|
| 1 | +from unittest.mock import patch |
| 2 | + |
| 3 | +from odoo import Command |
| 4 | +from odoo.tests.common import TransactionCase |
| 5 | + |
| 6 | + |
| 7 | +class AuditDisableCommon(TransactionCase): |
| 8 | + """Shared fixture: a res.partner audit rule with all methods logged.""" |
| 9 | + |
| 10 | + @classmethod |
| 11 | + def setUpClass(cls): |
| 12 | + super().setUpClass() |
| 13 | + cls.partner_model = cls.env["ir.model"].search([("model", "=", "res.partner")], limit=1) |
| 14 | + cls.audit_rule = cls.env["spp.audit.rule"].search([("model_id", "=", cls.partner_model.id)], limit=1) |
| 15 | + if not cls.audit_rule: |
| 16 | + cls.audit_rule = cls.env["spp.audit.rule"].create( |
| 17 | + { |
| 18 | + "name": "Audit Disable Test Rule", |
| 19 | + "model_id": cls.partner_model.id, |
| 20 | + "is_log_create": True, |
| 21 | + "is_log_write": True, |
| 22 | + "is_log_unlink": True, |
| 23 | + } |
| 24 | + ) |
| 25 | + else: |
| 26 | + cls.audit_rule.write({"is_log_create": True, "is_log_write": True, "is_log_unlink": True}) |
| 27 | + |
| 28 | + def _logs(self, records, method): |
| 29 | + return self.env["spp.audit.log"].search( |
| 30 | + [ |
| 31 | + ("model_id", "=", self.partner_model.id), |
| 32 | + ("method", "=", method), |
| 33 | + ("res_id", "in", records.ids), |
| 34 | + ] |
| 35 | + ) |
| 36 | + |
| 37 | + def _classic_write_read_spy(self): |
| 38 | + """Context manager patching res.partner.read to record full-record |
| 39 | + (load="_classic_write") reads — the decorator's snapshot reads.""" |
| 40 | + partner_cls = type(self.env["res.partner"]) |
| 41 | + real_read = partner_cls.read |
| 42 | + reads = [] |
| 43 | + |
| 44 | + def spy(records, fields=None, load="lazy"): |
| 45 | + if load == "_classic_write": |
| 46 | + reads.append(records.ids) |
| 47 | + return real_read(records, fields, load=load) |
| 48 | + |
| 49 | + return patch.object(partner_cls, "read", spy), reads |
| 50 | + |
| 51 | + |
| 52 | +class TestAuditDisableContext(AuditDisableCommon): |
| 53 | + """audit_disable context: machine flows (e.g. cross-instance replication |
| 54 | + of records already audited at their source) must be able to bypass audit |
| 55 | + logging AND its full-record snapshot reads entirely.""" |
| 56 | + |
| 57 | + def test_create_bypassed(self): |
| 58 | + patcher, reads = self._classic_write_read_spy() |
| 59 | + with patcher: |
| 60 | + partner = self.env["res.partner"].with_context(audit_disable=True).create({"name": "Disable Create"}) |
| 61 | + self.assertTrue(partner.exists()) |
| 62 | + self.assertFalse(self._logs(partner, "create")) |
| 63 | + self.assertFalse(reads, "audit_disable must skip the full-record snapshot read on create") |
| 64 | + |
| 65 | + def test_write_bypassed(self): |
| 66 | + partner = self.env["res.partner"].create({"name": "Disable Write"}) |
| 67 | + patcher, reads = self._classic_write_read_spy() |
| 68 | + with patcher: |
| 69 | + partner.with_context(audit_disable=True).write({"name": "Disable Write Changed"}) |
| 70 | + self.assertEqual(partner.name, "Disable Write Changed") |
| 71 | + self.assertFalse(self._logs(partner, "write")) |
| 72 | + self.assertFalse(reads, "audit_disable must skip the full-record snapshot reads on write") |
| 73 | + |
| 74 | + def test_unlink_bypassed(self): |
| 75 | + partner = self.env["res.partner"].create({"name": "Disable Unlink"}) |
| 76 | + partner_id = partner.id |
| 77 | + patcher, reads = self._classic_write_read_spy() |
| 78 | + with patcher: |
| 79 | + partner.with_context(audit_disable=True).unlink() |
| 80 | + self.assertFalse(partner.exists()) |
| 81 | + self.assertFalse( |
| 82 | + self._logs(self.env["res.partner"].browse(partner_id), "unlink"), |
| 83 | + "audit_disable must skip the unlink log", |
