fix(lint): exclude demo modules from semgrep sudo checks

gonzalesedwin1123 · gonzalesedwin1123 · commit cd896b3c7e39 · 2026-03-05T15:32:45.000+08:00
Demo data generators legitimately need sudo() to create records across
models. Exclude spp_case_demo and spp_grm_demo from semgrep scanning
(matching existing spp_4ps_demo exclusion) instead of inline nosemgrep
annotations.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -304,4 +304,4 @@ repos:
         # Only scan OpenSPP spp_* modules (not scripts, endpoint handlers, etc.)
         files: ^spp_
         # Exclude test files, migrations, and demo-only modules
-        exclude: ^(tests/|scripts/tests/|.*/tests/.*|.*/migrations/.*|spp_4ps_demo/)
+        exclude: ^(tests/|scripts/tests/|.*/tests/.*|.*/migrations/.*|spp_4ps_demo/|spp_case_demo/|spp_grm_demo/)
diff --git a/spp_case_demo/models/generate_cases.py b/spp_case_demo/models/generate_cases.py
@@ -190,8 +190,7 @@ def _create_case_from_story(self, story, fake, beneficiaries):
             "case_worker_id": self.env.user.id,
         }
 
-        case = self.env["spp.case"].sudo().create(vals)  # nosemgrep: semgrep.odoo-sudo-without-context
-
+        case = self.env["spp.case"].sudo().create(vals)
         # Backdate creation
         self.env.cr.execute(
             "UPDATE spp_case SET create_date = %s WHERE id = %s",
@@ -219,8 +218,7 @@ def _process_case_journey(self, case, journey, fake):
             action_date = fields.Date.today() - timedelta(days=days_back)
 
             if action == "create_plan":
-                current_plan = Plan.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                    {
+                current_plan = Plan.sudo().create(                    {
                         "case_id": case.id,
                         "name": step.get("plan_name", f"Plan for {case.partner_id.name}"),
                         "is_current": True,
@@ -231,8 +229,7 @@ def _process_case_journey(self, case, journey, fake):
                 )
 
             elif action == "add_intervention" and current_plan:
-                Intervention.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                    {
+                Intervention.sudo().create(                    {
                         "plan_id": current_plan.id,
                         "name": step.get("intervention", "Intervention"),
                         "description": fake.sentence(),
@@ -250,12 +247,10 @@ def _process_case_journey(self, case, journey, fake):
                     limit=1,
                 )
                 if intervention:
-                    intervention.sudo().write({"state": "completed"})  # nosemgrep: semgrep.odoo-sudo-without-context
-
+                    intervention.sudo().write({"state": "completed"})
             elif action in ("home_visit", "office_visit", "final_visit"):
                 visit_type = "home" if action != "office_visit" else "office"
-                Visit.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                    {
+                Visit.sudo().create(                    {
                         "case_id": case.id,
                         "visit_type": visit_type,
                         "purpose": step.get("purpose", "Check-in visit"),
@@ -265,8 +260,7 @@ def _process_case_journey(self, case, journey, fake):
                 )
 
             elif action == "progress_note":
-                Note.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                    {
+                Note.sudo().create(                    {
                         "case_id": case.id,
                         "note_type": "progress",
                         "content": step.get("note", fake.paragraph()),
@@ -275,8 +269,7 @@ def _process_case_journey(self, case, journey, fake):
                 )
 
