-
-
Notifications
You must be signed in to change notification settings - Fork 670
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[FIX] hr_employee_document: Remove record rules from hr.employee to a…
…void side effects. The purpose of this module is to allow a basic user (without hr permissions) to view the attachments related to his employee (hr.employee). By default a basic user cannot access to hr.employee model and therefore cannot see the attachments (ir.attachment) linked to it. This change overrides some things to allow the user's employee attachments to be displayed. TT44536
- Loading branch information
1 parent
bcbc4bf
commit e67de4b
Showing
6 changed files
with
106 additions
and
47 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,3 +2,4 @@ | |
|
||
from . import hr_employee | ||
from . import hr_employee_public | ||
from . import ir_attachment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
# Copyright 2023 Tecnativa - Víctor Martínez | ||
# License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl). | ||
|
||
from odoo import api, models | ||
|
||
|
||
class IrAttachment(models.Model): | ||
_inherit = "ir.attachment" | ||
|
||
@api.model | ||
def _search( | ||
self, | ||
args, | ||
offset=0, | ||
limit=None, | ||
order=None, | ||
count=False, | ||
access_rights_uid=None, | ||
): | ||
"""The base module in ir.attachment removes records to which you do not have | ||
permission, which is correct, but in the case of hr.employee not exactly, | ||
since you should have access to the user's employee attachments. | ||
To avoid creating ACLS related to hr.employee that would cause side effects, | ||
we will apply sudo to get records when necessary. | ||
This overwrite will only be necessary if the user does not have HR group.""" | ||
res = super()._search( | ||
args=args, | ||
offset=offset, | ||
limit=limit, | ||
order=order, | ||
count=count, | ||
access_rights_uid=access_rights_uid, | ||
) | ||
if ( | ||
not self.env.user.has_group("hr.group_hr_user") | ||
and len(res) == 0 | ||
and not self.env.context.get("skip_override_ir_attachment_search") | ||
): | ||
args_to_check_0 = False | ||
args_to_check_1 = False | ||
for arg in args: | ||
if isinstance(args, (list)): | ||
if ( | ||
arg[0] == "res_model" | ||
and arg[1] == "=" | ||
and arg[2] == "hr.employee" | ||
): | ||
args_to_check_0 = True | ||
elif ( | ||
arg[0] == "res_id" | ||
and arg[1] == "=" | ||
and arg[2] == self.env.user.employee_id.id | ||
): | ||
args_to_check_1 = True | ||
if args_to_check_0 and args_to_check_1: | ||
_self = self.sudo().with_context( | ||
skip_override_ir_attachment_search=True | ||
) | ||
return super(IrAttachment, _self)._search( | ||
args=args, | ||
offset=offset, | ||
limit=limit, | ||
order=order, | ||
count=count, | ||
access_rights_uid=access_rights_uid, | ||
) | ||
return res |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters