[UPD] auditlog_security simple version

auditlog_security/README.rst

@@ -0,0 +1,98 @@
+==========================
+Audit Log User Permissions
+==========================
+
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:f98c0209d43e543c4900a35144d6189d6a65aa2a3e462333582408b79f57c733
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-tools/tree/16.0/auditlog_security
+    :alt: OCA/server-tools
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-tools-16-0/server-tools-16-0-auditlog_security
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-tools&target_branch=16.0
+    :alt: Try me on Runboat
+
+|badge1| |badge2| |badge3| |badge4| |badge5|
+
+This module allows extends auditlog, allowing specific log lines to be viewed only
+by users belonging to specific views, while all other lines are allowed only to 
+administrator.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Usage
+=====
+
+Go to `Settings / Technical / Audit / Rules` to subscribe rules. A rule defines
+which operations to log for a given data model.
+The rule is now extended with a new field permission_ids, that tells us wich groups will
+be allowed to read the lines produced by this rule.
+If permission_ids is left empty, the default will be: 
+"auditlog lines visible only by user in Settings group, which is the default 
+for the auditlog module"
+
+
+Then, check logs in the `Settings / Technical / Audit / Logs` menu. You can
+group them by user sessions, date, data model , HTTP requests.
+
+Known issues / Roadmap
+======================
+
+
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-tools/issues/new?body=module:%20auditlog_security%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Therp B.V.
+
+Contributors
+~~~~~~~~~~~~
+
+* Giovanni Francesco Capalbo <giovanni@therp.nl>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-tools <https://github.com/OCA/server-tools/tree/16.0/auditlog_security>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.

auditlog_security/__init__.py

@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from . import models

auditlog_security/__manifest__.py

@@ -0,0 +1,25 @@
+# Copyright 2021 Therp B.V. <https://www.therp.nl>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Audit Log User Permissions",
+    "version": "16.0.1.0.0",
+    "author": "Therp B.V.,Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "website": "https://github.com/OCA/server-tools",
+    "category": "Tools",
+    "summary": """Allow regular users to view Audit log lines
+                   via the form view of the relevant model""",
+    "depends": [
+        "auditlog",
+        "contacts",
+    ],
+    "data": [
+        "security/res_groups.xml",
+        "views/auditlog_view.xml",
+        "security/ir.model.access.csv",
+        "security/ir_rule.xml",
+    ],
+    "application": True,
+    "installable": True,
+}

auditlog_security/models/__init__.py

@@ -0,0 +1,6 @@
+# Copyright 2021-2025 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from . import auditlog_rule
+from . import auditlog_log
+from . import auditlog_log_line

auditlog_security/models/auditlog_log.py

@@ -0,0 +1,19 @@
+# Copyright 2025 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import api, fields, models
+
+
+class AuditlogLog(models.Model):
+    _inherit = "auditlog.log"
+
+    rule_id = fields.Many2one(
+        "auditlog.rule", compute="_compute_rule_id", store=True, readonly=True
+    )
+
+    @api.depends("model_id")
+    def _compute_rule_id(self):
+        for log in self:
+            log.rule_id = self.env["auditlog.rule"].search(
+                [("model_id", "=", log.model_id.id)]
+            )

auditlog_security/models/auditlog_log_line.py

@@ -0,0 +1,44 @@
+# Copyright 2022-2024 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import api, fields, models
+
+
+class AuditlogLogLine(models.Model):
+    _inherit = "auditlog.log.line"
+    _order = "create_date desc"
+
+    user_id = fields.Many2one(
+        "res.users",
+        compute="_compute_user_id",
+        store=True,
+        index=True,
+        string="User",
+    )
+    method = fields.Char(compute="_compute_method", store=True, index=True)
+    model_id = fields.Many2one(
+        "ir.model", compute="_compute_model_id", store=True, index=True
+    )
+    res_id = fields.Integer(compute="_compute_res_id", store=True, index=True)
+
+    rule_id = fields.Many2one(related="log_id.rule_id")
+
+    @api.depends("log_id.method")
+    def _compute_method(self):
+        for this in self:
+            this.method = this.log_id.method
+
+    @api.depends("log_id.user_id")
+    def _compute_user_id(self):
+        for this in self:
+            this.user_id = this.log_id.user_id
+
+    @api.depends("log_id.model_id")
+    def _compute_model_id(self):
+        for this in self:
+            this.model_id = this.log_id.model_id
+
+    @api.depends("log_id.res_id")
+    def _compute_res_id(self):
+        for this in self:
+            this.res_id = this.log_id.res_id

