[FIX] mail, portal: fix /mail/view generic fallback for portal

tde-banana-odoo · tde-banana-odoo · commit 0915628ab5f8 · 2025-06-13T05:24:23.000Z
When mail/view asks for a generic redirect (no access, ...) portal users can be redirected to '/my' directly, instead of a '/my + discuss action'. Discuss action makes no sense for portal users. Task-4685166 X-original-commit: odoo/odoo@f06aa25 Part-of: odoo#213889 Signed-off-by: Thibault Delavallee (tde) <tde@openerp.com>
diff --git a/addons/mail/controllers/mail.py b/addons/mail/controllers/mail.py
@@ -96,7 +96,9 @@ def _redirect_to_record(cls, model, res_id, access_token=None, **kwargs):
         # the record has a window redirection: check access rights
         if uid is not None:
             if not RecordModel.with_user(uid).has_access('read'):
-                return cls._redirect_to_messaging()
+                return cls._redirect_to_generic_fallback(
+                    model, res_id, access_token=access_token, **kwargs,
+                )
             try:
                 # We need here to extend the "allowed_company_ids" to allow a redirection
                 # to any record that the user can access, regardless of currently visible
@@ -121,7 +123,9 @@ def _redirect_to_record(cls, model, res_id, access_token=None, **kwargs):
                     record_sudo.with_user(uid).with_context(allowed_company_ids=cids).check_access('read')
                     request.future_response.set_cookie('cids', '-'.join([str(cid) for cid in cids]))
             except AccessError:
-                return cls._redirect_to_messaging()
+                return cls._redirect_to_generic_fallback(
+                    model, res_id, access_token=access_token, **kwargs,
+                )
             else:
                 record_action = record_sudo._get_access_action(access_uid=uid)
         else:
diff --git a/addons/portal/controllers/mail.py b/addons/portal/controllers/mail.py
@@ -121,6 +121,13 @@ def portal_message_update_is_internal(self, message_id, is_internal):
 
 class MailController(mail.MailController):
 
+    @classmethod
+    def _redirect_to_generic_fallback(cls, model, res_id, access_token=None, **kwargs):
+        # Generic fallback for a share user is the customer portal
+        if request.session.uid and request.env.user.share:
+            return request.redirect('/my')
+        return super()._redirect_to_generic_fallback(model, res_id, access_token=access_token, **kwargs)
+
     @classmethod
     def _redirect_to_record(cls, model, res_id, access_token=None, **kwargs):
         """ If the current user doesn't have access to the document, but provided
diff --git a/addons/test_mail_full/tests/test_portal.py b/addons/test_mail_full/tests/test_portal.py
@@ -299,7 +299,7 @@ def test_employee_access(self):
     def test_portal_access_logged(self):
         """ Check portal behavior when accessing mail/view, notably check token
         support and propagation. """
-        my_discuss_url = f'{self.test_base_url}/my?{url_encode({"subpath": "action-mail.action_discuss"})}'
+        my_url = f'{self.test_base_url}/my'
 
         self.authenticate(self.env.user.login, self.env.user.login)
         for url_name, url, exp_url in [
@@ -308,43 +308,43 @@ def test_portal_access_logged(self):
                 "No access (portal enabled), token", self.record_portal_url_auth,
                 self.portal_web_url_with_token,
             ),
-            # invalid token -> ko -> redirect to my with discuss action (???)
+            # invalid token -> ko -> redirect to my
             (
                 "No access (portal enabled), invalid token", self.record_portal_url_auth_wrong_token,
-                my_discuss_url,
+                my_url,
             ),
             # std url, read record -> redirect to my with parameters being record portal action parameters (???)
             (
                 'Access record (no customer portal)', self.record_read_url_base,
                 f'{self.test_base_url}/my?{url_encode({"subpath": f"{self.record_read._name}/{self.record_read.id}"})}',
             ),
-            # std url, no access to record -> redirect to my with discuss action (???)
+            # std url, no access to record -> redirect to my
             (
                 'No access record (internal)', self.record_internal_url_base,
-                my_discuss_url,
+                my_url,
             ),
-            # missing token -> redirect to my with discuss action (???)
+            # missing token -> redirect to my
             (
                 'No access record (portal enabled)', self.record_portal_url_base,
-                my_discuss_url,
+                my_url,
             ),
             # public_type act_url -> share users are redirected to frontend url
             (
                 "Public with act_url -> frontend url", self.record_public_act_url_base,
                 self.public_act_url_share
             ),
-            # not existing -> redirect to my with discuss action (???)
+            # not existing -> redirect to my
             (
                 'Not existing record (internal)', self.record_internal_url_no_exists,
-                my_discuss_url,
+                my_url,
             ),
             (
                 'Not existing record (portal enabled)', self.record_portal_url_no_exists,
-                my_discuss_url,
+                my_url,
             ),
             (
                 'Not existing model', self.record_url_no_model,
-                my_discuss_url,
+                my_url,
             ),
         ]:
             with self.subTest(name=url_name, url=url):
