[IMP] hr: check employees only alias restriction independently of record existence

Commit 78ac6de5 refactored methods checking alias security on the routing found for a given destination address. Indeed if a routing is found linked to an alias a security check is performed according to the restriction defined on the alias itself. HR module adds the 'employees only' restriction. A bug has been introduced in the mentioned commit concerning employees-based aliases. Indeed a condition on having a recordset has been added (self.ids, changed to record.ids at 20d80250). This condition is actually not necessary as checking the email author is linked to an existing employee has nothing to do with the alias being linked to a record or creating new record. This may causes issues notably using employees-restricted aliases in expense application. Indeed you could use aliases to create new expenses for employees and you could have issues with this condition. This commit is linked to task ID 1829860 and ID 35093. Closes #22960 .

[IMP] hr: check employees only alias restriction independently of record existence
57e457c5 · Rohan Patel · Thibault Delavallée · 60793a8a · 57e457c5
Commit 57e457c5 authored 7 years ago by Rohan Patel Committed by Thibault Delavallée 7 years ago
--- a/addons/hr/models/mail_alias.py
+++ b/addons/hr/models/mail_alias.py
@@ -14,7 +14,7 @@ class MailAlias(models.AbstractModel):
    _inherit = 'mail.alias.mixin'

    def _alias_check_contact_on_record(self, record, message, message_dict, alias):
-        if alias.alias_contact == 'employees' and record.ids:
+        if alias.alias_contact == 'employees':
            email_from = tools.decode_message_header(message, 'From')
            email_address = tools.email_split(email_from)[0]
            employee = self.env['hr.employee'].search([('work_email', 'ilike', email_address)], limit=1)