From 4c5f261c172ab322068f00fc94b78e66c304d69b Mon Sep 17 00:00:00 2001
From: tarteo <d.sluijk@onestein.nl>
Date: Tue, 27 Aug 2024 13:42:03 +0200
Subject: [PATCH] [ADD] Security group dedicated for reporting statistics

---
 argocd_deployer/__manifest__.py                  | 1 +
 argocd_deployer/models/application_stat.py       | 8 +++++---
 argocd_deployer/security/ir.model.access.csv     | 2 ++
 argocd_deployer/security/res_groups.xml          | 7 +++++++
 argocd_deployer/views/application_value_view.xml | 1 +
 5 files changed, 16 insertions(+), 3 deletions(-)
 create mode 100644 argocd_deployer/security/res_groups.xml

diff --git a/argocd_deployer/__manifest__.py b/argocd_deployer/__manifest__.py
index 9ee3d53..ac44d36 100644
--- a/argocd_deployer/__manifest__.py
+++ b/argocd_deployer/__manifest__.py
@@ -22,6 +22,7 @@
         "views/application_stat_type_view.xml",
         "views/application_stat_view.xml",
         "templates/application_description.xml",
+        "security/res_groups.xml",
         "security/ir.model.access.csv",
         "menuitems.xml",
     ],
diff --git a/argocd_deployer/models/application_stat.py b/argocd_deployer/models/application_stat.py
index 0ac8d13..8216569 100644
--- a/argocd_deployer/models/application_stat.py
+++ b/argocd_deployer/models/application_stat.py
@@ -32,9 +32,11 @@ def create_stats(self, application_name, stats):
             - message: string value
         @return: ids of the created records
         """
-        application = self.env["argocd.application"].search(
-            [("name", "=", application_name)]
-        )
+        application = (
+            self.env["argocd.application"]
+            .sudo()
+            .search([("name", "=", application_name)])
+        )  # sudo so we don't have to give access to argocd.application which can contain sensitive information
         if not application:
             raise MissingError(
                 "Application with name `%s` doesn't exist" % application_name
diff --git a/argocd_deployer/security/ir.model.access.csv b/argocd_deployer/security/ir.model.access.csv
index d4388d9..8275515 100644
--- a/argocd_deployer/security/ir.model.access.csv
+++ b/argocd_deployer/security/ir.model.access.csv
@@ -9,3 +9,5 @@ application_namespace_prefix_access,application_namespace_prefix_access,model_ar
 application_domain_access,application_domain_access,model_argocd_application_domain,base.group_system,1,1,1,1
 application_stat_access,application_stat_access,model_argocd_application_stat,base.group_system,1,1,1,1
 application_stat_type_access,application_stat_type_access,model_argocd_application_stat_type,base.group_system,1,1,1,1
+application_stat_reporter_access,application_stat_reporter_access,model_argocd_application_stat,argocd_deployer.group_report_stats,0,0,1,0
+application_stat_type_reporter_access,application_stat_type_reporter_access,model_argocd_application_stat_type,argocd_deployer.group_report_stats,1,0,0,0
diff --git a/argocd_deployer/security/res_groups.xml b/argocd_deployer/security/res_groups.xml
new file mode 100644
index 0000000..697e504
--- /dev/null
+++ b/argocd_deployer/security/res_groups.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<odoo>
+    <record id="group_report_stats" model="res.groups">
+        <field name="name">Application Statistics Reporter</field>
+        <field name="category_id" ref="base.module_category_hidden"/>
+    </record>
+</odoo>
diff --git a/argocd_deployer/views/application_value_view.xml b/argocd_deployer/views/application_value_view.xml
index f84fa62..1ed0daa 100644
--- a/argocd_deployer/views/application_value_view.xml
+++ b/argocd_deployer/views/application_value_view.xml
@@ -6,6 +6,7 @@
             <tree editable="bottom">
                 <field name="application_id" invisible="1" />
                 <field name="key" />
+                <field name="message" />
                 <field name="value" />
             </tree>
         </field>