Initial commit: Hr packages

2026-04-25 00:32:01 +02:00 · 2025-08-29 15:20:50 +02:00 · 2025-08-29 15:20:50 +02:00 · 62531cd146
commit 62531cd146
2820 changed files with 1432848 additions and 0 deletions
--- a/odoo-bringout-oca-ocb-hr/hr/tests/init.py
+++ b/odoo-bringout-oca-ocb-hr/hr/tests/init.py
@ -0,0 +1,9 @@
+# -*- coding: utf-8 -*-
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from . import test_hr_employee
+from . import test_channel
+from . import test_self_user_access
+from . import test_multi_company
+from . import test_resource
+from . import test_ui
--- a/odoo-bringout-oca-ocb-hr/hr/tests/common.py
+++ b/odoo-bringout-oca-ocb-hr/hr/tests/common.py
@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from odoo.addons.mail.tests.common import mail_new_test_user
+from odoo.tests import common
+
+
+class TestHrCommon(common.TransactionCase):
+
+    @classmethod
+    def setUpClass(cls):
+        super(TestHrCommon, cls).setUpClass()
+
+        cls.res_users_hr_officer = mail_new_test_user(cls.env, login='hro', groups='base.group_user,hr.group_hr_user', name='HR Officer', email='hro@example.com')
--- a/odoo-bringout-oca-ocb-hr/hr/tests/test_channel.py
+++ b/odoo-bringout-oca-ocb-hr/hr/tests/test_channel.py
@ -0,0 +1,30 @@
+# -*- coding: utf-8 -*-
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from odoo.addons.hr.tests.common import TestHrCommon
+
+
+class TestChannel(TestHrCommon):
+
+    @classmethod
+    def setUpClass(cls):
+        super(TestChannel, cls).setUpClass()
+
+        cls.channel = cls.env['mail.channel'].create({'name': 'Test'})
+
+        emp0 = cls.env['hr.employee'].create({
+            'user_id': cls.res_users_hr_officer.id,
+        })
+        cls.department = cls.env['hr.department'].create({
+            'name': 'Test Department',
+            'member_ids': [(4, emp0.id)],
+        })
+
+    def test_auto_subscribe_department(self):
+        self.assertEqual(self.channel.channel_partner_ids, self.env['res.partner'])
+
+        self.channel.write({
+            'subscription_department_ids': [(4, self.department.id)]
+        })
+
+        self.assertEqual(self.channel.channel_partner_ids, self.department.mapped('member_ids.user_id.partner_id'))
--- a/odoo-bringout-oca-ocb-hr/hr/tests/test_hr_employee.py
+++ b/odoo-bringout-oca-ocb-hr/hr/tests/test_hr_employee.py
@ -0,0 +1,228 @@
+# -*- coding: utf-8 -*-
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from odoo.tests import Form
+from odoo.addons.hr.tests.common import TestHrCommon
+
+
+class TestHrEmployee(TestHrCommon):
+
+    def setUp(self):
+        super().setUp()
+        self.user_without_image = self.env['res.users'].create({
+            'name': 'Marc Demo',
+            'email': 'mark.brown23@example.com',
+            'image_1920': False,
+            'login': 'demo_1',
+            'password': 'demo_123'
+        })
+        self.employee_without_image = self.env['hr.employee'].create({
+            'user_id': self.user_without_image.id,
+            'image_1920': False
+        })
+
+    def test_employee_linked_partner(self):
+        user_partner = self.user_without_image.partner_id
+        work_contact = self.employee_without_image.work_contact_id
+        self.assertEqual(user_partner, work_contact)
+
+    def test_employee_resource(self):
+        _tz = 'Pacific/Apia'
+        self.res_users_hr_officer.company_id.resource_calendar_id.tz = _tz
+        Employee = self.env['hr.employee'].with_user(self.res_users_hr_officer)
+        employee_form = Form(Employee)
+        employee_form.name = 'Raoul Grosbedon'
+        employee_form.work_email = 'raoul@example.com'
+        employee = employee_form.save()
+        self.assertEqual(employee.tz, _tz)
+
+    def test_employee_from_user(self):
+        _tz = 'Pacific/Apia'
+        _tz2 = 'America/Tijuana'
+        self.res_users_hr_officer.company_id.resource_calendar_id.tz = _tz
+        self.res_users_hr_officer.tz = _tz2
+        Employee = self.env['hr.employee'].with_user(self.res_users_hr_officer)
+        employee_form = Form(Employee)
+        employee_form.name = 'Raoul Grosbedon'
+        employee_form.work_email = 'raoul@example.com'
