fix(cr): add nosemgrep comments to all sudo() calls

emjay0921 · emjay0921 · commit 22e69f3043f7 · 2026-03-09T13:02:38.000+08:00
diff --git a/spp_change_request_v2/models/change_request.py b/spp_change_request_v2/models/change_request.py
@@ -267,7 +267,7 @@ def _compute_has_proposed_changes(self):
             try:
                 # Use sudo to bypass record rules (e.g. global disabled-registrant
                 # rules on spp.group.membership) — this is read-only preview logic.
-                sudo_rec = rec.sudo()
+                sudo_rec = rec.sudo()  # nosemgrep: odoo-sudo-without-context
                 strategy = sudo_rec.request_type_id.get_apply_strategy()
                 changes = strategy.preview(sudo_rec) or {}
 
@@ -715,7 +715,7 @@ def _ensure_detail(self):
 
             # Use sudo() for creation - users don't need create permission
             # Detail records are always created by the system automatically
-            detail = detail_model.sudo().create({cr_field: self.id})
+            detail = detail_model.sudo().create({cr_field: self.id})  # nosemgrep: odoo-sudo-without-context
             self.detail_res_id = detail.id
 
             # Pre-fill detail from registrant if the detail model supports it
@@ -885,7 +885,7 @@ def _generate_preview_html(self):
 
         try:
             # Use sudo() so validators can preview memberships of disabled registrants
-            sudo_self = self.sudo()
+            sudo_self = self.sudo()  # nosemgrep: odoo-sudo-without-context
             strategy = sudo_self.request_type_id.get_apply_strategy()
             changes = strategy.preview(sudo_self) or {}
         except Exception as e:
@@ -980,7 +980,7 @@ def _generate_review_comparison_html(self):
 
         try:
             # Use sudo() so validators can preview memberships of disabled registrants
-            sudo_self = self.sudo()
+            sudo_self = self.sudo()  # nosemgrep: odoo-sudo-without-context
             strategy = sudo_self.request_type_id.get_apply_strategy()
             changes = strategy.preview(sudo_self) or {}
         except Exception as e:
@@ -1092,7 +1092,7 @@ def _capture_preview_snapshot(self):
         self.review_comparison_html_snapshot = self._generate_review_comparison_html()
 
         # Also capture the JSON data (use sudo for record-rule bypass)
-        sudo_self = self.sudo()
+        sudo_self = self.sudo()  # nosemgrep: odoo-sudo-without-context
         strategy = sudo_self.request_type_id.get_apply_strategy()
         changes = strategy.preview(sudo_self) or {}
         self.preview_json_snapshot = json.dumps(changes, indent=2, default=str)
@@ -1136,7 +1136,7 @@ def _do_apply(self):
         to (e.g. spp.group.membership blocked by global record rules).
         """
         self.ensure_one()
-        sudo_self = self.sudo()
+        sudo_self = self.sudo()  # nosemgrep: odoo-sudo-without-context
         strategy = sudo_self.request_type_id.get_apply_strategy()
         strategy.apply(sudo_self)
 
@@ -1248,7 +1248,7 @@ def _validate_documents(self):
     def _create_log(self, action, notes=False):
         """Create a log entry for this change request."""
         self.ensure_one()
-        self.env["spp.change.request.log"].sudo().create(
+        self.env["spp.change.request.log"].sudo().create(  # nosemgrep: odoo-sudo-without-context
             {
                 "change_request_id": self.id,
                 "action": action,
@@ -1274,7 +1274,7 @@ def _create_audit_event(self, action, old_state, new_state):
         if not event_type:
             return
 
-        self.env["spp.event.data"].sudo().create(
+        self.env["spp.event.data"].sudo().create(  # nosemgrep: odoo-sudo-without-context
             {
                 "event_type_id": event_type.id,
                 "partner_id": self.registrant_id.id,
