Skip to content
Browse files

[FIX] mail: allow to assign an activity to an user currently in anoth…

…er company

Let users A, B be in in companies C1 and C2,
such that A is currently in C1 and B in C2.
User A tries to assign to B an activity on record R belonging to C1.
It fails because at the time of the check B is not in the correct company,
even if B could handle the activity after switching company.

The _check_access_assignation was added in commit 96a223a,
to avoid activities to be created for records that the target user can't read.
Previous use-case is a legitimate one where we want to bypass this restriction.
Note that the systray notification widget is not company dependent,
and there is no way to remove a notification on a record the user can't read.*

In case where the record is company dependent and on a different company,
we skip the record rules check.
It is assumed that the check would fail because or company-related record rules.
It will create some unwanted activities, but only the minimal number we can let
through while allowing for all legitimate flows.

*Better solution for master is to give the user some more explicit message
if reading the record, suggesting to switch company,
or to allow to dismiss the notification altogether.

opw 1933862
  • Loading branch information...
len-odoo committed Feb 4, 2019
1 parent 27f8bb8 commit 190f89b12c286d79524efb5c2a78378be2946880
Showing with 6 additions and 0 deletions.
  1. +6 −0 addons/mail/models/
@@ -259,6 +259,12 @@ def _check_access_assignation(self):
target_user = activity.user_id
target_record = self.env[activity.res_model].browse(activity.res_id)
if hasattr(target_record, 'company_id') and (
target_record.company_id != target_user.company_id and (
len(target_user.company_ids) > 1)):
return # in that case we skip the check, assuming it would fail because of the company
except exceptions.AccessError:
raise exceptions.UserError(

0 comments on commit 190f89b

Please sign in to comment.
You can’t perform that action at this time.