+        employee_form.user_id = self.res_users_hr_officer
+        employee = employee_form.save()
+        self.assertEqual(employee.name, 'Raoul Grosbedon')
+        self.assertEqual(employee.work_email, self.res_users_hr_officer.email)
+        self.assertEqual(employee.tz, self.res_users_hr_officer.tz)
+
+    def test_employee_from_user_tz_no_reset(self):
+        _tz = 'Pacific/Apia'
+        self.res_users_hr_officer.tz = False
+        Employee = self.env['hr.employee'].with_user(self.res_users_hr_officer)
+        employee_form = Form(Employee)
+        employee_form.name = 'Raoul Grosbedon'
+        employee_form.work_email = 'raoul@example.com'
+        employee_form.tz = _tz
+        employee_form.user_id = self.res_users_hr_officer
+        employee = employee_form.save()
+        self.assertEqual(employee.name, 'Raoul Grosbedon')
+        self.assertEqual(employee.work_email, self.res_users_hr_officer.email)
+        self.assertEqual(employee.tz, _tz)
+
+    def test_employee_has_avatar_even_if_it_has_no_image(self):
+        self.assertTrue(self.employee_without_image.avatar_128)
+        self.assertTrue(self.employee_without_image.avatar_256)
+        self.assertTrue(self.employee_without_image.avatar_512)
+        self.assertTrue(self.employee_without_image.avatar_1024)
+        self.assertTrue(self.employee_without_image.avatar_1920)
+
+    def test_employee_has_same_avatar_as_corresponding_user(self):
+        self.assertEqual(self.employee_without_image.avatar_1920, self.user_without_image.avatar_1920)
+
+    def test_employee_member_of_department(self):
+        dept, dept_sub, dept_sub_sub, dept_other, dept_parent = self.env['hr.department'].create([
+            {
+                'name': 'main',
+            },
+            {
+                'name': 'sub',
+            },
+            {
+                'name': 'sub-sub',
+            },
+            {
+                'name': 'other',
+            },
+            {
+                'name': 'parent',
+            },
+        ])
+        dept_sub.parent_id = dept
+        dept_sub_sub.parent_id = dept_sub
+        dept.parent_id = dept_parent
+        emp, emp_sub, emp_sub_sub, emp_other, emp_parent = self.env['hr.employee'].with_user(self.res_users_hr_officer).create([
+            {
+                'name': 'employee',
+                'department_id': dept.id,
+            },
+            {
+                'name': 'employee sub',
+                'department_id': dept_sub.id,
+            },
+            {
+                'name': 'employee sub sub',
+                'department_id': dept_sub_sub.id,
+            },
+            {
+                'name': 'employee other',
+                'department_id': dept_other.id,
+            },
+            {
+                'name': 'employee parent',
+                'department_id': dept_parent.id,
+            },
+        ])
+        self.res_users_hr_officer.employee_id = emp
+        self.assertTrue(emp.member_of_department)
+        self.assertTrue(emp_sub.member_of_department)
+        self.assertTrue(emp_sub_sub.member_of_department)
+        self.assertFalse(emp_other.member_of_department)
+        self.assertFalse(emp_parent.member_of_department)
+        employees = emp + emp_sub + emp_sub_sub + emp_other + emp_parent
+        self.assertEqual(
+            employees.filtered_domain(employees._search_part_of_department('=', True)),
+            emp + emp_sub + emp_sub_sub)
+        self.assertEqual(
+            employees.filtered_domain(employees._search_part_of_department('!=', False)),
+            emp + emp_sub + emp_sub_sub)
+        self.assertEqual(
+            employees.filtered_domain(employees._search_part_of_department('=', False)),
+            emp_other + emp_parent)
+        self.assertEqual(
+            employees.filtered_domain(employees._search_part_of_department('!=', True)),
+            emp_other + emp_parent)
+
+    def test_employee_create_from_user(self):
+        employee = self.env['hr.employee'].create({
+            'name': 'Test User 3 - employee'
+        })
+        user_1, user_2, user_3 = self.env['res.users'].create([
+            {
+                'name': 'Test User',
