Odoo-Modules

admin/Odoo-Modules

Fork 0

Commit Graph

Author	SHA1	Message	Date
gsinghpal	61a0cb244f	feat(fusion_login_audit): admin-only record rule + security tests Record rule grants admins an unrestricted domain on the audit log; ACL forbids write/create/unlink for every group (audit is append-only; sudo() inside auth hooks is the only write path). Defence-in-depth layering: ACL is the actual gate, the rule documents and locks down admin access path. Tests (5, all green) cover: test_admin_can_read_through_acl_and_rule — positive path through both. test_acl_blocks_read_for_regular_user — base.group_user denied by ACL. test_acl_blocks_read_for_portal_user — base.group_portal share user denied (sensitive data leakage surface closed at ACL layer). test_acl_blocks_write_for_admin — append-only at the write boundary. test_acl_blocks_unlink_for_admin — append-only at the unlink boundary. Drop the redundant `from . import tests` from the root __init__.py — Odoo's test loader imports `odoo.addons.<mod>.tests` directly; the extra import was dead weight (and inconsistent with the repo pattern). CLAUDE.md gotchas added during this task: #6 res.users.groups_id -> group_ids rename (test setUp pitfall). #6 ir.rule `groups` is additive, not restrictive — group-scoped rules only apply to users in that group, they do not restrict non-members. Default to letting the ACL gate; use rules for row-level filters ACLs cannot express. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 09:03:58 -04:00
gsinghpal	aeea670064	feat(fusion_login_audit): add fusion.login.audit model - All 16 columns per spec (user, attempted_login, result, failure_reason, event_time, ip/geo fields, user_agent triple, device_type, database). - Check constraint binds failure_reason presence to result value. - Three composite indexes (user+time, login+time, geo_state+time) supporting the per-user, failure-burst, and geo cron queries. - Minimal admin-read ACL added so subsequent tests can verify writes. - 3 TransactionCase tests passing: model create, failure_reason nullable on success, geo_lookup_state='internal' accepted. Odoo 19 deprecation note: this implementation uses the declarative models.Constraint and models.Index attributes (Odoo 19 silently drops the legacy `_sql_constraints = [...]` list and `init()`/raw-SQL pattern with only a warning). Captured in CLAUDE.md rule #9. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-27 09:03:58 -04:00

Author

SHA1

Message

Date

gsinghpal

61a0cb244f

feat(fusion_login_audit): admin-only record rule + security tests

Record rule grants admins an unrestricted domain on the audit log;
ACL forbids write/create/unlink for every group (audit is append-only;
sudo() inside auth hooks is the only write path). Defence-in-depth
layering: ACL is the actual gate, the rule documents and locks down
admin access path.

Tests (5, all green) cover:
  test_admin_can_read_through_acl_and_rule — positive path through both.
  test_acl_blocks_read_for_regular_user    — base.group_user denied by ACL.
  test_acl_blocks_read_for_portal_user     — base.group_portal share user
                                             denied (sensitive data leakage
                                             surface closed at ACL layer).
  test_acl_blocks_write_for_admin          — append-only at the write boundary.
  test_acl_blocks_unlink_for_admin         — append-only at the unlink boundary.

Drop the redundant `from . import tests` from the root __init__.py —
Odoo's test loader imports `odoo.addons.<mod>.tests` directly; the
extra import was dead weight (and inconsistent with the repo pattern).

CLAUDE.md gotchas added during this task:
  #6 res.users.groups_id -> group_ids rename (test setUp pitfall).
  #6 ir.rule `groups` is additive, not restrictive — group-scoped
     rules only apply to users in that group, they do not restrict
     non-members. Default to letting the ACL gate; use rules for
     row-level filters ACLs cannot express.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-27 09:03:58 -04:00

gsinghpal

aeea670064

feat(fusion_login_audit): add fusion.login.audit model

- All 16 columns per spec (user, attempted_login, result, failure_reason,
  event_time, ip/geo fields, user_agent triple, device_type, database).
- Check constraint binds failure_reason presence to result value.
- Three composite indexes (user+time, login+time, geo_state+time) supporting
  the per-user, failure-burst, and geo cron queries.
- Minimal admin-read ACL added so subsequent tests can verify writes.
- 3 TransactionCase tests passing: model create, failure_reason nullable on
  success, geo_lookup_state='internal' accepted.

Odoo 19 deprecation note: this implementation uses the declarative
models.Constraint and models.Index attributes (Odoo 19 silently drops the
legacy `_sql_constraints = [...]` list and `init()`/raw-SQL pattern with
only a warning). Captured in CLAUDE.md rule #9.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-27 09:03:58 -04:00

2 Commits