From f99f33a345d8f015c6bcaae86f44ea9964e906e5 Mon Sep 17 00:00:00 2001
From: KKamaa <kevkamaa96@gmail.com>
Date: Mon, 9 Sep 2024 11:53:04 +0300
Subject: [PATCH 01/11] Draft: [16.0][MIG] #10965 auditlog_security

---
 auditlog_security/README.rst                  |  95 ++++
 auditlog_security/__init__.py                 |   3 +
 auditlog_security/__manifest__.py             |  25 +
 auditlog_security/models/__init__.py          |   7 +
 .../models/auditlog_line_access_rule.py       | 121 +++++
 auditlog_security/models/auditlog_log_line.py |  47 ++
 auditlog_security/models/auditlog_rule.py     | 127 +++++
 auditlog_security/models/ir_rule.py           |  16 +
 auditlog_security/readme/CONTRIBUTORS.rst     |   1 +
 auditlog_security/readme/CREDITS.rst          |   0
 auditlog_security/readme/DESCRIPTION.rst      |   3 +
 auditlog_security/readme/ROADMAP.rst          |   1 +
 auditlog_security/readme/USAGE.rst            |  11 +
 .../security/ir.model.access.csv              |   3 +
 auditlog_security/security/ir_rule.xml        |  15 +
 auditlog_security/security/res_groups.xml     |   6 +
 .../static/description/index.html             | 438 ++++++++++++++++++
 auditlog_security/views/auditlog_view.xml     | 151 ++++++
 18 files changed, 1070 insertions(+)
 create mode 100644 auditlog_security/README.rst
 create mode 100644 auditlog_security/__init__.py
 create mode 100644 auditlog_security/__manifest__.py
 create mode 100644 auditlog_security/models/__init__.py
 create mode 100644 auditlog_security/models/auditlog_line_access_rule.py
 create mode 100644 auditlog_security/models/auditlog_log_line.py
 create mode 100644 auditlog_security/models/auditlog_rule.py
 create mode 100644 auditlog_security/models/ir_rule.py
 create mode 100644 auditlog_security/readme/CONTRIBUTORS.rst
 create mode 100644 auditlog_security/readme/CREDITS.rst
 create mode 100644 auditlog_security/readme/DESCRIPTION.rst
 create mode 100644 auditlog_security/readme/ROADMAP.rst
 create mode 100644 auditlog_security/readme/USAGE.rst
 create mode 100644 auditlog_security/security/ir.model.access.csv
 create mode 100644 auditlog_security/security/ir_rule.xml
 create mode 100644 auditlog_security/security/res_groups.xml
 create mode 100644 auditlog_security/static/description/index.html
 create mode 100644 auditlog_security/views/auditlog_view.xml

