Merge pull request OCA#2 from QuatraInternational/OD-46

[FIX] auditlog: prevent removal of x2many values from inaccessible companies

Author: StefanRijnhart

auditlog/models/rule.py

@@ -387,6 +387,9 @@ def write_full(self, vals, **kwargs):
                 .with_context(prefetch_fields=False)
                 .read(fields_list)
             }
+            # Prevent the cache of modified fields from being poisoned by
+            # x2many items inaccessible to the current user.
+            self.invalidate_recordset(vals.keys())
             result = write_full.origin(self, vals, **kwargs)
             new_values = {
                 d["id"]: d

auditlog/tests/__init__.py

@@ -1,3 +1,4 @@
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 from . import test_auditlog
 from . import test_autovacuum
+from . import test_multi_company

auditlog/tests/test_multi_company.py

@@ -0,0 +1,115 @@
+from unittest.mock import patch
+
+from odoo.fields import Command
+from odoo.tests.common import TransactionCase
+
+from odoo.addons.base.models.res_users import Groups
+
+
+class TestMultiCompany(TransactionCase):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        # Disarm any existing auditing rules.
+        cls.env["auditlog.rule"].search([]).unlink()
+        cls.env["auditlog.log"].search([]).unlink()
+        # Set up a group with two share users from different companies
+        cls.company1 = cls.env["res.company"].create({"name": "c1"})
+        cls.company2 = cls.env["res.company"].create({"name": "c2"})
+        cls.group = cls.env["res.groups"].create({"name": "g1", "share": True})
+        cls.user1 = cls.env["res.users"].create(
+            {
+                "name": "u1",
+                "login": "u1",
+                "groups_id": [Command.set(cls.group.ids)],
+                "company_ids": [Command.set(cls.company1.ids)],
+                "company_id": cls.company1.id,
+            }
+        )
+        cls.user2 = cls.env["res.users"].create(
+            {
+                "name": "u2",
+                "login": "u2",
+                "groups_id": [Command.set(cls.group.ids)],
+                "company_ids": [Command.set(cls.company2.ids)],
+                "company_id": cls.company2.id,
+            }
+        )
+        # We will test with a user that has access to only one of the companies
+        cls.user_demo = cls.env.ref("base.user_demo")
+        cls.user_demo.write(
+            {
+                "company_ids": [Command.set(cls.company2.ids)],
+                "company_id": cls.company2.id,
+                "groups_id": [Command.link(cls.env.ref("base.group_system").id)],
+            }
+        )
+
+    def test_group_set_users(self):  # pylint: disable=missing-return
+        """Writing x2many values does not wipe values from inaccessible companies."""
+        self.assertEqual(
+            self.group.users,
+            self.user1 + self.user2,
+        )
+        self.group.invalidate_recordset()
+        group_with_user = self.group.with_user(self.user_demo)
+        self.assertEqual(group_with_user.users, self.user2)
+
+        # The issue arises when `users` is missing from the cache and is first
+        # read as the superuser when fetching the full values for the auditlog.
+        # To emulate this, we want the field missing from the cache at the
+        # moment of writing. To prevent various overrides from populating the
+        # cache even earlier on when fetching other fields we preemptively fill
+        # the cache of the other fields.
+        #
+        # All of this is undermined by res.users's own `write` method which
+        # wipes the cache just in time, so we avoid this override with a patch.
+        #
+        # The issue is reproduceable on the product.template model without this
+        # trickery but this module does not depend on the product module so the
+        # model is not available.
+        self.group.read()
+        self.group.invalidate_recordset(["users"])
+
+        def write(self, vals):
+            """Avoid the cache invalidation in this particular override.
+
+            With the faulty behaviour, values from all companies are already
+            present in the cache at this point, leading to the deletion of the
+            value from the company that is inaccessible to the current user.
+            """
+            return super(Groups, self).write(vals)
+
+        # Do the write.
+        with patch.object(Groups, "write", side_effect=write, autospec=True):
+            group_with_user.write({"users": [Command.set(self.user2.ids)]})
+        self.assertEqual(group_with_user.users, self.user2)
+        # Ensure that the users of the other companies are still there.
+        self.env.invalidate_all()
+        self.assertEqual(
+            self.group.users,
+            self.user1 + self.user2,
+        )
+
+    def test_group_set_users_with_auditlog(self):
+        """Repeat the test above with an auditlog on the groups model"""
+        rule = (
+            self.env["auditlog.rule"]
+            .sudo()
+            .create(
+                {
+                    "name": "Test rule for groups",
+                    "model_id": self.env["ir.model"]._get("res.groups").id,
+                    "log_read": False,
+                    "log_create": False,
+                    "log_write": True,
+                    "log_unlink": False,
+                    "log_type": "full",
+                    "state": "subscribed",
+                }
+            )
+        )
+        try:
+            self.test_group_set_users()
+        finally:
+            rule.unlink()

sentry/README.rst

@@ -7,7 +7,7 @@ Sentry
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:88c5722f68e393e581f3bd3dfc08a4350731602583fdce2d407f6efcede43443
+   !! source digest: sha256:e43ec67df852d6f647f71e1bcfccb9bbeabcaae5072636a2aa2a5bef7a68eb80
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png

sentry/static/description/index.html

@@ -367,7 +367,7 @@ <h1 class="title">Sentry</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:88c5722f68e393e581f3bd3dfc08a4350731602583fdce2d407f6efcede43443
+!! source digest: sha256:e43ec67df852d6f647f71e1bcfccb9bbeabcaae5072636a2aa2a5bef7a68eb80
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
 <p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-tools/tree/16.0/sentry"><img alt="OCA/server-tools" src="https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-tools-16-0/server-tools-16-0-sentry"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-tools&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module allows painless <a class="reference external" href="https://sentry.io/">Sentry</a> integration with