19.0 vanilla

odoo-bringout-oca-ocb-hr/hr/tests/test_multi_company.py

@@ -1,12 +1,14 @@
 # -*- coding: utf-8 -*-
 # Part of Odoo. See LICENSE file for full copyright and licensing details.
 
-from odoo.tests import Form
 from odoo.addons.hr.tests.common import TestHrCommon
-from odoo.addons.base.models.ir_qweb import QWebException
+
+from odoo.addons.mail.tests.common import mail_new_test_user
+
+from odoo.exceptions import AccessError
 
 
-class TestMultiCompany(TestHrCommon):
+class TestMultiCompanyReport(TestHrCommon):
 
     @classmethod
     def setUpClass(cls):
@@ -35,7 +37,70 @@ class TestMultiCompany(TestHrCommon):
         self.assertIn(b'Machin', content)
 
     def test_single_company_report(self):
-        with self.assertRaises(QWebException):  # CacheMiss followed by AccessError
+        with self.assertRaises(AccessError):  # CacheMiss followed by AccessError
             self.env['ir.actions.report'].with_user(self.res_users_hr_officer).with_company(
                 self.company_1
             )._render_qweb_pdf('hr.hr_employee_print_badge', res_ids=self.employees.ids)
+
+
+class TestMultiCompany(TestHrCommon):
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+
+        cls.company_a = cls.env['res.company'].create({'name': 'Company A'})
+        cls.company_b = cls.env['res.company'].create({'name': 'Company B'})
+
+        cls.user_a = mail_new_test_user(cls.env, login='user_a', company_id=cls.company_a.id, company_ids=(cls.company_a | cls.company_b).ids)
+        cls.user_b = mail_new_test_user(cls.env, login='user_b', company_id=cls.company_b.id)
+
+        cls.employee_a = cls.env['hr.employee'].create({
+            'name': 'Employee A',
+            'company_id': cls.company_a.id,
+            'user_id': cls.user_a.id,
+        })
+
+        cls.employee_other_a = cls.env['hr.employee'].create({
+            'name': 'Employee Other A',
+            'company_id': cls.company_a.id,
+        })
+
+        cls.employee_b = cls.env['hr.employee'].create({
+            'name': 'Employee B',
+            'company_id': cls.company_b.id,
+            'user_id': cls.user_b.id,
+            'parent_id': cls.employee_a.id,
+        })
+
+        cls.employee_other_b = cls.env['hr.employee'].create({
+            'name': 'Employee Other B',
+            'company_id': cls.company_b.id,
+        })
+
+        cls.env.flush_all()
+        cls.env.invalidate_all()
+
+    def test_read_manager_employee(self):
+        # UserB should be able to read its manager's record - without being connected
+        # on company A
+        self.employee_a.with_user(self.user_b).with_company(self.company_b).name
+
+        self.employee_b.with_user(self.user_a).with_company(self.company_a).name
+
+        # UserB should not be able to read other employees in that company
+        with self.assertRaises(AccessError):
+            self.employee_other_a.with_user(self.user_b).with_company(self.company_b).name
+
+    def test_read_no_manager_company(self):
+        self.employee_b.parent_id = False
+
+        with self.assertRaises(AccessError):
+            self.employee_a.with_user(self.user_b).name
+
+    def test_compute_presence_state(self):
+        self.user_a.company_ids = self.company_a
+        # user A should still read the employee since he is the manager of that employee
+        self.employee_b.with_user(self.user_a).with_company(self.company_a).name
+
+        # user A should still read hr_presence_state even if he does not have access to the company of the employee
+        self.employee_b.with_user(self.user_a).with_company(self.company_a).hr_presence_state