[MIG][16.0] vault: Migration and restructuring for 16.0

OCA · Feb 1, 2024 · 11a2115 · 11a2115
1 parent 7544e82
commit 11a2115
Show file tree

Hide file tree

Showing 60 changed files with 1,874 additions and 1,718 deletions.
diff --git a/setup/vault/odoo/addons/vault b/setup/vault/odoo/addons/vault
@@ -0,0 +1 @@
+../../../../vault
diff --git a/setup/vault/setup.py b/setup/vault/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/setup/vault_share/odoo/addons/vault_share b/setup/vault_share/odoo/addons/vault_share
@@ -0,0 +1 @@
+../../../../vault_share
diff --git a/setup/vault_share/setup.py b/setup/vault_share/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)
diff --git a/vault/README.rst b/vault/README.rst
@@ -7,7 +7,7 @@ Vault
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-   !! source digest: sha256:e0b69ed2cd488c2635fec51457c0cb50c1bbd628cc768e68cd8d1d80c944ce2e
+   !! source digest: sha256:f5ab04a25cc568dea3db60cecb5e549d44da1d67f710b01698316ebfaaa79d28
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
@@ -17,13 +17,13 @@ Vault
     :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
     :alt: License: AGPL-3
 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github
-    :target: https://github.com/OCA/server-auth/tree/15.0/vault
+    :target: https://github.com/OCA/server-auth/tree/16.0/vault
     :alt: OCA/server-auth
 .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
-    :target: https://translation.odoo-community.org/projects/server-auth-15-0/server-auth-15-0-vault
+    :target: https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-vault
     :alt: Translate me on Weblate
 .. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
-    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=15.0
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-auth&target_branch=16.0
     :alt: Try me on Runboat
 
 |badge1| |badge2| |badge3| |badge4| |badge5|
@@ -65,7 +65,7 @@ Bug Tracker
 Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-auth/issues>`_.
 In case of trouble, please check there if your issue has already been reported.
 If you spotted it first, help us to smash it by providing a detailed and welcomed
-`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20vault%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+`feedback <https://github.com/OCA/server-auth/issues/new?body=module:%20vault%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
 
 Do not contact contributors directly about support or help with technical issues.
 
@@ -95,6 +95,6 @@ OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.
 
-This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/15.0/vault>`_ project on GitHub.
+This module is part of the `OCA/server-auth <https://github.com/OCA/server-auth/tree/16.0/vault>`_ project on GitHub.
 
 You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/vault/__manifest__.py b/vault/__manifest__.py
@@ -5,7 +5,7 @@
     "name": "Vault",
     "summary": "Password vault integration in Odoo",
     "license": "AGPL-3",
-    "version": "15.0.2.1.0",
+    "version": "16.0.2.1.0",
     "website": "https://github.com/OCA/server-auth",
     "application": True,
     "author": "initOS GmbH, Odoo Community Association (OCA)",
@@ -38,14 +38,10 @@
         ],
         "web.assets_backend": [
             "vault/static/lib/**/*.min.js",
+            "vault/static/src/**/*.xml",
             "vault/static/src/common/*.js",
             "vault/static/src/backend/*.scss",
-            "vault/static/src/backend/*.js",
-            "vault/static/src/legacy/vault_controller.js",
-            "vault/static/src/legacy/vault_widget.js",
-        ],
-        "web.assets_qweb": [
-            "vault/static/src/**/*.xml",
+            "vault/static/src/backend/**/*.js",
         ],
         "web.tests_assets": [
             "vault/static/tests/**/*.js",

diff --git a/vault/controllers/main.py b/vault/controllers/main.py
@@ -4,6 +4,7 @@
 import logging
 
 from odoo import _, http
+from odoo.exceptions import AccessDenied
 from odoo.http import request
 
 _logger = logging.getLogger(__name__)
@@ -136,6 +137,9 @@ def vault_replace(self, data):
         vault = request.env["vault"].with_context(vault_skip_log=True)
         for changes in data:
             record = vault.env[changes["model"]].browse(changes["id"])
+            if not record.vault_id.allowed_write:
+                raise AccessDenied()
+
             vault |= record.vault_id
             if record._name in ("vault.field", "vault.file"):
                 record.write({k: v for k, v in changes.items() if k in ["iv", "value"]})

diff --git a/vault/models/abstract_vault_field.py b/vault/models/abstract_vault_field.py
@@ -33,29 +33,25 @@ def _compute_master_key(self):
             rec.master_key = rec.vault_id.master_key
 
     def log_change(self, action):
-        self.ensure_one()
         if self.env.context.get("vault_skip_log"):
             return
 
-        self.entry_id.log_info(
-            f"{action} value {self.name} of {self.entry_id.complete_name} "
-            f"by {self.env.user.display_name}"
-        )
-
-    @api.model_create_single
-    def create(self, values):
-        res = super().create(values)
+        for rec in self:
+            rec.entry_id.log_info(
+                f"{action} value {rec.name} of {rec.entry_id.complete_name} "
+                f"by {self.env.user.display_name}"
+            )
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
         res.log_change("Created")
         return res
 
     def unlink(self):
-        for rec in self:
-            rec.log_change("Deleted")
-
+        self.log_change("Deleted")
         return super().unlink()
 
     def write(self, values):
-        for rec in self:
-            rec.log_change("Changed")
-
+        self.log_change("Changed")
         return super().write(values)
diff --git a/vault/models/vault.py b/vault/models/vault.py
@@ -1,4 +1,4 @@
-# © 2021 Florian Kantelberg - initOS GmbH
+# © 2021-2024 Florian Kantelberg - initOS GmbH
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 
 import logging

diff --git a/vault/models/vault_entry.py b/vault/models/vault_entry.py
@@ -140,28 +140,27 @@ def _search_expired(self, operator, value):
         return ["|", ("expire_date", ">=", datetime.now()), ("expire_date", "=", False)]
 
     def log_change(self, action):
-        self.ensure_one()
         if self.env.context.get("vault_skip_log"):
             return
 
