Name: [FIX] AI cluster Wave-1: pre-existing security remediation (4 CRITICAL + 13 HIGH)

State: Failed finished in 15m

PR State: merged

PR Author: David Tran

PR Author Email:

PR: #52

Committer: David Tran

Committer Email: davidtran.hp@gmail.com

Commit: ac15958326d6093957d0007ca492832cb20bd7d7

Description:

                                            [FIX] viin_ai_approval,viin_ai_base: end-of-wave review fixes (H7 effective scoping, error-log savepoint)

Independent end-of-wave review caught two HIGH issues in the wave-1 fixes:

- H7 RESIDUAL: the WI-3 advisory-cron company scope used ('company_id','in',
  self.env.companies.ids), but in the cron context env.companies = ALL companies
  (cron user has no allowed_company_ids) -> the scope was a no-op = cross-tenant
  processing leak, and its test was tautological (it pre-set allowed_company_ids).
  Fixed: pin the advisory cron user_id, and restructure _cron_run_ai_advisory to
  iterate companies explicitly with a literal ('company_id','=',company.id) filter
  under with_company(company) - isolation no longer depends on env.companies. The
  test now runs from the real all-company env and goes RED on the old code
  (scan saw companies [1,2,3,4]) -> GREEN.
- error-log savepoint: _record_error_usage now wraps the separate-cursor create in
  env.cr.savepoint(), matching the canonical api_request_mixin.log_request pattern.

132/132 viin_ai_base + 95/95 viin_ai_ops/approval tests pass on real odoo-bin.
                                            

Branch: 17.0

Instance ID: 0

Age:

Up-time: