odoo/odoo#66936
Created by Security, Denis Ledoux (dle)
Merged
at a08ba4be6518dd99ce93a803724165f62cbef032
Statuses:
- legal/cla: Contributor License Agreement check
- ci/runbot: Odoo Test Suite
- ci/template: Install databases to use to test upgrade in master and ensure that upgrades works with current master.
- ci/style: Optional style check. Ignore it only if strictly necessary.
- ci/security: Required security check. Can only be ignored by security team.
- label
- odoo-dev:14.0-on-time-rate-product-other-company-than-po-dle
- head
- b26b981d90ccbae3b427599227e14c35c8c7c433
- merged
- 4 years ago by Security, Denis Ledoux (dle)
| odoo/odoo | |
|---|---|
| 14.0 | #66936 |
| saas-14.1 | #66951 |
| saas-14.2 | #66953 |
| 15.0 | |
| 16.0 | |
| 17.0 | |
| 18.0 | |
| saas-18.1 | |
| saas-18.2 | |
| saas-18.3 | |
| master | #66956 |
[FIX] purchase_stock: `on_time_rate` product other company than PO
- User in company A,
- Purchase order in company A,
- Product in company B
File "/home/odoo/src/odoo/14.0/addons/purchase_stock/models/res_partner.py", line 23, in _compute_on_time_rate
]).filtered(lambda l: l.product_id.product_tmpl_id.type != 'service' and l.order_id.state in ['done', 'purchase'])
File "/home/odoo/src/odoo/14.0/odoo/models.py", line 5279, in filtered
return self.browse([rec.id for rec in self if func(rec)])
File "/home/odoo/src/odoo/14.0/odoo/models.py", line 5279, in <listcomp>
return self.browse([rec.id for rec in self if func(rec)])
File "/home/odoo/src/odoo/14.0/addons/purchase_stock/models/res_partner.py", line 23, in <lambda>
]).filtered(lambda l: l.product_id.product_tmpl_id.type != 'service' and l.order_id.state in ['done', 'purchase'])
File "/home/odoo/src/odoo/14.0/odoo/fields.py", line 2483, in __get__
return super().__get__(records, owner)
File "/home/odoo/src/odoo/14.0/odoo/fields.py", line 998, in __get__
record._fetch_field(self)
File "/home/odoo/src/odoo/14.0/odoo/models.py", line 3072, in _fetch_field
self._read(fnames)
File "/home/odoo/src/odoo/14.0/odoo/models.py", line 3183, in _read
raise self.env['ir.rule']._make_access_error('read', forbidden)
odoo.exceptions.AccessError: Due to security restrictions, you are not allowed to access 'Product' (product.product) records.
If you do not share products between companies
(if the multi-company record rule for product.template is enabled)
then you are not supposed to use a product from another company in a purchase order.
However, this is possible to land in the case if you enable
the multi-company record rule after you created some purchase orders,
using products from other companies.
Adding sudo() just to get the type of product
doesn't cost much to support that case
upg-8277