-        self.log_info(
-            _("%(action)s entry %(name)s by %(user)s")
-            % {
-                "action": action,
-                "name": self.complete_name,
-                "user": self.env.user.display_name,
-            }
-        )
+        for rec in self:
+            rec.log_info(
+                _("%(action)s entry %(name)s by %(user)s")
+                % {
+                    "action": action,
+                    "name": rec.complete_name,
+                    "user": rec.env.user.display_name,
+                }
+            )
 
-    @api.model_create_single
-    def create(self, values):
-        res = super().create(values)
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
         res.log_change("Created")
         return res
 
     def unlink(self):
-        for rec in self:
-            rec.log_change("Deleted")
+        self.log_change("Deleted")
 
         return super().unlink()
 

diff --git a/vault/models/vault_log.py b/vault/models/vault_log.py
@@ -38,9 +38,9 @@ def _get_log_state(self):
             ("error", _("Error")),
         ]
 
-    @api.model
-    def create(self, values):
-        res = super().create(values)
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
         if not self.env.context.get("skip_log", False):
             _logger.info("Vault log: %s", res.message)
         return res
diff --git a/vault/models/vault_right.py b/vault/models/vault_right.py
@@ -69,25 +69,25 @@ def _compute_public_key(self):
             rec.public_key = rec.user_id.active_key.public
 
     def log_access(self):
-        self.ensure_one()
-        rights = ", ".join(
-            sorted(
-                ["read"]
-                + [
-                    right
-                    for right in ["create", "write", "share", "delete"]
-                    if getattr(self, f"perm_{right}", False)
-                ]
+        for rec in self:
+            rights = ", ".join(
+                sorted(
+                    ["read"]
+                    + [
+                        right
+                        for right in ["create", "write", "share", "delete"]
+                        if getattr(rec, f"perm_{right}", False)
+                    ]
+                )
             )
-        )
 
-        self.vault_id.log_info(
-            f"Grant access to user {self.user_id.display_name}: {rights}"
-        )
+            rec.vault_id.log_info(
+                f"Grant access to user {rec.user_id.display_name}: {rights}"
+            )
 
-    @api.model
-    def create(self, values):
-        res = super().create(values)
+    @api.model_create_multi
+    def create(self, vals_list):
+        res = super().create(vals_list)
         if not res.allowed_share and not res.env.su:
             self.raise_access_error()
 
@@ -98,8 +98,7 @@ def write(self, values):
         res = super().write(values)
         perms = ["perm_write", "perm_delete", "perm_share", "perm_create"]
         if any(x in values for x in perms):
-            for rec in self:
-                rec.log_access()
+            self.log_access()
 
         return res
 

diff --git a/vault/static/description/index.html b/vault/static/description/index.html
@@ -367,9 +367,9 @@ <h1 class="title">Vault</h1>
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
-!! source digest: sha256:e0b69ed2cd488c2635fec51457c0cb50c1bbd628cc768e68cd8d1d80c944ce2e
+!! source digest: sha256:f5ab04a25cc568dea3db60cecb5e549d44da1d67f710b01698316ebfaaa79d28
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
-<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/15.0/vault"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-15-0/server-auth-15-0-vault"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=15.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-auth/tree/16.0/vault"><img alt="OCA/server-auth" src="https://img.shields.io/badge/github-OCA%2Fserver--auth-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-auth-16-0/server-auth-16-0-vault"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-auth&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module implements a vault for secrets and files using end-to-end-encryption. The encryption and decryption happens in the browser using a vault specific shared master key. The master keys are encrypted using asymmetrically. For this the user has to enter a second password on the first login or if he needs to access data in a vault. The asymmetric keys are stored for a certain time in the browser storage.</p>
 <p>The server can never access the secrets with the information available. Only people registered in the vault can decrypt or encrypt values in a vault. The meta data isn’t encrypted to be able to search/filter for entries more easily.</p>
 <p>This modules requires a secure context for the browser to work properly.</p>
@@ -413,7 +413,7 @@ <h1><a class="toc-backref" href="#toc-entry-2">Bug Tracker</a></h1>
 <p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-auth/issues">GitHub Issues</a>.
 In case of trouble, please check there if your issue has already been reported.
 If you spotted it first, help us to smash it by providing a detailed and welcomed
-<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20vault%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<a class="reference external" href="https://github.com/OCA/server-auth/issues/new?body=module:%20vault%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
 <p>Do not contact contributors directly about support or help with technical issues.</p>
 </div>
 <div class="section" id="credits">
@@ -437,7 +437,7 @@ <h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>
-<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/15.0/vault">OCA/server-auth</a> project on GitHub.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-auth/tree/16.0/vault">OCA/server-auth</a> project on GitHub.</p>
 <p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
 </div>
 </div>