Please sign in to comment.
[FIX] website_sale: prevent compute search to be run in sudo
Before this commit, when accessing an user's pricelist, it would raise a 500 error in multi-company environment. Indeed, when doing `self.env.user.partner_id.property_product_pricelist`, even if self.env is not un sudo mode, the compute from `property_product_pricelist` is executed as sudo. Since this method is then doing a `search()`, it won't use the multi-company pricelist ir.rule. It will return all the pricelist, including the ones from other companies. Then, when trying to read that pricelist, it will raise an access error. Now, we correctly execute the compute (and so the search) in the user env, it won't get pricelists from other companies.
- Loading branch information...
Showing with 25 additions and 2 deletions.