[FIX] mail_notification_custom_subject: do not require being admin to send messages
After installing the module, any user was required to have admin rights to be able to search across models. This fix does just that search with sudo and returns back to non-sudo mode immediately after. This way, we don't need to increase permissions for everybody. Tests now run unprivileged, to assert this problem never happens again. @moduon MT-1644 MT-1645
This commit is contained in:
parent
6d6db264e2
commit
ba8cf6ec7a
@ -33,8 +33,16 @@ class MailThread(models.AbstractModel):
|
||||
raise_if_not_found=False,
|
||||
)
|
||||
if subtype_id:
|
||||
custom_subjects = self.env["mail.message.custom.subject"].search(
|
||||
[("model_id.model", "=", self._name), ("subtype_ids", "=", subtype_id)]
|
||||
custom_subjects = (
|
||||
self.env["mail.message.custom.subject"]
|
||||
.sudo()
|
||||
.search(
|
||||
[
|
||||
("model_id.model", "=", self._name),
|
||||
("subtype_ids", "=", subtype_id),
|
||||
]
|
||||
)
|
||||
.sudo(False)
|
||||
)
|
||||
if not subject:
|
||||
subject = "Re: %s" % self.env["mail.message"].with_context(
|
||||
|
@ -20,8 +20,14 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
|
||||
]
|
||||
)
|
||||
)
|
||||
cls.admin = common.new_test_user(cls.env, "boss", "base.group_system")
|
||||
|
||||
def setUp(self):
|
||||
super().setUp()
|
||||
self.uid = common.new_test_user(self.env, "worker")
|
||||
|
||||
def test_email_subject_template_overrides(self):
|
||||
with self.with_user("boss"):
|
||||
self.env["mail.message.custom.subject"].create(
|
||||
{
|
||||
"name": "Test template 1",
|
||||
@ -52,6 +58,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
|
||||
self.assertEqual(mail_message_3.subject, "Test partner 2 and something more")
|
||||
|
||||
def test_email_subject_template_normal(self):
|
||||
with self.with_user("boss"):
|
||||
self.env["mail.message.custom.subject"].create(
|
||||
{
|
||||
"name": "Test template 1",
|
||||
@ -68,6 +75,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
|
||||
self.assertEqual(mail_message_1.subject, "Test")
|
||||
|
||||
def test_email_subject_template_multi(self):
|
||||
with self.with_user("boss"):
|
||||
self.env["mail.message.custom.subject"].create(
|
||||
{
|
||||
"name": "Test template 1",
|
||||
@ -76,6 +84,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
|
||||
"subject_template": "{{object.name or 'n/a'}} and something more",
|
||||
}
|
||||
)
|
||||
with self.with_user("boss"):
|
||||
self.env["mail.message.custom.subject"].create(
|
||||
{
|
||||
"name": "Test template 2",
|
||||
@ -92,6 +101,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
|
||||
self.assertEqual(
|
||||
mail_message_1.subject, "Test partner 1 and something different"
|
||||
)
|
||||
with self.with_user("boss"):
|
||||
self.env["mail.message.custom.subject"].create(
|
||||
{
|
||||
"name": "Test template 3",
|
||||
@ -110,6 +120,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
|
||||
mail_message_2.subject,
|
||||
"Test partner 1 and something different and yet something else",
|
||||
)
|
||||
with self.with_user("boss"):
|
||||
self.env["mail.message.custom.subject"].create(
|
||||
{
|
||||
"name": "Test template 4",
|
||||
@ -130,6 +141,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
|
||||
)
|
||||
|
||||
def test_email_subject_template_w_original(self):
|
||||
with self.with_user("boss"):
|
||||
self.env["mail.message.custom.subject"].create(
|
||||
{
|
||||
"name": "Test template 1",
|
||||
@ -150,6 +162,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
|
||||
|
||||
def test_bad_template_does_not_break(self):
|
||||
"""Create template with error (obaject) to test error."""
|
||||
with self.with_user("boss"):
|
||||
self.env["mail.message.custom.subject"].create(
|
||||
{
|
||||
"name": "Test bad template 1",
|
||||
|
Loading…
Reference in New Issue
Block a user