From fd3c2624a109b5fba64ed591c51822277b491565 Mon Sep 17 00:00:00 2001
From: Monica Diaz Pena <monicadp@merchise.org>
Date: Thu, 26 Dec 2019 14:30:16 -0500
Subject: [PATCH 1/5] Tests the search with suspend security.

---
 .../tests/test_base_suspend_security.py           | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/base_suspend_security/tests/test_base_suspend_security.py b/base_suspend_security/tests/test_base_suspend_security.py
index ff2fd658..eac0871e 100644
--- a/base_suspend_security/tests/test_base_suspend_security.py
+++ b/base_suspend_security/tests/test_base_suspend_security.py
@@ -30,3 +30,18 @@ class TestBaseSuspendSecurity(TransactionCase):
         # this tests if _normalize_args conversion works
         self.env['res.users'].browse(
             self.env['res.users'].suspend_security().env.uid)
+
+    def test_suspend_security_on_search(self):
+        user_without_access = self.env["res.users"].create(
+            dict(
+                name="Testing Suspend Security",
+                login="nogroups",
+                email="nogroups@suspendsecurity.com",
+                groups_id=[(5,)],
+            )
+        )
+        # the search is forbidden
+        with self.assertRaises(exceptions.AccessError):
+            self.env["ir.config_parameter"].sudo(user_without_access).search([])
+        # this tests the search
+        self.env["ir.config_parameter"].sudo(user_without_access).suspend_security().search([])

From 8f24e9e776ddec5361db8b5aaf092555f10d3ee3 Mon Sep 17 00:00:00 2001
From: Monica Diaz Pena <monicadp@merchise.org>
Date: Thu, 26 Dec 2019 14:31:56 -0500
Subject: [PATCH 2/5] Avoid Access Error when search with suspend security.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The Odoo `_search` function performs a  `sudo` on the first line of its
implementation, causing that the uid's wrapper (class BaseSuspendSecurityUid) is lost.

This is evidenced when a function with suspend security is called and in
its implementation needs the values ​​of a 'one2many' field (it does a
`search` in another model without reading access) an Access Error is raised.
---
 base_suspend_security/models/base.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/base_suspend_security/models/base.py b/base_suspend_security/models/base.py
index f187e339..822b548e 100644
--- a/base_suspend_security/models/base.py
+++ b/base_suspend_security/models/base.py
@@ -1,7 +1,7 @@
 # Copyright 2016 ACSONE SA/NV
 # License AGPL-3.0 or later (http://www.gnu.org/licenses/agpl).
 
-from odoo import api, models
+from odoo import api, models, SUPERUSER_ID
 
 from ..base_suspend_security import BaseSuspendSecurityUid
 
@@ -17,3 +17,12 @@ class Base(models.AbstractModel):
                 self.env.cr,
                 BaseSuspendSecurityUid(self.env.uid),
                 self.env.context))
+
+    def sudo(self, user=SUPERUSER_ID):
+        if isinstance(self.env.uid, BaseSuspendSecurityUid):
+            return self.with_env(
+                api.Environment(
+                    self.env.cr, BaseSuspendSecurityUid(user), self.env.context
+                )
+            )
+        return super().sudo(user)

From 77be6275b1d642bc4688851b1da805d0365f7fcf Mon Sep 17 00:00:00 2001
From: Monica Diaz Pena <monicadp@merchise.org>
Date: Mon, 6 Jan 2020 15:53:07 -0500
Subject: [PATCH 3/5] Allow reactivate the security in a suspend security call.

---
 base_suspend_security/models/base.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/base_suspend_security/models/base.py b/base_suspend_security/models/base.py
index 822b548e..439176f6 100644
--- a/base_suspend_security/models/base.py
+++ b/base_suspend_security/models/base.py
@@ -19,10 +19,10 @@ class Base(models.AbstractModel):
                 self.env.context))
 
     def sudo(self, user=SUPERUSER_ID):
-        if isinstance(self.env.uid, BaseSuspendSecurityUid):
+        if isinstance(user, BaseSuspendSecurityUid):
             return self.with_env(
                 api.Environment(
-                    self.env.cr, BaseSuspendSecurityUid(user), self.env.context
+                    self.env.cr, user, self.env.context
                 )
             )
         return super().sudo(user)

From d255acc749c8c5f2622450141b6d436e3354cfb8 Mon Sep 17 00:00:00 2001
From: Monica Diaz Pena <monicadp@merchise.org>
Date: Mon, 6 Jan 2020 17:11:25 -0500
Subject: [PATCH 4/5] Remove the __int__ implementation of
 BaseSuspendSecurityUid.

---
 base_suspend_security/base_suspend_security.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/base_suspend_security/base_suspend_security.py b/base_suspend_security/base_suspend_security.py
index f8712f77..03845d6d 100644
--- a/base_suspend_security/base_suspend_security.py
+++ b/base_suspend_security/base_suspend_security.py
@@ -4,9 +4,6 @@ from odoo.tools import pycompat
 
 
 class BaseSuspendSecurityUid(int):
-    def __int__(self):
-        return self
-
     def __eq__(self, other):
         if isinstance(other, pycompat.integer_types):
             return False

From 35f5b88073641959f490a7ca7f0ccb4e6657d283 Mon Sep 17 00:00:00 2001
From: Monica Diaz Pena <monicadp@merchise.org>
Date: Fri, 24 Jan 2020 17:24:32 -0500
Subject: [PATCH 5/5] Fix flake8: E501 line too long

---
 base_suspend_security/tests/test_base_suspend_security.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/base_suspend_security/tests/test_base_suspend_security.py b/base_suspend_security/tests/test_base_suspend_security.py
index eac0871e..64717f04 100644
--- a/base_suspend_security/tests/test_base_suspend_security.py
+++ b/base_suspend_security/tests/test_base_suspend_security.py
@@ -40,8 +40,9 @@ class TestBaseSuspendSecurity(TransactionCase):
                 groups_id=[(5,)],
             )
         )
+        model = self.env["ir.config_parameter"]
         # the search is forbidden
         with self.assertRaises(exceptions.AccessError):
-            self.env["ir.config_parameter"].sudo(user_without_access).search([])
+            model.sudo(user_without_access).search([])
         # this tests the search
-        self.env["ir.config_parameter"].sudo(user_without_access).suspend_security().search([])
+            model.sudo(user_without_access).suspend_security().search([])