|
|
# -*- coding: utf-8 -*-# © 2015 ABF OSIELL <http://osiell.com># License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
import loggingfrom psycopg2 import ProgrammingErrorfrom openerp import models, fields, api, modules, _, SUPERUSER_ID, sql_dbfrom openerp.exceptions import ValidationError
FIELDS_BLACKLIST = [ 'id', 'create_uid', 'create_date', 'write_uid', 'write_date', 'display_name', '__last_update',]# Used for performance, to avoid a dictionary instanciation when we need an# empty dict to simplify algorithmsEMPTY_DICT = {}
class DictDiffer(object): """Calculate the difference between two dictionaries as:
(1) items added (2) items removed (3) keys same in both but changed values (4) keys same in both and unchanged values """
def __init__(self, current_dict, past_dict): self.current_dict, self.past_dict = current_dict, past_dict self.set_current = set(current_dict) self.set_past = set(past_dict) self.intersect = self.set_current.intersection(self.set_past)
def added(self): return self.set_current - self.intersect
def removed(self): return self.set_past - self.intersect
def changed(self): return set(o for o in self.intersect if self.past_dict[o] != self.current_dict[o])
def unchanged(self): return set(o for o in self.intersect if self.past_dict[o] == self.current_dict[o])
class AuditlogRule(models.Model): _name = 'auditlog.rule' _description = "Auditlog - Rule"
name = fields.Char(u"Name", size=32, required=True) model_id = fields.Many2one( 'ir.model', u"Model", required=True, help=u"Select model for which you want to generate log.") user_ids = fields.Many2many( 'res.users', 'audittail_rules_users', 'user_id', 'rule_id', string=u"Users", help=u"if User is not added then it will applicable for all users") log_read = fields.Boolean( u"Log Reads", help=(u"Select this if you want to keep track of read/open on any " u"record of the model of this rule")) log_write = fields.Boolean( u"Log Writes", default=True, help=(u"Select this if you want to keep track of modification on any " u"record of the model of this rule")) log_unlink = fields.Boolean( u"Log Deletes", default=True, help=(u"Select this if you want to keep track of deletion on any " u"record of the model of this rule")) log_create = fields.Boolean( u"Log Creates", default=True, help=(u"Select this if you want to keep track of creation on any " u"record of the model of this rule")) log_custom_method = fields.Boolean( u"Log Methods", help=(u"Select this if you want to keep track of custom methods on " u"any record of the model of this rule")) custom_method_ids = fields.One2many('auditlog.methods', 'rule_id') log_type = fields.Selection( [('full', u"Full log"), ('fast', u"Fast log"), ], string=u"Type", required=True, default='full', help=(u"Full log: make a diff between the data before and after " u"the operation (log more info like computed fields which were " u"updated, but it is slower)\n" u"Fast log: only log the changes made through the create and " u"write operations (less information, but it is faster)")) # log_action = fields.Boolean( # "Log Action", # help=("Select this if you want to keep track of actions on the " # "model of this rule")) # log_workflow = fields.Boolean( # "Log Workflow", # help=("Select this if you want to keep track of workflow on any " # "record of the model of this rule")) state = fields.Selection( [('draft', "Draft"), ('subscribed', "Subscribed")], string=u"State", required=True, default='draft') action_id = fields.Many2one( 'ir.actions.act_window', string="Action")
_sql_constraints = [ ('model_uniq', 'unique(model_id)', ("There is already a rule defined on this model\n" "You cannot define another: please edit the existing one.")) ]
def _register_hook(self, cr, ids=None): """Get all rules and apply them to log method calls.""" super(AuditlogRule, self)._register_hook(cr) if not hasattr(self.pool, '_auditlog_field_cache'): self.pool._auditlog_field_cache = {} if not hasattr(self.pool, '_auditlog_model_cache'): self.pool._auditlog_model_cache = {} if ids is None: ids = self.search(cr, SUPERUSER_ID, [('state', '=', 'subscribed')]) return self._patch_methods(cr, SUPERUSER_ID, ids)
