Skip to content
Permalink
Browse files

[FIX] website: access website in multi-company

- Create 2 companies A & B
- Create a website A
- Create a user U with access to company B only
- Connect as U and go to the website

An internal server error is raised.

This is due to 7bfcb53 which verifies if the user isn't
granted access to companies he is not supposed to access.

This is exactly what was done before this commit: the website is in a
company not allowed to the user.

opw-2116539

closes #40004

X-original-commit: debc516
Signed-off-by: Nicolas Martinelli (nim) <nim@odoo.com>
  • Loading branch information...
nim-odoo authored and fw-bot committed Nov 7, 2019
1 parent feb58ce commit 194627a247b2d38e0e25ccd721bbe75eca3433aa
Showing with 6 additions and 1 deletion.
  1. +6 −1 addons/website/models/ir_http.py
@@ -193,7 +193,12 @@ def _add_dispatch_parameters(cls, func):
context['website_id'] = request.website.id
# This is mainly to avoid access errors in website controllers where there is no
# context (eg: /shop), and it's not going to propagate to the global context of the tab
context['allowed_company_ids'] = [request.website.company_id.id]
# If the company of the website is not in the allowed companies of the user, set the main
# company of the user.
if request.website.company_id in request.env.user.company_ids:
context['allowed_company_ids'] = request.website.company_id.ids
else:
context['allowed_company_ids'] = request.env.user.company_id.ids

# modify bound context
request.context = dict(request.context, **context)

0 comments on commit 194627a

Please sign in to comment.
You can’t perform that action at this time.