[FIX] attribute_set: apply restrictive approach to both create and write operations

bosd · bosd · commit d3445da890f0 · 2025-11-17T23:52:15.000+01:00
- Implement whitelist approach for both native attribute creation and updates
- Only allow safe attribute-specific fields for native attributes in both operations
- Prevent modification of underlying ir.model.fields records during native attribute operations
- Ensure consistent behavior between creation and update operations
- Completely eliminate possibility of base field modification errors
diff --git a/attribute_set/models/attribute_attribute.py b/attribute_set/models/attribute_attribute.py
@@ -510,41 +510,37 @@ def write(self, vals):
         # Check if any records in this write operation are native attributes
         has_native_attrs = any(att.nature == "native" for att in self)
 
-        # If we have native attributes, filter out dangerous keys that modify
-        # ir.model.fields characteristics to prevent base field modification errors
+        # If we have native attributes, use whitelist to allow only safe fields
         processed_vals = vals.copy()
         if has_native_attrs:
-            # These fields are known to trigger the base field modification error
-            dangerous_fields = {
+            # Only allow attribute-specific fields that don't modify underlying record
+            allowed_fields = {
                 "name",
                 "field_description",
-                "ttype",
-                "relation",
+                "attribute_type",
+                "attribute_group_id",
+                "attribute_set_ids",
+                "sequence",
+                "required_on_views",
+                "widget",
+                "help",
                 "size",
-                "required",
-                "readonly",
                 "translate",
-                "selection",
+                "relation_model_id",
                 "domain",
-                "compute",
-                "store",
-                "copy",
-                "index",
-                "manual",
-                "depends",
-                "related",
-                "company_dependent",
-                "prefetch",
-                "group_operator",
-                "digits",
-                "on_delete",
-                "help",
-                "field_id",
-                "model_id",
+                "option_ids",
+                "serialized",
+                "serialized_name",
+                "create_uid",
+                "write_uid",
+                "create_date",
+                "write_date",
+                "id",
+            }
+            # Keep only allowed fields, remove others that could modify base fields
+            processed_vals = {
+                k: v for k, v in processed_vals.items() if k in allowed_fields
             }
-            # Remove these keys to prevent modification of base field characteristics
-            for key in dangerous_fields.intersection(set(processed_vals.keys())):
-                processed_vals.pop(key, None)
 
         # Perform the write operation with filtered values
         res = super().write(processed_vals)