@api.multi def _patch_methods(self): """Patch ORM methods of models defined in rules to log their calls.""" updated = False model_cache = self.pool._auditlog_model_cache try: with self.env.cr.savepoint(): self.read() except ProgrammingError: logging.getLogger(__name__).error( "Error reading auditlog rules. Logs will not be created. " "Do you need to upgrade the auditlog module?", exc_info=True) return False for rule in self: if rule.state != 'subscribed': continue if not self.pool.get(rule.model_id.model): # ignore rules for models not loadable currently continue model_cache[rule.model_id.model] = rule.model_id.id model_model = self.env[rule.model_id.model] # CRUD # -> create check_attr = 'auditlog_ruled_create' if getattr(rule, 'log_create') \ and not hasattr(model_model, check_attr): model_model._patch_method('create', rule._make_create()) setattr(model_model, check_attr, True) updated = True # -> read check_attr = 'auditlog_ruled_read' if getattr(rule, 'log_read') \ and not hasattr(model_model, check_attr): model_model._patch_method('read', rule._make_read()) setattr(model_model, check_attr, True) updated = True # -> write check_attr = 'auditlog_ruled_write' if getattr(rule, 'log_write') \ and not hasattr(model_model, check_attr): model_model._patch_method('write', rule._make_write()) setattr(model_model, check_attr, True) updated = True # -> unlink check_attr = 'auditlog_ruled_unlink' if getattr(rule, 'log_unlink') \ and not hasattr(model_model, check_attr): model_model._patch_method('unlink', rule._make_unlink()) setattr(model_model, check_attr, True) updated = True # Check if custom methods are enabled and patch the different # rule methods if getattr(rule, 'log_custom_method'): for custom_method in rule.custom_method_ids: check_attr = 'auditlog_ruled_%s' % custom_method.name
if not hasattr(model_model, custom_method.name): raise ValidationError( _('Method %s does not exist for model %s.' % ( custom_method.name, model_model )))
if not hasattr(model_model, check_attr): model_model._patch_method( custom_method.name, rule._make_custom( custom_method.message, custom_method.use_active_ids, custom_method.context_field_number) ) setattr(model_model, check_attr, True) updated = True return updated
@api.multi def _revert_methods(self): """Restore original ORM methods of models defined in rules.""" updated = False for rule in self: model_model = self.env[rule.model_id.model] for method in ['create', 'read', 'write', 'unlink']: if getattr(rule, 'log_%s' % method) and hasattr( getattr(model_model, method), 'origin'): model_model._revert_method(method) updated = True if hasattr(rule, 'log_custom_method'): for custom_method in rule.custom_method_ids: method = custom_method.name if hasattr(getattr(model_model, method), 'origin'): model_model._revert_method(method) updated = True if updated: modules.registry.RegistryManager.signal_registry_change( self.env.cr.dbname)
# Unable to find a way to declare the `create` method with the new API, # errors occurs with the `_register_hook()` BaseModel method. def create(self, cr, uid, vals, context=None): """Update the registry when a new rule is created.""" res_id = super(AuditlogRule, self).create( cr, uid, vals, context=context) if self._register_hook(cr, [res_id]): modules.registry.RegistryManager.signal_registry_change(cr.dbname) return res_id
# Unable to find a way to declare the `write` method with the new API, # errors occurs with the `_register_hook()` BaseModel method. def write(self, cr, uid, ids, vals, context=None): """Update the registry when existing rules are updated.""" if isinstance(ids, (int, long)): ids = [ids] super(AuditlogRule, self).write(cr, uid, ids, vals, context=context) if self._register_hook(cr, ids): modules.registry.RegistryManager.signal_registry_change(cr.dbname) return True
@api.multi def unlink(self): """Unsubscribe rules before removing them.""" self.unsubscribe() return super(AuditlogRule, self).unlink()
@api.multi def _make_create(self): """Instanciate a create method that log its calls.""" self.ensure_one() log_type = self.log_type
@api.model @api.returns('self', lambda value: value.id) def create_full(self, vals, **kwargs): self = self.with_context(auditlog_disabled=True) rule_model = self.env['auditlog.rule'] new_record = create_full.origin(self, vals, **kwargs) new_values = dict( (d['id'], d) for d in new_record.sudo() .with_context(prefetch_fields=False).read(list(self._fields))) rule_model.sudo().create_logs( self.env.uid, self._name, new_record.ids, 'create', None, new_values, {'log_type': log_type}) return new_record
@api.model @api.returns('self', lambda value: value.id) def create_fast(self, vals, **kwargs): self = self.with_context(auditlog_disabled=True) rule_model = self.env['auditlog.rule'] vals2 = dict(vals) new_record = create_fast.origin(self, vals, **kwargs) new_values = {new_record.id: vals2} rule_model.sudo().create_logs( self.env.uid, self._name, new_record.ids, 'create', None, new_values, {'log_type': log_type}) return new_record
return create_full if self.log_type == 'full' else create_fast
@api.multi def _make_read(self): """Instanciate a read method that log its calls.""" self.ensure_one() log_type = self.log_type
def read(self, *args, **kwargs): result = read.origin(self, *args, **kwargs) # Sometimes the result is not a list but a dictionary # Also, we can not modify the current result as it will break calls result2 = result if not isinstance(result2, list): result2 = [result] read_values = dict((d['id'], d) for d in result2) # Old API if args and isinstance(args[0], sql_db.Cursor): cr, uid, ids = args[0], args[1], args[2] if isinstance(ids, (int, long)): ids = [ids] # If the call came from auditlog itself, skip logging: # avoid logs on `read` produced by auditlog during internal # processing: read data of relevant records, 'ir.model', # 'ir.model.fields'... (no interest in logging such operations) if kwargs.get('context', {}).get('auditlog_disabled'): return result env = api.Environment(cr, uid, {'auditlog_disabled': True}) rule_model = env['auditlog.rule'] rule_model.sudo().create_logs( env.uid, self._name, ids, 'read', read_values, None, {'log_type': log_type}) # New API else: # If the call came from auditlog itself, skip logging: # avoid logs on `read` produced by auditlog during internal # processing: read data of relevant records, 'ir.model', # 'ir.model.fields'... (no interest in logging such operations) if self.env.context.get('auditlog_disabled'): return result self = self.with_context(auditlog_disabled=True) rule_model = self.env['auditlog.rule'] rule_model.sudo().create_logs( self.env.uid, self._name, self.ids, 'read', read_values, None, {'log_type': log_type}) return result return read
@api.multi def _make_write(self): """Instanciate a write method that log its calls.""" self.ensure_one() log_type = self.log_type
@api.multi def write_full(self, vals, **kwargs): self = self.with_context(auditlog_disabled=True) rule_model = self.env['auditlog.rule'] old_values = dict( (d['id'], d) for d in self.sudo() .with_context(prefetch_fields=False).read(list(self._fields))) result = write_full.origin(self, vals, **kwargs) new_values = dict( (d['id'], d) for d in self.sudo() .with_context(prefetch_fields=False).read(list(self._fields))) rule_model.sudo().create_logs( self.env.uid, self._name, self.ids, 'write', old_values, new_values, {'log_type': log_type}) return result
@api.multi def write_fast(self, vals, **kwargs): self = self.with_context(auditlog_disabled=True) rule_model = self.env['auditlog.rule'] # Log the user input only, no matter if the `vals` is updated # afterwards as it could not represent the real state # of the data in the database vals2 = dict(vals) old_vals2 = dict.fromkeys(vals2.keys(), False) old_values = dict((id_, old_vals2) for id_ in self.ids) new_values = dict((id_, vals2) for id_ in self.ids) result = write_fast.origin(self, vals, **kwargs) rule_model.sudo().create_logs( self.env.uid, self._name, self.ids, 'write', old_values, new_values, {'log_type': log_type}) return result
return write_full if self.log_type == 'full' else write_fast
@api.multi def _make_unlink(self): """Instanciate an unlink method that log its calls.""" self.ensure_one() log_type = self.log_type
@api.multi def unlink_full(self, **kwargs): self = self.with_context(auditlog_disabled=True) rule_model = self.env['auditlog.rule'] old_values = dict( (d['id'], d) for d in self.sudo() .with_context(prefetch_fields=False).read(list(self._fields))) rule_model.sudo().create_logs( self.env.uid, self._name, self.ids, 'unlink', old_values, None, {'log_type': log_type}) return unlink_full.origin(self, **kwargs)
@api.multi def unlink_fast(self, **kwargs): self = self.with_context(auditlog_disabled=True) rule_model = self.env['auditlog.rule'] rule_model.sudo().create_logs( self.env.uid, self._name, self.ids, 'unlink', None, None, {'log_type': log_type}) return unlink_fast.origin(self, **kwargs)
return unlink_full if self.log_type == 'full' else unlink_fast
@api.multi def _make_custom(self, message, use_active_ids, context_field_number): """Instanciate a read method that log its calls.""" self.ensure_one() log_type = self.log_type
def custom(self, *args, **kwargs): result = custom.origin(self, *args, **kwargs)
result2 = result if not isinstance(result2, list): result2 = [result] # Old API if args and isinstance(args[0], sql_db.Cursor): cr, uid, ids = args[0], args[1], args[2] if isinstance(ids, (int, long)): ids = [ids]
context = kwargs.get('context', {})