+                'login': 'test_user',
+                'email': 'test_user@odoo.com',
+            },
+            {
+                'name': 'Test User 2',
+                'login': 'test_user_2',
+                'email': 'test_user_2@odoo.com',
+                'create_employee': True,
+            },
+            {
+                'name': 'Test User 3',
+                'login': 'test_user_3',
+                'email': 'test_user_3@odoo.com',
+                'create_employee_id': employee.id,
+            },
+        ])
+        # Test that creating an user does not create an employee by default
+        self.assertFalse(user_1.employee_id)
+        # Test that setting create_employee does create the associated employee
+        self.assertTrue(user_2.employee_id)
+        # Test that creating an user with a given employee associates the employee correctly
+        self.assertEqual(user_3.employee_id, employee)
+
+    def test_employee_create_from_signup(self):
+        # Test that an employee is not created when signin up on the website
+        partner = self.env['res.partner'].create({
+            'name': 'test partner'
+        })
+        self.env['res.users'].signup({
+            'name': 'Test User',
+            'login': 'test_user',
+            'email': 'test_user@odoo.com',
+            'password': 'test_user_password',
+            'partner_id': partner.id,
+        })
+        self.assertFalse(self.env['res.users'].search([('login', '=', 'test_user')]).employee_id)
+
+    def test_employee_update_work_contact_id(self):
+        """
+            Check that the `work_contact_id` information is no longer
+            updated when an employee's `user_id` is removed.
+        """
+        user = self.env['res.users'].create({
+            'name': 'Test',
+            'login': 'test',
+            'email': 'test@example.com',
+        })
+        employee_A, employee_B = self.env['hr.employee'].create([
+            {
+                'name': 'Employee A',
+                'user_id': user.id,
+                'work_email': 'employee_A@example.com',
+            },
+            {
+                'name': 'Employee B',
+                'user_id': False,
+                'work_email': 'employee_B@example.com',
+            }
+        ])
+        employee_A.user_id = False
+        employee_B.user_id = user.id
+        employee_B.work_email = 'new_email@example.com'
+        self.assertEqual(employee_A.work_email, 'employee_A@example.com')
+        self.assertEqual(employee_B.work_email, 'new_email@example.com')
+
+    def test_unlink_address(self):
+        employee = self.employee_without_image
+        partner = self.env["res.partner"].create({
+            "name": "Mr. Bean",
+            "street": "12 Arbour Road",
+            "city": "London"
+        })
+        employee.address_home_id = partner.id
+        bank = self.env['res.partner.bank'].create({
+            "acc_number": "123",
+            "partner_id": partner.id
+        })
+        employee.bank_account_id = bank.id
+
+        employee.address_home_id = False
+        self.assertFalse(employee.address_home_id)
--- a/odoo-bringout-oca-ocb-hr/hr/tests/test_multi_company.py
+++ b/odoo-bringout-oca-ocb-hr/hr/tests/test_multi_company.py
@ -0,0 +1,41 @@
+# -*- coding: utf-8 -*-
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from odoo.tests import Form
+from odoo.addons.hr.tests.common import TestHrCommon
+from odoo.addons.base.models.ir_qweb import QWebException
+
+
+class TestMultiCompany(TestHrCommon):
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.company_1 = cls.env['res.company'].create({'name': 'Opoo'})
+        cls.company_2 = cls.env['res.company'].create({'name': 'Otoo'})
+        cls.employees = cls.env['hr.employee'].create([
+            {'name': 'Bidule', 'company_id': cls.company_1.id},
+            {'name': 'Machin', 'company_id': cls.company_2.id},
+        ])
+        cls.res_users_hr_officer.company_ids = [
+            (4, cls.company_1.id),
+            (4, cls.company_2.id),
+        ]
+        cls.res_users_hr_officer.company_id = cls.company_1.id
+        # flush and invalidate the cache, otherwise a full cache may prevent
