your issue has already been reported. +If you spotted it first, help us to smash it by providing a detailed and welcomed +feedback.

+

Do not contact contributors directly about support or help with technical issues.

+
+
+

Credits

+
+

Authors

+
    +
  • Therp B.V.
    • +
+
+
+

Contributors

+ +
+
+

Maintainers

+

This module is maintained by the OCA.

+ +Odoo Community Association + +

OCA, or the Odoo Community Association, is a nonprofit organization whose +mission is to support the collaborative development of Odoo features and +promote its widespread use.

+

This module is part of the OCA/server-tools project on GitHub.

+

You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

+
+
+
+ + diff --git a/auditlog_security/tests/__init__.py b/auditlog_security/tests/__init__.py new file mode 100644 index 00000000000..96ec34834e5 --- /dev/null +++ b/auditlog_security/tests/__init__.py @@ -0,0 +1,6 @@ +# Copyright 2024 Therp B.V. +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from . import test_auditlog_line +from . import test_auditlog_rule +from . import test_auditlog_line_access_rule diff --git a/auditlog_security/tests/test_auditlog_line.py b/auditlog_security/tests/test_auditlog_line.py new file mode 100644 index 00000000000..812a57700b7 --- /dev/null +++ b/auditlog_security/tests/test_auditlog_line.py @@ -0,0 +1,78 @@ +# Copyright 2024 Therp B.V. +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from odoo.tests.common import TransactionCase + + +class TestAuditlogLogLine(TransactionCase): + @classmethod + def setUpClass(cls): + super().setUpClass() + + cls.group_portal = cls.env.ref("base.group_portal") + cls.group_user = cls.env.ref("base.group_user") + + cls.model = cls.env["ir.model"].create( + { + "name": "Test Model", + "model": "x_test_model", + } + ) + + cls.field = cls.env["ir.model.fields"].create( + { + "name": "x_test_field", + "model_id": cls.model.id, + "field_description": "Test Field", + "ttype": "char", + } + ) + + cls.log = cls.env["auditlog.log"].create( + { + "method": "write", + "model_id": cls.model.id, + "res_id": 1, + } + ) + + def test_compute_method(self): + """Test the computation of the method field""" + + log_line = self.env["auditlog.log.line"].create( + { + "log_id": self.log.id, + "field_id": self.field.id, + "old_value": "old", + "new_value": "new", + } + ) + self.assertEqual( + log_line.method, "write", "The computed method field is incorrect." + ) + + def test_compute_model_id(self): + """Test the computation of the model_id field""" + log_line = self.env["auditlog.log.line"].create( + { + "log_id": self.log.id, + "field_id": self.field.id, + "old_value": "old", + "new_value": "new", + } + ) + self.assertEqual( + log_line.model_id, self.model, "The computed model_id field is incorrect." + ) + + def test_compute_res_id(self): + """Test the computation of the res_id field""" + log_line = self.env["auditlog.log.line"].create( + { + "log_id": self.log.id, + "field_id": self.field.id, + "old_value": "old", + "new_value": "new", + } + ) + self.assertEqual(log_line.res_id, 1, "The computed res_id field is incorrect.") diff --git a/auditlog_security/tests/test_auditlog_line_access_rule.py b/auditlog_security/tests/test_auditlog_line_access_rule.py new file mode 100644 index 00000000000..c989dea7295 --- /dev/null +++ b/auditlog_security/tests/test_auditlog_line_access_rule.py @@ -0,0 +1,119 @@ +# Copyright 2024 Therp B.V. +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from odoo.tests.common import TransactionCase + + +class TestAuditlogLineAccessRule(TransactionCase): + @classmethod + def setUpClass(cls): + super(TestAuditlogLineAccessRule, cls).setUpClass() + cls.group_user = cls.env.ref("base.group_user") + cls.model = cls.env["ir.model"].create( + { + "name": "Test Model", + "model": "x_test_model_2", + } + ) + cls.auditlog_rule = cls.env["auditlog.rule"].create( + { + "name": "Test Auditlog Rule", + "model_id": cls.model.id, + } + ) + cls.field = cls.env["ir.model.fields"].create( + { + "name": "x_test_field", + "model_id": cls.model.id, + "field_description": "Test Field", + "ttype": "char", + } + ) + + def