Hi all
There is a bug on V6.1 regarding .csv files. On update time, they are treated as noupdate=False, despite the documentation says they should be treated as noupdate=True
The attached patch correct the issue. It was already reported on bug #980369, but for a reason I don't known, never answered or treated
This bug can cause big difficulties, because .csv are used in two critical cases: initialization of the security records and initial customer data load.
In the first case (security descriptors), when you update the module, ALL CHANGES introduced to fine tune the security of the database are lost. That could be something easy to see (i.e. no access) or it could generate a major security breach for customer data, that could be eventually recognized when a (good) user reports problems, and thus the (bad) users will get granted access to restricted data for a while!
In the second case, initial customer data will be most probably updated by the customer on its daily operation. All changes will be LOST on an update of the initial modules (something common if you are on the initial phases of a project). Again, a critical case for many installation
I strongly believe this is a major problem.
This is a branch of https://bugs.launchpad.net/bugs/1023615
Looking for bugs related to CSV files and noupdate, I found two. Bug 397741 complained about security settings from the CSV files overwriting what the users had changed in the database. It asked for CSV files to be treated as noupdate="1", but was closed as invalid. Bug 787256 complained that failed CSV imports did not get rolled back, and it's been in the triaged state since June 2011. That bug is not particularly related to the noupdate attribute, but it did include the following in comment #4 from Olivier Dony.
>Note that there is a legacy difference between CSV files that are in the 'update_xml' section of
>the __openerp__ vs those in the init_xml/data sections. The former are in noupdate=False
>mode, the latter are in noupdate=True mode.