+        # access rights to be checked
+        cls.env.flush_all()
+        cls.env.invalidate_all()
+
+    def test_multi_company_report(self):
+        content, _ = self.env['ir.actions.report'].with_user(self.res_users_hr_officer).with_context(
+            allowed_company_ids=[self.company_1.id, self.company_2.id]
+        )._render_qweb_pdf('hr.hr_employee_print_badge', res_ids=self.employees.ids)
+        self.assertIn(b'Bidule', content)
+        self.assertIn(b'Machin', content)
+
+    def test_single_company_report(self):
+        with self.assertRaises(QWebException):  # CacheMiss followed by AccessError
+            self.env['ir.actions.report'].with_user(self.res_users_hr_officer).with_company(
+                self.company_1
+            )._render_qweb_pdf('hr.hr_employee_print_badge', res_ids=self.employees.ids)
--- a/odoo-bringout-oca-ocb-hr/hr/tests/test_resource.py
+++ b/odoo-bringout-oca-ocb-hr/hr/tests/test_resource.py
@ -0,0 +1,57 @@
+# -*- coding: utf-8 -*-
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+from datetime import datetime
+from pytz import timezone, utc
+
+from odoo.addons.resource.models.resource import Intervals, sum_intervals
+
+from .common import TestHrCommon
+
+
+class TestResource(TestHrCommon):
+
+    @classmethod
+    def setUpClass(cls):
+        super(TestResource, cls).setUpClass()
+        cls.calendar_40h = cls.env['resource.calendar'].create({'name': 'Default calendar'})
+        cls.employee_niv = cls.env['hr.employee'].create({
+            'name': 'Sharlene Rhodes',
+            'departure_date': '2022-06-01',
+            'resource_calendar_id': cls.calendar_40h.id,
+        })
+        cls.employee_niv_create_date = '2021-01-01 10:00:00'
+        cls.env.cr.execute("UPDATE hr_employee SET create_date=%s WHERE id=%s",
+                           (cls.employee_niv_create_date, cls.employee_niv.id))
+
+    def test_calendars_validity_within_period_default(self):
+        calendars = self.employee_niv.resource_id._get_calendars_validity_within_period(
+            utc.localize(datetime(2021, 7, 1, 8, 0, 0)),
+            utc.localize(datetime(2021, 7, 30, 17, 0, 0)),
+        )
+        interval = Intervals([(
+            utc.localize(datetime(2021, 7, 1, 8, 0, 0)),
+            utc.localize(datetime(2021, 7, 30, 17, 0, 0)),
+            self.env['resource.calendar.attendance']
+        )])
+
+        self.assertEqual(1, len(calendars), "The dict returned by calendars validity should only have 1 entry")
+        self.assertEqual(1, len(calendars[self.employee_niv.resource_id.id]), "Niv should only have one calendar")
+        niv_entry = calendars[self.employee_niv.resource_id.id]
+        niv_calendar = next(iter(niv_entry))
+        self.assertEqual(niv_calendar, self.calendar_40h, "It should be Niv's Calendar")
+        self.assertFalse(niv_entry[niv_calendar] - interval, "Interval should cover all calendar's validity")
+        self.assertFalse(interval - niv_entry[niv_calendar], "Calendar validity should cover all interval")
+
+    def test_calendars_validity_within_period_creation(self):
+        calendars = self.employee_niv.resource_id._get_calendars_validity_within_period(
+            utc.localize(datetime(2020, 12, 1, 8, 0, 0)),
+            utc.localize(datetime(2021, 1, 31, 17, 0, 0)),
+        )
+        interval = Intervals([(
+            utc.localize(datetime(2020, 12, 1, 8, 0, 0)),
+            utc.localize(datetime(2021, 1, 31, 17, 0, 0)),
+            self.env['resource.calendar.attendance']
+        )])
+        niv_entry = calendars[self.employee_niv.resource_id.id]
+        self.assertFalse(niv_entry[self.calendar_40h] - interval, "Interval should cover all calendar's validity")
+        self.assertFalse(interval - niv_entry[self.calendar_40h], "Calendar validity should cover all interval")
--- a/odoo-bringout-oca-ocb-hr/hr/tests/test_self_user_access.py
+++ b/odoo-bringout-oca-ocb-hr/hr/tests/test_self_user_access.py
@ -0,0 +1,242 @@
+# -*- coding: utf-8 -*-
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from collections import OrderedDict
+from itertools import chain
+from lxml import etree
+
+from odoo.addons.hr.tests.common import TestHrCommon
