odoo/odoo#203376
Created by fw-bot
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/template: Contact runbot team on discord for help.
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:saas-17.4-16.0-log-exports-dle-425403-fw
- head
- 4c80b0c25a096bc00141e1da558363a108b49acd
- merged
- 6 months ago by Security, Denis Ledoux (dle)
| odoo/odoo | |
|---|---|
| 16.0 | #202568 |
| 17.0 | #203351 |
| saas-17.4 | #203376 |
| 18.0 | #203388 |
| saas-18.1 | #203508 |
| saas-18.2 | #203530 |
| saas-18.3 | |
| saas-18.4 | |
| 19.0 | |
| master | #203603 |
[FW][IMP] web: log exports
For forensics purposes, having a log when users are doing an export is useful.
In this revision, the logger is put in the controller. It would be better to put it in a lower level method, such the export_data public method on the models.
However:
- The domain is only available in the controller. export_data does not receive the domain in its params. Putting the logger in export_data would therefore lead to the inability to log the domain. Or we would need to do one logger in the controller just for the domain, and a second logger in export_data.
- During an export using a group by (and without import compatibility) export_data is called recursively, in insert_leaf. Hence, if the logger would be put in export_data, there would be one log per group, therefore bloating the logs.
Hence, for stable versions, the decision taken is to put the log in the controller rather than in a lower level method. It's better than nothing.
A rework of the API of export_data is planned in master to solve the above concerns.
Forward-Port-Of: #202568