[FIX] website_sale_digital : fix AccessError attachment

A user get a AccessError during a valid flow on the website shop due to a attachment search (with website_sale_digital installed) : - As a portal user buy a product and pay with wire tranfer (or other) - Check the your quotation with this user and we get a AccessError for the read ir.attachment model. The bug comes from the website_sale_digital module which add a search on ir.attachment for each product (allows digital product sell, eg. ebook) on the controller rendering orders. To fix this issue, add a sudo call before the search. It is legit because only the name and date is retrieved and the download (of the digital product) checks the access of this product attachment (if user already paid for it). TASK_ID : 2004031 closes odoo/odoo#39000 Signed-off-by: Jérémy Kersten (jke) <jke@openerp.com>

[FIX] website_sale_digital : fix AccessError attachment
c757e14c · ryv-odoo · 5f3f58a4 · c757e14c
Commit c757e14c authored 5 years ago by ryv-odoo
--- a/addons/website_sale_digital/controllers/main.py
+++ b/addons/website_sale_digital/controllers/main.py
@@ -49,7 +49,7 @@ class WebsiteSaleDigital(CustomerPortal):
            Attachment = request.env['ir.attachment']
            product_id = product.id
            template = product.product_tmpl_id
-            att = Attachment.search_read(
+            att = Attachment.sudo().search_read(
                domain=['|', '&', ('res_model', '=', product._name), ('res_id', '=', product_id), '&', ('res_model', '=', template._name), ('res_id', '=', template.id), ('product_downloadable', '=', True)],
                fields=['name', 'write_date'],
                order='write_date desc',