+from odoo.tests import new_test_user, tagged, Form
+from odoo.exceptions import AccessError
+
+@tagged('post_install', '-at_install')
+class TestSelfAccessProfile(TestHrCommon):
+
+    def test_access_my_profile(self):
+        """ A simple user should be able to read all fields in his profile """
+        james = new_test_user(self.env, login='hel', groups='base.group_user', name='Simple employee', email='ric@example.com')
+        james = james.with_user(james)
+        self.env['hr.employee'].create({
+            'name': 'James',
+            'user_id': james.id,
+            'bank_account_id': self.env['res.partner.bank'].create({'acc_number': 'BE1234567890', 'partner_id': james.partner_id.id}).id
+        })
+        view = self.env.ref('hr.res_users_view_form_profile')
+        view_infos = james.get_view(view.id)
+        fields = [el.get('name') for el in etree.fromstring(view_infos['arch']).xpath('//field[not(ancestor::field)]')]
+        james.read(fields)
+
+    def test_readonly_fields(self):
+        """ Employee related fields should be readonly if self editing is not allowed """
+        self.env['ir.config_parameter'].sudo().set_param('hr.hr_employee_self_edit', False)
+        james = new_test_user(self.env, login='hel', groups='base.group_user', name='Simple employee', email='ric@example.com')
+        james = james.with_user(james)
+        self.env['hr.employee'].create({
+            'name': 'James',
+            'user_id': james.id,
+        })
+
+        view = self.env.ref('hr.res_users_view_form_profile')
+        fields = james._fields
+        view_infos = james.get_view(view.id)
+        employee_related_fields = {
+            el.get('name')
+            for el in etree.fromstring(view_infos['arch']).xpath('//field[not(ancestor::field)]')
+            if fields[el.get('name')].related and fields[el.get('name')].related.split('.')[0] == 'employee_id'
+        }
+
+        form = Form(james, view=view)
+        for field in employee_related_fields:
+            with self.assertRaises(AssertionError, msg="Field '%s' should be readonly in the employee profile when self editing is not allowed." % field):
+                form.__setattr__(field, 'some value')
+
+
+    def test_profile_view_fields(self):
+        """ A simple user should see all fields in profile view, even if they are protected by groups """
+        view = self.env.ref('hr.res_users_view_form_profile')
+
+        # For reference, check the view with user with every groups protecting user fields
+        all_groups_xml_ids = chain(*[
+            field.groups.split(',')
+            for field in self.env['res.users']._fields.values()
+            if field.groups
+            if field.groups != '.' # "no-access" group on purpose
+        ])
+        all_groups = self.env['res.groups']
+        for xml_id in all_groups_xml_ids:
+            all_groups |= self.env.ref(xml_id.strip())
+        user_all_groups = new_test_user(self.env, groups='base.group_user', login='hel', name='God')
+        user_all_groups.write({'groups_id': [(4, group.id, False) for group in all_groups]})
+        view_infos = self.env['res.users'].with_user(user_all_groups).get_view(view.id)
+        full_fields = [el.get('name') for el in etree.fromstring(view_infos['arch']).xpath('//field[not(ancestor::field)]')]
+
+        # Now check the view for a simple user
+        user = new_test_user(self.env, login='gro', name='Grouillot')
+        view_infos = self.env['res.users'].with_user(user).get_view(view.id)
+        fields = [el.get('name') for el in etree.fromstring(view_infos['arch']).xpath('//field[not(ancestor::field)]')]
+
+        # Compare both
+        self.assertEqual(full_fields, fields, "View fields should not depend on user's groups")
+
+    def test_access_my_profile_toolbar(self):
+        """ A simple user shouldn't have the possibilities to see the 'Change Password' action"""
+        james = new_test_user(self.env, login='jam', groups='base.group_user', name='Simple employee', email='jam@example.com')
+        james = james.with_user(james)
+        self.env['hr.employee'].create({
+            'name': 'James',
+            'user_id': james.id,
+        })