diff --git a/auditlog_security/README.rst b/auditlog_security/README.rst
new file mode 100644
index 00000000000..438dfbd137a
--- /dev/null
+++ b/auditlog_security/README.rst
@@ -0,0 +1,95 @@
+==========================
+Audit Log User Permissions
+==========================
+
+.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! This file is generated by oca-gen-addon-readme !!
+   !! changes will be overwritten.                   !!
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+.. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
+    :target: https://odoo-community.org/page/development-status
+    :alt: Beta
+.. |badge2| image:: https://img.shields.io/badge/licence-AGPL--3-blue.png
+    :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
+    :alt: License: AGPL-3
+.. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github
+    :target: https://github.com/OCA/server-tools/tree/11.0/auditlog_security
+    :alt: OCA/server-tools
+.. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
+    :target: https://translation.odoo-community.org/projects/server-tools-11-0/server-tools-11-0-auditlog_security
+    :alt: Translate me on Weblate
+.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
+    :target: https://runbot.odoo-community.org/runbot/149/11.0
+    :alt: Try me on Runbot
+
+|badge1| |badge2| |badge3| |badge4| |badge5| 
+
+This module allows extends auditlog, allowing specific log lines to be viewed only
+by users belonging to specific views, while all other lines are allowed only to 
+administrator.
+
+**Table of contents**
+
+.. contents::
+   :local:
+
+Usage
+=====
+
+Go to `Settings / Technical / Audit / Rules` to subscribe rules. A rule defines
+which operations to log for a given data model.
+The rule is now extended with a new field permission_ids, that tells us wich groups will
+be allowed to read the lines produced by this rule.
+If permission_ids is left empty, the default will be: 
+"auditlog lines visible only by user in Settings group, which is the default 
+for the auditlog module"
+
+
+Then, check logs in the `Settings / Technical / Audit / Logs` menu. You can
+group them by user sessions, date, data model , HTTP requests.
+
+Known issues / Roadmap
+======================
+
+
+
+Bug Tracker
+===========
+
+Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-tools/issues/new?body=module:%20auditlog_security%0Aversion:%2011.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+
+Do not contact contributors directly about support or help with technical issues.
+
+Credits
+=======
+
+Authors
+~~~~~~~
+
+* Therp B.V.
+
+Contributors
+~~~~~~~~~~~~
+
+* Giovanni Francesco Capalbo <giovanni@therp.nl>
+
+Maintainers
+~~~~~~~~~~~
+
+This module is maintained by the OCA.
+
+.. image:: https://odoo-community.org/logo.png
+   :alt: Odoo Community Association
+   :target: https://odoo-community.org
+
+OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.
+
+This module is part of the `OCA/server-tools <https://github.com/OCA/server-tools/tree/11.0/auditlog_security>`_ project on GitHub.
+
+You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auditlog_security/__init__.py b/auditlog_security/__init__.py
new file mode 100644
index 00000000000..31660d6a965
--- /dev/null
+++ b/auditlog_security/__init__.py
@@ -0,0 +1,3 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from . import models
diff --git a/auditlog_security/__manifest__.py b/auditlog_security/__manifest__.py
new file mode 100644
index 00000000000..22218b90eec
--- /dev/null
+++ b/auditlog_security/__manifest__.py
@@ -0,0 +1,25 @@
+# Copyright 2021 Therp B.V. <https://www.therp.nl>
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+{
+    "name": "Audit Log User Permissions",
+    "version": "11.0.1.1.4",
+    "author": "Therp B.V.,Odoo Community Association (OCA)",
+    "license": "AGPL-3",
+    "website": "https://github.com/OCA/server-tools/",
+    "category": "Tools",
+    "description": """Allow regular users to view Audit log lines
+                   via the form view of the relevant model""",
+    "depends": [
+        "auditlog",
+        "contacts",
+    ],
+    "data": [
+        "security/res_groups.xml",
+        "views/auditlog_view.xml",
+        "security/ir.model.access.csv",
+        "security/ir_rule.xml",
+    ],
+    "application": True,
+    "installable": True,
+}
diff --git a/auditlog_security/models/__init__.py b/auditlog_security/models/__init__.py
new file mode 100644
index 00000000000..5b1ed36f36a
--- /dev/null
+++ b/auditlog_security/models/__init__.py
@@ -0,0 +1,7 @@
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from . import auditlog_rule
+from . import auditlog_line_access_rule
+from . import ir_rule
+from . import auditlog_log_line
+
diff --git a/auditlog_security/models/auditlog_line_access_rule.py b/auditlog_security/models/auditlog_line_access_rule.py
new file mode 100644
index 00000000000..573ac55b2b1
--- /dev/null
+++ b/auditlog_security/models/auditlog_line_access_rule.py
@@ -0,0 +1,121 @@
+# Copyright 2021 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import exceptions, models, fields, api, modules, _
+from odoo.addons.auditlog.models.rule import FIELDS_BLACKLIST
+
+
+class AuditlogLineAccessRule(models.Model):
+    _name = "auditlog.line.access.rule"
+
+    name = fields.Char()
+
+    field_ids = fields.Many2many("ir.model.fields")
+    group_ids = fields.Many2many(
+        "res.groups",
+        help="""Groups that will be allowed to see the logged fields, if left empty
+                default will be all users with a login""",
+    )
+    model_id = fields.Many2one(
+        "ir.model", related="auditlog_rule_id.model_id", readonly=True
+    )
+    auditlog_rule_id = fields.Many2one(
+        "auditlog.rule", "auditlog_access_rule_ids", readonly=True, ondelete="cascade"
+    )
+    state = fields.Selection(related="auditlog_rule_id.state", readonly=True)
+
+    def needs_rule(self):
+        self.ensure_one()
+        return bool(self.group_ids)
+
+    def get_linked_rules(self):
+        return self.env["ir.rule"].search(
+            [("auditlog_line_access_rule_id", "in", self.ids)]
+        )
+
+    def unlink(self):
+        to_delete = self.get_linked_rules()
+        res = super(AuditlogLineAccessRule, self).unlink()
+        if res:
+            res = res and to_delete.unlink()
+        return res
+
+    def add_default_group_if_needed(self):
+        self.ensure_one()
+        res = False
+        if not self.group_ids and self.field_ids:
+            res = self.with_context(no_iter=True).write(
+                {"group_ids": [(6, 0, [self.env.ref("base.group_user").id])]}
+            )
+        return res
+
+    @api.model
+    def create(self, vals):
+        res = super(AuditlogLineAccessRule, self).create(vals)
+        res.add_default_group_if_needed()
+        res.regenerate_rules()
+        return res
+
+    @api.multi
+    def write(self, vals):
+        res = super(AuditlogLineAccessRule, self).write(vals)
+        for this in self:
+            added = this.add_default_group_if_needed()
+            if (
+                any(
+                    [
+                        x in vals
+                        for x in ("group_ids", "field_ids", "model_id", "all_fields")
+                    ]
+                )
+                or added
+            ):
+                this.regenerate_rules()
+
+        return res
+
+    def remove_rules(self):
+        for this in self:
+            this.get_linked_rules().unlink()
+
+    def regenerate_rules(self):
+        for this in self:
+            this.remove_rules()
+            dict_values = this._prepare_rule_values()
+            for values in dict_values:
+                self.env["ir.rule"].create(values)
+
+    def _prepare_rule_values(self):
+        self.ensure_one()
+        if not self.needs_rule():
+            return []
+        domain_force = "[" + " ('log_id.model_id' , '=', %s)," % (
+            self.model_id.id
+        )
+        if self.field_ids:
+            domain_force = "[('field_id', 'in',  %s)]" % (self.field_ids.ids)
+            model = self.env.ref("auditlog.model_auditlog_log_line")
+        else:
+            domain_force = "[('model_id', '=', %s)]" % (self.model_id.id)
+            model = self.env.ref("auditlog.model_auditlog_log")
+        auditlog_security_group = self.env.ref(
+                'auditlog_security.group_can_view_audit_logs')
+        return [
+        {
+            "name": "auditlog_extended_%s" % self.id,
+            "model_id": model.id,
+            "groups": [(6, 0, self.group_ids.ids)],
+            "perm_read": True,
+            "domain_force": domain_force,
+            "auditlog_line_access_rule_id": self.id,
+        }, 
+        {
+            "name": "auditlog_extended_%s" % self.id,
+            "model_id": model.id,
+            "groups": [(6, 0, [auditlog_security_group.id])],
+            "perm_read": True,
+            "domain_force": [(1, '=', 1)],
+            "auditlog_line_access_rule_id": self.id,
+        }]
+
+
diff --git a/auditlog_security/models/auditlog_log_line.py b/auditlog_security/models/auditlog_log_line.py
new file mode 100644
index 00000000000..e7698e2c2cf
--- /dev/null
+++ b/auditlog_security/models/auditlog_log_line.py
@@ -0,0 +1,47 @@
+# Copyright 2022 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import api, exceptions, models, fields
+
+
+class AuditlogLogLine(models.Model):
+    _inherit = 'auditlog.log.line'
+    _order = "create_date desc"
+
+    user_id = fields.Many2one(
+        'res.users',
+        compute="compute_user_id",
+        store=True,
+        index=True,
+        string="User",
+    )
+    method = fields.Char("Method", compute='compute_method', store=True, index=True)
+    model_id = fields.Many2one(
+        "ir.model", 
+        compute='compute_model_id', 
+        store=True, 
+        index=True)
+    res_id = fields.Integer(
+        compute='compute_res_id', 
+        store=True, 
+        index=True)
+
+    @api.depends('log_id.method')
+    def compute_method(self):
+        for this in self:
+            this.method=this.log_id.method
+
+    @api.depends('log_id.user_id')
+    def compute_user_id(self):
+        for this in self:
+            this.user_id=this.log_id.user_id
+
+    @api.depends('log_id.model_id')
+    def compute_model_id(self):
+        for this in self:
+            this.model_id=this.log_id.model_id
+    
+    @api.depends('log_id.res_id')
+    def compute_res_id(self):
+        for this in self:
+            this.res_id=this.log_id.res_id
diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py
new file mode 100644
index 00000000000..76ac9003648
--- /dev/null
+++ b/auditlog_security/models/auditlog_rule.py
@@ -0,0 +1,127 @@
+# Copyright 2021 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import exceptions, models, fields, api, modules, _, tools
+from odoo.addons.auditlog.models.rule import FIELDS_BLACKLIST
+from odoo.exceptions import ValidationError, UserError
+
+class AuditlogRule(models.Model):
+    _inherit = "auditlog.rule"
+
+    auditlog_line_access_rule_ids = fields.One2many(
+        "auditlog.line.access.rule", "auditlog_rule_id", ondelete="cascade"
+    )
+    server_action_id = fields.Many2one('ir.actions.server', "Server Action",)
+    log_selected_fields_only = fields.Boolean(
+        default=True,
+        help="Log only the selected fields, to save space avoid large DB data.")
+
+    @api.constrains('model_id')
+    def unique_model(self):
+        if self.search_count([('model_id', '=', self.model_id.id)]) > 1:
+            raise ValidationError("A rule for this model already exists")
+
+    @api.model
+    @tools.ormcache('model_name')
+    def _get_field_names_of_rule(self, model_name):
+        """ Memory-cached list of fields per rule """
+        rule = self.env['auditlog.rule'].sudo().search(
+            [('model_id.model', '=', model_name)], limit=1)
+        if rule.auditlog_line_access_rule_ids:
+            return rule.mapped(
+                'auditlog_line_access_rule_ids.field_ids.name')
+        return []
+
+    @api.model
+    @tools.ormcache('model_name')
+    def _get_log_selected_fields_only(self, model_name):
+        """ Memory-cached translation of model to rule """
+        rule = self.env['auditlog.rule'].sudo().search(
+            [('model_id.model', '=', model_name)], limit=1)
+        return rule.log_selected_fields_only
+
+    @api.model
+    def get_auditlog_fields(self, model):
+        res = super(AuditlogRule, self).get_auditlog_fields(model)
+        if self._get_log_selected_fields_only(model._name):
+            selected_field_names = self._get_field_names_of_rule(model._name)
+            # we re-use the checks on non-stored fields from super.
+            res = [x for x in selected_field_names if x in res]
+        return res
+
+    @api.multi
+    def write(self, values):
+        cache_invalidating_fields = [
+            "state",
+            "auditlog_line_access_rule_ids",
+            "log_selected_fields_only",
+        ]
+        if any([field in values.keys() for field in cache_invalidating_fields]):
+            # clear cache for all ormcache methods.
+            self.clear_caches()
+        return super(AuditlogRule, self).write(values)
+
+    @api.onchange("model_id")
+    def onchange_model_id(self):
+        # if model changes we must wipe out all field ids
+        self.auditlog_line_access_rule_ids.unlink()
+
+    @api.model
+    def _get_view_log_lines_action(self):
+        assert(self.env.context.get('active_model'))
+        assert(self.env.context.get('active_ids'))
+        model = self.env['ir.model'].sudo().search([
+            ('model', '=', self.env.context.get('active_model'))
+        ])
+        domain = [
+            ('model_id', '=', model.id),
+            ('res_id', 'in', self.env.context.get('active_ids')),
+        ]
+        return {
+            "name": _("View Log Lines"),
+            "res_model": "auditlog.log.line",
+            "view_mode": "tree,form",
+            "view_id": False,
+            "domain": domain,
+            "type": "ir.actions.act_window",
+        }
+
+    @api.multi
+    def _create_server_action(self):
+        self.ensure_one()
+        code = \
+            "action = env['auditlog.rule']._get_view_log_lines_action()"
+        server_action = self.env['ir.actions.server'].sudo().create({
+            'name': "View Log Lines",
+            'model_id': self.model_id.id,
+            'state': "code",
+            'code': code
+        })
+        self.write({
+            'server_action_id': server_action.id
+        })
+        return server_action
+
+    @api.multi
+    def subscribe(self):
+        for rule in self:
+            server_action = rule._create_server_action()
+            server_action.create_action()
+        res = super(AuditlogRule, self).subscribe()
+        for rule in self:
+            rule.auditlog_line_access_rule_ids.regenerate_rules()
+        # rule now will have "View Log" Action, make that visible only for admin
+        if res:
+            self.action_id.write({
+                'groups_id': [(6, 0, [self.env.ref('base.group_system').id])]
+            }) 
+        return res
+
+    @api.multi
+    def unsubscribe(self):
+        for rule in self:
+            rule.auditlog_line_access_rule_ids.remove_rules()
+        for rule in self:
+            rule.server_action_id.unlink()
+        return super(AuditlogRule, self).unsubscribe()
+
diff --git a/auditlog_security/models/ir_rule.py b/auditlog_security/models/ir_rule.py
new file mode 100644
index 00000000000..665b58f0507
--- /dev/null
+++ b/auditlog_security/models/ir_rule.py
@@ -0,0 +1,16 @@
+# Copyright 2021 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import exceptions, models, fields, api, _
+
+
+class IrRule(models.Model):
+    _inherit = "ir.rule"
+
+    auditlog_line_access_rule_id = fields.Many2one(
+        "auditlog.line.access.rule",
+        required=False,
+        index=True,
+        ondelete='cascade',
+        help="Auditlog line access Rule that generated this ir.rule",
+    )
diff --git a/auditlog_security/readme/CONTRIBUTORS.rst b/auditlog_security/readme/CONTRIBUTORS.rst
new file mode 100644
index 00000000000..addcc3f4a2b
--- /dev/null
+++ b/auditlog_security/readme/CONTRIBUTORS.rst
@@ -0,0 +1 @@
+* Giovanni Francesco Capalbo <giovanni@therp.nl>
diff --git a/auditlog_security/readme/CREDITS.rst b/auditlog_security/readme/CREDITS.rst
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/auditlog_security/readme/DESCRIPTION.rst b/auditlog_security/readme/DESCRIPTION.rst
new file mode 100644
index 00000000000..2d056774e16
--- /dev/null
+++ b/auditlog_security/readme/DESCRIPTION.rst
@@ -0,0 +1,3 @@
+This module allows extends auditlog, allowing specific log lines to be viewed only
+by users belonging to specific views, while all other lines are allowed only to 
+administrator.
diff --git a/auditlog_security/readme/ROADMAP.rst b/auditlog_security/readme/ROADMAP.rst
new file mode 100644
index 00000000000..8b137891791
--- /dev/null
+++ b/auditlog_security/readme/ROADMAP.rst
@@ -0,0 +1 @@
+
diff --git a/auditlog_security/readme/USAGE.rst b/auditlog_security/readme/USAGE.rst
new file mode 100644
index 00000000000..f4cfaeca2cf
--- /dev/null
+++ b/auditlog_security/readme/USAGE.rst
@@ -0,0 +1,11 @@
+Go to `Settings / Technical / Audit / Rules` to subscribe rules. A rule defines
+which operations to log for a given data model.
+The rule is now extended with a new field permission_ids, that tells us wich groups will
+be allowed to read the lines produced by this rule.
+If permission_ids is left empty, the default will be: 
+"auditlog lines visible only by user in Settings group, which is the default 
+for the auditlog module"
+
+
+Then, check logs in the `Settings / Technical / Audit / Logs` menu. You can
+group them by user sessions, date, data model , HTTP requests.
diff --git a/auditlog_security/security/ir.model.access.csv b/auditlog_security/security/ir.model.access.csv
new file mode 100644
index 00000000000..eba2422b41f
--- /dev/null
+++ b/auditlog_security/security/ir.model.access.csv
@@ -0,0 +1,3 @@
+id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
+access_auditlog_log_line_user,auditlog_log_line_user,auditlog.model_auditlog_log_line,base.group_user,1,0,0,0
+access_auditlog_line_access_rule_admin,auditlog_line_access_rule_admin,model_auditlog_line_access_rule,base.group_erp_manager,1,1,1,1
\ No newline at end of file
diff --git a/auditlog_security/security/ir_rule.xml b/auditlog_security/security/ir_rule.xml
new file mode 100644
index 00000000000..d783eb6f6d2
--- /dev/null
+++ b/auditlog_security/security/ir_rule.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo noupdate="1">
+
+    <record id="no_one_by_default" model="ir.rule">
+        <field name="name">Nobody can read by default</field>
+        <field name="model_id" ref="auditlog_security.model_auditlog_line_access_rule"/>
+        <field name="domain_force">[(0, '=', 1)]</field>
+        <field name="groups" eval="[(4, ref('base.group_user'))]"/>
+        <field name="perm_read" eval="True"/>
+        <field name="perm_write" eval="False"/>
+        <field name="perm_create" eval="False"/>
+        <field name="perm_unlink" eval="False"/>
+    </record>
+
+</odoo>
diff --git a/auditlog_security/security/res_groups.xml b/auditlog_security/security/res_groups.xml
new file mode 100644
index 00000000000..2b4fd7171c9
--- /dev/null
+++ b/auditlog_security/security/res_groups.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+    <record id="group_can_view_audit_logs" model="res.groups">
+        <field name="name">View Audit Logs</field>
+    </record>
+</odoo>
diff --git a/auditlog_security/static/description/index.html b/auditlog_security/static/description/index.html
new file mode 100644
index 00000000000..03f14d1e6be
--- /dev/null
+++ b/auditlog_security/static/description/index.html
@@ -0,0 +1,438 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils: http://docutils.sourceforge.net/" />
+<title>Audit Log User Permissions</title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+  border: 0 }
+
+table.borderless td, table.borderless th {
+  /* Override padding for "table.docutils td" with "! important".
+     The right padding separates the table cells. */
+  padding: 0 0.5em 0 0 ! important }
+
+.first {
+  /* Override more specific margin styles with "! important". */
+  margin-top: 0 ! important }
+
+.last, .with-subtitle {
+  margin-bottom: 0 ! important }
+
+.hidden {
+  display: none }
+
+.subscript {
+  vertical-align: sub;
+  font-size: smaller }
+
+.superscript {
+  vertical-align: super;
+  font-size: smaller }
+
+a.toc-backref {
+  text-decoration: none ;
+  color: black }
+
+blockquote.epigraph {
+  margin: 2em 5em ; }
+
+dl.docutils dd {
+  margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+  overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+  font-weight: bold }
+*/
+
+div.abstract {
+  margin: 2em 5em }
+
+div.abstract p.topic-title {
+  font-weight: bold ;
+  text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+  margin: 2em ;
+  border: medium outset ;
+  padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+  font-weight: bold ;
+  font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+  color: red ;
+  font-weight: bold ;
+  font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+   compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+  margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+  margin-top: 0.5em }
+*/
+
+div.dedication {
+  margin: 2em 5em ;
+  text-align: center ;
+  font-style: italic }
+
+div.dedication p.topic-title {
+  font-weight: bold ;
+  font-style: normal }
+
+div.figure {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+div.footer, div.header {
+  clear: both;
+  font-size: smaller }
+
+div.line-block {
+  display: block ;
+  margin-top: 1em ;
+  margin-bottom: 1em }
+
+div.line-block div.line-block {
+  margin-top: 0 ;
+  margin-bottom: 0 ;
+  margin-left: 1.5em }
+
+div.sidebar {
+  margin: 0 0 0.5em 1em ;
+  border: medium outset ;
+  padding: 1em ;
+  background-color: #ffffee ;
+  width: 40% ;
+  float: right ;
+  clear: right }
+
+div.sidebar p.rubric {
+  font-family: sans-serif ;
+  font-size: medium }
+
+div.system-messages {
+  margin: 5em }
+
+div.system-messages h1 {
+  color: red }
+
+div.system-message {
+  border: medium outset ;
+  padding: 1em }
+
+div.system-message p.system-message-title {
+  color: red ;
+  font-weight: bold }
+
+div.topic {
+  margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+  margin-top: 0.4em }
+
+h1.title {
+  text-align: center }
+
+h2.subtitle {
+  text-align: center }
+
+hr.docutils {
+  width: 75% }
+
+img.align-left, .figure.align-left, object.align-left, table.align-left {
+  clear: left ;
+  float: left ;
+  margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right, table.align-right {
+  clear: right ;
+  float: right ;
+  margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+  display: block;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+table.align-center {
+  margin-left: auto;
+  margin-right: auto;
+}
+
+.align-left {
+  text-align: left }
+
+.align-center {
+  clear: both ;
+  text-align: center }
+
+.align-right {
+  text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+  text-align: inherit }
+
+/* div.align-center * { */
+/*   text-align: left } */
+
+.align-top    {
+  vertical-align: top }
+
+.align-middle {
+  vertical-align: middle }
+
+.align-bottom {
+  vertical-align: bottom }
+
+ol.simple, ul.simple {
+  margin-bottom: 1em }
+
+ol.arabic {
+  list-style: decimal }
+
+ol.loweralpha {
+  list-style: lower-alpha }
+
+ol.upperalpha {
+  list-style: upper-alpha }
+
+ol.lowerroman {
+  list-style: lower-roman }
+
+ol.upperroman {
+  list-style: upper-roman }
+
+p.attribution {
+  text-align: right ;
+  margin-left: 50% }
+
+p.caption {
+  font-style: italic }
+
+p.credits {
+  font-style: italic ;
+  font-size: smaller }
+
+p.label {
+  white-space: nowrap }
+
+p.rubric {
+  font-weight: bold ;
+  font-size: larger ;
+  color: maroon ;
+  text-align: center }
+
+p.sidebar-title {
+  font-family: sans-serif ;
+  font-weight: bold ;
+  font-size: larger }
+
+p.sidebar-subtitle {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+p.topic-title {
+  font-weight: bold }
+
+pre.address {
+  margin-bottom: 0 ;
+  margin-top: 0 ;
+  font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+  margin-left: 2em ;
+  margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+  font-family: sans-serif ;
+  font-style: oblique }
+
+span.classifier-delimiter {
+  font-family: sans-serif ;
+  font-weight: bold }
+
+span.interpreted {
+  font-family: sans-serif }
+
+span.option {
+  white-space: nowrap }
+
+span.pre {
+  white-space: pre }
+
+span.problematic {
+  color: red }
+
+span.section-subtitle {
+  /* font-size relative to parent (h1..h6 element) */
+  font-size: 80% }
+
+table.citation {
+  border-left: solid 1px gray;
+  margin-left: 1px }
+
+table.docinfo {
+  margin: 2em 4em }
+
+table.docutils {
+  margin-top: 0.5em ;
+  margin-bottom: 0.5em }
+
+table.footnote {
+  border-left: solid 1px black;
+  margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+  padding-left: 0.5em ;
+  padding-right: 0.5em ;
+  vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+  font-weight: bold ;
+  text-align: left ;
+  white-space: nowrap ;
+  padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+  border: 0px;
+  border-top: 2px solid;
+  border-bottom: 2px solid;
+  border-collapse: collapse;
+}
+table.docutils.booktabs * {
+  border: 0px;
+}
+table.docutils.booktabs th {
+  border-bottom: thin solid;
+  text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+  font-size: 100% }
+
+ul.auto-toc {
+  list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document" id="audit-log-user-permissions">
+<h1 class="title">Audit Log User Permissions</h1>
+
+<!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! This file is generated by oca-gen-addon-readme !!
+!! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
+<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external" href="https://github.com/OCA/server-tools/tree/11.0/auditlog_security"><img alt="OCA/server-tools" src="https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github" /></a> <a class="reference external" href="https://translation.odoo-community.org/projects/server-tools-11-0/server-tools-11-0-auditlog_security"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external" href="https://runbot.odoo-community.org/runbot/149/11.0"><img alt="Try me on Runbot" src="https://img.shields.io/badge/runbot-Try%20me-875A7B.png" /></a></p>
+<p>This module allows extends auditlog, allowing specific log lines to be viewed only
+by users belonging to specific views, while all other lines are allowed only to
+administrator.</p>
+<p><strong>Table of contents</strong></p>
+<div class="contents local topic" id="contents">
+<ul class="simple">
+<li><a class="reference internal" href="#usage" id="id1">Usage</a></li>
+<li><a class="reference internal" href="#known-issues-roadmap" id="id2">Known issues / Roadmap</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="id3">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="id4">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="id5">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="id6">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="id7">Maintainers</a></li>
+</ul>
+</li>
+</ul>
+</div>
+<div class="section" id="usage">
+<h1><a class="toc-backref" href="#id1">Usage</a></h1>
+<p>Go to <cite>Settings / Technical / Audit / Rules</cite> to subscribe rules. A rule defines
+which operations to log for a given data model.
+The rule is now extended with a new field permission_ids, that tells us wich groups will
+be allowed to read the lines produced by this rule.
+If permission_ids is left empty, the default will be:
+“auditlog lines visible only by user in Settings group, which is the default
+for the auditlog module”</p>
+<p>Then, check logs in the <cite>Settings / Technical / Audit / Logs</cite> menu. You can
+group them by user sessions, date, data model , HTTP requests.</p>
+</div>
+<div class="section" id="known-issues-roadmap">
+<h1><a class="toc-backref" href="#id2">Known issues / Roadmap</a></h1>
+</div>
+<div class="section" id="bug-tracker">
+<h1><a class="toc-backref" href="#id3">Bug Tracker</a></h1>
+<p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-tools/issues">GitHub Issues</a>.
+In case of trouble, please check there if your issue has already been reported.
+If you spotted it first, help us smashing it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-tools/issues/new?body=module:%20auditlog_security%0Aversion:%2011.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+<p>Do not contact contributors directly about support or help with technical issues.</p>
+</div>
+<div class="section" id="credits">
+<h1><a class="toc-backref" href="#id4">Credits</a></h1>
+<div class="section" id="authors">
+<h2><a class="toc-backref" href="#id5">Authors</a></h2>
+<ul class="simple">
+<li>Therp B.V.</li>
+</ul>
+</div>
+<div class="section" id="contributors">
+<h2><a class="toc-backref" href="#id6">Contributors</a></h2>
+<ul class="simple">
+<li>Giovanni Francesco Capalbo &lt;<a class="reference external" href="mailto:giovanni&#64;therp.nl">giovanni&#64;therp.nl</a>&gt;</li>
+</ul>
+</div>
+<div class="section" id="maintainers">
+<h2><a class="toc-backref" href="#id7">Maintainers</a></h2>
+<p>This module is maintained by the OCA.</p>
+<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<p>OCA, or the Odoo Community Association, is a nonprofit organization whose
+mission is to support the collaborative development of Odoo features and
+promote its widespread use.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-tools/tree/11.0/auditlog_security">OCA/server-tools</a> project on GitHub.</p>
+<p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
+</div>
+</div>
+</div>
+</body>
+</html>
diff --git a/auditlog_security/views/auditlog_view.xml b/auditlog_security/views/auditlog_view.xml
new file mode 100644
index 00000000000..3050c1d7517
--- /dev/null
+++ b/auditlog_security/views/auditlog_view.xml
@@ -0,0 +1,151 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+     <record model="ir.ui.view" id="view_auditlog_log_tree">
+        <field name="name">auditlog.log.form</field>
+        <field name="model">auditlog.log</field>
+        <field name="inherit_id" ref="auditlog.view_auditlog_log_tree"/>
+        <field name="arch" type="xml">
+            <xpath expr="//tree" position="attributes">
+                <attribute name="delete">false</attribute>
+            </xpath>
+        </field>
+     </record>
+
+    <record model="ir.ui.view" id="view_auditlog_log_form">
+        <field name="name">auditlog.log.form</field>
+        <field name="model">auditlog.log</field>
+        <field name="inherit_id" ref="auditlog.view_auditlog_log_form"/>
+        <field name="arch" type="xml">
+            <xpath expr="//form" position="attributes">
+                <attribute name="delete">false</attribute>
+            </xpath>
+            <xpath
+                expr="//field[@name='line_ids']/form/group[2]/field[@name='old_value']" position="before">
+                <field name="user_id" readonly="1"/>
+            </xpath>
+
+            <xpath
+                expr="//field[@name='line_ids']/tree/field[@name='field_description']" position="before">
+                <field name="user_id"/>
+            </xpath>
+        </field>
+    </record>
+
+    <record model="ir.ui.view" id="view_auditlog_log_line_form">
+        <field name="name">auditlog.log.line.form</field>
+        <field name="model">auditlog.log.line</field>
+        <field name="arch" type="xml">
+                <form string="Log - Field updated" delete="0">
+                    <group>
+                        <field name="field_id" readonly="1"/>
+                    </group>
+                    <group string="Values" col="4">
+                        <field name="create_date" readonly="1"/>
+                        <field name="user_id" readonly="1"/>
+                        <field name="old_value" readonly="1"/>
+                        <field name="new_value" readonly="1"/>
+                        <field name="old_value_text" readonly="1"/>
+                        <field name="new_value_text" readonly="1"/>
+                    </group>
+                </form>
+        </field>
+    </record>
+
+    <record model="ir.ui.view" id="view_auditlog_log_line_tree">
+        <field name="name">auditlog.log.line.tree</field>
+        <field name="model">auditlog.log.line</field>
+        <field name="arch" type="xml">
+            <tree delete="0">
+                <field name="create_date"/>
+                <field name="field_name" string="Changed" />
+                <field name="old_value_text"/>
+                <field name="new_value_text"/>
+                <field name="user_id"/>
+                <field name="method" string="Type of operation"/>
+            </tree>
+        </field>
+    </record>
+
+    <record id="audit_log_line_action" model="ir.actions.act_window">
+        <field name="name">View Log Lines</field>
+        <field name="type">ir.actions.act_window</field>
+        <field name="res_model">auditlog.log.line</field>
+        <field name="view_mode">tree,form</field>
+    </record>
+
+    <!-- show logs for partner out side of technical too, now that we have rules
+    for all types of users, will place in "contact" -->
+
+
+    <record id="auditlog_form_view_ext" model="ir.ui.view">
+        <field name="name">auditlog rule form extension</field>
+        <field name="model">auditlog.rule</field>
+        <field name="inherit_id" ref="auditlog.view_auditlog_rule_form"/>
+        <field name="arch" type="xml">
+            <xpath expr="//group[last()]" position="after">
+                <group>
+                    <div>
+                        <p>
+                            Add fields here to make any changes to them (audit log lines)
+                            visible to members of the selected groups.
+                        </p>
+                    </div>
+                </group>
+                <group>
+                    <field name="log_selected_fields_only"/>
+                    <!-- in the domain are the blacklisted fields in auditlog they
+                        would be skipped anyway, so we repeat here to avoid incongruencies
+                    -->
+                    <field name="auditlog_line_access_rule_ids">
+                        <tree>
+                            <field name="state" readonly="1" invisible="1"/>
+                            <field name="model_id" readonly="1" invisible="1"/>
+                            <field name="group_ids" widget="many2many_tags"
+                                   options="{'no_create': True}"
+                             />
+                            <field name="field_ids"  widget="many2many_tags"
+                                options="{'no_create': True}"
+                                domain="[('model_id', '=' , model_id),('name', 'not in', ['id', 'create_uid', 'create_date', 'write_uid', 'write_date','display_name', '__last_update']) ]"
+                                attrs="{'readonly': [('state', '=', 'subscribed')]}"
+                            />
+                        </tree>
+                        <form>
+                            <sheet>
+                                <group>
+                                    <field name="state" readonly="1" invisible="1"/>
+                                    <field name="model_id" readonly="1" invisible="1" />
+                                    <field name="auditlog_rule_id" readonly="1" invisible="1"/>
+                                    <field name="group_ids"
+                                        attrs="{'readonly': [('state', '=', 'subscribed')]}"
+                                        />
+                                    <field name="field_ids"
+                                        domain="[('model_id', '=' , model_id),('name', 'not in', ['id', 'create_uid', 'create_date', 'write_uid', 'write_date','display_name', '__last_update']) ]"
+                                        attrs="{'readonly': [('state', '=', 'subscribed')]}"
+                                        />
+                                </group>
+                            </sheet>
+                        </form>
+                    </field>
+                </group>
+            </xpath>
+        </field>
+    </record>
+
+    <record id="auditlog_tree_view_ext" model="ir.ui.view">
+        <field name="name">auditlog rule tree extension</field>
+        <field name="model">auditlog.rule</field>
+        <field name="inherit_id" ref="auditlog.view_auditlog_rule_tree"/>
+        <field name="arch" type="xml">
+            <xpath expr="//field[@name='state']" position="after">
+                <field name="auditlog_line_access_rule_ids">
+                    <tree>
+                        <field name="group_ids"/>
+                        <field name="field_ids"/>
+
+                    </tree>
+
+                </field>
+            </xpath>
+        </field>
+    </record>
+</odoo>

From 15c16c044628b4eade1dd5ff62509146643a7f16 Mon Sep 17 00:00:00 2001
From: KKamaa <kevkamaa96@gmail.com>
Date: Mon, 9 Sep 2024 12:11:33 +0300
Subject: [PATCH 02/11] [UPD] black,isort,prettier

---
 auditlog_security/README.rst                  | 23 +++--
 auditlog_security/__manifest__.py             |  6 +-
 auditlog_security/models/__init__.py          |  1 -
 .../models/auditlog_line_access_rule.py       | 45 +++++----
 auditlog_security/models/auditlog_log_line.py | 49 +++++-----
 auditlog_security/models/auditlog_rule.py     | 93 +++++++++++--------
 auditlog_security/models/ir_rule.py           |  4 +-
 .../security/ir.model.access.csv              |  2 +-
 auditlog_security/security/ir_rule.xml        | 17 ++--
 .../static/description/index.html             | 54 ++++++-----
 auditlog_security/views/auditlog_view.xml     | 86 ++++++++++-------
 .../odoo/addons/auditlog_security             |  1 +
 setup/auditlog_security/setup.py              |  6 ++
 13 files changed, 211 insertions(+), 176 deletions(-)
 create mode 120000 setup/auditlog_security/odoo/addons/auditlog_security
 create mode 100644 setup/auditlog_security/setup.py

diff --git a/auditlog_security/README.rst b/auditlog_security/README.rst
index 438dfbd137a..4d2873382aa 100644
--- a/auditlog_security/README.rst
+++ b/auditlog_security/README.rst
@@ -2,10 +2,13 @@
 Audit Log User Permissions
 ==========================
 
-.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:f98c0209d43e543c4900a35144d6189d6a65aa2a3e462333582408b79f57c733
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
     :target: https://odoo-community.org/page/development-status
@@ -14,16 +17,16 @@ Audit Log User Permissions
     :target: http://www.gnu.org/licenses/agpl-3.0-standalone.html
     :alt: License: AGPL-3
 .. |badge3| image:: https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github
-    :target: https://github.com/OCA/server-tools/tree/11.0/auditlog_security
+    :target: https://github.com/OCA/server-tools/tree/16.0/auditlog_security
     :alt: OCA/server-tools
 .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
-    :target: https://translation.odoo-community.org/projects/server-tools-11-0/server-tools-11-0-auditlog_security
+    :target: https://translation.odoo-community.org/projects/server-tools-16-0/server-tools-16-0-auditlog_security
     :alt: Translate me on Weblate
-.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
-    :target: https://runbot.odoo-community.org/runbot/149/11.0
-    :alt: Try me on Runbot
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/server-tools&target_branch=16.0
+    :alt: Try me on Runboat
 
-|badge1| |badge2| |badge3| |badge4| |badge5| 
+|badge1| |badge2| |badge3| |badge4| |badge5|
 
 This module allows extends auditlog, allowing specific log lines to be viewed only
 by users belonging to specific views, while all other lines are allowed only to 
@@ -59,8 +62,8 @@ Bug Tracker
 
 Bugs are tracked on `GitHub Issues <https://github.com/OCA/server-tools/issues>`_.
 In case of trouble, please check there if your issue has already been reported.
-If you spotted it first, help us smashing it by providing a detailed and welcomed
-`feedback <https://github.com/OCA/server-tools/issues/new?body=module:%20auditlog_security%0Aversion:%2011.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/server-tools/issues/new?body=module:%20auditlog_security%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
 
 Do not contact contributors directly about support or help with technical issues.
 
@@ -90,6 +93,6 @@ OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.
 
-This module is part of the `OCA/server-tools <https://github.com/OCA/server-tools/tree/11.0/auditlog_security>`_ project on GitHub.
+This module is part of the `OCA/server-tools <https://github.com/OCA/server-tools/tree/16.0/auditlog_security>`_ project on GitHub.
 
 You are welcome to contribute. To learn how please visit https://odoo-community.org/page/Contribute.
diff --git a/auditlog_security/__manifest__.py b/auditlog_security/__manifest__.py
index 22218b90eec..7af1284b967 100644
--- a/auditlog_security/__manifest__.py
+++ b/auditlog_security/__manifest__.py
@@ -3,12 +3,12 @@
 
 {
     "name": "Audit Log User Permissions",
-    "version": "11.0.1.1.4",
+    "version": "16.0.1.0.0",
     "author": "Therp B.V.,Odoo Community Association (OCA)",
     "license": "AGPL-3",
-    "website": "https://github.com/OCA/server-tools/",
+    "website": "https://github.com/OCA/server-tools",
     "category": "Tools",
-    "description": """Allow regular users to view Audit log lines
+    "summary": """Allow regular users to view Audit log lines
                    via the form view of the relevant model""",
     "depends": [
         "auditlog",
diff --git a/auditlog_security/models/__init__.py b/auditlog_security/models/__init__.py
index 5b1ed36f36a..38b8d3409b4 100644
--- a/auditlog_security/models/__init__.py
+++ b/auditlog_security/models/__init__.py
@@ -4,4 +4,3 @@
 from . import auditlog_line_access_rule
 from . import ir_rule
 from . import auditlog_log_line
-
diff --git a/auditlog_security/models/auditlog_line_access_rule.py b/auditlog_security/models/auditlog_line_access_rule.py
index 573ac55b2b1..621a5e96c2d 100644
--- a/auditlog_security/models/auditlog_line_access_rule.py
+++ b/auditlog_security/models/auditlog_line_access_rule.py
@@ -1,8 +1,7 @@
 # Copyright 2021 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo import exceptions, models, fields, api, modules, _
-from odoo.addons.auditlog.models.rule import FIELDS_BLACKLIST
+from odoo import api, fields, models
 
 
 class AuditlogLineAccessRule(models.Model):
@@ -89,9 +88,7 @@ def _prepare_rule_values(self):
         self.ensure_one()
         if not self.needs_rule():
             return []
-        domain_force = "[" + " ('log_id.model_id' , '=', %s)," % (
-            self.model_id.id
-        )
+        domain_force = "[" + " ('log_id.model_id' , '=', %s)," % (self.model_id.id)
         if self.field_ids:
             domain_force = "[('field_id', 'in',  %s)]" % (self.field_ids.ids)
             model = self.env.ref("auditlog.model_auditlog_log_line")
@@ -99,23 +96,23 @@ def _prepare_rule_values(self):
             domain_force = "[('model_id', '=', %s)]" % (self.model_id.id)
             model = self.env.ref("auditlog.model_auditlog_log")
         auditlog_security_group = self.env.ref(
-                'auditlog_security.group_can_view_audit_logs')
+            "auditlog_security.group_can_view_audit_logs"
+        )
         return [
-        {
-            "name": "auditlog_extended_%s" % self.id,
-            "model_id": model.id,
-            "groups": [(6, 0, self.group_ids.ids)],
-            "perm_read": True,
-            "domain_force": domain_force,
-            "auditlog_line_access_rule_id": self.id,
-        }, 
-        {
-            "name": "auditlog_extended_%s" % self.id,
-            "model_id": model.id,
-            "groups": [(6, 0, [auditlog_security_group.id])],
-            "perm_read": True,
-            "domain_force": [(1, '=', 1)],
-            "auditlog_line_access_rule_id": self.id,
-        }]
-
-
+            {
+                "name": "auditlog_extended_%s" % self.id,
+                "model_id": model.id,
+                "groups": [(6, 0, self.group_ids.ids)],
+                "perm_read": True,
+                "domain_force": domain_force,
+                "auditlog_line_access_rule_id": self.id,
+            },
+            {
+                "name": "auditlog_extended_%s" % self.id,
+                "model_id": model.id,
+                "groups": [(6, 0, [auditlog_security_group.id])],
+                "perm_read": True,
+                "domain_force": [(1, "=", 1)],
+                "auditlog_line_access_rule_id": self.id,
+            },
+        ]
diff --git a/auditlog_security/models/auditlog_log_line.py b/auditlog_security/models/auditlog_log_line.py
index e7698e2c2cf..43cce73a5de 100644
--- a/auditlog_security/models/auditlog_log_line.py
+++ b/auditlog_security/models/auditlog_log_line.py
@@ -1,47 +1,42 @@
 # Copyright 2022 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo import api, exceptions, models, fields
+from odoo import api, fields, models
 
 
 class AuditlogLogLine(models.Model):
-    _inherit = 'auditlog.log.line'
+    _inherit = "auditlog.log.line"
     _order = "create_date desc"
 
     user_id = fields.Many2one(
-        'res.users',
-        compute="compute_user_id",
+        "res.users",
+        compute="_compute_user_id",
         store=True,
         index=True,
         string="User",
     )
-    method = fields.Char("Method", compute='compute_method', store=True, index=True)
+    method = fields.Char(compute="_compute_method", store=True, index=True)
     model_id = fields.Many2one(
-        "ir.model", 
-        compute='compute_model_id', 
-        store=True, 
-        index=True)
-    res_id = fields.Integer(
-        compute='compute_res_id', 
-        store=True, 
-        index=True)
-
-    @api.depends('log_id.method')
-    def compute_method(self):
+        "ir.model", compute="_compute_model_id", store=True, index=True
+    )
+    res_id = fields.Integer(compute="_compute_res_id", store=True, index=True)
+
+    @api.depends("log_id.method")
+    def _compute_method(self):
         for this in self:
-            this.method=this.log_id.method
+            this.method = this.log_id.method
 
-    @api.depends('log_id.user_id')
-    def compute_user_id(self):
+    @api.depends("log_id.user_id")
+    def _compute_user_id(self):
         for this in self:
-            this.user_id=this.log_id.user_id
+            this.user_id = this.log_id.user_id
 
-    @api.depends('log_id.model_id')
-    def compute_model_id(self):
+    @api.depends("log_id.model_id")
+    def _compute_model_id(self):
         for this in self:
-            this.model_id=this.log_id.model_id
-    
-    @api.depends('log_id.res_id')
-    def compute_res_id(self):
+            this.model_id = this.log_id.model_id
+
+    @api.depends("log_id.res_id")
+    def _compute_res_id(self):
         for this in self:
-            this.res_id=this.log_id.res_id
+            this.res_id = this.log_id.res_id
diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py
index 76ac9003648..c75a5e8897b 100644
--- a/auditlog_security/models/auditlog_rule.py
+++ b/auditlog_security/models/auditlog_rule.py
@@ -1,9 +1,9 @@
 # Copyright 2021 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo import exceptions, models, fields, api, modules, _, tools
-from odoo.addons.auditlog.models.rule import FIELDS_BLACKLIST
-from odoo.exceptions import ValidationError, UserError
+from odoo import _, api, fields, models, tools
+from odoo.exceptions import ValidationError
+
 
 class AuditlogRule(models.Model):
     _inherit = "auditlog.rule"
@@ -11,33 +11,42 @@ class AuditlogRule(models.Model):
     auditlog_line_access_rule_ids = fields.One2many(
         "auditlog.line.access.rule", "auditlog_rule_id", ondelete="cascade"
     )
-    server_action_id = fields.Many2one('ir.actions.server', "Server Action",)
+    server_action_id = fields.Many2one(
+        "ir.actions.server",
+        "Server Action",
+    )
     log_selected_fields_only = fields.Boolean(
         default=True,
-        help="Log only the selected fields, to save space avoid large DB data.")
+        help="Log only the selected fields, to save space avoid large DB data.",
+    )
 
-    @api.constrains('model_id')
+    @api.constrains("model_id")
     def unique_model(self):
-        if self.search_count([('model_id', '=', self.model_id.id)]) > 1:
-            raise ValidationError("A rule for this model already exists")
+        if self.search_count([("model_id", "=", self.model_id.id)]) > 1:
+            raise ValidationError(_("A rule for this model already exists"))
 
     @api.model
-    @tools.ormcache('model_name')
+    @tools.ormcache("model_name")
     def _get_field_names_of_rule(self, model_name):
-        """ Memory-cached list of fields per rule """
-        rule = self.env['auditlog.rule'].sudo().search(
-            [('model_id.model', '=', model_name)], limit=1)
+        """Memory-cached list of fields per rule"""
+        rule = (
+            self.env["auditlog.rule"]
+            .sudo()
+            .search([("model_id.model", "=", model_name)], limit=1)
+        )
         if rule.auditlog_line_access_rule_ids:
-            return rule.mapped(
-                'auditlog_line_access_rule_ids.field_ids.name')
+            return rule.mapped("auditlog_line_access_rule_ids.field_ids.name")
         return []
 
     @api.model
-    @tools.ormcache('model_name')
+    @tools.ormcache("model_name")
     def _get_log_selected_fields_only(self, model_name):
-        """ Memory-cached translation of model to rule """
-        rule = self.env['auditlog.rule'].sudo().search(
-            [('model_id.model', '=', model_name)], limit=1)
+        """Memory-cached translation of model to rule"""
+        rule = (
+            self.env["auditlog.rule"]
+            .sudo()
+            .search([("model_id.model", "=", model_name)], limit=1)
+        )
         return rule.log_selected_fields_only
 
     @api.model
@@ -68,14 +77,16 @@ def onchange_model_id(self):
 
     @api.model
     def _get_view_log_lines_action(self):
-        assert(self.env.context.get('active_model'))
-        assert(self.env.context.get('active_ids'))
-        model = self.env['ir.model'].sudo().search([
-            ('model', '=', self.env.context.get('active_model'))
-        ])
+        assert self.env.context.get("active_model")
+        assert self.env.context.get("active_ids")
+        model = (
+            self.env["ir.model"]
+            .sudo()
+            .search([("model", "=", self.env.context.get("active_model"))])
+        )
         domain = [
-            ('model_id', '=', model.id),
-            ('res_id', 'in', self.env.context.get('active_ids')),
+            ("model_id", "=", model.id),
+            ("res_id", "in", self.env.context.get("active_ids")),
         ]
         return {
             "name": _("View Log Lines"),
@@ -89,17 +100,20 @@ def _get_view_log_lines_action(self):
     @api.multi
     def _create_server_action(self):
         self.ensure_one()
-        code = \
-            "action = env['auditlog.rule']._get_view_log_lines_action()"
-        server_action = self.env['ir.actions.server'].sudo().create({
-            'name': "View Log Lines",
-            'model_id': self.model_id.id,
-            'state': "code",
-            'code': code
-        })
-        self.write({
-            'server_action_id': server_action.id
-        })
+        code = "action = env['auditlog.rule']._get_view_log_lines_action()"
+        server_action = (
+            self.env["ir.actions.server"]
+            .sudo()
+            .create(
+                {
+                    "name": "View Log Lines",
+                    "model_id": self.model_id.id,
+                    "state": "code",
+                    "code": code,
+                }
+            )
+        )
+        self.write({"server_action_id": server_action.id})
         return server_action
 
     @api.multi
@@ -112,9 +126,9 @@ def subscribe(self):
             rule.auditlog_line_access_rule_ids.regenerate_rules()
         # rule now will have "View Log" Action, make that visible only for admin
         if res:
-            self.action_id.write({
-                'groups_id': [(6, 0, [self.env.ref('base.group_system').id])]
-            }) 
+            self.action_id.write(
+                {"groups_id": [(6, 0, [self.env.ref("base.group_system").id])]}
+            )
         return res
 
