[FIX] website: don't block the Editor and Designer website group

[thle-odoo]

Versions:

• 16+

Steps to reproduce:

• install hr_contract module;
• remove value for Contracts group in the user settings.
• have the "Editor and Designer" group for the user;
• try to modify the URL of a website page (via Properties). (It is an example)

Issue:

An access error is triggered.

Cause:

During the search_url_dependencies method,
we perform the search method on all models that
contain stored html fields
(and other conditions expressed within
the query of the search_url_dependencies method).

When we perform a search on the model 'hr.contract' (because it contains the html field notes),
we trigger the access error because we don't have
access to this model.

Solution:

We can add a sudo to prevent the user with the
Editor and Designer group from being blocked
during search.

opw-3374599

[robodoo]

Pull request status dashboard.

[pivi-odoo]

LGTM, there are no bridge modules between website and the corresponding modules, to grant read access to the users with the editor group, so the sudo seems like a good alternative. Maybe adding a check to make sure the user has the editor group before escalating privileges could help it make a bit more explicit, but it may not be necessary.

[rdeodoo]

Hm.. This is a duplicate of #123014 which we closed because we are working on a larger fix including this sudo/right access issue.
Please see #116839 (review)

It is taking a bit of time since it's actually coming with a refactoring / change of behavior (since it was not working at all with big databases and since this way of discovering all html fields is being more and more used in website).

I will try to merge @bso-odoo PR by tomorrow as this is a real problem being reported multiple time, sorry about that.

This one can surely be closed.