Compute the active company with attachments

[ThiagoMForgeFlow]

Impacted versions:

15, 16, 17

Steps to reproduce:

1. Create a record rule that does not allow editing a Purchase Order with a company other than the active one.
   
2. Create a Purchase Order with the company that the user has by default.
3. Mark all companies as available and select one as active other than the user.
   
4. Try to attach an attachment to the Purchase Order.

Current behavior:

The system allows adding or deleting attachments without correctly evaluating the record rule.

Expected behavior:

With the record rule active, the system should not allow an attachment to be added since the active company does not match the company of the Purchase Order.

The value obtained from self.env.company is not correct, since it is returning the user's default company and not the one that is visually active.

def company(self):
        company_ids = self.context.get('allowed_company_ids', [])
        if company_ids:
            if not self.su:
                user_company_ids = self.user._get_company_ids()
                if set(company_ids) - set(user_company_ids):
                    raise AccessError(_("Access to unauthorized or invalid companies."))
            return self['res.company'].browse(company_ids[0])
        return self.user.company_id.with_env(self)

The value of allowed_company_ids is empty when it should not be.

Support ticket number submitted via odoo.com/help:

[LoisRForgeFlow]

Support ticket ID 3940230