test_create_auditlog_line_access_rule(self): + """Test the creation of an auditlog line access rule""" + rule = self.env["auditlog.line.access.rule"].create( + { + "name": "Test Rule", + "auditlog_rule_id": self.auditlog_rule.id, + "field_ids": [(6, 0, [self.field.id])], + } + ) + self.assertTrue(rule) + # Verify if the default group is added + self.assertIn(self.group_user, rule.group_ids) + + def test_write_auditlog_line_access_rule(self): + """Test writing to an auditlog line access rule""" + rule = self.env["auditlog.line.access.rule"].create( + { + "name": "Test Rule", + "auditlog_rule_id": self.auditlog_rule.id, + } + ) + rule.write( + { + "field_ids": [(6, 0, [self.field.id])], + } + ) + self.assertIn(self.field, rule.field_ids) + # Verify if rules are regenerated + self.assertTrue(rule.get_linked_rules()) + + def test_unlink_auditlog_line_access_rule(self): + """Test unlinking of an auditlog line access rule""" + rule = self.env["auditlog.line.access.rule"].create( + { + "name": "Test Rule", + "auditlog_rule_id": self.auditlog_rule.id, + } + ) + linked_rule = self.env["ir.rule"].create( + { + "name": "Linked Rule", + "model_id": self.model.id, + "domain_force": "[]", + "auditlog_line_access_rule_id": rule.id, + } + ) + rule.unlink() + self.assertFalse(linked_rule.exists()) + + def test_add_default_group_if_needed(self): + """Test adding default group if needed""" + rule = self.env["auditlog.line.access.rule"].create( + { + "name": "Test Rule", + "auditlog_rule_id": self.auditlog_rule.id, + "field_ids": [(6, 0, [self.field.id])], + "group_ids": [], + } + ) + rule.add_default_group_if_needed() + self.assertIn(self.group_user, rule.group_ids) + + def test_regenerate_rules(self): + """Test regenerating rules""" + rule = self.env["auditlog.line.access.rule"].create( + { + "name": "Test Rule", + "auditlog_rule_id": self.auditlog_rule.id, + "group_ids": [(6, 0, [self.group_user.id])], + } + ) + rule.regenerate_rules() + linked_rules = rule.get_linked_rules() + self.assertTrue(linked_rules) + + def test_prepare_rule_values(self): + """Test preparation of rule values""" + rule = self.env["auditlog.line.access.rule"].create( + { + "name": "Test Rule", + "auditlog_rule_id": self.auditlog_rule.id, + "group_ids": [(6, 0, [self.group_user.id])], + } + ) + values = rule._prepare_rule_values() + self.assertGreater(len(values), 0) + self.assertIn("domain_force", values[0]) diff --git a/auditlog_security/tests/test_auditlog_rule.py b/auditlog_security/tests/test_auditlog_rule.py new file mode 100644 index 00000000000..0ea4c8003d6 --- /dev/null +++ b/auditlog_security/tests/test_auditlog_rule.py @@ -0,0 +1,146 @@ +# Copyright 2024 Therp B.V. +# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). + +from psycopg2.errors import UniqueViolation + +from odoo.tests.common import TransactionCase + + +class TestAuditlogRule(TransactionCase): + @classmethod + def setUpClass(cls): + super(TestAuditlogRule, cls).setUpClass() + + cls.model = cls.env["ir.model"].create( + { + "name": "Test Model", + "model": "x_test_model", + } + ) + cls.rule = cls.env["auditlog.rule"].create( + { + "name": "Test Rule", + "model_id": cls.model.id, + } + ) + cls.field = cls.env["ir.model.fields"].create( + { + "name": "x_test_field", + "model_id": cls.model.id, + "field_description": "Test Field", + "ttype": "char", + } + ) + cls.access_rule = cls.env["auditlog.line.access.rule"].create( + { + "name": "Access Rule", + "auditlog_rule_id": cls.rule.id, + "field_ids": [(6, 0, [cls.field.id])], + } + ) + + def test_unique_model_constraint(self): + """Test unique constraint on model_id field""" + + # Attempting to create a rule with the same + # model_id should raise a UniqueViolation error + + with self.assertRaises(UniqueViolation): + self.env["auditlog.rule"].create( + { + "name": "Duplicate Rule", + "model_id": self.model.id, + } + ) + + def test_get_field_names_of_rule(self): + """Test cached method _get_field_names_of_rule""" + field_names = self.rule._get_field_names_of_rule(self.model.model) + self.assertIn( + self.field.name, + field_names, + f"Expected field '{self.field.name}' not found in field names: {field_names}", + ) + + def test_get_log_selected_fields_only(self): + """Test cached method _get_log_selected_fields_only""" + log_selected = self.rule._get_log_selected_fields_only(self.model.model) + self.assertTrue(log_selected) + + def test_get_auditlog_fields(self): + """Test get_auditlog_fields filtering of fields""" + fields = self.rule.get_auditlog_fields(self.env["x_test_model"]) + self.assertIn( + self.field.name, + fields, + f"Expected field '{self.field.name}' not found in auditlog fields: {fields}", + ) + + def test_write_clears_cache(self): + """Test that writing specific fields clears the cache""" + # Clear cache to ensure fresh data is fetched + self.env.cache.clear() + + # Fetch initial field names to ensure cache is populated + initial_field_names = self.rule._get_field_names_of_rule(self.model.model) + + # Assert that the cache was populated correctly + self.assertIn( + self.field.name, + initial_field_names, + "Cache not populated correctly before write.", + ) + + # Write to the rule to trigger cache invalidation + self.rule.write({"log_selected_fields_only": False}) + + # Clear cache to force the method to re-evaluate + self.env.cache.clear() + + # Fetch updated field names to ensure cache was cleared and repopulated + updated_field_names = self.rule._get_field_names_of_rule(self.model.model) + + # Assert that the cache was updated correctly + self.assertIn( + self.field.name, + updated_field_names, + "Cache not updated correctly after write.", + ) + self.assertEqual( + updated_field_names, + initial_field_names, + "Cache should be recalculated and match expected values.", + ) + + def test_onchange_model_id(self): + """Test that related access rules are removed when model_id is changed""" + access_rule = self.env["auditlog.line.access.rule"].create( + { + "name": "Access Rule", + "auditlog_rule_id": self.rule.id, + } + ) + self.assertTrue(access_rule.exists()) + self.rule.onchange_model_id() + self.assertFalse(access_rule.exists()) + + def test_create_server_action(self): + """Test the creation of server action linked to the audit log rule""" + action = self.rule._create_server_action() + self.assertTrue(action) + self.assertEqual(self.rule.server_action_id, action) + + def test_subscribe_method(self): + """Test the subscribe method with rule regeneration and server action creation""" + action_count_before = self.env["ir.actions.server"].search_count([]) + self.rule.subscribe() + action_count_after = self.env["ir.actions.server"].search_count([]) + self.assertGreater(action_count_after, action_count_before) + + def test_unsubscribe_method(self): + """Test the unsubscribe method with server action deletion""" + self.rule.subscribe() + server_action = self.rule.server_action_id + self.assertTrue(server_action.exists()) + self.rule.unsubscribe() + self.assertFalse(server_action.exists()) diff --git a/auditlog_security/views/auditlog_view.xml b/auditlog_security/views/auditlog_view.xml new file mode 100644 index 00000000000..259e2a76f9c --- /dev/null +++ b/auditlog_security/views/auditlog_view.xml @@ -0,0 +1,91 @@ + + + + auditlog.log.form + auditlog.log + + + + false + + + + + + auditlog.log.form + auditlog.log + + + + false + + + + + + + + + + + + + auditlog.log.line.form + auditlog.log.line + +
+ + + + + + + + + + + +
+ + + + + auditlog.log.line.tree + auditlog.log.line + + + + + + + + + + + + + + View Log Lines + ir.actions.act_window + auditlog.log.line + tree,form + + + + auditlog rule form extension + auditlog.rule + + + + + + + + + diff --git a/setup/auditlog_security/odoo/addons/auditlog_security b/setup/auditlog_security/odoo/addons/auditlog_security new file mode 120000 index 00000000000..60934ae43f7 --- /dev/null +++ b/setup/auditlog_security/odoo/addons/auditlog_security @@ -0,0 +1 @@ +../../../../auditlog_security \ No newline at end of file diff --git a/setup/auditlog_security/setup.py b/setup/auditlog_security/setup.py new file mode 100644 index 00000000000..28c57bb6403 --- /dev/null +++ b/setup/auditlog_security/setup.py @@ -0,0 +1,6 @@ +import setuptools + +setuptools.setup( + setup_requires=['setuptools-odoo'], + odoo_addon=True, +)