[FIX] website_sale_digital : fix AccessError attachment

A user get a AccessError during a valid flow on the website shop due to a attachment search (with website_sale_digital installed) : - As a portal user buy a product and pay with wire tranfer (or other) - Check the your quotation with this user and we get a AccessError for the read ir.attachment model. The bug comes from the website_sale_digital module which add a search on ir.attachment for each product (allows digital product sell, eg. ebook) on the controller rendering orders. To fix this issue, add a sudo call before the search. It is legit because only the name and date is retrieved and the download (of the digital product) checks the access of this product attachment (if user already paid for it). TASK_ID : 2004031 closes odoo/odoo#39043 X-original-commit: c757e14c Signed-off-by: ryv-odoo <ryv-odoo@users.noreply.github.com>

[FIX] website_sale_digital : fix AccessError attachment
f01ce962 · ryv-odoo · fw-bot · d6696548 · f01ce962
Commit f01ce962 authored 5 years ago by ryv-odoo Committed by fw-bot 5 years ago
--- a/addons/website_sale_digital/controllers/main.py
+++ b/addons/website_sale_digital/controllers/main.py
@@ -49,7 +49,7 @@ class WebsiteSaleDigital(CustomerPortal):
            Attachment = request.env['ir.attachment']
            product_id = product.id
            template = product.product_tmpl_id
-            att = Attachment.search_read(
+            att = Attachment.sudo().search_read(
                domain=['|', '&', ('res_model', '=', product._name), ('res_id', '=', product_id), '&', ('res_model', '=', template._name), ('res_id', '=', template.id), ('product_downloadable', '=', True)],
                fields=['name', 'write_date'],
                order='write_date desc',