+        view = self.env.ref('hr.res_users_view_form_profile')
+        toolbar = james.get_views([(view.id, 'form')], {'toolbar': True})['views']['form']['toolbar']
+        available_actions = toolbar.get('action', [])
+        change_password_action = self.env.ref("base.change_password_wizard_action")
+
+        self.assertFalse(any(x['id'] == change_password_action.id for x in available_actions))
+
+        # An ERP manager should have the possibilities to see the 'Change Password'
+        john = new_test_user(self.env, login='joh', groups='base.group_erp_manager', name='ERP Manager', email='joh@example.com')
+        john = john.with_user(john)
+        self.env['hr.employee'].create({
+            'name': 'John',
+            'user_id': john.id,
+        })
+        view = self.env.ref('hr.res_users_view_form_profile')
+        available_actions = john.get_views([(view.id, 'form')], {'toolbar': True})['views']['form']['toolbar']['action']
+        self.assertTrue(any(x['id'] == change_password_action.id for x in available_actions))
+
+
+class TestSelfAccessRights(TestHrCommon):
+
+    @classmethod
+    def setUpClass(cls):
+        super(TestSelfAccessRights, cls).setUpClass()
+        cls.richard = new_test_user(cls.env, login='ric', groups='base.group_user', name='Simple employee', email='ric@example.com')
+        cls.richard_emp = cls.env['hr.employee'].create({
+            'name': 'Richard',
+            'user_id': cls.richard.id,
+            'address_home_id': cls.env['res.partner'].create({'name': 'Richard', 'phone': '21454', 'type': 'private'}).id,
+        })
+        cls.hubert = new_test_user(cls.env, login='hub', groups='base.group_user', name='Simple employee', email='hub@example.com')
+        cls.hubert_emp = cls.env['hr.employee'].create({
+            'name': 'Hubert',
+            'user_id': cls.hubert.id,
+            'address_home_id': cls.env['res.partner'].create({'name': 'Hubert', 'type': 'private'}).id,
+        })
+
+        cls.protected_fields_emp = OrderedDict([(k, v) for k, v in cls.env['hr.employee']._fields.items() if v.groups == 'hr.group_hr_user'])
+        # Compute fields and id field are always readable by everyone
+        cls.read_protected_fields_emp = OrderedDict([(k, v) for k, v in cls.env['hr.employee']._fields.items() if not v.compute and k != 'id'])
+        cls.self_protected_fields_user = OrderedDict([
+            (k, v)
+            for k, v in cls.env['res.users']._fields.items()
+            if v.groups == 'hr.group_hr_user' and k in cls.env['res.users'].SELF_READABLE_FIELDS
+        ])
+
+    # Read hr.employee #
+    def testReadSelfEmployee(self):
+        with self.assertRaises(AccessError):
+            self.hubert_emp.with_user(self.richard).read(self.protected_fields_emp.keys())
+
+    def testReadOtherEmployee(self):
+        with self.assertRaises(AccessError):
+            self.hubert_emp.with_user(self.richard).read(self.protected_fields_emp.keys())
+
+    # Write hr.employee #
+    def testWriteSelfEmployee(self):
+        for f in self.protected_fields_emp:
+            with self.assertRaises(AccessError):
+                self.richard_emp.with_user(self.richard).write({f: 'dummy'})
+
+    def testWriteOtherEmployee(self):
+        for f in self.protected_fields_emp:
+            with self.assertRaises(AccessError):
+                self.hubert_emp.with_user(self.richard).write({f: 'dummy'})
+
+    # Read res.users #
+    def testReadSelfUserEmployee(self):
+        for f in self.self_protected_fields_user:
+            self.richard.with_user(self.richard).read([f])  # should not raise
+
+    def testReadOtherUserEmployee(self):
+        with self.assertRaises(AccessError):
+            self.hubert.with_user(self.richard).read(self.self_protected_fields_user)
+
+    # Write res.users #
+    def testWriteSelfUserEmployeeSettingFalse(self):
+        for f, v in self.self_protected_fields_user.items():
+            with self.assertRaises(AccessError):
+                self.richard.with_user(self.richard).write({f: 'dummy'})
+
+    def testWriteSelfUserEmployee(self):
+        self.env['ir.config_parameter'].set_param('hr.hr_employee_self_edit', True)
