odoo/odoo#215057
Created by fw-bot
Merged
at e2abef1d8dd89a3f4b86337567c6dda48209d3ce
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/upgrade_enterprise: Test upgrades for enterprise master
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:master-v17_fix_pos_online_payment-443959-fw
- head
- e2d8f9bf53714483bf930528c8db79691dc37546
- merged
- 4 months ago by POS IoT, Joseph Caburnay (jcb)
| odoo/odoo | |
|---|---|
| 17.0 | #193881 |
| 18.0 | #214550 |
| saas-18.1 | #214583 |
| saas-18.2 | #214822 |
| saas-18.3 | #215042 |
| saas-18.4 | |
| 19.0 | |
| master | #215057 |
[FW][FIX] pos_online_payment: access error if no customer when paying online
- STEP TO REPRODUCE: Have 2 company (1 is Default San Francisco the other is VN company),Start enviroment in VN company -> config an online payment method with
Demo/Wire
Transfer -> Start session and create pos order with no customer then Validate -> Customer scan QR code using mobile (not logged in) -> 403 forbidden error, read the log said: Sorry, Public user for VN company (id=10) doesn't have 'read' access to: User (res.users) - REASON: when request.env.ref('base.public_user') it will get public user from San Francisco company while the request user is Public User of VN company, the record rule prevent that
- SOLUTION: Fix by using method _get_public_user() in res.company, this
commit also move _get_public_user() from website to base module so other
modules can use it
Description of the issue/feature this PR addresses:
Current behavior before PR:
Desired behavior after PR is merged:
I confirm I have signed the CLA and read the PR guidelines at www.odoo.com/submit-pr