[FIX] mail, portal: fix mail/view redirection parameters when not logged

When being not logged and receiving an internal link, user is redirected
to an internal link with missing parameters (token, ... ). This leads
to faulty URLs that are not usable.

This issue is fixed by correctly redirecting using the original given
URL.

Task-4685166

X-original-commit: odoo/odoo@b24e9d6
Part-of: odoo#213889
Signed-off-by: Thibault Delavallee (tde) <[email protected]>

Author: tde-banana-odoo

addons/mail/controllers/mail.py

@@ -140,10 +140,21 @@ def _redirect_to_record(cls, model, res_id, access_token=None, **kwargs):
         # the record has an URL redirection: use it directly
         if record_action['type'] == 'ir.actions.act_url':
             return request.redirect(record_action['url'])
-        # other choice: act_window (no support of anything else currently)
+        # anything else than an act_window is not supported
         elif record_action['type'] != 'ir.actions.act_window':
             return cls._redirect_to_messaging()
 
+        # backend act_window: when not logged, unless really readable as public,
+        # user is going to be redirected to login -> keep mail/view as redirect
+        # in that case. In case of readable record, we consider this might be
+        # a customization and we do not change the behavior in stable
+        if uid is None or request.env.user._is_public():
+            has_access = record_sudo.with_user(request.env.user).has_access('read')
+            if not has_access:
+                return cls._redirect_to_login_with_mail_view(
+                    model, res_id, access_token=access_token, **kwargs,
+                )
+
         url_params = {}
         menu_id = request.env['ir.ui.menu']._get_best_backend_root_menu_id_for_model(model)
         if menu_id:

addons/test_mail_full/tests/test_portal.py

@@ -370,10 +370,10 @@ def test_portal_access_not_logged(self):
                 "No access (portal enabled), invalid token", self.record_portal_url_auth_wrong_token,
                 f'{login_url}?{url_encode({"redirect": self.record_portal_url_auth_wrong_token.replace(self.test_base_url, "")})}',
             ),
-            # std url, no access to record -> redirect to login, with internal backend redirect ending with a ? (???)
+            # std url, no access to record -> redirect to login with redirect to original link, will be rejected after login
             (
                 'No access record (internal)', self.record_internal_url_base,
-                f'{login_url}?{url_encode({"redirect": self.internal_backend_local_url + "?"})}',
+                f'{login_url}?{url_encode({"redirect": self.record_internal_url_base.replace(self.test_base_url, "")})}',
             ),
             # std url, no access to record but portal -> redirect to login, original (local) URL kept as redirection post login to try again (even if faulty)
             (
@@ -382,7 +382,7 @@ def test_portal_access_not_logged(self):
             ),
             (
                 'No access record (portal can read, no customer portal)', self.record_read_url_base,
-                f'{login_url}?{url_encode({"redirect": self.read_backend_local_url + "?"})}',
+                f'{login_url}?{url_encode({"redirect": self.record_read_url_base.replace(self.test_base_url, "")})}',
             ),
             # public_type act_url -> share users are redirected to frontend url
             (