+        for f, v in self.self_protected_fields_user.items():
+            val = None
+            if v.type == 'char' or v.type == 'text':
+                val = '0000' if f == 'pin' else 'dummy'
+            if val is not None:
+                self.richard.with_user(self.richard).write({f: val})
+
+    def testWriteSelfUserPreferencesEmployee(self):
+        # self should always be able to update non hr.employee fields if
+        # they are in SELF_READABLE_FIELDS
+        self.env['ir.config_parameter'].set_param('hr.hr_employee_self_edit', False)
+        # should not raise
+        vals = [
+            {'tz': "Australia/Sydney"},
+            {'email': "new@example.com"},
+            {'signature': "<p>I'm Richard!</p>"},
+            {'notification_type': "email"},
+        ]
+        for v in vals:
+            # should not raise
+            self.richard.with_user(self.richard).write(v)
+
+    def testWriteOtherUserPreferencesEmployee(self):
+        # self should always be able to update non hr.employee fields if
+        # they are in SELF_READABLE_FIELDS
+        self.env['ir.config_parameter'].set_param('hr.hr_employee_self_edit', False)
+        vals = [
+            {'tz': "Australia/Sydney"},
+            {'email': "new@example.com"},
+            {'signature': "<p>I'm Richard!</p>"},
+            {'notification_type': "email"},
+        ]
+        for v in vals:
+            with self.assertRaises(AccessError):
+                self.hubert.with_user(self.richard).write(v)
+
+    def testWriteSelfPhoneEmployee(self):
+        # phone is a related from res.partner (from base) but added in SELF_READABLE_FIELDS
+        self.env['ir.config_parameter'].set_param('hr.hr_employee_self_edit', False)
+        with self.assertRaises(AccessError):
+            self.richard.with_user(self.richard).write({'phone': '2154545'})
+
+    def testWriteOtherUserEmployee(self):
+        for f in self.self_protected_fields_user:
+            with self.assertRaises(AccessError):
+                self.hubert.with_user(self.richard).write({f: 'dummy'})
+
+    def testSearchUserEMployee(self):
+        # Searching user based on employee_id field should not raise bad query error
+        self.env['res.users'].with_user(self.richard).search([('employee_id', 'ilike', 'Hubert')])
+
+    def test_access_employee_account(self):
+        hubert = new_test_user(self.env, login='hubert', groups='base.group_user', name='Hubert Bonisseur de La Bath', email='hubert@oss.fr')
+        hubert = hubert.with_user(hubert)
+        hubert_acc = self.env['res.partner.bank'].create({'acc_number': 'FR1234567890', 'partner_id': hubert.partner_id.id})
+        hubert_emp = self.env['hr.employee'].create({
+            'name': 'Hubert',
+            'user_id': hubert.id,
+            'bank_account_id': hubert_acc.id
+        })
+        hubert.partner_id.sudo().employee_ids = hubert_emp
+
+        self.assertFalse(hubert.user_has_groups('hr.group_hr_user'))
+        self.assertFalse(hubert.env.su)
+
+        self.assertEqual(hubert.read(['employee_bank_account_id'])[0]['employee_bank_account_id'][1], 'FR******7890')
+        self.assertEqual(hubert.sudo().employee_bank_account_id.display_name, 'FR******7890')
+        self.assertEqual(hubert_emp.with_user(hubert).sudo().bank_account_id.display_name, 'FR******7890')
+
+        hubert_acc.invalidate_recordset(["display_name"])
+        self.assertEqual(hubert_emp.with_user(hubert).sudo().bank_account_id.sudo(False).display_name, 'FR******7890')
--- a/odoo-bringout-oca-ocb-hr/hr/tests/test_ui.py
+++ b/odoo-bringout-oca-ocb-hr/hr/tests/test_ui.py
@ -0,0 +1,17 @@
+# Part of Odoo. See LICENSE file for full copyright and licensing details.
+
+from odoo.tests import HttpCase, tagged, new_test_user
+
+@tagged('-at_install', 'post_install')
+class TestEmployeeUi(HttpCase):
+    def test_employee_profile_tour(self):
+        user = new_test_user(self.env, login='davidelora', groups='base.group_user')
+
+        self.env['hr.employee'].create([{
+            'name': 'Johnny H.',
+        }, {
+            'name': 'David Elora',
+            'user_id': user.id,
+        }])
+
+        self.start_tour("/web", 'hr_employee_tour', login="davidelora")