[Add] improve regex to detect for change API check access right

Lukas Tran · lef-adhoc · commit bb2e4a96e505 · 2024-11-25T11:31:38.000-03:00
fix test case
diff --git a/odoo_module_migrate/migration_scripts/migrate_170_180.py b/odoo_module_migrate/migration_scripts/migrate_170_180.py
@@ -87,7 +87,7 @@ def replace_chatter_self_closing(match):
 def replace_user_has_groups(
     logger, module_path, module_name, manifest_path, migration_steps, tools
 ):
-    files_to_process = tools.get_files(module_path, (".py"))
+    files_to_process = tools.get_files(module_path, (".py",))
     replaces = {
         r"self\.user_has_groups\(\s*(['\"])([\w\.]+)\1\s*\)": r"self.env.user.has_group(\1\2\1)",
         r"self\.user_has_groups\(\s*(['\"])([^'\"]*[,!][^'\"]*?)\1\s*\)": r"self.env.user.has_groups(\1\2\1)",
@@ -106,16 +106,74 @@ def replace_access_methods(
     files_to_process = tools.get_files(module_path, (".py",))
 
     replaces = {
+        # .check_access_rights('write', False) -> .has_access('write')
+        r"\.check_access_rights\(['\"](\w+)['\"],\s*False\)": r".has_access('\1')",
+        # .check_access_rights('write', True) -> .check_access('write')
+        r"\.check_access_rights\(['\"](\w+)['\"],\s*True\)": r".check_access('\1')",
+        # .check_access_rights('write', raise_exception=False) -> .has_access('write')
         r"\.check_access_rights\(['\"](\w+)['\"],\s*raise_exception=False\)": r".has_access('\1')",
+        # .check_access_rights(operation='write', raise_exception=False) -> .has_access('write')
+        r"\.check_access_rights\(\s*operation\s*=\s*['\"](\w+)['\"],\s*raise_exception\s*=\s*False\s*\)": r".has_access('\1')",
+        # .check_access_rights(operation, raise_exception=False) -> .has_access(operation)
+        r"\.check_access_rights\((\w+),\s*raise_exception=False\)": r".has_access(\1)",
+        # .check_access_rights(operation=operation, raise_exception=False) -> .has_access(operation)
+        r"\.check_access_rights\(operation=(\w+),\s*raise_exception=False\)": r".has_access(\1)",
+        # .check_access_rights('write') -> .check_access('write')
         r"\.check_access_rights\(['\"](\w+)['\"]\)": r".check_access('\1')",
+        # .check_access_rights('write', raise_exception=True) -> .check_access('write')
+        r"\.check_access_rights\(['\"](\w+)['\"],\s*raise_exception\s*=\s*True\)": r".check_access('\1')",
+        # .check_access_rights(operation='write') -> .check_access('write')
+        r"\.check_access_rights\(operation=['\"](\w+)['\"]\)": r".check_access('\1')",
+        # .check_access_rights(operation) -> .check_access(operation)
+        r"\.check_access_rights\((\w+)\)": r".check_access(\1)",
+        # .check_access_rights(operation=operation) -> .check_access(operation)
+        r"\.check_access_rights\(operation=(\w+)\)": r".check_access(\1)",
+        # .check_access_rule('write') -> .check_access('write')
         r"\.check_access_rule\(['\"](\w+)['\"]\)": r".check_access('\1')",
-        r"_filter_access_rule\(['\"](\w+)['\"]\)": r"_filter_access('\1')",
-        r"_filter_access_rule_python\(['\"](\w+)['\"]\)": r"_filter_access('\1')",
+        # .check_access_rule(operation='write') -> .check_access('write')
+        r"\.check_access_rule\(operation=['\"](\w+)['\"]\)": r".check_access('\1')",
+        # .check_access_rule(operation) -> .check_access(operation)
+        r"\.check_access_rule\((\w+)\)": r".check_access(\1)",
+        # .check_access_rule(operation=operation) -> .check_access(operation)