     @api.multi
@@ -124,4 +138,3 @@ def unsubscribe(self):
         for rule in self:
             rule.server_action_id.unlink()
         return super(AuditlogRule, self).unsubscribe()
-
diff --git a/auditlog_security/models/ir_rule.py b/auditlog_security/models/ir_rule.py
index 665b58f0507..59e926edc06 100644
--- a/auditlog_security/models/ir_rule.py
+++ b/auditlog_security/models/ir_rule.py
@@ -1,7 +1,7 @@
 # Copyright 2021 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo import exceptions, models, fields, api, _
+from odoo import fields, models
 
 
 class IrRule(models.Model):
@@ -11,6 +11,6 @@ class IrRule(models.Model):
         "auditlog.line.access.rule",
         required=False,
         index=True,
-        ondelete='cascade',
+        ondelete="cascade",
         help="Auditlog line access Rule that generated this ir.rule",
     )
diff --git a/auditlog_security/security/ir.model.access.csv b/auditlog_security/security/ir.model.access.csv
index eba2422b41f..1d82edf2108 100644
--- a/auditlog_security/security/ir.model.access.csv
+++ b/auditlog_security/security/ir.model.access.csv
@@ -1,3 +1,3 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
 access_auditlog_log_line_user,auditlog_log_line_user,auditlog.model_auditlog_log_line,base.group_user,1,0,0,0
-access_auditlog_line_access_rule_admin,auditlog_line_access_rule_admin,model_auditlog_line_access_rule,base.group_erp_manager,1,1,1,1
\ No newline at end of file
+access_auditlog_line_access_rule_admin,auditlog_line_access_rule_admin,model_auditlog_line_access_rule,base.group_erp_manager,1,1,1,1
diff --git a/auditlog_security/security/ir_rule.xml b/auditlog_security/security/ir_rule.xml
index d783eb6f6d2..dfea064c1c5 100644
--- a/auditlog_security/security/ir_rule.xml
+++ b/auditlog_security/security/ir_rule.xml
@@ -1,15 +1,18 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8" ?>
 <odoo noupdate="1">
 
     <record id="no_one_by_default" model="ir.rule">
         <field name="name">Nobody can read by default</field>
-        <field name="model_id" ref="auditlog_security.model_auditlog_line_access_rule"/>
+        <field
+            name="model_id"
+            ref="auditlog_security.model_auditlog_line_access_rule"
+        />
         <field name="domain_force">[(0, '=', 1)]</field>
-        <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-        <field name="perm_read" eval="True"/>
-        <field name="perm_write" eval="False"/>
-        <field name="perm_create" eval="False"/>
-        <field name="perm_unlink" eval="False"/>
+        <field name="groups" eval="[(4, ref('base.group_user'))]" />
+        <field name="perm_read" eval="True" />
+        <field name="perm_write" eval="False" />
+        <field name="perm_create" eval="False" />
+        <field name="perm_unlink" eval="False" />
     </record>
 
 </odoo>
diff --git a/auditlog_security/static/description/index.html b/auditlog_security/static/description/index.html
index 03f14d1e6be..80174bc2755 100644
--- a/auditlog_security/static/description/index.html
+++ b/auditlog_security/static/description/index.html
@@ -1,20 +1,20 @@
-<?xml version="1.0" encoding="utf-8" ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<meta name="generator" content="Docutils: http://docutils.sourceforge.net/" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
 <title>Audit Log User Permissions</title>
 <style type="text/css">
 
 /*
 :Author: David Goodger (goodger@python.org)
-:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
+:Id: $Id: html4css1.css 9511 2024-01-13 09:50:07Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
+Despite the name, some widely supported CSS2 features are used.
 
-See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
 */
 
@@ -275,7 +275,7 @@
   margin-left: 2em ;
   margin-right: 2em }
 
-pre.code .ln { color: grey; } /* line numbers */
+pre.code .ln { color: gray; } /* line numbers */
 pre.code, code { background-color: #eeeeee }
 pre.code .comment, code .comment { color: #5C6576 }
 pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
@@ -301,7 +301,7 @@
 span.pre {
   white-space: pre }
 
-span.problematic {
+span.problematic, pre.problematic {
   color: red }
 
 span.section-subtitle {
@@ -366,27 +366,29 @@ <h1 class="title">Audit Log User Permissions</h1>
 <!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:f98c0209d43e543c4900a35144d6189d6a65aa2a3e462333582408b79f57c733
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
-<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external" href="https://github.com/OCA/server-tools/tree/11.0/auditlog_security"><img alt="OCA/server-tools" src="https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github" /></a> <a class="reference external" href="https://translation.odoo-community.org/projects/server-tools-11-0/server-tools-11-0-auditlog_security"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external" href="https://runbot.odoo-community.org/runbot/149/11.0"><img alt="Try me on Runbot" src="https://img.shields.io/badge/runbot-Try%20me-875A7B.png" /></a></p>
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/server-tools/tree/16.0/auditlog_security"><img alt="OCA/server-tools" src="https://img.shields.io/badge/github-OCA%2Fserver--tools-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/server-tools-16-0/server-tools-16-0-auditlog_security"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/server-tools&amp;target_branch=16.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
 <p>This module allows extends auditlog, allowing specific log lines to be viewed only
 by users belonging to specific views, while all other lines are allowed only to
 administrator.</p>
 <p><strong>Table of contents</strong></p>
 <div class="contents local topic" id="contents">
 <ul class="simple">
-<li><a class="reference internal" href="#usage" id="id1">Usage</a></li>
-<li><a class="reference internal" href="#known-issues-roadmap" id="id2">Known issues / Roadmap</a></li>
-<li><a class="reference internal" href="#bug-tracker" id="id3">Bug Tracker</a></li>
-<li><a class="reference internal" href="#credits" id="id4">Credits</a><ul>
-<li><a class="reference internal" href="#authors" id="id5">Authors</a></li>
-<li><a class="reference internal" href="#contributors" id="id6">Contributors</a></li>
-<li><a class="reference internal" href="#maintainers" id="id7">Maintainers</a></li>
+<li><a class="reference internal" href="#usage" id="toc-entry-1">Usage</a></li>
+<li><a class="reference internal" href="#known-issues-roadmap" id="toc-entry-2">Known issues / Roadmap</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-3">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-4">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-5">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-6">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-7">Maintainers</a></li>
 </ul>
 </li>
 </ul>
 </div>
 <div class="section" id="usage">
-<h1><a class="toc-backref" href="#id1">Usage</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-1">Usage</a></h1>
 <p>Go to <cite>Settings / Technical / Audit / Rules</cite> to subscribe rules. A rule defines
 which operations to log for a given data model.
 The rule is now extended with a new field permission_ids, that tells us wich groups will
@@ -398,38 +400,40 @@ <h1><a class="toc-backref" href="#id1">Usage</a></h1>
 group them by user sessions, date, data model , HTTP requests.</p>
 </div>
 <div class="section" id="known-issues-roadmap">
-<h1><a class="toc-backref" href="#id2">Known issues / Roadmap</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-2">Known issues / Roadmap</a></h1>
 </div>
 <div class="section" id="bug-tracker">
-<h1><a class="toc-backref" href="#id3">Bug Tracker</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-3">Bug Tracker</a></h1>
 <p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/server-tools/issues">GitHub Issues</a>.
 In case of trouble, please check there if your issue has already been reported.
-If you spotted it first, help us smashing it by providing a detailed and welcomed
-<a class="reference external" href="https://github.com/OCA/server-tools/issues/new?body=module:%20auditlog_security%0Aversion:%2011.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/server-tools/issues/new?body=module:%20auditlog_security%0Aversion:%2016.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
 <p>Do not contact contributors directly about support or help with technical issues.</p>
 </div>
 <div class="section" id="credits">
-<h1><a class="toc-backref" href="#id4">Credits</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-4">Credits</a></h1>
 <div class="section" id="authors">
-<h2><a class="toc-backref" href="#id5">Authors</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-5">Authors</a></h2>
 <ul class="simple">
 <li>Therp B.V.</li>
 </ul>
 </div>
 <div class="section" id="contributors">
-<h2><a class="toc-backref" href="#id6">Contributors</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-6">Contributors</a></h2>
 <ul class="simple">
 <li>Giovanni Francesco Capalbo &lt;<a class="reference external" href="mailto:giovanni&#64;therp.nl">giovanni&#64;therp.nl</a>&gt;</li>
 </ul>
 </div>
 <div class="section" id="maintainers">
-<h2><a class="toc-backref" href="#id7">Maintainers</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-7">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
-<a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
+<a class="reference external image-reference" href="https://odoo-community.org">
+<img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" />
+</a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose
 mission is to support the collaborative development of Odoo features and
 promote its widespread use.</p>
-<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-tools/tree/11.0/auditlog_security">OCA/server-tools</a> project on GitHub.</p>
+<p>This module is part of the <a class="reference external" href="https://github.com/OCA/server-tools/tree/16.0/auditlog_security">OCA/server-tools</a> project on GitHub.</p>
 <p>You are welcome to contribute. To learn how please visit <a class="reference external" href="https://odoo-community.org/page/Contribute">https://odoo-community.org/page/Contribute</a>.</p>
 </div>
 </div>
diff --git a/auditlog_security/views/auditlog_view.xml b/auditlog_security/views/auditlog_view.xml
index 3050c1d7517..fcb0f404027 100644
--- a/auditlog_security/views/auditlog_view.xml
+++ b/auditlog_security/views/auditlog_view.xml
@@ -1,9 +1,9 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8" ?>
 <odoo>
      <record model="ir.ui.view" id="view_auditlog_log_tree">
         <field name="name">auditlog.log.form</field>
         <field name="model">auditlog.log</field>
-        <field name="inherit_id" ref="auditlog.view_auditlog_log_tree"/>
+        <field name="inherit_id" ref="auditlog.view_auditlog_log_tree" />
         <field name="arch" type="xml">
             <xpath expr="//tree" position="attributes">
                 <attribute name="delete">false</attribute>
@@ -14,19 +14,23 @@
     <record model="ir.ui.view" id="view_auditlog_log_form">
         <field name="name">auditlog.log.form</field>
         <field name="model">auditlog.log</field>
-        <field name="inherit_id" ref="auditlog.view_auditlog_log_form"/>
+        <field name="inherit_id" ref="auditlog.view_auditlog_log_form" />
         <field name="arch" type="xml">
             <xpath expr="//form" position="attributes">
                 <attribute name="delete">false</attribute>
             </xpath>
             <xpath
-                expr="//field[@name='line_ids']/form/group[2]/field[@name='old_value']" position="before">
-                <field name="user_id" readonly="1"/>
+                expr="//field[@name='line_ids']/form/group[2]/field[@name='old_value']"
+                position="before"
+            >
+                <field name="user_id" readonly="1" />
             </xpath>
 
             <xpath
-                expr="//field[@name='line_ids']/tree/field[@name='field_description']" position="before">
-                <field name="user_id"/>
+                expr="//field[@name='line_ids']/tree/field[@name='field_description']"
+                position="before"
+            >
+                <field name="user_id" />
             </xpath>
         </field>
     </record>
@@ -37,15 +41,15 @@
         <field name="arch" type="xml">
                 <form string="Log - Field updated" delete="0">
                     <group>
-                        <field name="field_id" readonly="1"/>
+                        <field name="field_id" readonly="1" />
                     </group>
                     <group string="Values" col="4">
-                        <field name="create_date" readonly="1"/>
-                        <field name="user_id" readonly="1"/>
-                        <field name="old_value" readonly="1"/>
-                        <field name="new_value" readonly="1"/>
-                        <field name="old_value_text" readonly="1"/>
-                        <field name="new_value_text" readonly="1"/>
+                        <field name="create_date" readonly="1" />
+                        <field name="user_id" readonly="1" />
+                        <field name="old_value" readonly="1" />
+                        <field name="new_value" readonly="1" />
+                        <field name="old_value_text" readonly="1" />
+                        <field name="new_value_text" readonly="1" />
                     </group>
                 </form>
         </field>
@@ -56,12 +60,12 @@
         <field name="model">auditlog.log.line</field>
         <field name="arch" type="xml">
             <tree delete="0">
-                <field name="create_date"/>
+                <field name="create_date" />
                 <field name="field_name" string="Changed" />
-                <field name="old_value_text"/>
-                <field name="new_value_text"/>
-                <field name="user_id"/>
-                <field name="method" string="Type of operation"/>
+                <field name="old_value_text" />
+                <field name="new_value_text" />
+                <field name="user_id" />
+                <field name="method" string="Type of operation" />
             </tree>
         </field>
     </record>
@@ -80,7 +84,7 @@
     <record id="auditlog_form_view_ext" model="ir.ui.view">
         <field name="name">auditlog rule form extension</field>
         <field name="model">auditlog.rule</field>
-        <field name="inherit_id" ref="auditlog.view_auditlog_rule_form"/>
+        <field name="inherit_id" ref="auditlog.view_auditlog_rule_form" />
         <field name="arch" type="xml">
             <xpath expr="//group[last()]" position="after">
                 <group>
@@ -92,18 +96,22 @@
                     </div>
                 </group>
                 <group>
-                    <field name="log_selected_fields_only"/>
+                    <field name="log_selected_fields_only" />
                     <!-- in the domain are the blacklisted fields in auditlog they
                         would be skipped anyway, so we repeat here to avoid incongruencies
                     -->
                     <field name="auditlog_line_access_rule_ids">
                         <tree>
-                            <field name="state" readonly="1" invisible="1"/>
-                            <field name="model_id" readonly="1" invisible="1"/>
-                            <field name="group_ids" widget="many2many_tags"
-                                   options="{'no_create': True}"
-                             />
-                            <field name="field_ids"  widget="many2many_tags"
+                            <field name="state" readonly="1" invisible="1" />
+                            <field name="model_id" readonly="1" invisible="1" />
+                            <field
+                                name="group_ids"
+                                widget="many2many_tags"
+                                options="{'no_create': True}"
+                            />
+                            <field
+                                name="field_ids"
+                                widget="many2many_tags"
                                 options="{'no_create': True}"
                                 domain="[('model_id', '=' , model_id),('name', 'not in', ['id', 'create_uid', 'create_date', 'write_uid', 'write_date','display_name', '__last_update']) ]"
                                 attrs="{'readonly': [('state', '=', 'subscribed')]}"
@@ -112,16 +120,22 @@
                         <form>
                             <sheet>
                                 <group>
-                                    <field name="state" readonly="1" invisible="1"/>
+                                    <field name="state" readonly="1" invisible="1" />
                                     <field name="model_id" readonly="1" invisible="1" />
-                                    <field name="auditlog_rule_id" readonly="1" invisible="1"/>
-                                    <field name="group_ids"
+                                    <field
+                                        name="auditlog_rule_id"
+                                        readonly="1"
+                                        invisible="1"
+                                    />
+                                    <field
+                                        name="group_ids"
                                         attrs="{'readonly': [('state', '=', 'subscribed')]}"
-                                        />
-                                    <field name="field_ids"
+                                    />
+                                    <field
+                                        name="field_ids"
                                         domain="[('model_id', '=' , model_id),('name', 'not in', ['id', 'create_uid', 'create_date', 'write_uid', 'write_date','display_name', '__last_update']) ]"
                                         attrs="{'readonly': [('state', '=', 'subscribed')]}"
-                                        />
+                                    />
                                 </group>
                             </sheet>
                         </form>
@@ -134,13 +148,13 @@
     <record id="auditlog_tree_view_ext" model="ir.ui.view">
         <field name="name">auditlog rule tree extension</field>
         <field name="model">auditlog.rule</field>
-        <field name="inherit_id" ref="auditlog.view_auditlog_rule_tree"/>
+        <field name="inherit_id" ref="auditlog.view_auditlog_rule_tree" />
         <field name="arch" type="xml">
             <xpath expr="//field[@name='state']" position="after">
                 <field name="auditlog_line_access_rule_ids">
                     <tree>
-                        <field name="group_ids"/>
-                        <field name="field_ids"/>
+                        <field name="group_ids" />
+                        <field name="field_ids" />
 
                     </tree>
 
diff --git a/setup/auditlog_security/odoo/addons/auditlog_security b/setup/auditlog_security/odoo/addons/auditlog_security
new file mode 120000
index 00000000000..60934ae43f7
--- /dev/null
+++ b/setup/auditlog_security/odoo/addons/auditlog_security
@@ -0,0 +1 @@
+../../../../auditlog_security
\ No newline at end of file
diff --git a/setup/auditlog_security/setup.py b/setup/auditlog_security/setup.py
new file mode 100644
index 00000000000..28c57bb6403
--- /dev/null
+++ b/setup/auditlog_security/setup.py
@@ -0,0 +1,6 @@
+import setuptools
+
+setuptools.setup(
+    setup_requires=['setuptools-odoo'],
+    odoo_addon=True,
+)

From 381a2d116c3bf9273bcb940ad4fdf6ea84bfa578 Mon Sep 17 00:00:00 2001
From: KKamaa <kevkamaa96@gmail.com>
Date: Mon, 9 Sep 2024 12:23:12 +0300
Subject: [PATCH 03/11] fixup! [UPD] black,isort,prettier

---
 auditlog_security/models/auditlog_line_access_rule.py | 1 -
 auditlog_security/models/auditlog_rule.py             | 4 ----
 2 files changed, 5 deletions(-)

diff --git a/auditlog_security/models/auditlog_line_access_rule.py b/auditlog_security/models/auditlog_line_access_rule.py
index 621a5e96c2d..1c33de8bf45 100644
--- a/auditlog_security/models/auditlog_line_access_rule.py
+++ b/auditlog_security/models/auditlog_line_access_rule.py
@@ -55,7 +55,6 @@ def create(self, vals):
         res.regenerate_rules()
         return res
 
-    @api.multi
     def write(self, vals):
         res = super(AuditlogLineAccessRule, self).write(vals)
         for this in self:
diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py
index c75a5e8897b..c4d21d53630 100644
--- a/auditlog_security/models/auditlog_rule.py
+++ b/auditlog_security/models/auditlog_rule.py
@@ -58,7 +58,6 @@ def get_auditlog_fields(self, model):
             res = [x for x in selected_field_names if x in res]
         return res
 
