From 9419d171a84833efbcd57e4678e2609e10b90b67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lucas=20Lef=C3=A8vre?= <lul@odoo.com>
Date: Tue, 6 Aug 2019 10:37:53 +0000
Subject: [PATCH] [FIX] hr: Allow to access employee profile

The `private_email`, `last_check_in` and `last_check_in`
fields were added by e9d9898 to the
profile view but not in `SELF_READABLE_FIELDS`.
A simple user was therefore not able to read the field and
access his profile.

To avoid any similar oversight in the future, a test is added
to ensure a simple user is able to read all fields in
the profile view.
---
 addons/hr/models/res_users.py            |  1 +
 addons/hr/tests/test_self_user_access.py | 18 +++++++++++++++++-
 addons/hr_attendance/models/res_users.py |  2 ++
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/addons/hr/models/res_users.py b/addons/hr/models/res_users.py
index 6b9832bcbece..1c3fed840db5 100644
--- a/addons/hr/models/res_users.py
+++ b/addons/hr/models/res_users.py
@@ -95,6 +95,7 @@ class User(models.Model):
             'identification_id',
             'is_address_home_a_company',
             'job_title',
+            'private_email',
             'km_home_work',
             'marital',
             'mobile_phone',
diff --git a/addons/hr/tests/test_self_user_access.py b/addons/hr/tests/test_self_user_access.py
index 88a04c58564d..b076acb83b5e 100644
--- a/addons/hr/tests/test_self_user_access.py
+++ b/addons/hr/tests/test_self_user_access.py
@@ -4,9 +4,25 @@
 from collections import OrderedDict
 
 from odoo.addons.hr.tests.common import TestHrCommon
-from odoo.tests import new_test_user
+from odoo.tests import new_test_user, tagged
 from odoo.exceptions import AccessError
 
+@tagged('post_install', '-at_install')
+class TestSelfAccessProfile(TestHrCommon):
+
+    def test_access_my_profile(self):
+        """ A simple user should be able to read all fields in his profile """
+        james = new_test_user(self.env, login='hel', groups='base.group_user', name='Simple employee', email='ric@example.com')
+        james = james.with_user(james)
+        self.env['hr.employee'].create({
+            'name': 'James',
+            'user_id': james.id,
+        })
+        view = self.env.ref('hr.res_users_view_form_profile')
+        view_infos = james.fields_view_get(view_id=view.id)
+        fields = view_infos['fields'].keys()
+        james.read(fields)
+
 
 class TestSelfAccessRights(TestHrCommon):
 
diff --git a/addons/hr_attendance/models/res_users.py b/addons/hr_attendance/models/res_users.py
index 7bfd47721e8e..23dcb496e889 100644
--- a/addons/hr_attendance/models/res_users.py
+++ b/addons/hr_attendance/models/res_users.py
@@ -22,6 +22,8 @@ class User(models.Model):
             'hours_last_month',
             'hours_last_month_display',
             'attendance_state',
+            'last_check_in',
+            'last_check_out'
         ]
         super(User, self).__init__(pool, cr)
         # duplicate list to avoid modifying the original reference
-- 
GitLab