| 84 | + ) |
| 85 | + self.assertFalse(reads, "audit_disable must skip the full-record snapshot read on unlink") |
| 86 | + |
| 87 | + def test_without_flag_still_audited(self): |
| 88 | + # Control: the same operations without the flag keep their audit trail. |
| 89 | + partner = self.env["res.partner"].create({"name": "Still Audited"}) |
| 90 | + partner.write({"name": "Still Audited Changed"}) |
| 91 | + self.assertTrue(self._logs(partner, "create")) |
| 92 | + self.assertTrue(self._logs(partner, "write")) |
| 93 | + |
| 94 | + |
| 95 | +class TestNoMatchingRuleNoRead(AuditDisableCommon): |
| 96 | + """With no rule matching the method, the decorator must not pay the |
| 97 | + full-record snapshot read — previously audit_create read unconditionally |
| 98 | + and audit_write did its post-write read even with zero matching rules.""" |
| 99 | + |
| 100 | + def test_create_without_create_rule(self): |
| 101 | + self.audit_rule.write({"is_log_create": False}) |
| 102 | + patcher, reads = self._classic_write_read_spy() |
| 103 | + with patcher: |
| 104 | + partner = self.env["res.partner"].create({"name": "No Create Rule"}) |
| 105 | + self.assertTrue(partner.exists()) |
| 106 | + self.assertFalse(self._logs(partner, "create")) |
| 107 | + self.assertFalse(reads, "no create rule -> no full-record snapshot read") |
| 108 | + |
| 109 | + def test_write_without_write_rule(self): |
| 110 | + partner = self.env["res.partner"].create({"name": "No Write Rule"}) |
| 111 | + self.audit_rule.write({"is_log_write": False}) |
| 112 | + patcher, reads = self._classic_write_read_spy() |
| 113 | + with patcher: |
| 114 | + partner.write({"name": "No Write Rule Changed"}) |
| 115 | + self.assertEqual(partner.name, "No Write Rule Changed") |
| 116 | + self.assertFalse(self._logs(partner, "write")) |
| 117 | + self.assertFalse(reads, "no write rule -> no full-record snapshot reads") |
| 118 | + |
| 119 | + def test_unlink_without_unlink_rule(self): |
| 120 | + partner = self.env["res.partner"].create({"name": "No Unlink Rule"}) |
| 121 | + partner_id = partner.id |
| 122 | + self.audit_rule.write({"is_log_unlink": False}) |
| 123 | + patcher, reads = self._classic_write_read_spy() |
| 124 | + with patcher: |
| 125 | + partner.unlink() |
| 126 | + self.assertFalse(partner.exists()) |
| 127 | + self.assertFalse( |
| 128 | + self._logs(self.env["res.partner"].browse(partner_id), "unlink"), |
| 129 | + "no unlink rule -> no unlink log", |
| 130 | + ) |
| 131 | + self.assertFalse(reads, "no unlink rule -> no full-record snapshot read") |
| 132 | + |
| 133 | + |
| 134 | +class TestMarkupValuesLogged(AuditDisableCommon): |
| 135 | + """Markup field values (Html fields, e.g. res.partner.comment) must be |
| 136 | + stringified before the audit payload is logged.""" |
| 137 | + |
| 138 | + def test_html_field_value_is_stringified_in_log(self): |
| 139 | + # Make sure the Html field is among the rule's logged fields (a |
| 140 | + # pre-existing rule may restrict field_to_log_ids to a fixed list). |
| 141 | + comment_field = self.env["ir.model.fields"]._get("res.partner", "comment") |
| 142 | + self.audit_rule.write({"field_to_log_ids": [Command.link(comment_field.id)]}) |
| 143 | + partner = self.env["res.partner"].create( |
| 144 | + { |
| 145 | + "name": "Markup Partner", |
| 146 | + "comment": "<p>Audit Markup Body</p>", |
| 147 | + } |
| 148 | + ) |
| 149 | + logs = self._logs(partner, "create") |
| 150 | + self.assertTrue(logs, "create with an Html field must still be logged") |
| 151 | + self.assertIn( |
| 152 | + "Audit Markup Body", |
| 153 | + logs[0].data or "", |
| 154 | + "the Html field's content must appear in the logged data as plain text", |
| 155 | + ) |
0 commit comments