auditlog_security/models/auditlog_rule.py

@@ -0,0 +1,91 @@
+# Copyright 2021-2024 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import _, api, fields, models
+from odoo.exceptions import ValidationError
+
+
+class AuditlogRule(models.Model):
+    _inherit = "auditlog.rule"
+
+    allowed_group_ids = fields.Many2many("res.groups", string="Allowed Groups")
+    server_action_id = fields.Many2one(
+        "ir.actions.server",
+        "Server Action",
+    )
+    log_selected_fields_only = fields.Boolean(
+        default=True,
+        help="Log only the selected fields, to save space avoid large DB data.",
+    )
+
+    @api.constrains("model_id")
+    def unique_model(self):
+        if self.search_count([("model_id", "=", self.model_id.id)]) > 1:
+            raise ValidationError(_("A rule for this model already exists"))
+
+    def write(self, values):
+        if "state" in values.keys():
+            self.clear_caches()
+        return super().write(values)
+
+    @api.onchange("model_id")
+    def onchange_model_id(self):
+        # if model changes we must wipe out all field ids
+        self.auditlog_line_access_rule_ids.unlink()
+
+    @api.model
+    def _get_view_log_lines_action(self):
+        assert self.env.context.get("active_model")
+        assert self.env.context.get("active_ids")
+        model = (
+            self.env["ir.model"]
+            .sudo()
+            .search([("model", "=", self.env.context.get("active_model"))])
+        )
+        domain = [
+            ("model_id", "=", model.id),
+            ("res_id", "in", self.env.context.get("active_ids")),
+        ]
+        return {
+            "name": _("View Log Lines"),
+            "res_model": "auditlog.log.line",
+            "view_mode": "tree,form",
+            "view_id": False,
+            "domain": domain,
+            "type": "ir.actions.act_window",
+        }
+
+    def _create_server_action(self):
+        self.ensure_one()
+        code = "action = env['auditlog.rule']._get_view_log_lines_action()"
+        server_action = (
+            self.env["ir.actions.server"]
+            .sudo()
+            .create(
+                {
+                    "name": "View Log Lines",
+                    "model_id": self.model_id.id,
+                    "state": "code",
+                    "code": code,
+                }
+            )
+        )
+        self.write({"server_action_id": server_action.id})
+        return server_action
+
+    def subscribe(self):
+        for rule in self:
+            server_action = rule._create_server_action()
+            server_action.create_action()
+        res = super(AuditlogRule, self).subscribe()
+        # rule now will have "View Log" Action, make that visible only for admin
+        if res:
+            self.action_id.write(
+                {"groups_id": [(6, 0, [self.env.ref("base.group_system").id])]}
+            )
+        return res
+
+    def unsubscribe(self):
+        for rule in self:
+            rule.server_action_id.unlink()
+        return super(AuditlogRule, self).unsubscribe()

auditlog_security/readme/CONTRIBUTORS.rst

@@ -0,0 +1 @@
+* Giovanni Francesco Capalbo <giovanni@therp.nl>

auditlog_security/readme/DESCRIPTION.rst

@@ -0,0 +1,3 @@
+This module allows extends auditlog, allowing specific log lines to be viewed only
+by users belonging to specific views, while all other lines are allowed only to 
+administrator.

auditlog_security/readme/ROADMAP.rst

@@ -0,0 +1 @@
+

auditlog_security/readme/USAGE.rst

@@ -0,0 +1,11 @@
+Go to `Settings / Technical / Audit / Rules` to subscribe rules. A rule defines
+which operations to log for a given data model.
+The rule is now extended with a new field permission_ids, that tells us wich groups will
+be allowed to read the lines produced by this rule.
+If permission_ids is left empty, the default will be: 
+"auditlog lines visible only by user in Settings group, which is the default 
+for the auditlog module"
+
+
+Then, check logs in the `Settings / Technical / Audit / Logs` menu. You can
+group them by user sessions, date, data model , HTTP requests.

auditlog_security/security/ir.model.access.csv

@@ -0,0 +1,2 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_auditlog_log_line_user,auditlog_log_line_user,auditlog.model_auditlog_log_line,base.group_user,1,0,0,0

auditlog_security/security/ir_rule.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo noupdate="1">
+
+    <record id="auditlog_log_rule" model="ir.rule">
+        <field name="name">Access to auditlog.log</field>
+        <field name="model_id" ref="auditlog.model_auditlog_log" />
+        <field
+            name="domain_force"
+        >[('rule_id.allowed_group_ids', 'in', user.groups_id.ids)]</field>
+    </record>
+
+    <record id="auditlog_log_line_rule" model="ir.rule">
+        <field name="name">Access to auditlog.log.line</field>
+        <field name="model_id" ref="auditlog.model_auditlog_log_line" />
+        <field
+            name="domain_force"
+        >[('rule_id.allowed_group_ids', 'in', user.groups_id.ids)]</field>
+    </record>
+
+</odoo>

auditlog_security/security/res_groups.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+    <record id="group_can_view_audit_logs" model="res.groups">
+        <field name="name">View Audit Logs</field>
+    </record>
+</odoo>