# Set specific context if it is defined by our rule if not context and context_field_number: if context_field_number - 1 < len(args): context = args[context_field_number - 1]
if context.get('auditlog_disabled'): return result
env = api.Environment(cr, uid, {'auditlog_disabled': True}) rule_model = env['auditlog.rule']
# Overwrite the ids and object_model if it is required # by the auditlog rule object_model = self._name if use_active_ids: if context.get('active_model'): if context.get('active_ids'): object_model = context.get( 'active_model', object_model) ids = context.get('active_ids', ids)
rule_model.sudo().create_logs( env.uid, object_model, ids, message, None, None, {'log_type': log_type}) # New API else: if self.env.context.get('auditlog_disabled'): return result self = self.with_context(auditlog_disabled=True)
context = self.env.context
# Overwrite the ids and object_model if it is required # by the auditlog rule ids = self.ids object_model = self._name if use_active_ids: if context.get('active_model'): if context.get('active_ids'): object_model = context.get( 'active_model', object_model) ids = context.get('active_ids', ids)
rule_model = self.env['auditlog.rule'] rule_model.sudo().create_logs( self.env.uid, object_model, ids, message, None, None, {'log_type': log_type}) return result
return custom
def create_logs(self, uid, res_model, res_ids, method, old_values=None, new_values=None, additional_log_values=None): """Create logs. `old_values` and `new_values` are dictionnaries, e.g:
{RES_ID: {'FIELD': VALUE, ...}} """
if old_values is None: old_values = EMPTY_DICT if new_values is None: new_values = EMPTY_DICT log_model = self.env['auditlog.log'] http_request_model = self.env['auditlog.http.request'] http_session_model = self.env['auditlog.http.session'] for res_id in res_ids: model_model = self.env[res_model] # Do an extra check for active_model situations where res_model # is not preloaded in auditlog model_cache if not self.pool._auditlog_model_cache.get(res_model): self.pool._auditlog_model_cache[res_model] = \ self.env['ir.model'].search([ ('model', '=', res_model)]).id name = model_model.browse(res_id).name_get() res_name = name and name[0] and name[0][1] vals = { 'name': res_name, 'model_id': self.pool._auditlog_model_cache[res_model], 'res_id': res_id, 'method': method, 'user_id': uid, 'http_request_id': http_request_model.current_http_request(), 'http_session_id': http_session_model.current_http_session(), } vals.update(additional_log_values or {}) log = log_model.create(vals) diff = DictDiffer( new_values.get(res_id, EMPTY_DICT), old_values.get(res_id, EMPTY_DICT)) if method is 'create': self._create_log_line_on_create(log, diff.added(), new_values) elif method is 'read': self._create_log_line_on_read( log, old_values.get(res_id, EMPTY_DICT).keys(), old_values) elif method is 'write': self._create_log_line_on_write( log, diff.changed(), old_values, new_values)
def _get_field(self, model, field_name): cache = self.pool._auditlog_field_cache if field_name not in cache.get(model.model, {}): cache.setdefault(model.model, {}) # - we use 'search()' then 'read()' instead of the 'search_read()' # to take advantage of the 'classic_write' loading # - search the field in the current model and those it inherits field_model = self.env['ir.model.fields'] all_model_ids = [model.id] all_model_ids.extend(model.inherited_model_ids.ids) field = field_model.search( [('model_id', 'in', all_model_ids), ('name', '=', field_name)]) # The field can be a dummy one, like 'in_group_X' on 'res.users' # As such we can't log it (field_id is required to create a log) if not field: cache[model.model][field_name] = False else: field_data = field.read(load='_classic_write')[0] cache[model.model][field_name] = field_data return cache[model.model][field_name]
def _create_log_line_on_read( self, log, fields_list, read_values): """Log field filled on a 'read' operation.""" log_line_model = self.env['auditlog.log.line'] for field_name in fields_list: if field_name in FIELDS_BLACKLIST: continue field = self._get_field(log.model_id, field_name) # not all fields have an ir.models.field entry (ie. related fields) if field: log_vals = self._prepare_log_line_vals_on_read( log, field, read_values) log_line_model.create(log_vals)
def _prepare_log_line_vals_on_read(self, log, field, read_values): """Prepare the dictionary of values used to create a log line on a
'read' operation. """
