[FIX] hr_gamification: allow employees to grant each other badges

When creating a new wizard, the related field user_id = employee_id.user_id forces a write on employee model Make sure we actually have the same value (to avoid using the wizard to modify employees) and use sudo to grant the badge. In master, the field should not be stored

[FIX] hr_gamification: allow employees to grant each other badges
0312c604 · Martin Trigaux · 42e41b19 · 0312c604
Unverified Commit 0312c604 authored 7 years ago by Martin Trigaux
--- a/addons/hr_gamification/wizard/gamification_badge_user_wizard.py
+++ b/addons/hr_gamification/wizard/gamification_badge_user_wizard.py
@@ -2,14 +2,27 @@
 # Part of Odoo. See LICENSE file for full copyright and licensing details.

 from odoo import api, fields, models, _
-from odoo.exceptions import UserError
+from odoo.exceptions import UserError, AccessError


 class GamificationBadgeUserWizard(models.TransientModel):
    _inherit = 'gamification.badge.user.wizard'

    employee_id = fields.Many2one('hr.employee', string='Employee', required=True)
-    user_id = fields.Many2one('res.users', string='User', related='employee_id.user_id', store=True)
+    user_id = fields.Many2one('res.users', string='User',
+        related='employee_id.user_id', store=True, readonly=True)
+
+    # TODO 12.0/master remove this hack by changing the model
+    @api.model
+    def create(self, values):
+        employee = self.env['hr.employee'].browse(values['employee_id'])
+        values['user_id'] = employee.user_id.id
+        try:
+            return super(GamificationBadgeUserWizard, self).create(values)
+        except AccessError:
+            # an employee can not write on another employee
+            # force sudo because of related
+            return super(GamificationBadgeUserWizard, self.sudo()).create(values)

    @api.multi
    def action_grant_badge(self):