[document_page_approval] FIX BUG: am_i_approver was being run as sudo(), hence always giving the user Approving rights.

2025-07-22 20:12:04 -06:00 · 2018-04-24 20:51:03 -03:00 · 2018-04-24 20:51:03 -03:00 · 503e12ae48
commit 503e12ae48
parent 3a142e7ba2
2 changed files with 10 additions and 13 deletions
--- a/document_page_approval/models/document_page.py
+++ b/document_page_approval/models/document_page.py
@ -105,14 +105,17 @@ class DocumentPage(models.Model):
        # if it's not required, anyone can approve
        if not self.is_approval_required:
            return True
-        # to approve, you must have approver rights
-        approver_group_id = self.env.ref(
-            'document_page_approval.group_document_approver_user')
-        if approver_group_id not in user.groups_id:
+        # if user belongs to 'Knowledge / Manager', he can approve anything
+        if user.has_group('document_page.group_document_manager'):
+            return True
+        # to approve, user must have approver rights
+        if not user.has_group(
+                'document_page_approval.group_document_approver_user'):
            return False
-        # and belong to at least one of the approver_groups (if any is set)
+        # if there aren't any approver_groups_defined, user can approve
        if not self.approver_group_ids:
            return True
+        # to approve, user must belong to any of the approver groups
        return len(user.groups_id & self.approver_group_ids) > 0

    @api.multi
--- a/document_page_approval/models/document_page_history.py
+++ b/document_page_approval/models/document_page_history.py
@ -41,7 +41,8 @@ class DocumentPageHistory(models.Model):
    )

    am_i_approver = fields.Boolean(
-        compute='_compute_am_i_approver'
+        related='page_id.am_i_approver',
+        related_sudo=False,
    )

    page_url = fields.Text(
@ -151,13 +152,6 @@ class DocumentPageHistory(models.Model):
        for rec in self:
            rec.am_i_owner = (rec.create_uid == self.env.user)

-    @api.multi
-    def _compute_am_i_approver(self):
-        """check if current user is a approver"""
-        for rec in self:
-            rec.am_i_approver = rec.page_id.can_user_approve_this_page(
-                self.env.user)
-
    @api.multi
    def _compute_page_url(self):
        """Compute the page url."""