-    @api.multi
     def write(self, values):
         cache_invalidating_fields = [
             "state",
@@ -97,7 +96,6 @@ def _get_view_log_lines_action(self):
             "type": "ir.actions.act_window",
         }
 
-    @api.multi
     def _create_server_action(self):
         self.ensure_one()
         code = "action = env['auditlog.rule']._get_view_log_lines_action()"
@@ -116,7 +114,6 @@ def _create_server_action(self):
         self.write({"server_action_id": server_action.id})
         return server_action
 
-    @api.multi
     def subscribe(self):
         for rule in self:
             server_action = rule._create_server_action()
@@ -131,7 +128,6 @@ def subscribe(self):
             )
         return res
 
-    @api.multi
     def unsubscribe(self):
         for rule in self:
             rule.auditlog_line_access_rule_ids.remove_rules()

From 8bd94473f51ba8eb8303746f842751031e537f30 Mon Sep 17 00:00:00 2001
From: KKamaa <kevkamaa96@gmail.com>
Date: Tue, 24 Sep 2024 17:24:24 +0300
Subject: [PATCH 04/11] [FIX] tests

---
 auditlog_security/models/__init__.py          |   1 +
 .../models/auditlog_line_access_rule.py       |   5 +-
 auditlog_security/models/auditlog_log_line.py |   2 +-
 auditlog_security/models/auditlog_rule.py     |   4 +-
 auditlog_security/models/ir_rule.py           |   2 +-
 auditlog_security/tests/__init__.py           |   6 +
 auditlog_security/tests/test_auditlog_line.py |  75 ++++++++++++
 .../tests/test_auditlog_line_access_rule.py   |  98 ++++++++++++++++
 auditlog_security/tests/test_auditlog_rule.py | 110 ++++++++++++++++++
 9 files changed, 297 insertions(+), 6 deletions(-)
 create mode 100644 auditlog_security/tests/__init__.py
 create mode 100644 auditlog_security/tests/test_auditlog_line.py
 create mode 100644 auditlog_security/tests/test_auditlog_line_access_rule.py
 create mode 100644 auditlog_security/tests/test_auditlog_rule.py

diff --git a/auditlog_security/models/__init__.py b/auditlog_security/models/__init__.py
index 38b8d3409b4..db0c1ec6291 100644
--- a/auditlog_security/models/__init__.py
+++ b/auditlog_security/models/__init__.py
@@ -1,3 +1,4 @@
+# Copyright 2021-2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from . import auditlog_rule
diff --git a/auditlog_security/models/auditlog_line_access_rule.py b/auditlog_security/models/auditlog_line_access_rule.py
index 1c33de8bf45..e7651ff41d2 100644
--- a/auditlog_security/models/auditlog_line_access_rule.py
+++ b/auditlog_security/models/auditlog_line_access_rule.py
@@ -1,4 +1,4 @@
-# Copyright 2021 Therp B.V.
+# Copyright 2021-2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from odoo import api, fields, models
@@ -6,6 +6,7 @@
 
 class AuditlogLineAccessRule(models.Model):
     _name = "auditlog.line.access.rule"
+    _description = "Auditlog Line Access Rule"
 
     name = fields.Char()
 
@@ -48,7 +49,7 @@ def add_default_group_if_needed(self):
             )
         return res
 
-    @api.model
+    @api.model_create_multi
     def create(self, vals):
         res = super(AuditlogLineAccessRule, self).create(vals)
         res.add_default_group_if_needed()
diff --git a/auditlog_security/models/auditlog_log_line.py b/auditlog_security/models/auditlog_log_line.py
index 43cce73a5de..5738b58d0a0 100644
--- a/auditlog_security/models/auditlog_log_line.py
+++ b/auditlog_security/models/auditlog_log_line.py
@@ -1,4 +1,4 @@
-# Copyright 2022 Therp B.V.
+# Copyright 2022-2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from odoo import api, fields, models
diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py
index c4d21d53630..eceba51f42e 100644
--- a/auditlog_security/models/auditlog_rule.py
+++ b/auditlog_security/models/auditlog_rule.py
@@ -1,4 +1,4 @@
-# Copyright 2021 Therp B.V.
+# Copyright 2021-2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from odoo import _, api, fields, models, tools
@@ -9,7 +9,7 @@ class AuditlogRule(models.Model):
     _inherit = "auditlog.rule"
 
     auditlog_line_access_rule_ids = fields.One2many(
-        "auditlog.line.access.rule", "auditlog_rule_id", ondelete="cascade"
+        "auditlog.line.access.rule", "auditlog_rule_id"
     )
     server_action_id = fields.Many2one(
         "ir.actions.server",
diff --git a/auditlog_security/models/ir_rule.py b/auditlog_security/models/ir_rule.py
index 59e926edc06..8def6cc7115 100644
--- a/auditlog_security/models/ir_rule.py
+++ b/auditlog_security/models/ir_rule.py
@@ -1,4 +1,4 @@
-# Copyright 2021 Therp B.V.
+# Copyright 2021-2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from odoo import fields, models
diff --git a/auditlog_security/tests/__init__.py b/auditlog_security/tests/__init__.py
new file mode 100644
index 00000000000..96ec34834e5
--- /dev/null
+++ b/auditlog_security/tests/__init__.py
@@ -0,0 +1,6 @@
+# Copyright 2024 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from . import test_auditlog_line
+from . import test_auditlog_rule
+from . import test_auditlog_line_access_rule
diff --git a/auditlog_security/tests/test_auditlog_line.py b/auditlog_security/tests/test_auditlog_line.py
new file mode 100644
index 00000000000..7f34a9c074a
--- /dev/null
+++ b/auditlog_security/tests/test_auditlog_line.py
@@ -0,0 +1,75 @@
+# Copyright 2024 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo.tests.common import TransactionCase
+
+
+class TestAuditlogLogLine(TransactionCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+
+        cls.group_portal = cls.env.ref('base.group_portal')
+        cls.group_user = cls.env.ref('base.group_user')
+
+        cls.model = cls.env['ir.model'].create({
+            'name': 'Test Model',
+            'model': 'x_test_model',
+        })
+
+        cls.field = cls.env['ir.model.fields'].create({
+            'name': 'x_test_field',
+            'model_id': cls.model.id,
+            'field_description': 'Test Field',
+            'ttype': 'char',
+        })
+
+        cls.log = cls.env['auditlog.log'].create({
+            'method': 'write',
+            'model_id': cls.model.id,
+            'res_id': 1,
+        })
+
+    def test_compute_method(self):
+        """Test the computation of the method field"""
+
+        log_line = self.env['auditlog.log.line'].create({
+            'log_id': self.log.id,
+            'field_id': self.field.id,
+            'old_value': 'old',
+            'new_value': 'new',
+        })
+        self.assertEqual(
+            log_line.method,
+            'write',
+            "The computed method field is incorrect."
+        )
+
+    def test_compute_model_id(self):
+        """Test the computation of the model_id field"""
+        log_line = self.env['auditlog.log.line'].create({
+            'log_id': self.log.id,
+            'field_id': self.field.id,
+            'old_value': 'old',
+            'new_value': 'new',
+        })
+        self.assertEqual(
+            log_line.model_id,
+            self.model,
+            "The computed model_id field is incorrect."
+        )
+
+    def test_compute_res_id(self):
+        """Test the computation of the res_id field"""
+        log_line = self.env['auditlog.log.line'].create({
+            'log_id': self.log.id,
+            'field_id': self.field.id,
+            'old_value': 'old',
+            'new_value': 'new',
+        })
+        self.assertEqual(
+            log_line.res_id,
+            1,
+            "The computed res_id field is incorrect."
+        )
diff --git a/auditlog_security/tests/test_auditlog_line_access_rule.py b/auditlog_security/tests/test_auditlog_line_access_rule.py
new file mode 100644
index 00000000000..3e286a150dd
--- /dev/null
+++ b/auditlog_security/tests/test_auditlog_line_access_rule.py
@@ -0,0 +1,98 @@
+# Copyright 2024 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo.tests.common import TransactionCase
+
+
+class TestAuditlogLineAccessRule(TransactionCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super(TestAuditlogLineAccessRule, cls).setUpClass()
+        cls.group_user = cls.env.ref('base.group_user')
+        cls.model = cls.env['ir.model'].create({
+            'name': 'Test Model',
+            'model': 'x_test_model_2',
+        })
+        cls.auditlog_rule = cls.env['auditlog.rule'].create({
+            'name': 'Test Auditlog Rule',
+            'model_id': cls.model.id,
+        })
+        cls.field = cls.env['ir.model.fields'].create({
+            'name': 'x_test_field',
+            'model_id': cls.model.id,
+            'field_description': 'Test Field',
+            'ttype': 'char',
+        })
+
+    def test_create_auditlog_line_access_rule(self):
+        """Test the creation of an auditlog line access rule"""
+        rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Test Rule',
+            'auditlog_rule_id': self.auditlog_rule.id,
+            'field_ids': [(6, 0, [self.field.id])],
+        })
+        self.assertTrue(rule)
+        # Verify if the default group is added
+        self.assertIn(self.group_user, rule.group_ids)
+
+    def test_write_auditlog_line_access_rule(self):
+        """Test writing to an auditlog line access rule"""
+        rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Test Rule',
+            'auditlog_rule_id': self.auditlog_rule.id,
+        })
+        rule.write({
+            'field_ids': [(6, 0, [self.field.id])],
+        })
+        self.assertIn(self.field, rule.field_ids)
+        # Verify if rules are regenerated
+        self.assertTrue(rule.get_linked_rules())
+
+    def test_unlink_auditlog_line_access_rule(self):
+        """Test unlinking of an auditlog line access rule"""
+        rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Test Rule',
+            'auditlog_rule_id': self.auditlog_rule.id,
+        })
+        linked_rule = self.env['ir.rule'].create({
+            'name': 'Linked Rule',
+            'model_id': self.model.id,
+            'domain_force': '[]',
+            'auditlog_line_access_rule_id': rule.id,
+        })
+        rule.unlink()
+        self.assertFalse(linked_rule.exists())
+
+    def test_add_default_group_if_needed(self):
+        """Test adding default group if needed"""
+        rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Test Rule',
+            'auditlog_rule_id': self.auditlog_rule.id,
+            'field_ids': [(6, 0, [self.field.id])],
+            'group_ids': [],
+        })
+        rule.add_default_group_if_needed()
+        self.assertIn(self.group_user, rule.group_ids)
+
+    def test_regenerate_rules(self):
+        """Test regenerating rules"""
+        rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Test Rule',
+            'auditlog_rule_id': self.auditlog_rule.id,
+            'group_ids': [(6, 0, [self.group_user.id])],
+        })
+        rule.regenerate_rules()
+        linked_rules = rule.get_linked_rules()
+        self.assertTrue(linked_rules)
+
+    def test_prepare_rule_values(self):
+        """Test preparation of rule values"""
+        rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Test Rule',
+            'auditlog_rule_id': self.auditlog_rule.id,
+            'group_ids': [(6, 0, [self.group_user.id])],
+        })
+        values = rule._prepare_rule_values()
+        self.assertGreater(len(values), 0)
+        self.assertIn('domain_force', values[0])
diff --git a/auditlog_security/tests/test_auditlog_rule.py b/auditlog_security/tests/test_auditlog_rule.py
new file mode 100644
index 00000000000..95694020e8e
--- /dev/null
+++ b/auditlog_security/tests/test_auditlog_rule.py
@@ -0,0 +1,110 @@
+# Copyright 2024 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo.tests.common import TransactionCase
+from psycopg2.errors import UniqueViolation
+
+class TestAuditlogRule(TransactionCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super(TestAuditlogRule, cls).setUpClass()
+
+        cls.model = cls.env['ir.model'].create({
+            'name': 'Test Model',
+            'model': 'x_test_model',
+        })
+        cls.rule = cls.env['auditlog.rule'].create({
+            'name': 'Test Rule',
+            'model_id': cls.model.id,
+        })
+        cls.field = cls.env['ir.model.fields'].create({
+            'name': 'x_test_field',
+            'model_id': cls.model.id,
+            'field_description': 'Test Field',
+            'ttype': 'char',
+        })
+
+    def test_unique_model_constraint(self):
+        """Test unique constraint on model_id field"""
+        with self.assertRaises(UniqueViolation):
+            self.env['auditlog.rule'].create({
+                'name': 'Duplicate Rule',
+                'model_id': self.model.id,
+            })
+
+    def test_get_field_names_of_rule(self):
+        """Test cached method _get_field_names_of_rule"""
+        rule = self.rule
+        access_rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Access Rule',
+            'auditlog_rule_id': rule.id,
+            'field_ids': [(6, 0, [self.field.id])],
+        })
+        field_names = rule._get_field_names_of_rule(self.model.model)
+        self.assertIn(self.field.name, field_names)
+
+    def test_get_log_selected_fields_only(self):
+        """Test cached method _get_log_selected_fields_only"""
+        log_selected = self.rule._get_log_selected_fields_only(self.model.model)
+        self.assertTrue(log_selected)
+
+    def test_get_auditlog_fields(self):
+        """Test get_auditlog_fields filtering of fields"""
+        rule = self.rule
+        access_rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Access Rule',
+            'auditlog_rule_id': rule.id,
+            'field_ids': [(6, 0, [self.field.id])],
+        })
+        fields = rule.get_auditlog_fields(self.env['x_test_model'])
+        self.assertIn(self.field.name, fields)
+
+    def test_write_clears_cache(self):
+        """Test that writing specific fields clears the cache"""
+        access_rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Access Rule',
+            'auditlog_rule_id': self.rule.id,
+            'field_ids': [(6, 0, [self.field.id])],
+        })
+
+        initial_field_names = self.rule._get_field_names_of_rule(self.model.model)
+        self.assertIn(self.field.name, initial_field_names, "Cache not populated correctly before write.")
+
+        self.rule.write({'log_selected_fields_only': False})
+
+        updated_field_names = self.rule._get_field_names_of_rule(self.model.model)
+
+        self.assertIn(self.field.name, updated_field_names, "Cache not updated correctly after write.")
+        self.assertEqual(updated_field_names, initial_field_names, "Cache should be recalculated and match expected values.")
+
+    def test_onchange_model_id(self):
+        """Test that related access rules are removed when model_id is changed"""
+        access_rule = self.env['auditlog.line.access.rule'].create({
+            'name': 'Access Rule',
+            'auditlog_rule_id': self.rule.id,
+        })
+        self.assertTrue(access_rule.exists())
+        self.rule.onchange_model_id()
+        self.assertFalse(access_rule.exists())
+
+    def test_create_server_action(self):
+        """Test the creation of server action linked to the audit log rule"""
+        action = self.rule._create_server_action()
+        self.assertTrue(action)
+        self.assertEqual(self.rule.server_action_id, action)
+
+    def test_subscribe_method(self):
+        """Test the subscribe method with rule regeneration and server action creation"""
+        action_count_before = self.env['ir.actions.server'].search_count([])
+        self.rule.subscribe()
+        action_count_after = self.env['ir.actions.server'].search_count([])
+        self.assertGreater(action_count_after, action_count_before)
+
+    def test_unsubscribe_method(self):
+        """Test the unsubscribe method with server action deletion"""
+        self.rule.subscribe()
+        server_action = self.rule.server_action_id
+        self.assertTrue(server_action.exists())
+        self.rule.unsubscribe()
+        self.assertFalse(server_action.exists())

From e01d5b40a6cf7dec4c3af63dd10375f792f7348e Mon Sep 17 00:00:00 2001
From: KKamaa <kevkamaa96@gmail.com>
Date: Tue, 24 Sep 2024 17:39:24 +0300
Subject: [PATCH 05/11] fixup! [FIX] tests

---
 auditlog_security/tests/test_auditlog_line.py |  95 +++++++------
 .../tests/test_auditlog_line_access_rule.py   | 131 ++++++++++--------
 auditlog_security/tests/test_auditlog_rule.py | 101 +++++++-------
 3 files changed, 179 insertions(+), 148 deletions(-)

diff --git a/auditlog_security/tests/test_auditlog_line.py b/auditlog_security/tests/test_auditlog_line.py
index 7f34a9c074a..812a57700b7 100644
--- a/auditlog_security/tests/test_auditlog_line.py
+++ b/auditlog_security/tests/test_auditlog_line.py
@@ -5,71 +5,74 @@
 
 
 class TestAuditlogLogLine(TransactionCase):
-
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
 
-        cls.group_portal = cls.env.ref('base.group_portal')
-        cls.group_user = cls.env.ref('base.group_user')
+        cls.group_portal = cls.env.ref("base.group_portal")
+        cls.group_user = cls.env.ref("base.group_user")
 
-        cls.model = cls.env['ir.model'].create({
-            'name': 'Test Model',
-            'model': 'x_test_model',
-        })
+        cls.model = cls.env["ir.model"].create(
+            {
+                "name": "Test Model",
+                "model": "x_test_model",
+            }
+        )
 
-        cls.field = cls.env['ir.model.fields'].create({
-            'name': 'x_test_field',
-            'model_id': cls.model.id,
-            'field_description': 'Test Field',
-            'ttype': 'char',
-        })
+        cls.field = cls.env["ir.model.fields"].create(
+            {
+                "name": "x_test_field",
+                "model_id": cls.model.id,
+                "field_description": "Test Field",
+                "ttype": "char",
+            }
+        )
 
