Skip to content
Snippets Groups Projects
Select Git revision
  • 16.0
  • 17.0
  • 18.0
  • 15.0
  • 14.0
  • 14.0-__main__-sbi
  • 16.0-__main__-sbi
  • 12.0-suds
  • 12.0 default protected
  • 13.0
  • renovate/configure
  • 9.0
  • 10.0
  • 7.0
  • 8.0
  • 11.0
  • 9.0-ocabot-merge-pr-1088-by-pedrobaeza-bump-nobump
  • 8.0-ocabot-merge-pr-831-by-pedrobaeza-bump-nobump
  • 12.0-old
  • 11.0-ocabot-merge-pr-882-by-pedrobaeza-bump-nobump
  • 15.0_2025-04-08
  • 16.0_2025-04-08
  • 17.0_2025-03-14
  • 16.0_2025-03-14
  • 16.0_2025-02-14
  • 17.0_2025-02-14
  • 15.0_2025-02-14
  • 15.0_2025-03-14
  • 14.0_2025-02-14
  • 14.0_2025-03-14
  • 16.0_2025-01-14
  • 17.0_2025-01-14
  • 14.0_2025-01-14
  • 16.0_2024-12-14
  • 17.0_2024-12-14
  • 15.0_2024-12-14
  • 15.0_2025-01-14
  • 15.0_2024-11-14
  • 16.0_2024-11-14
  • 17.0_2024-11-14
40 results
Compare
user avatar
[FIX] mail: Force the writing of the attachment when the user can post
Julien (juc) Castiaux authored 
To reproduce:
1) Enable multi-company
2) Create two companies: c1, c2
3) Create two users: bob in c1 and alice in c2
4) Install subscription
5) Remove the ir.rule that forbid users from accessing subscriptions
   made in other companies: "Subscription multi-company"
6) Using u1, create a new subscription in c1
7) Using u2, follow the chatter of the newly created subscription
   allowing the user to post messages/log notes.
8) Using u2, send a message with an attachment. Access Error.

The problem raises only for the **first** attachment. That
attchement is written on the record as the main attachment thus
raises an error if the user doesn't have write access.

There is no problem to add attachment to any following record or
when the user has write access on the model. If the user doesn't
have access to the chatter, he is blocked before accessing the
write thus it is safe to sudo it.

opw-1915606

closes odoo/odoo#30659
e65446fe
History
user avatar e65446fe
History
Name Last commit Last update