[FIX] mail_notification_custom_subject: do not require being admin to send messages

After installing the module, any user was required to have admin rights to be able to search across models.

This fix does just that search with sudo and returns back to non-sudo mode immediately after. This way, we don't need to increase permissions for everybody.

Tests now run unprivileged, to assert this problem never happens again.

@moduon MT-1644 MT-1645
This commit is contained in:
Jairo Llopis 2022-12-02 08:57:08 +00:00
parent 6d6db264e2
commit ba8cf6ec7a
No known key found for this signature in database
GPG Key ID: E47E3BE44B940490
2 changed files with 91 additions and 70 deletions

View File

@ -33,8 +33,16 @@ class MailThread(models.AbstractModel):
raise_if_not_found=False,
)
if subtype_id:
custom_subjects = self.env["mail.message.custom.subject"].search(
[("model_id.model", "=", self._name), ("subtype_ids", "=", subtype_id)]
custom_subjects = (
self.env["mail.message.custom.subject"]
.sudo()
.search(
[
("model_id.model", "=", self._name),
("subtype_ids", "=", subtype_id),
]
)
.sudo(False)
)
if not subject:
subject = "Re: %s" % self.env["mail.message"].with_context(

View File

@ -20,8 +20,14 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
]
)
)
cls.admin = common.new_test_user(cls.env, "boss", "base.group_system")
def setUp(self):
super().setUp()
self.uid = common.new_test_user(self.env, "worker")
def test_email_subject_template_overrides(self):
with self.with_user("boss"):
self.env["mail.message.custom.subject"].create(
{
"name": "Test template 1",
@ -52,6 +58,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
self.assertEqual(mail_message_3.subject, "Test partner 2 and something more")
def test_email_subject_template_normal(self):
with self.with_user("boss"):
self.env["mail.message.custom.subject"].create(
{
"name": "Test template 1",
@ -68,6 +75,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
self.assertEqual(mail_message_1.subject, "Test")
def test_email_subject_template_multi(self):
with self.with_user("boss"):
self.env["mail.message.custom.subject"].create(
{
"name": "Test template 1",
@ -76,6 +84,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
"subject_template": "{{object.name or 'n/a'}} and something more",
}
)
with self.with_user("boss"):
self.env["mail.message.custom.subject"].create(
{
"name": "Test template 2",
@ -92,6 +101,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
self.assertEqual(
mail_message_1.subject, "Test partner 1 and something different"
)
with self.with_user("boss"):
self.env["mail.message.custom.subject"].create(
{
"name": "Test template 3",
@ -110,6 +120,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
mail_message_2.subject,
"Test partner 1 and something different and yet something else",
)
with self.with_user("boss"):
self.env["mail.message.custom.subject"].create(
{
"name": "Test template 4",
@ -130,6 +141,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
)
def test_email_subject_template_w_original(self):
with self.with_user("boss"):
self.env["mail.message.custom.subject"].create(
{
"name": "Test template 1",
@ -150,6 +162,7 @@ class TestMailNotificationCustomSubject(common.TransactionCase):
def test_bad_template_does_not_break(self):
"""Create template with error (obaject) to test error."""
with self.with_user("boss"):
self.env["mail.message.custom.subject"].create(
{
"name": "Test bad template 1",