-        cls.log = cls.env['auditlog.log'].create({
-            'method': 'write',
-            'model_id': cls.model.id,
-            'res_id': 1,
-        })
+        cls.log = cls.env["auditlog.log"].create(
+            {
+                "method": "write",
+                "model_id": cls.model.id,
+                "res_id": 1,
+            }
+        )
 
     def test_compute_method(self):
         """Test the computation of the method field"""
 
-        log_line = self.env['auditlog.log.line'].create({
-            'log_id': self.log.id,
-            'field_id': self.field.id,
-            'old_value': 'old',
-            'new_value': 'new',
-        })
+        log_line = self.env["auditlog.log.line"].create(
+            {
+                "log_id": self.log.id,
+                "field_id": self.field.id,
+                "old_value": "old",
+                "new_value": "new",
+            }
+        )
         self.assertEqual(
-            log_line.method,
-            'write',
-            "The computed method field is incorrect."
+            log_line.method, "write", "The computed method field is incorrect."
         )
 
     def test_compute_model_id(self):
         """Test the computation of the model_id field"""
-        log_line = self.env['auditlog.log.line'].create({
-            'log_id': self.log.id,
-            'field_id': self.field.id,
-            'old_value': 'old',
-            'new_value': 'new',
-        })
+        log_line = self.env["auditlog.log.line"].create(
+            {
+                "log_id": self.log.id,
+                "field_id": self.field.id,
+                "old_value": "old",
+                "new_value": "new",
+            }
+        )
         self.assertEqual(
-            log_line.model_id,
-            self.model,
-            "The computed model_id field is incorrect."
+            log_line.model_id, self.model, "The computed model_id field is incorrect."
         )
 
     def test_compute_res_id(self):
         """Test the computation of the res_id field"""
-        log_line = self.env['auditlog.log.line'].create({
-            'log_id': self.log.id,
-            'field_id': self.field.id,
-            'old_value': 'old',
-            'new_value': 'new',
-        })
-        self.assertEqual(
-            log_line.res_id,
-            1,
-            "The computed res_id field is incorrect."
+        log_line = self.env["auditlog.log.line"].create(
+            {
+                "log_id": self.log.id,
+                "field_id": self.field.id,
+                "old_value": "old",
+                "new_value": "new",
+            }
         )
+        self.assertEqual(log_line.res_id, 1, "The computed res_id field is incorrect.")
diff --git a/auditlog_security/tests/test_auditlog_line_access_rule.py b/auditlog_security/tests/test_auditlog_line_access_rule.py
index 3e286a150dd..c989dea7295 100644
--- a/auditlog_security/tests/test_auditlog_line_access_rule.py
+++ b/auditlog_security/tests/test_auditlog_line_access_rule.py
@@ -5,94 +5,115 @@
 
 
 class TestAuditlogLineAccessRule(TransactionCase):
-
     @classmethod
     def setUpClass(cls):
         super(TestAuditlogLineAccessRule, cls).setUpClass()
-        cls.group_user = cls.env.ref('base.group_user')
-        cls.model = cls.env['ir.model'].create({
-            'name': 'Test Model',
-            'model': 'x_test_model_2',
-        })
-        cls.auditlog_rule = cls.env['auditlog.rule'].create({
-            'name': 'Test Auditlog Rule',
-            'model_id': cls.model.id,
-        })
-        cls.field = cls.env['ir.model.fields'].create({
-            'name': 'x_test_field',
-            'model_id': cls.model.id,
-            'field_description': 'Test Field',
-            'ttype': 'char',
-        })
+        cls.group_user = cls.env.ref("base.group_user")
+        cls.model = cls.env["ir.model"].create(
+            {
+                "name": "Test Model",
+                "model": "x_test_model_2",
+            }
+        )
+        cls.auditlog_rule = cls.env["auditlog.rule"].create(
+            {
+                "name": "Test Auditlog Rule",
+                "model_id": cls.model.id,
+            }
+        )
+        cls.field = cls.env["ir.model.fields"].create(
+            {
+                "name": "x_test_field",
+                "model_id": cls.model.id,
+                "field_description": "Test Field",
+                "ttype": "char",
+            }
+        )
 
     def test_create_auditlog_line_access_rule(self):
         """Test the creation of an auditlog line access rule"""
-        rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Test Rule',
-            'auditlog_rule_id': self.auditlog_rule.id,
-            'field_ids': [(6, 0, [self.field.id])],
-        })
+        rule = self.env["auditlog.line.access.rule"].create(
+            {
+                "name": "Test Rule",
+                "auditlog_rule_id": self.auditlog_rule.id,
+                "field_ids": [(6, 0, [self.field.id])],
+            }
+        )
         self.assertTrue(rule)
         # Verify if the default group is added
         self.assertIn(self.group_user, rule.group_ids)
 
     def test_write_auditlog_line_access_rule(self):
         """Test writing to an auditlog line access rule"""
-        rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Test Rule',
-            'auditlog_rule_id': self.auditlog_rule.id,
-        })
-        rule.write({
-            'field_ids': [(6, 0, [self.field.id])],
-        })
+        rule = self.env["auditlog.line.access.rule"].create(
+            {
+                "name": "Test Rule",
+                "auditlog_rule_id": self.auditlog_rule.id,
+            }
+        )
+        rule.write(
+            {
+                "field_ids": [(6, 0, [self.field.id])],
+            }
+        )
         self.assertIn(self.field, rule.field_ids)
         # Verify if rules are regenerated
         self.assertTrue(rule.get_linked_rules())
 
     def test_unlink_auditlog_line_access_rule(self):
         """Test unlinking of an auditlog line access rule"""
-        rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Test Rule',
-            'auditlog_rule_id': self.auditlog_rule.id,
-        })
-        linked_rule = self.env['ir.rule'].create({
-            'name': 'Linked Rule',
-            'model_id': self.model.id,
-            'domain_force': '[]',
-            'auditlog_line_access_rule_id': rule.id,
-        })
+        rule = self.env["auditlog.line.access.rule"].create(
+            {
+                "name": "Test Rule",
+                "auditlog_rule_id": self.auditlog_rule.id,
+            }
+        )
+        linked_rule = self.env["ir.rule"].create(
+            {
+                "name": "Linked Rule",
+                "model_id": self.model.id,
+                "domain_force": "[]",
+                "auditlog_line_access_rule_id": rule.id,
+            }
+        )
         rule.unlink()
         self.assertFalse(linked_rule.exists())
 
     def test_add_default_group_if_needed(self):
         """Test adding default group if needed"""
-        rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Test Rule',
-            'auditlog_rule_id': self.auditlog_rule.id,
-            'field_ids': [(6, 0, [self.field.id])],
-            'group_ids': [],
-        })
+        rule = self.env["auditlog.line.access.rule"].create(
+            {
+                "name": "Test Rule",
+                "auditlog_rule_id": self.auditlog_rule.id,
+                "field_ids": [(6, 0, [self.field.id])],
+                "group_ids": [],
+            }
+        )
         rule.add_default_group_if_needed()
         self.assertIn(self.group_user, rule.group_ids)
 
     def test_regenerate_rules(self):
         """Test regenerating rules"""
-        rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Test Rule',
-            'auditlog_rule_id': self.auditlog_rule.id,
-            'group_ids': [(6, 0, [self.group_user.id])],
-        })
+        rule = self.env["auditlog.line.access.rule"].create(
+            {
+                "name": "Test Rule",
+                "auditlog_rule_id": self.auditlog_rule.id,
+                "group_ids": [(6, 0, [self.group_user.id])],
+            }
+        )
         rule.regenerate_rules()
         linked_rules = rule.get_linked_rules()
         self.assertTrue(linked_rules)
 
     def test_prepare_rule_values(self):
         """Test preparation of rule values"""
-        rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Test Rule',
-            'auditlog_rule_id': self.auditlog_rule.id,
-            'group_ids': [(6, 0, [self.group_user.id])],
-        })
+        rule = self.env["auditlog.line.access.rule"].create(
+            {
+                "name": "Test Rule",
+                "auditlog_rule_id": self.auditlog_rule.id,
+                "group_ids": [(6, 0, [self.group_user.id])],
+            }
+        )
         values = rule._prepare_rule_values()
         self.assertGreater(len(values), 0)
-        self.assertIn('domain_force', values[0])
+        self.assertIn("domain_force", values[0])
diff --git a/auditlog_security/tests/test_auditlog_rule.py b/auditlog_security/tests/test_auditlog_rule.py
index 95694020e8e..23ff9505108 100644
--- a/auditlog_security/tests/test_auditlog_rule.py
+++ b/auditlog_security/tests/test_auditlog_rule.py
@@ -1,46 +1,50 @@
 # Copyright 2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo.tests.common import TransactionCase
 from psycopg2.errors import UniqueViolation
 
-class TestAuditlogRule(TransactionCase):
+from odoo.tests.common import TransactionCase
 
+
+class TestAuditlogRule(TransactionCase):
     @classmethod
     def setUpClass(cls):
         super(TestAuditlogRule, cls).setUpClass()
 
-        cls.model = cls.env['ir.model'].create({
-            'name': 'Test Model',
-            'model': 'x_test_model',
-        })
-        cls.rule = cls.env['auditlog.rule'].create({
-            'name': 'Test Rule',
-            'model_id': cls.model.id,
-        })
-        cls.field = cls.env['ir.model.fields'].create({
-            'name': 'x_test_field',
-            'model_id': cls.model.id,
-            'field_description': 'Test Field',
-            'ttype': 'char',
-        })
+        cls.model = cls.env["ir.model"].create(
+            {
+                "name": "Test Model",
+                "model": "x_test_model",
+            }
+        )
+        cls.rule = cls.env["auditlog.rule"].create(
+            {
+                "name": "Test Rule",
+                "model_id": cls.model.id,
+            }
+        )
+        cls.field = cls.env["ir.model.fields"].create(
+            {
+                "name": "x_test_field",
+                "model_id": cls.model.id,
+                "field_description": "Test Field",
+                "ttype": "char",
+            }
+        )
 
     def test_unique_model_constraint(self):
         """Test unique constraint on model_id field"""
         with self.assertRaises(UniqueViolation):
-            self.env['auditlog.rule'].create({
-                'name': 'Duplicate Rule',
-                'model_id': self.model.id,
-            })
+            self.env["auditlog.rule"].create(
+                {
+                    "name": "Duplicate Rule",
+                    "model_id": self.model.id,
+                }
+            )
 
     def test_get_field_names_of_rule(self):
         """Test cached method _get_field_names_of_rule"""
         rule = self.rule
-        access_rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Access Rule',
-            'auditlog_rule_id': rule.id,
-            'field_ids': [(6, 0, [self.field.id])],
-        })
         field_names = rule._get_field_names_of_rule(self.model.model)
         self.assertIn(self.field.name, field_names)
 
@@ -52,38 +56,41 @@ def test_get_log_selected_fields_only(self):
     def test_get_auditlog_fields(self):
         """Test get_auditlog_fields filtering of fields"""
         rule = self.rule
-        access_rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Access Rule',
-            'auditlog_rule_id': rule.id,
-            'field_ids': [(6, 0, [self.field.id])],
-        })
-        fields = rule.get_auditlog_fields(self.env['x_test_model'])
+        fields = rule.get_auditlog_fields(self.env["x_test_model"])
         self.assertIn(self.field.name, fields)
 
     def test_write_clears_cache(self):
         """Test that writing specific fields clears the cache"""
-        access_rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Access Rule',
-            'auditlog_rule_id': self.rule.id,
-            'field_ids': [(6, 0, [self.field.id])],
-        })
-
         initial_field_names = self.rule._get_field_names_of_rule(self.model.model)
-        self.assertIn(self.field.name, initial_field_names, "Cache not populated correctly before write.")
+        self.assertIn(
+            self.field.name,
+            initial_field_names,
+            "Cache not populated correctly before write.",
+        )
 
-        self.rule.write({'log_selected_fields_only': False})
+        self.rule.write({"log_selected_fields_only": False})
 
         updated_field_names = self.rule._get_field_names_of_rule(self.model.model)
 
-        self.assertIn(self.field.name, updated_field_names, "Cache not updated correctly after write.")
-        self.assertEqual(updated_field_names, initial_field_names, "Cache should be recalculated and match expected values.")
+        self.assertIn(
+            self.field.name,
+            updated_field_names,
+            "Cache not updated correctly after write.",
+        )
+        self.assertEqual(
+            updated_field_names,
+            initial_field_names,
+            "Cache should be recalculated and match expected values.",
+        )
 
     def test_onchange_model_id(self):
         """Test that related access rules are removed when model_id is changed"""
-        access_rule = self.env['auditlog.line.access.rule'].create({
-            'name': 'Access Rule',
-            'auditlog_rule_id': self.rule.id,
-        })
+        access_rule = self.env["auditlog.line.access.rule"].create(
+            {
+                "name": "Access Rule",
+                "auditlog_rule_id": self.rule.id,
+            }
+        )
         self.assertTrue(access_rule.exists())
         self.rule.onchange_model_id()
         self.assertFalse(access_rule.exists())
@@ -96,9 +103,9 @@ def test_create_server_action(self):
 
     def test_subscribe_method(self):
         """Test the subscribe method with rule regeneration and server action creation"""
-        action_count_before = self.env['ir.actions.server'].search_count([])
+        action_count_before = self.env["ir.actions.server"].search_count([])
         self.rule.subscribe()
-        action_count_after = self.env['ir.actions.server'].search_count([])
+        action_count_after = self.env["ir.actions.server"].search_count([])
         self.assertGreater(action_count_after, action_count_before)
 
     def test_unsubscribe_method(self):

From 339a9d55ca2c7322f0b7b7cc24a558cfca428e6c Mon Sep 17 00:00:00 2001
From: KKamaa <kevkamaa96@gmail.com>
Date: Tue, 24 Sep 2024 18:08:56 +0300
Subject: [PATCH 06/11] fixup! fixup! [FIX] tests

---
 auditlog_security/tests/test_auditlog_rule.py | 41 ++++++++++++++++---
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/auditlog_security/tests/test_auditlog_rule.py b/auditlog_security/tests/test_auditlog_rule.py
index 23ff9505108..0ea4c8003d6 100644
--- a/auditlog_security/tests/test_auditlog_rule.py
+++ b/auditlog_security/tests/test_auditlog_rule.py
@@ -31,9 +31,20 @@ def setUpClass(cls):
                 "ttype": "char",
             }
         )
+        cls.access_rule = cls.env["auditlog.line.access.rule"].create(
+            {
+                "name": "Access Rule",
+                "auditlog_rule_id": cls.rule.id,
+                "field_ids": [(6, 0, [cls.field.id])],
+            }
+        )
 
     def test_unique_model_constraint(self):
         """Test unique constraint on model_id field"""
+
+        # Attempting to create a rule with the same
+        # model_id should raise a UniqueViolation error
+
         with self.assertRaises(UniqueViolation):
             self.env["auditlog.rule"].create(
                 {
@@ -44,9 +55,12 @@ def test_unique_model_constraint(self):
 
     def test_get_field_names_of_rule(self):
         """Test cached method _get_field_names_of_rule"""
-        rule = self.rule
-        field_names = rule._get_field_names_of_rule(self.model.model)
-        self.assertIn(self.field.name, field_names)
+        field_names = self.rule._get_field_names_of_rule(self.model.model)
+        self.assertIn(
+            self.field.name,
+            field_names,
+            f"Expected field '{self.field.name}' not found in field names: {field_names}",
+        )
 
     def test_get_log_selected_fields_only(self):
         """Test cached method _get_log_selected_fields_only"""
@@ -55,23 +69,38 @@ def test_get_log_selected_fields_only(self):
 
     def test_get_auditlog_fields(self):
         """Test get_auditlog_fields filtering of fields"""
-        rule = self.rule
-        fields = rule.get_auditlog_fields(self.env["x_test_model"])
-        self.assertIn(self.field.name, fields)
+        fields = self.rule.get_auditlog_fields(self.env["x_test_model"])
+        self.assertIn(
+            self.field.name,
+            fields,
+            f"Expected field '{self.field.name}' not found in auditlog fields: {fields}",
+        )
 
     def test_write_clears_cache(self):
         """Test that writing specific fields clears the cache"""
+        # Clear cache to ensure fresh data is fetched
+        self.env.cache.clear()
+
+        # Fetch initial field names to ensure cache is populated
         initial_field_names = self.rule._get_field_names_of_rule(self.model.model)
+
+        # Assert that the cache was populated correctly
         self.assertIn(
             self.field.name,
             initial_field_names,
             "Cache not populated correctly before write.",
         )
 
+        # Write to the rule to trigger cache invalidation
         self.rule.write({"log_selected_fields_only": False})
 
+        # Clear cache to force the method to re-evaluate
+        self.env.cache.clear()
+
+        # Fetch updated field names to ensure cache was cleared and repopulated
         updated_field_names = self.rule._get_field_names_of_rule(self.model.model)
 
+        # Assert that the cache was updated correctly
         self.assertIn(
             self.field.name,
             updated_field_names,

From 6af2d6c37958fa1902675ca54186419531d4f6d3 Mon Sep 17 00:00:00 2001
From: ntsirintanis <ntsirintanis@therp.nl>
Date: Wed, 30 Apr 2025 14:37:06 +0200
Subject: [PATCH 07/11] [UPD] auditlog_security groupfield version

