diff --git a/auditlog/models/rule.py b/auditlog/models/rule.py index 7e914e7a7d5..b6b0fc935d2 100644 --- a/auditlog/models/rule.py +++ b/auditlog/models/rule.py @@ -221,6 +221,7 @@ def _patch_method(self, model, method_name, check_attr): new_method = self._make_create() elif method_name == "read": new_method = self._make_read() + new_method._readonly = False elif method_name == "write": new_method = self._make_write() elif method_name == "unlink": diff --git a/auditlog/tests/test_http.py b/auditlog/tests/test_http.py index df3179930c1..67a9c808d5d 100644 --- a/auditlog/tests/test_http.py +++ b/auditlog/tests/test_http.py @@ -1,4 +1,6 @@ # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). +import logging + from odoo.tests.common import HttpCase, tagged from .common import AuditLogRuleCommon @@ -44,3 +46,38 @@ def test_compute_display_name(self): http_session_id.display_name, r"Mitchell Admin \(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}\)", ) + + def test_read_only_cursor(self): + self.authenticate("admin", "admin") + rule = self.env["auditlog.rule"].create( + { + "name": "res.partner", + "model_id": self.env.ref("base.model_res_partner").id, + "log_read": True, + "log_type": "full", + "state": "subscribed", + } + ) + self.addCleanup(rule.unsubscribe) + partner = self.env.ref("base.partner_demo") + with self.assertNoLogs("odoo", level=logging.ERROR): + self.make_jsonrpc_request( + "/web/dataset/call_kw", + params={ + "model": "res.partner", + "method": "read", + "args": [partner.ids], + "kwargs": {}, + }, + headers={ + "Cookie": f"session_id={self.session.sid};", + }, + ) + logs = self.env["auditlog.log"].search( + [ + ("model_id", "=", rule.model_id.id), + ("method", "=", "read"), + ("res_id", "=", partner.id), + ] + ) + self.assertEqual(len(logs), 1)