# HG changeset patch
# User Vincent Hatakeyama <vincent.hatakeyama@xcg-consulting.fr>
# Date 1727786399 -7200
#      Tue Oct 01 14:39:59 2024 +0200
# Branch 17.0
# Node ID f74b3c5bf441e77a6263d91f1f127606e27bd8cb
# Parent  a20e9fa1913621b70828bdf9b8a7403c374280be
ðŸš‘ Fix user rights, no one needs to be able to create or write job log except the system.

diff --git a/NEWS.rst b/NEWS.rst
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -1,6 +1,12 @@
 Changelog
 =========
 
+17.0.1.0.1
+----------
+
+Fix user rights, no one needs to be able to create or write job log except the system.
+Applications can give the delete right if needed.
+
 17.0.1.0.0
 ----------
 
diff --git a/__manifest__.py b/__manifest__.py
--- a/__manifest__.py
+++ b/__manifest__.py
@@ -20,7 +20,7 @@
 ##############################################################################
 {
     "name": "External Jobs",
-    "version": "17.0.1.0.0",
+    "version": "17.0.1.0.1",
     "license": "AGPL-3",
     "author": "XCG Consulting",
     "category": "Tools",
diff --git a/models/job_log.py b/models/job_log.py
--- a/models/job_log.py
+++ b/models/job_log.py
@@ -68,7 +68,7 @@
         string="Temporary Out File Name", size=512, readonly=True
     )
 
-    out_file = fields.Binary(string="Output File")
+    out_file = fields.Binary(string="Output File", readonly=True)
 
     filename = fields.Char(string="Filename")
 
diff --git a/security/ir.model.access.csv b/security/ir.model.access.csv
--- a/security/ir.model.access.csv
+++ b/security/ir.model.access.csv
@@ -2,7 +2,7 @@
 "job_definition_env_var","job_definition_env_var","model_external_job_job_definition_env_var","base.group_system",1,1,1,1
 "job_definition_user","job_definition user","model_external_job_job_definition","base.group_user",1,0,0,0
 "job_definition_system","job_definition system","model_external_job_job_definition","base.group_system",1,1,1,1
-"job_log_user","job_log user","model_external_job_job_log","base.group_user",1,1,1,0
+"job_log_user","job_log user","model_external_job_job_log","base.group_user",1,0,0,0
 access_external_job_extrunner_server_system,access_external_job_extrunner_server_manager,model_external_job_extrunner_server,base.group_system,1,1,1,1
 access_external_job_job_definition_default_value_system,access_external_job_job_definition_default_value_manager,model_external_job_job_definition_default_value,base.group_system,1,1,1,1
 access_external_job_jobrunner,access external_job.jobrunner,model_external_job_jobrunner,base.group_user,1,0,0,0
diff --git a/tests/test_job_definition.py b/tests/test_job_definition.py
--- a/tests/test_job_definition.py
+++ b/tests/test_job_definition.py
@@ -189,3 +189,5 @@
         self.assertEqual(job_logs.filename, "text")
         self.assertEqual(job_logs.out_file, base64.b64encode(b"\ntest\n"))
         self.assertEqual(job_logs.state, "done")
+        with self.assertRaises(AccessError):
+            job_logs.filename = "No change allowed"