Development Best Practices - Odoo Real Estate
This skill provides quick reference for essential development patterns: module/table naming, controller security, and performance optimization.
Scope: Nomenclature, security/storage architecture, and performance Other areas: For testing, validation, API docs, and Git workflow, see ADRs in Quick Reference section
When to Use This Skill
- •Creating a new Odoo module (naming conventions)
- •Implementing controllers with proper authentication
- •Optimizing performance (Redis, queries)
- •Validating security patterns
- •Finding relevant ADRs by context
Prerequisites
- •Read .github/copilot-instructions.md for authentication dual decorators rules
- •Know project structure (working in
18.0/directory) - •Access to ADRs:
docs/adr/
1. Module Naming Conventions
Reference: ADR-004: Nomenclatura de Módulos e Tabelas
✅ Required Patterns
Module Directory Name:
Format: thedevkitchen_<functional_name> Example: thedevkitchen_estate
Odoo Model Name (_name):
_name = 'thedevkitchen.<category>.<entity>' # Examples: # 'thedevkitchen.oauth.application' # 'thedevkitchen.estate.property' # 'thedevkitchen.estate.agent'
Database Table Name (auto-generated):
Format: thedevkitchen_<category>_<entity> # Generated from _name
❌ Never Do
- •❌ Generic module names:
api_gateway,estate,property - •❌ Models without prefix:
estate.property - •❌ Custom tables without
thedevkitchen_ - •❌ Generic XML IDs without module context
Checklist
- • Module name starts with
thedevkitchen_ - • Model uses format
thedevkitchen.<category>.<entity> - • XML IDs follow
<module>.<identifier> - • Access rules use
access_<model>_<group>
2. Controller Security & Storage
References:
Note: Authentication dual decorator rules (@require_jwt + @require_session) are in copilot-instructions.md
Storage Architecture
PostgreSQL (Persistence):
- •OAuth tokens (SHA256 hashed)
- •User credentials
- •Business data
- •Audit logs
Redis (Cache/Sessions):
- •Session IDs and user context
- •Query cache
- •Message bus
❌ NEVER store in plaintext:
- •Passwords
- •OAuth client_secret
- •Access tokens
Security Checklist
- • Endpoint uses
@require_jwtAND@require_session(if private) - • Public endpoint has
# public endpointcomment - • Multi-tenancy validated with
@require_company - • Sensitive data never in logs or plaintext
- • Consult copilot-instructions.md for auth patterns
3. Performance & Cache
Reference: ADR-011: Redis Cache Configuration
Redis Configuration
Redis is configured for:
- •HTTP sessions (DB index 1)
- •ORM cache
- •Asset cache
- •Message bus
Configuration in odoo.conf:
session_redis = True session_redis_host = redis session_redis_port = 6379 session_redis_dbindex = 1 session_redis_prefix = odoo18_
❌ Performance Anti-patterns
- •❌ N+1 queries (use
read()orsearch_read()) - •❌ Fetching all records without limit
- •❌ Unnecessary
sudo()(breaks cache) - •❌ Compute fields without
store=Truewhen needed
Performance Checklist
- • Queries optimized (no N+1)
- • Appropriate cache usage
- • Limits in search()
- • Indexes created for filtered fields
- • Redis configured and running
Quick Reference
This skill covers: Naming (ADR-004), Security/Storage (ADR-011, ADR-017), Performance (Redis/Cache)
For other areas, consult ADRs directly:
Module Development
- •✅ ADR-004: Nomenclatura - Covered in this skill
- •ADR-010: Python Virtual Environment
Security & Authentication
- •✅ ADR-011: Controller Security - Storage covered, auth in copilot-instructions.md
- •✅ ADR-017: Session Hijacking Prevention - Referenced here
- •ADR-008: API Security & Multi-Tenancy
Testing (consult ADRs)
- •ADR-003: Mandatory Test Coverage
- •ADR-002: Cypress E2E Testing
- •.github/instructions/test-strategy.instructions.md
APIs & Documentation (consult ADRs)
- •ADR-005: OpenAPI 3.0
- •ADR-016: Postman Collections - Use postman-collection-manager skill
- •ADR-018: Input Validation
- •ADR-007: HATEOAS
Data Modeling (consult ADRs)
Business Rules (consult ADRs)
Architecture Patterns (consult ADRs)
Git Workflow (consult ADRs)
Pre-Coding Checklist
Naming & Structure
- • Read ADR-004 for module/table naming
- • Module name follows
thedevkitchen_<name> - • Models follow
thedevkitchen.<category>.<entity>
Security
- • Read copilot-instructions.md for auth rules
- • Know which security decorators to use (
@require_jwt+@require_session) - • Sensitive data will be stored correctly (PostgreSQL/Redis)
Performance
- • Understand Redis configuration (sessions/cache)
- • Queries optimized (no N+1)
- • Appropriate cache usage
Other Areas (consult ADRs)
- • Testing: ADR-003, ADR-002
- • Validation: ADR-018
- • Multi-tenancy: ADR-008, ADR-019
- • Documentation: ADR-005, ADR-016
- • Git: ADR-006
Related Resources
- •copilot-instructions.md - Authentication dual decorators and project context
- •postman-collection-manager - API documentation skill
- •controllers.instructions.md - Controller-specific instructions
- •test-strategy.instructions.md - Testing strategy
Enforcement
This skill covers naming, security/storage, and performance. For other areas (testing, validation, Git, etc.), consult ADRs directly in Quick Reference section.
Violations should be:
- •Identified in code review
- •Rejected in pull requests
- •Corrected before merge
- •Documented if justified exception exists
Remember: ADRs exist to prevent production issues, facilitate maintenance, and ensure quality. Follow them always!