[FIX] hr_holidays: check time off responsible to choose approvers

Steps to reproduce: - install the "hr_holidays" module; - remove the "Time Off Responsible" group of a user (activate developer mode); Remark: the user must not be an "Administrator" or a "Time Off Officer" - for an employee add this user as approvers for time off; - with a user which matches the employee, request time off; - if the user, whose rights have been removed, has "Handle in Odoo" in his preferences, he will receive a notification; - try to approve the demand of employee leave. Issue: The user does not have access rights but he has been chosen as approver. Cause: It is possible to select any user to approve leaves without checking if he has the access rights. Solution: Add a domain to be able to select only users who are in the "Time Off Responsible" group. opw-3062225 closes odoo/odoo#106401 Signed-off-by: Kevin Baptiste <kba@odoo.com>

[FIX] hr_holidays: check time off responsible to choose approvers
0d50121f · Thomas Lefebvre (thle) · deba6cb3 · 0d50121f
Commit 0d50121f authored 2 years ago by Thomas Lefebvre (thle)
--- a/addons/hr_holidays/models/hr_employee.py
+++ b/addons/hr_holidays/models/hr_employee.py
@@ -13,6 +13,7 @@ class HrEmployeeBase(models.AbstractModel):

    leave_manager_id = fields.Many2one(
        'res.users', string='Time Off',
+        domain=lambda self: [('groups_id', '=', self.env.ref('hr_holidays.group_hr_holidays_responsible').id)],
        compute='_compute_leave_manager', store=True, readonly=False,
        help='Select the user responsible for approving "Time Off" of this employee.\n'
             'If empty, the approval is done by an Administrator or Approver (determined in settings/users).')