+        r"\.check_access_rule\(operation=(\w+)\)": r".check_access(\1)",
+        # ._filter_access_rule('write') -> ._filter_access('write')
+        r"\._filter_access_rule\(['\"](\w+)['\"]\)": r"._filter_access('\1')",
+        # ._filter_access_rule(operation='write') -> ._filter_access('write')
+        r"\._filter_access_rule\(operation=['\"](\w+)['\"]\)": r"._filter_access('\1')",
+        # ._filter_access_rule(operation) -> ._filter_access(operation)
+        r"\._filter_access_rule\((\w+)\)": r"._filter_access(\1)",
+        # ._filter_access_rule(operation=operation) -> ._filter_access(operation)
+        r"\._filter_access_rule\(operation=(\w+)\)": r"._filter_access(\1)",
+        # ._filter_access_rule_python('write') -> ._filter_access('write')
+        r"\._filter_access_rule_python\(['\"](\w+)['\"]\)": r"._filter_access('\1')",
+        # ._filter_access_rule_python(operation='write') -> ._filter_access('write')
+        r"\._filter_access_rule_python\(operation=['\"](\w+)['\"]\)": r"._filter_access('\1')",
+        # ._filter_access_rule_python(operation) -> ._filter_access(operation)
+        r"\._filter_access_rule_python\((\w+)\)": r"._filter_access(\1)",
+        # ._filter_access_rule_python(operation=operation) -> ._filter_access(operation)
+        r"\._filter_access_rule_python\(operation=(\w+)\)": r"._filter_access(\1)",
+        # def check_access_rights(self, operation, raise_exception=True) -> def check_access(self, operation: str) -> None
+        r"def\s+check_access_rights\s*\(\s*self\s*,\s*operation\s*,\s*raise_exception\s*=\s*True\s*\)": r"def check_access(self, operation: str) -> None",
+        # def check_access_rights(self, operation='read', raise_exception=True) -> def check_access(self, operation: str = 'read') -> None
+        r"def\s+check_access_rights\s*\(\s*self\s*,\s*operation\s*=\s*['\"](\w+)['\"]\s*,\s*raise_exception\s*=\s*True\s*\)": r"def check_access(self, operation: str = '\1') -> None",
+        # def filter_access_rule pattern
+        r"def\s+filter_access_rule\s*\(\s*self\s*,\s*operation\s*\)": r"def filter_access(self, operation: str) -> None",
+        r"def\s+filter_access_rule\s*\(\s*self\s*,\s*operation\s*=\s*['\"](\w+)['\"]s*\)": r"def filter_access(self, operation: str = '\1') -> None",
+        # def filter_access_rule_python pattern
+        r"def\s+filter_access_rule_python\s*\(\s*self\s*,\s*operation\s*\)": r"def filter_access(self, operation: str) -> None",
+        r"def\s+filter_access_rule_python\s*\(\s*self\s*,\s*operation\s*=\s*['\"](\w+)['\"]\s*\)": r"def filter_access(self, operation: str = '\1') -> None",
     }
 
     for file in files_to_process:
         try:
             tools._replace_in_file(file, replaces)
+            # After replacement, check for remaining check_access_rights calls
+            after_replace_content = tools._read_content(file)
+            if "check_access_rights" in after_replace_content:
+                logger.warning(
+                    f"[18.0] check_access_rights() is deprecated. "
+                    f"Use instead .has_access() or .check_access(). File {file}"
+                )
         except Exception as e:
             logger.error(f"Error processing file {file}: {str(e)}")
 
diff --git a/tests/data_result/module_170_180/models/res_partner.py b/tests/data_result/module_170_180/models/res_partner.py
@@ -32,10 +32,60 @@ def example_method_has_group(self):
             pass
     
     def example_method_access(self):
+        operation = 'read'
         self.env['account.move'].check_access('read')
+        self.env['account.move'].check_access('read')
+        self.env['account.move'].check_access(operation)
+        self.env['account.move'].check_access(operation)
+
         self.env['account.move'].check_access('write')
+        self.env['account.move'].check_access('write')
+        self.env['account.move'].check_access(operation)
+        self.env['account.move'].check_access(operation)
+
         self.env['account.move']._filter_access('read')
         self.env['account.move']._filter_access('read')
-        
+        self.env['account.move']._filter_access(operation)
+        self.env['account.move']._filter_access(operation)
+
+        self.env['account.move']._filter_access('read')
+        self.env['account.move']._filter_access('read')
+        self.env['account.move']._filter_access(operation)
+        self.env['account.move']._filter_access(operation)
+
+        if not self.env['account.move'].has_access('read'):
+            pass
+
         if not self.env['account.move'].has_access('read'):
             pass
+
+        if not self.env['account.move'].has_access(operation):
+            pass
+
+        if not self.env['account.move'].has_access(operation):
+            pass
+
+        self.env["res.brand"].has_access('read')
+        self.env["res.brand"].check_access('read')
+
+        self.env["res.brand"].has_access('write')
+
+        self.env["res.brand"].check_access('read')
+
+    def check_access(self, operation: str) -> None:
+        pass
+
+    def check_access(self, operation: str = 'read') -> None:
+        pass
+
+    def filter_access(self, operation: str) -> None:
+        pass
+
+    def filter_access(self, operation: str = 'read') -> None:
+        pass
+
+    def filter_access(self, operation: str) -> None:
+        pass
+
+    def filter_access(self, operation: str = 'read') -> None:
+        pass
diff --git a/tests/data_template/module_170/models/res_partner.py b/tests/data_template/module_170/models/res_partner.py
@@ -32,10 +32,62 @@ def example_method_has_group(self):
             pass
     
     def example_method_access(self):
+        operation = 'read'
         self.env['account.move'].check_access_rights('read')
+        self.env['account.move'].check_access_rights(operation='read')
+        self.env['account.move'].check_access_rights(operation)
+        self.env['account.move'].check_access_rights(operation=operation)
+
         self.env['account.move'].check_access_rule('write')
+        self.env['account.move'].check_access_rule(operation='write')
+        self.env['account.move'].check_access_rule(operation)
+        self.env['account.move'].check_access_rule(operation=operation)
+
         self.env['account.move']._filter_access_rule('read')
+        self.env['account.move']._filter_access_rule(operation='read')
+        self.env['account.move']._filter_access_rule(operation)
+        self.env['account.move']._filter_access_rule(operation=operation)
+
         self.env['account.move']._filter_access_rule_python('read')
-        
+        self.env['account.move']._filter_access_rule_python(operation='read')
+        self.env['account.move']._filter_access_rule_python(operation)
+        self.env['account.move']._filter_access_rule_python(operation=operation)
+
         if not self.env['account.move'].check_access_rights('read', raise_exception=False):
             pass
+
+        if not self.env['account.move'].check_access_rights(operation='read', raise_exception=False):
+            pass
+
+        if not self.env['account.move'].check_access_rights(operation, raise_exception=False):
+            pass
+
+        if not self.env['account.move'].check_access_rights(operation=operation, raise_exception=False):
+            pass
+
+        self.env["res.brand"].check_access_rights("read", False)
+        self.env["res.brand"].check_access_rights("read", True)
+
+        self.env["res.brand"].check_access_rights(
+            operation="write", raise_exception=False
+        )
+
+        self.env["res.brand"].check_access_rights("read", raise_exception=True)
+
+    def check_access_rights(self, operation, raise_exception=True):
+        pass
+
+    def check_access_rights(self, operation="read", raise_exception=True):
+        pass
+
+    def filter_access_rule(self, operation):
+        pass
+
+    def filter_access_rule(self, operation='read'):
+        pass
+
+    def filter_access_rule_python(self, operation):
+        pass
+
+    def filter_access_rule_python(self, operation='read'):
+        pass