             elif action in ("assessment", "emergency_assessment", "safety_assessment"):
-                Note.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                    {
+                Note.sudo().create(                    {
                         "case_id": case.id,
                         "note_type": "assessment",
                         "content": step.get(
@@ -289,8 +282,7 @@ def _process_case_journey(self, case, journey, fake):
             elif action == "add_referral":
                 service = self._get_or_create_service(step.get("service", "External Service"))
                 if service:
-                    Referral.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                        {
+                    Referral.sudo().create(                        {
                             "case_id": case.id,
                             "service_id": service.id,
                             "referral_reason": step.get("reason", "Service needed"),
@@ -307,15 +299,13 @@ def _process_case_journey(self, case, journey, fake):
                     limit=1,
                 )
                 if closure_stage:
-                    case.sudo().write(  # nosemgrep: semgrep.odoo-sudo-without-context
-                        {
+                    case.sudo().write(                        {
                             "stage_id": closure_stage.id,
                             "actual_closure_date": action_date,
                         }
                     )
                 if current_plan:
-                    current_plan.sudo().write({"state": "completed"})  # nosemgrep: semgrep.odoo-sudo-without-context
-
+                    current_plan.sudo().write({"state": "completed"})
     def _create_random_case(self, fake, beneficiaries):
         """Create a random case with realistic data."""
         # Random date within range
@@ -352,8 +342,7 @@ def _create_random_case(self, fake, beneficiaries):
             "case_worker_id": self.env.user.id,
         }
 
-        case = self.env["spp.case"].sudo().create(vals)  # nosemgrep: semgrep.odoo-sudo-without-context
-
+        case = self.env["spp.case"].sudo().create(vals)
         # Backdate creation
         self.env.cr.execute(
             "UPDATE spp_case SET create_date = %s WHERE id = %s",
@@ -381,8 +370,7 @@ def _add_random_plan(self, case, fake, intake_date):
         Plan = self.env["spp.case.intervention.plan"]
         Intervention = self.env["spp.case.intervention"]
 
-        plan = Plan.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-            {
+        plan = Plan.sudo().create(            {
                 "case_id": case.id,
                 "name": f"Support Plan - {case.partner_id.name or 'Client'}",
                 "is_current": True,
@@ -403,8 +391,7 @@ def _add_random_plan(self, case, fake, intake_date):
         ]
 
         for _i in range(random.randint(2, 4)):
-            Intervention.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                {
+            Intervention.sudo().create(                {
                     "plan_id": plan.id,
                     "name": random.choice(intervention_names),
                     "description": fake.sentence(),
@@ -419,8 +406,7 @@ def _add_random_visits(self, case, fake, intake_date):
 
         for _i in range(random.randint(1, 3)):
             visit_date = intake_date + timedelta(days=random.randint(5, 60))
-            Visit.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                {
+            Visit.sudo().create(                {
                     "case_id": case.id,
                     "visit_type": random.choice(["home", "office", "phone", "virtual"]),
                     "purpose": fake.sentence(nb_words=5),
@@ -435,8 +421,7 @@ def _add_random_notes(self, case, fake, intake_date):
 
         for _i in range(random.randint(1, 4)):
             note_date = intake_date + timedelta(days=random.randint(1, 60))
-            Note.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                {
+            Note.sudo().create(                {
                     "case_id": case.id,
                     "note_type": random.choice(["progress", "assessment", "general", "supervision"]),
                     "content": fake.paragraph(nb_sentences=random.randint(2, 5)),
@@ -455,8 +440,7 @@ def _close_random_case(self, case, fake, intake_date):
 
         if closure_stage:
             closure_date = intake_date + timedelta(days=random.randint(30, 90))
-            case.sudo().write(  # nosemgrep: semgrep.odoo-sudo-without-context
-                {
+            case.sudo().write(                {
                     "stage_id": closure_stage.id,
                     "actual_closure_date": closure_date,
                 }
@@ -488,8 +472,7 @@ def _get_or_create_case_type(self, type_name):
         CaseType = self.env["spp.case.type"]
         case_type = CaseType.search([("name", "=", type_name)], limit=1)
         if not case_type:
-            case_type = CaseType.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                {
+            case_type = CaseType.sudo().create(                {
                     "name": type_name,
                     "code": type_name.upper().replace(" ", "_")[:10],
                 }
@@ -545,8 +528,7 @@ def _get_or_create_service(self, service_name):
         Service = self.env["spp.service"]
         service = Service.search([("name", "=", service_name)], limit=1)
         if not service:
-            service = Service.sudo().create(  # nosemgrep: semgrep.odoo-sudo-without-context
-                {
+            service = Service.sudo().create(                {
                     "name": service_name,
                     "service_type": "external",
                 }