vals = { 'field_id': field['id'], 'log_id': log.id, 'old_value': read_values[log.res_id][field['name']], 'old_value_text': read_values[log.res_id][field['name']], 'new_value': False, 'new_value_text': False, } if field['relation'] and '2many' in field['ttype']: old_value_text = self.env[field['relation']].browse( vals['old_value']).name_get() vals['old_value_text'] = old_value_text return vals
def _create_log_line_on_write( self, log, fields_list, old_values, new_values): """Log field updated on a 'write' operation.""" log_line_model = self.env['auditlog.log.line'] for field_name in fields_list: if field_name in FIELDS_BLACKLIST: continue field = self._get_field(log.model_id, field_name) # not all fields have an ir.models.field entry (ie. related fields) if field: log_vals = self._prepare_log_line_vals_on_write( log, field, old_values, new_values) log_line_model.create(log_vals)
def _prepare_log_line_vals_on_write( self, log, field, old_values, new_values): """Prepare the dictionary of values used to create a log line on a
'write' operation. """
vals = { 'field_id': field['id'], 'log_id': log.id, 'old_value': old_values[log.res_id][field['name']], 'old_value_text': old_values[log.res_id][field['name']], 'new_value': new_values[log.res_id][field['name']], 'new_value_text': new_values[log.res_id][field['name']], } # for *2many fields, log the name_get if log.log_type == 'full' and field['relation'] \ and '2many' in field['ttype']: # Filter IDs to prevent a 'name_get()' call on deleted resources existing_ids = self.env[field['relation']]._search( [('id', 'in', vals['old_value'])]) old_value_text = [] if existing_ids: existing_values = self.env[field['relation']].browse( existing_ids).name_get() old_value_text.extend(existing_values) # Deleted resources will have a 'DELETED' text representation deleted_ids = set(vals['old_value']) - set(existing_ids) for deleted_id in deleted_ids: old_value_text.append((deleted_id, 'DELETED')) vals['old_value_text'] = old_value_text new_value_text = self.env[field['relation']].browse( vals['new_value']).name_get() vals['new_value_text'] = new_value_text return vals
def _create_log_line_on_create( self, log, fields_list, new_values): """Log field filled on a 'create' operation.""" log_line_model = self.env['auditlog.log.line'] for field_name in fields_list: if field_name in FIELDS_BLACKLIST: continue field = self._get_field(log.model_id, field_name) # not all fields have an ir.models.field entry (ie. related fields) if field: log_vals = self._prepare_log_line_vals_on_create( log, field, new_values) log_line_model.create(log_vals)
def _prepare_log_line_vals_on_create(self, log, field, new_values): """Prepare the dictionary of values used to create a log line on a
'create' operation. """
vals = { 'field_id': field['id'], 'log_id': log.id, 'old_value': False, 'old_value_text': False, 'new_value': new_values[log.res_id][field['name']], 'new_value_text': new_values[log.res_id][field['name']], } if log.log_type == 'full' and field['relation'] \ and '2many' in field['ttype']: new_value_text = self.env[field['relation']].browse( vals['new_value']).name_get() vals['new_value_text'] = new_value_text return vals
@api.multi def subscribe(self): """Subscribe Rule for auditing changes on model and apply shortcut
to view logs on that model. """
act_window_model = self.env['ir.actions.act_window'] model_data_model = self.env['ir.model.data'] for rule in self: # Create a shortcut to view logs domain = "[('model_id', '=', %s), ('res_id', '=', active_id)]" % ( rule.model_id.id) vals = { 'name': _(u"View logs"), 'res_model': 'auditlog.log', 'src_model': rule.model_id.model, 'domain': domain, } act_window = act_window_model.sudo().create(vals) rule.write({'state': 'subscribed', 'action_id': act_window.id}) keyword = 'client_action_relate' value = 'ir.actions.act_window,%s' % act_window.id model_data_model.sudo().ir_set( 'action', keyword, 'View_log_' + rule.model_id.model, [rule.model_id.model], value, replace=True, isobject=True, xml_id=False) return True
@api.multi def unsubscribe(self): """Unsubscribe Auditing Rule on model.""" act_window_model = self.env['ir.actions.act_window'] ir_values_model = self.env['ir.values'] # Revert patched methods self._revert_methods() for rule in self: # Remove the shortcut to view logs act_window = act_window_model.search( [('name', '=', 'View Log'), ('res_model', '=', 'auditlog.log'), ('src_model', '=', rule.model_id.model)]) if act_window: value = 'ir.actions.act_window,%s' % act_window.id act_window.unlink() ir_value = ir_values_model.search( [('model', '=', rule.model_id.model), ('value', '=', value)]) if ir_value: ir_value.unlink() self.write({'state': 'draft'}) return True
|