---
 auditlog_security/models/__init__.py          |  4 +-
 .../models/auditlog_line_access_rule.py       | 95 +------------------
 auditlog_security/models/auditlog_log.py      | 29 ++++++
 auditlog_security/models/auditlog_log_line.py | 25 +++++
 auditlog_security/models/auditlog_rule.py     |  9 +-
 auditlog_security/models/ir_rule.py           | 16 ----
 auditlog_security/security/ir_rule.xml        | 18 ++++
 7 files changed, 77 insertions(+), 119 deletions(-)
 create mode 100644 auditlog_security/models/auditlog_log.py
 delete mode 100644 auditlog_security/models/ir_rule.py

diff --git a/auditlog_security/models/__init__.py b/auditlog_security/models/__init__.py
index db0c1ec6291..6a93aed1079 100644
--- a/auditlog_security/models/__init__.py
+++ b/auditlog_security/models/__init__.py
@@ -1,7 +1,7 @@
-# Copyright 2021-2024 Therp B.V.
+# Copyright 2021-2025 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from . import auditlog_rule
 from . import auditlog_line_access_rule
-from . import ir_rule
+from . import auditlog_log
 from . import auditlog_log_line
diff --git a/auditlog_security/models/auditlog_line_access_rule.py b/auditlog_security/models/auditlog_line_access_rule.py
index e7651ff41d2..84013ec950f 100644
--- a/auditlog_security/models/auditlog_line_access_rule.py
+++ b/auditlog_security/models/auditlog_line_access_rule.py
@@ -1,7 +1,7 @@
 # Copyright 2021-2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo import api, fields, models
+from odoo import fields, models
 
 
 class AuditlogLineAccessRule(models.Model):
@@ -23,96 +23,3 @@ class AuditlogLineAccessRule(models.Model):
         "auditlog.rule", "auditlog_access_rule_ids", readonly=True, ondelete="cascade"
     )
     state = fields.Selection(related="auditlog_rule_id.state", readonly=True)
-
-    def needs_rule(self):
-        self.ensure_one()
-        return bool(self.group_ids)
-
-    def get_linked_rules(self):
-        return self.env["ir.rule"].search(
-            [("auditlog_line_access_rule_id", "in", self.ids)]
-        )
-
-    def unlink(self):
-        to_delete = self.get_linked_rules()
-        res = super(AuditlogLineAccessRule, self).unlink()
-        if res:
-            res = res and to_delete.unlink()
-        return res
-
-    def add_default_group_if_needed(self):
-        self.ensure_one()
-        res = False
-        if not self.group_ids and self.field_ids:
-            res = self.with_context(no_iter=True).write(
-                {"group_ids": [(6, 0, [self.env.ref("base.group_user").id])]}
-            )
-        return res
-
-    @api.model_create_multi
-    def create(self, vals):
-        res = super(AuditlogLineAccessRule, self).create(vals)
-        res.add_default_group_if_needed()
-        res.regenerate_rules()
-        return res
-
-    def write(self, vals):
-        res = super(AuditlogLineAccessRule, self).write(vals)
-        for this in self:
-            added = this.add_default_group_if_needed()
-            if (
-                any(
-                    [
-                        x in vals
-                        for x in ("group_ids", "field_ids", "model_id", "all_fields")
-                    ]
-                )
-                or added
-            ):
-                this.regenerate_rules()
-
-        return res
-
-    def remove_rules(self):
-        for this in self:
-            this.get_linked_rules().unlink()
-
-    def regenerate_rules(self):
-        for this in self:
-            this.remove_rules()
-            dict_values = this._prepare_rule_values()
-            for values in dict_values:
-                self.env["ir.rule"].create(values)
-
-    def _prepare_rule_values(self):
-        self.ensure_one()
-        if not self.needs_rule():
-            return []
-        domain_force = "[" + " ('log_id.model_id' , '=', %s)," % (self.model_id.id)
-        if self.field_ids:
-            domain_force = "[('field_id', 'in',  %s)]" % (self.field_ids.ids)
-            model = self.env.ref("auditlog.model_auditlog_log_line")
-        else:
-            domain_force = "[('model_id', '=', %s)]" % (self.model_id.id)
-            model = self.env.ref("auditlog.model_auditlog_log")
-        auditlog_security_group = self.env.ref(
-            "auditlog_security.group_can_view_audit_logs"
-        )
-        return [
-            {
-                "name": "auditlog_extended_%s" % self.id,
-                "model_id": model.id,
-                "groups": [(6, 0, self.group_ids.ids)],
-                "perm_read": True,
-                "domain_force": domain_force,
-                "auditlog_line_access_rule_id": self.id,
-            },
-            {
-                "name": "auditlog_extended_%s" % self.id,
-                "model_id": model.id,
-                "groups": [(6, 0, [auditlog_security_group.id])],
-                "perm_read": True,
-                "domain_force": [(1, "=", 1)],
-                "auditlog_line_access_rule_id": self.id,
-            },
-        ]
diff --git a/auditlog_security/models/auditlog_log.py b/auditlog_security/models/auditlog_log.py
new file mode 100644
index 00000000000..ae01442af80
--- /dev/null
+++ b/auditlog_security/models/auditlog_log.py
@@ -0,0 +1,29 @@
+# Copyright 2025 Therp B.V.
+# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
+
+from odoo import api, fields, models
+
+
+class AuditlogLog(models.Model):
+    _inherit = "auditlog.log"
+
+    rule_id = fields.Many2one("auditlog.rule", compute="_compute_rule_id", store=True)
+    allowed_group_ids = fields.Many2many(
+        "res.groups", compute="_compute_allowed_group_ids", store=True
+    )
+
+    @api.depends("model_id")
+    def _compute_rule_id(self):
+        for log in self:
+            log.rule_id = self.env["auditlog.rule"].search(
+                [("model_id", "=", log.model_id.id)]
+            )
+
+    @api.depends("rule_id")
+    def _compute_allowed_group_ids(self):
+        for log in self:
+            log.allowed_group_ids = (
+                self.env["auditlog.line.access.rule"]
+                .search([("auditlog_rule_id", "=", log.rule_id.id)])
+                .group_ids
+            )
diff --git a/auditlog_security/models/auditlog_log_line.py b/auditlog_security/models/auditlog_log_line.py
index 5738b58d0a0..244838e60f5 100644
--- a/auditlog_security/models/auditlog_log_line.py
+++ b/auditlog_security/models/auditlog_log_line.py
@@ -20,6 +20,9 @@ class AuditlogLogLine(models.Model):
         "ir.model", compute="_compute_model_id", store=True, index=True
     )
     res_id = fields.Integer(compute="_compute_res_id", store=True, index=True)
+    allowed_group_ids = fields.Many2many(
+        "res.groups", compute="_compute_allowed_group_ids", store=True
+    )
 
     @api.depends("log_id.method")
     def _compute_method(self):
@@ -40,3 +43,25 @@ def _compute_model_id(self):
     def _compute_res_id(self):
         for this in self:
             this.res_id = this.log_id.res_id
+
+    @api.depends(
+        "field_id",
+        "log_id.rule_id",
+        "log_id.rule_id.auditlog_line_access_rule_ids.group_ids",
+        "log_id.rule_id.auditlog_line_access_rule_ids.field_ids",
+    )
+    def _compute_allowed_group_ids(self):
+        for line in self:
+            # Do not give a value to sql model
+            if line._name == "auditlog.log.line.view":
+                continue
+            line.allowed_group_ids = (
+                self.env["auditlog.line.access.rule"]
+                .search(
+                    [
+                        ("auditlog_rule_id", "=", line.log_id.rule_id.id),
+                        ("field_ids", "in", line.field_id.ids),
+                    ]
+                )
+                .group_ids
+            )
diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py
index eceba51f42e..79d322903ba 100644
--- a/auditlog_security/models/auditlog_rule.py
+++ b/auditlog_security/models/auditlog_rule.py
@@ -118,10 +118,7 @@ def subscribe(self):
         for rule in self:
             server_action = rule._create_server_action()
             server_action.create_action()
-        res = super(AuditlogRule, self).subscribe()
-        for rule in self:
-            rule.auditlog_line_access_rule_ids.regenerate_rules()
-        # rule now will have "View Log" Action, make that visible only for admin
+        res = super().subscribe()
         if res:
             self.action_id.write(
                 {"groups_id": [(6, 0, [self.env.ref("base.group_system").id])]}
@@ -129,8 +126,6 @@ def subscribe(self):
         return res
 
     def unsubscribe(self):
-        for rule in self:
-            rule.auditlog_line_access_rule_ids.remove_rules()
         for rule in self:
             rule.server_action_id.unlink()
-        return super(AuditlogRule, self).unsubscribe()
+        return super().unsubscribe()
diff --git a/auditlog_security/models/ir_rule.py b/auditlog_security/models/ir_rule.py
deleted file mode 100644
index 8def6cc7115..00000000000
--- a/auditlog_security/models/ir_rule.py
+++ /dev/null
@@ -1,16 +0,0 @@
-# Copyright 2021-2024 Therp B.V.
-# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
-
-from odoo import fields, models
-
-
-class IrRule(models.Model):
-    _inherit = "ir.rule"
-
-    auditlog_line_access_rule_id = fields.Many2one(
-        "auditlog.line.access.rule",
-        required=False,
-        index=True,
-        ondelete="cascade",
-        help="Auditlog line access Rule that generated this ir.rule",
-    )
diff --git a/auditlog_security/security/ir_rule.xml b/auditlog_security/security/ir_rule.xml
index dfea064c1c5..d247e7ab499 100644
--- a/auditlog_security/security/ir_rule.xml
+++ b/auditlog_security/security/ir_rule.xml
@@ -15,4 +15,22 @@
         <field name="perm_unlink" eval="False" />
     </record>
 
+    <record id="auditlog_log_rule" model="ir.rule">
+        <field name="name">Access to auditlog.log</field>
+        <field name="model_id" ref="auditlog.model_auditlog_log" />
+        <field
+            name="domain_force"
+        >[('allowed_group_ids', 'in', user.groups_id.ids)]</field>
+        <field name="perm_read" eval="False" />
+    </record>
+
+    <record id="auditlog_log_line_rule" model="ir.rule">
+        <field name="name">Access to auditlog.log.line</field>
+        <field name="model_id" ref="auditlog.model_auditlog_log_line" />
+        <field
+            name="domain_force"
+        >[('allowed_group_ids', 'in', user.groups_id.ids)]</field>
+        <field name="perm_read" eval="False" />
+    </record>
+
 </odoo>

From f5ea50dd91fac2cfc81be26dbf63ddb8293a9f2c Mon Sep 17 00:00:00 2001
From: Nikos Tsirintanis <ntsirintanis@therp.nl>
Date: Wed, 7 May 2025 16:32:52 +0200
Subject: [PATCH 08/11] fixup! [UPD] auditlog_security groupfield version

---
 auditlog_security/models/auditlog_log.py      | 21 +++---
 auditlog_security/models/auditlog_log_line.py | 73 +++++--------------
 auditlog_security/models/auditlog_rule.py     |  6 --
 auditlog_security/security/ir_rule.xml        | 14 ----
 4 files changed, 30 insertions(+), 84 deletions(-)

diff --git a/auditlog_security/models/auditlog_log.py b/auditlog_security/models/auditlog_log.py
index ae01442af80..8d61016753b 100644
--- a/auditlog_security/models/auditlog_log.py
+++ b/auditlog_security/models/auditlog_log.py
@@ -2,6 +2,7 @@
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from odoo import api, fields, models
+from odoo.osv.expression import OR
 
 
 class AuditlogLog(models.Model):
@@ -9,7 +10,9 @@ class AuditlogLog(models.Model):
 
     rule_id = fields.Many2one("auditlog.rule", compute="_compute_rule_id", store=True)
     allowed_group_ids = fields.Many2many(
-        "res.groups", compute="_compute_allowed_group_ids", store=True
+        "res.groups",
+        compute=lambda self: self.update({"allowed_group_ids": False}),
+        search="_search_allowed_group_ids",
     )
 
     @api.depends("model_id")
@@ -19,11 +22,11 @@ def _compute_rule_id(self):
                 [("model_id", "=", log.model_id.id)]
             )
 
-    @api.depends("rule_id")
-    def _compute_allowed_group_ids(self):
-        for log in self:
-            log.allowed_group_ids = (
-                self.env["auditlog.line.access.rule"]
-                .search([("auditlog_rule_id", "=", log.rule_id.id)])
-                .group_ids
-            )
+    def _search_allowed_group_ids(self, operator, value):
+        access_rules = self.env["auditlog.line.access.rule"].search(
+            ["|", ("group_ids", operator, value), ("group_ids", "=", False)]
+        )
+        domains = []
+        for access_rule in access_rules:
+            domains.append([("rule_id", "=", access_rule.auditlog_rule_id.id)])
+        return OR(domains)
diff --git a/auditlog_security/models/auditlog_log_line.py b/auditlog_security/models/auditlog_log_line.py
index 244838e60f5..3da270b6a01 100644
--- a/auditlog_security/models/auditlog_log_line.py
+++ b/auditlog_security/models/auditlog_log_line.py
@@ -1,67 +1,30 @@
 # Copyright 2022-2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo import api, fields, models
+from odoo import fields, models
+from odoo.osv.expression import OR
 
 
 class AuditlogLogLine(models.Model):
     _inherit = "auditlog.log.line"
     _order = "create_date desc"
 
-    user_id = fields.Many2one(
-        "res.users",
-        compute="_compute_user_id",
-        store=True,
-        index=True,
-        string="User",
-    )
-    method = fields.Char(compute="_compute_method", store=True, index=True)
-    model_id = fields.Many2one(
-        "ir.model", compute="_compute_model_id", store=True, index=True
-    )
-    res_id = fields.Integer(compute="_compute_res_id", store=True, index=True)
+    user_id = fields.Many2one(related="log_id.user_id")
+    method = fields.Char(related="log_id.method")
+    model_id = fields.Many2one(related="log_id.model_id", store=True)
+    res_id = fields.Integer(related="log_id.res_id")
     allowed_group_ids = fields.Many2many(
-        "res.groups", compute="_compute_allowed_group_ids", store=True
+        "res.groups",
+        compute=lambda self: self.update({"allowed_group_ids": False}),
+        search="_search_allowed_group_ids",
     )
 
-    @api.depends("log_id.method")
-    def _compute_method(self):
-        for this in self:
-            this.method = this.log_id.method
-
-    @api.depends("log_id.user_id")
-    def _compute_user_id(self):
-        for this in self:
-            this.user_id = this.log_id.user_id
-
-    @api.depends("log_id.model_id")
-    def _compute_model_id(self):
-        for this in self:
-            this.model_id = this.log_id.model_id
-
-    @api.depends("log_id.res_id")
-    def _compute_res_id(self):
-        for this in self:
-            this.res_id = this.log_id.res_id
-
-    @api.depends(
-        "field_id",
-        "log_id.rule_id",
-        "log_id.rule_id.auditlog_line_access_rule_ids.group_ids",
-        "log_id.rule_id.auditlog_line_access_rule_ids.field_ids",
-    )
-    def _compute_allowed_group_ids(self):
-        for line in self:
-            # Do not give a value to sql model
-            if line._name == "auditlog.log.line.view":
-                continue
-            line.allowed_group_ids = (
-                self.env["auditlog.line.access.rule"]
-                .search(
-                    [
-                        ("auditlog_rule_id", "=", line.log_id.rule_id.id),
-                        ("field_ids", "in", line.field_id.ids),
-                    ]
-                )
-                .group_ids
-            )
+    def _search_allowed_group_ids(self, operator, value):
+        access_rules = self.env['auditlog.line.access.rule'].search(['|', ('group_ids', operator, value), ('group_ids', '=', False)])
+        domains = []
+        for access_rule in access_rules:
+            domain = [('log_id.rule_id', '=', access_rule.auditlog_rule_id.id)]
+            if access_rule.field_ids:
+                domain.append(('field_id', 'in', access_rule.field_ids.ids))
+            domains.append(domain)
+        return OR(domains)
diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py
index 79d322903ba..d8114aa5636 100644
--- a/auditlog_security/models/auditlog_rule.py
+++ b/auditlog_security/models/auditlog_rule.py
@@ -2,7 +2,6 @@
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from odoo import _, api, fields, models, tools
-from odoo.exceptions import ValidationError
 
 
 class AuditlogRule(models.Model):
@@ -20,11 +19,6 @@ class AuditlogRule(models.Model):
         help="Log only the selected fields, to save space avoid large DB data.",
     )
 
-    @api.constrains("model_id")
-    def unique_model(self):
-        if self.search_count([("model_id", "=", self.model_id.id)]) > 1:
-            raise ValidationError(_("A rule for this model already exists"))
-
     @api.model
     @tools.ormcache("model_name")
     def _get_field_names_of_rule(self, model_name):
diff --git a/auditlog_security/security/ir_rule.xml b/auditlog_security/security/ir_rule.xml
index d247e7ab499..9706e749682 100644
--- a/auditlog_security/security/ir_rule.xml
+++ b/auditlog_security/security/ir_rule.xml
@@ -1,20 +1,6 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <odoo noupdate="1">
 
-    <record id="no_one_by_default" model="ir.rule">
-        <field name="name">Nobody can read by default</field>
-        <field
-            name="model_id"
-            ref="auditlog_security.model_auditlog_line_access_rule"
-        />
-        <field name="domain_force">[(0, '=', 1)]</field>
-        <field name="groups" eval="[(4, ref('base.group_user'))]" />
-        <field name="perm_read" eval="True" />
-        <field name="perm_write" eval="False" />
-        <field name="perm_create" eval="False" />
-        <field name="perm_unlink" eval="False" />
-    </record>
-
     <record id="auditlog_log_rule" model="ir.rule">
         <field name="name">Access to auditlog.log</field>
         <field name="model_id" ref="auditlog.model_auditlog_log" />

From 9f29a3f87aa1c567a94837ff6512cf1ab588717c Mon Sep 17 00:00:00 2001
From: Nikos Tsirintanis <ntsirintanis@therp.nl>
Date: Thu, 15 May 2025 14:29:53 +0200
Subject: [PATCH 09/11] fixup! fixup! [UPD] auditlog_security groupfield
 version

---
 auditlog_security/__manifest__.py         |  1 -
 auditlog_security/models/auditlog_log.py  | 15 ----------
 auditlog_security/models/auditlog_rule.py |  3 +-
 auditlog_security/security/ir_rule.xml    | 36 +++++++++++++++--------
 auditlog_security/security/res_groups.xml |  6 ----
 auditlog_security/views/auditlog_view.xml |  1 +
 6 files changed, 27 insertions(+), 35 deletions(-)
 delete mode 100644 auditlog_security/security/res_groups.xml

diff --git a/auditlog_security/__manifest__.py b/auditlog_security/__manifest__.py
index 7af1284b967..76a8b8936ed 100644
--- a/auditlog_security/__manifest__.py
+++ b/auditlog_security/__manifest__.py
@@ -15,7 +15,6 @@
         "contacts",
     ],
     "data": [
-        "security/res_groups.xml",
         "views/auditlog_view.xml",
         "security/ir.model.access.csv",
         "security/ir_rule.xml",
diff --git a/auditlog_security/models/auditlog_log.py b/auditlog_security/models/auditlog_log.py
index 8d61016753b..7269f26be2f 100644
--- a/auditlog_security/models/auditlog_log.py
+++ b/auditlog_security/models/auditlog_log.py
@@ -2,18 +2,12 @@
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
 from odoo import api, fields, models
-from odoo.osv.expression import OR
 
 
 class AuditlogLog(models.Model):
     _inherit = "auditlog.log"
 
     rule_id = fields.Many2one("auditlog.rule", compute="_compute_rule_id", store=True)
-    allowed_group_ids = fields.Many2many(
-        "res.groups",
-        compute=lambda self: self.update({"allowed_group_ids": False}),
-        search="_search_allowed_group_ids",
-    )
 
     @api.depends("model_id")
     def _compute_rule_id(self):
@@ -21,12 +15,3 @@ def _compute_rule_id(self):
             log.rule_id = self.env["auditlog.rule"].search(
                 [("model_id", "=", log.model_id.id)]
             )
-
-    def _search_allowed_group_ids(self, operator, value):
-        access_rules = self.env["auditlog.line.access.rule"].search(
-            ["|", ("group_ids", operator, value), ("group_ids", "=", False)]
-        )
-        domains = []
-        for access_rule in access_rules:
-            domains.append([("rule_id", "=", access_rule.auditlog_rule_id.id)])
-        return OR(domains)
diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py
index d8114aa5636..cfd03ad9874 100644
--- a/auditlog_security/models/auditlog_rule.py
+++ b/auditlog_security/models/auditlog_rule.py
@@ -15,7 +15,6 @@ class AuditlogRule(models.Model):
         "Server Action",
     )
     log_selected_fields_only = fields.Boolean(
-        default=True,
         help="Log only the selected fields, to save space avoid large DB data.",
     )
 
@@ -93,6 +92,7 @@ def _get_view_log_lines_action(self):
     def _create_server_action(self):
         self.ensure_one()
         code = "action = env['auditlog.rule']._get_view_log_lines_action()"
+        allowed_groups = self.auditlog_line_access_rule_ids.group_ids
         server_action = (
             self.env["ir.actions.server"]
             .sudo()
@@ -102,6 +102,7 @@ def _create_server_action(self):
                     "model_id": self.model_id.id,
                     "state": "code",
                     "code": code,
+                    "groups_id": [(6, 0, allowed_groups.ids)],
                 }
             )
         )
diff --git a/auditlog_security/security/ir_rule.xml b/auditlog_security/security/ir_rule.xml
index 9706e749682..d5482ba9ea5 100644
--- a/auditlog_security/security/ir_rule.xml
+++ b/auditlog_security/security/ir_rule.xml
@@ -1,22 +1,34 @@
 <?xml version="1.0" encoding="utf-8" ?>
-<odoo noupdate="1">
+<odoo noupdate="0">
 
-    <record id="auditlog_log_rule" model="ir.rule">
-        <field name="name">Access to auditlog.log</field>
-        <field name="model_id" ref="auditlog.model_auditlog_log" />
-        <field
-            name="domain_force"
-        >[('allowed_group_ids', 'in', user.groups_id.ids)]</field>
+    <record id="auditlog_log_line_rule_base_user" model="ir.rule">
+        <field name="name">Access to auditlog.log.line</field>
+        <field name="model_id" ref="auditlog.model_auditlog_log_line" />
+        <field name="groups" eval="[(4, ref('base.group_user'))]" />
+        <field name="perm_read" eval="True" />
+        <field name="perm_write" eval="True" />
+        <field name="perm_create" eval="True" />
+        <field name="perm_unlink" eval="True" />
+    </record>
+
+    <record id="auditlog_log_line_rule_auditlog_user" model="ir.rule">
+        <field name="name">Access to auditlog.log.line user</field>
+        <field name="model_id" ref="auditlog.model_auditlog_log_line" />
+        <field name="groups" eval="[(4, ref('auditlog.group_auditlog_user'))]" />
+        <field name="domain_force">[('allowed_group_ids', 'in', user.groups_id.ids)]
+        </field>
         <field name="perm_read" eval="False" />
     </record>
 
-    <record id="auditlog_log_line_rule" model="ir.rule">
-        <field name="name">Access to auditlog.log.line</field>
+    <record id="auditlog_log_line_rule_auditlog_admin" model="ir.rule">
+        <field name="name">Access to auditlog.log.line admin</field>
         <field name="model_id" ref="auditlog.model_auditlog_log_line" />
         <field
-            name="domain_force"
-        >[('allowed_group_ids', 'in', user.groups_id.ids)]</field>
-        <field name="perm_read" eval="False" />
+            name="groups"
+            eval="[(4, ref('base.group_erp_manager')),(4, ref('auditlog.group_auditlog_manager'))]"
+        />
+        <field name="domain_force">[(1, '=', 1)]
+        </field>
     </record>
 
 </odoo>
diff --git a/auditlog_security/security/res_groups.xml b/auditlog_security/security/res_groups.xml
deleted file mode 100644
index 2b4fd7171c9..00000000000
--- a/auditlog_security/security/res_groups.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<odoo>
-    <record id="group_can_view_audit_logs" model="res.groups">
-        <field name="name">View Audit Logs</field>
-    </record>
-</odoo>
diff --git a/auditlog_security/views/auditlog_view.xml b/auditlog_security/views/auditlog_view.xml
index fcb0f404027..f40dd0d95b0 100644
--- a/auditlog_security/views/auditlog_view.xml
+++ b/auditlog_security/views/auditlog_view.xml
@@ -66,6 +66,7 @@
                 <field name="new_value_text" />
                 <field name="user_id" />
                 <field name="method" string="Type of operation" />
+                <field name="allowed_group_ids" invisible="1" />
             </tree>
         </field>
     </record>

From dee7eb37259f8ade930c9b56268361b5377af929 Mon Sep 17 00:00:00 2001
From: Nikos Tsirintanis <ntsirintanis@therp.nl>
Date: Fri, 16 May 2025 10:53:21 +0200
Subject: [PATCH 10/11] fixup! fixup! fixup! [UPD] auditlog_security groupfield
 version

---
 auditlog_security/models/__init__.py          |  1 -
 auditlog_security/models/auditlog_log.py      | 17 ----------------
 auditlog_security/models/auditlog_log_line.py | 20 ++++++++++++++-----
 auditlog_security/models/auditlog_rule.py     | 11 +++++-----
 auditlog_security/security/ir_rule.xml        | 11 ----------
 auditlog_security/views/auditlog_view.xml     | 18 +++--------------
 6 files changed, 24 insertions(+), 54 deletions(-)
 delete mode 100644 auditlog_security/models/auditlog_log.py

diff --git a/auditlog_security/models/__init__.py b/auditlog_security/models/__init__.py
index 6a93aed1079..209ec0e08b6 100644
--- a/auditlog_security/models/__init__.py
+++ b/auditlog_security/models/__init__.py
@@ -3,5 +3,4 @@
 
 from . import auditlog_rule
 from . import auditlog_line_access_rule
-from . import auditlog_log
 from . import auditlog_log_line
diff --git a/auditlog_security/models/auditlog_log.py b/auditlog_security/models/auditlog_log.py
deleted file mode 100644
index 7269f26be2f..00000000000
--- a/auditlog_security/models/auditlog_log.py
+++ /dev/null
@@ -1,17 +0,0 @@
-# Copyright 2025 Therp B.V.
-# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
-
-from odoo import api, fields, models
-
-
-class AuditlogLog(models.Model):
-    _inherit = "auditlog.log"
-
-    rule_id = fields.Many2one("auditlog.rule", compute="_compute_rule_id", store=True)
-
-    @api.depends("model_id")
-    def _compute_rule_id(self):
-        for log in self:
-            log.rule_id = self.env["auditlog.rule"].search(
-                [("model_id", "=", log.model_id.id)]
-            )
diff --git a/auditlog_security/models/auditlog_log_line.py b/auditlog_security/models/auditlog_log_line.py
index 3da270b6a01..39757fd66d7 100644
--- a/auditlog_security/models/auditlog_log_line.py
+++ b/auditlog_security/models/auditlog_log_line.py
@@ -1,7 +1,7 @@
 # Copyright 2022-2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo import fields, models
+from odoo import api, fields, models
 from odoo.osv.expression import OR
 
 
@@ -11,8 +11,9 @@ class AuditlogLogLine(models.Model):
 
     user_id = fields.Many2one(related="log_id.user_id")
     method = fields.Char(related="log_id.method")
-    model_id = fields.Many2one(related="log_id.model_id", store=True)
+    model_id = fields.Many2one(related="log_id.model_id", store=True, reaonly=True)
     res_id = fields.Integer(related="log_id.res_id")
+    rule_id = fields.Many2one("auditlog.rule", compute="_compute_rule_id", store=True)
     allowed_group_ids = fields.Many2many(
         "res.groups",
         compute=lambda self: self.update({"allowed_group_ids": False}),
@@ -20,11 +21,20 @@ class AuditlogLogLine(models.Model):
     )
 
     def _search_allowed_group_ids(self, operator, value):
-        access_rules = self.env['auditlog.line.access.rule'].search(['|', ('group_ids', operator, value), ('group_ids', '=', False)])
+        access_rules = self.env["auditlog.line.access.rule"].search(
+            ["|", ("group_ids", operator, value), ("group_ids", "=", False)]
+        )
         domains = []
         for access_rule in access_rules:
-            domain = [('log_id.rule_id', '=', access_rule.auditlog_rule_id.id)]
+            domain = [("rule_id", "=", access_rule.auditlog_rule_id.id)]
             if access_rule.field_ids:
-                domain.append(('field_id', 'in', access_rule.field_ids.ids))
+                domain.append(("field_id", "in", access_rule.field_ids.ids))
             domains.append(domain)
         return OR(domains)
+
+    @api.depends("model_id")
+    def _compute_rule_id(self):
+        for line in self:
+            line.rule_id = self.env["auditlog.rule"].search(
+                [("model_id", "=", line.model_id.id)]
+            )
diff --git a/auditlog_security/models/auditlog_rule.py b/auditlog_security/models/auditlog_rule.py
index cfd03ad9874..c66fd722fe9 100644
--- a/auditlog_security/models/auditlog_rule.py
+++ b/auditlog_security/models/auditlog_rule.py
@@ -1,7 +1,7 @@
 # Copyright 2021-2024 Therp B.V.
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
 
-from odoo import _, api, fields, models, tools
+from odoo import _, api, fields, models, modules, tools
 
 
 class AuditlogRule(models.Model):
@@ -60,12 +60,15 @@ def write(self, values):
         if any([field in values.keys() for field in cache_invalidating_fields]):
             # clear cache for all ormcache methods.
             self.clear_caches()
-        return super(AuditlogRule, self).write(values)
+        res = super().write(values)
+        if self._register_hook():
+            modules.registry.Registry(self.env.cr.dbname).signal_changes()
+        return res
 
     @api.onchange("model_id")
     def onchange_model_id(self):
         # if model changes we must wipe out all field ids
-        self.auditlog_line_access_rule_ids.unlink()
+        self.auditlog_line_access_rule_ids = False
 
     @api.model
     def _get_view_log_lines_action(self):
@@ -92,7 +95,6 @@ def _get_view_log_lines_action(self):
     def _create_server_action(self):
         self.ensure_one()
         code = "action = env['auditlog.rule']._get_view_log_lines_action()"
-        allowed_groups = self.auditlog_line_access_rule_ids.group_ids
         server_action = (
             self.env["ir.actions.server"]
             .sudo()
@@ -102,7 +104,6 @@ def _create_server_action(self):
                     "model_id": self.model_id.id,
                     "state": "code",
                     "code": code,
-                    "groups_id": [(6, 0, allowed_groups.ids)],
                 }
             )
         )
diff --git a/auditlog_security/security/ir_rule.xml b/auditlog_security/security/ir_rule.xml
index d5482ba9ea5..d72db220dc8 100644
--- a/auditlog_security/security/ir_rule.xml
+++ b/auditlog_security/security/ir_rule.xml
@@ -5,19 +5,8 @@
         <field name="name">Access to auditlog.log.line</field>
         <field name="model_id" ref="auditlog.model_auditlog_log_line" />
         <field name="groups" eval="[(4, ref('base.group_user'))]" />
-        <field name="perm_read" eval="True" />
-        <field name="perm_write" eval="True" />
-        <field name="perm_create" eval="True" />
-        <field name="perm_unlink" eval="True" />
-    </record>
-
-    <record id="auditlog_log_line_rule_auditlog_user" model="ir.rule">
-        <field name="name">Access to auditlog.log.line user</field>
-        <field name="model_id" ref="auditlog.model_auditlog_log_line" />
-        <field name="groups" eval="[(4, ref('auditlog.group_auditlog_user'))]" />
         <field name="domain_force">[('allowed_group_ids', 'in', user.groups_id.ids)]
         </field>
-        <field name="perm_read" eval="False" />
     </record>
 
     <record id="auditlog_log_line_rule_auditlog_admin" model="ir.rule">
diff --git a/auditlog_security/views/auditlog_view.xml b/auditlog_security/views/auditlog_view.xml
index f40dd0d95b0..9d03758ab47 100644
--- a/auditlog_security/views/auditlog_view.xml
+++ b/auditlog_security/views/auditlog_view.xml
@@ -1,24 +1,12 @@
 <?xml version="1.0" encoding="utf-8" ?>
 <odoo>
-     <record model="ir.ui.view" id="view_auditlog_log_tree">
-        <field name="name">auditlog.log.form</field>
-        <field name="model">auditlog.log</field>
-        <field name="inherit_id" ref="auditlog.view_auditlog_log_tree" />
-        <field name="arch" type="xml">
-            <xpath expr="//tree" position="attributes">
-                <attribute name="delete">false</attribute>
-            </xpath>
-        </field>
-     </record>
+
 
     <record model="ir.ui.view" id="view_auditlog_log_form">
         <field name="name">auditlog.log.form</field>
         <field name="model">auditlog.log</field>
         <field name="inherit_id" ref="auditlog.view_auditlog_log_form" />
         <field name="arch" type="xml">
-            <xpath expr="//form" position="attributes">
-                <attribute name="delete">false</attribute>
-            </xpath>
             <xpath
                 expr="//field[@name='line_ids']/form/group[2]/field[@name='old_value']"
                 position="before"
@@ -39,7 +27,7 @@
         <field name="name">auditlog.log.line.form</field>
         <field name="model">auditlog.log.line</field>
         <field name="arch" type="xml">
-                <form string="Log - Field updated" delete="0">
+                <form string="Log - Field updated">
                     <group>
                         <field name="field_id" readonly="1" />
                     </group>
@@ -59,7 +47,7 @@
         <field name="name">auditlog.log.line.tree</field>
         <field name="model">auditlog.log.line</field>
         <field name="arch" type="xml">
-            <tree delete="0">
+            <tree>
                 <field name="create_date" />
                 <field name="field_name" string="Changed" />
                 <field name="old_value_text" />

From bc76353bc8915a015291bb4d27521695b21b02d4 Mon Sep 17 00:00:00 2001
From: Nikos Tsirintanis <ntsirintanis@therp.nl>
Date: Wed, 21 May 2025 15:12:09 +0200
Subject: [PATCH 11/11] fixup! fixup! fixup! fixup! [UPD] auditlog_security
 groupfield version

---
 auditlog_security/__manifest__.py         | 1 +
 auditlog_security/security/res_groups.xml | 6 ++++++
 2 files changed, 7 insertions(+)
 create mode 100644 auditlog_security/security/res_groups.xml

diff --git a/auditlog_security/__manifest__.py b/auditlog_security/__manifest__.py
index 76a8b8936ed..7af1284b967 100644
--- a/auditlog_security/__manifest__.py
+++ b/auditlog_security/__manifest__.py
@@ -15,6 +15,7 @@
         "contacts",
     ],
     "data": [
+        "security/res_groups.xml",
         "views/auditlog_view.xml",
         "security/ir.model.access.csv",
         "security/ir_rule.xml",
diff --git a/auditlog_security/security/res_groups.xml b/auditlog_security/security/res_groups.xml
new file mode 100644
index 00000000000..2b4fd7171c9
--- /dev/null
+++ b/auditlog_security/security/res_groups.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<odoo>
+    <record id="group_can_view_audit_logs" model="res.groups">
+        <field name="name">View Audit Logs</field>
+    </record>
+</odoo>