[16.0] Helpdesk Portal - 403 error when a Ticket partner_id is an internal user

[Internauta92]

Module

helpdesk_mgmt

Describe the bug

When a Ticket is created with an Internal User as partner_id (e.g. a Helpdesk Team user) with a Portal User in following, the Partner user gets 403 Forbidden error from Helpdesk Tickets List in Portal Website.

To Reproduce

Affected versions: 16.0, maybe older versions too (I found this old PR: #309 ).

Steps to reproduce the behavior:

1. Create an User with Portal Access
2. Open a new Ticket with correct Partner ID and verify that the Portal User can see the Tickets List
3. Change partner_id to an Internal User or create a new Ticket with an Internal User

Expected behavior
Tickets List and Tickets should be visible even when partner_id is an Internal User.
Alternative: maybe the partner_id can be the Portal User (or its Company Contact) even when the Ticket is opened by an Internal User.

Additional context
This happens a lot with Tickets opened from the email.

Stack Trace:

ERROR new odoo.http: Exception during request handling. 
 Traceback (most recent call last):
   File "/usr/lib/python3/dist-packages/odoo/api.py", line 997, in get
     cache_value = field_cache[record._ids[0]]
 KeyError: 41
 
 During handling of the above exception, another exception occurred:
 
 Traceback (most recent call last):
   File "/usr/lib/python3/dist-packages/odoo/fields.py", line 1161, in __get__
     value = env.cache.get(record, self)
   File "/usr/lib/python3/dist-packages/odoo/api.py", line 1004, in get
     raise CacheMiss(record, field)
 odoo.exceptions.CacheMiss: 'res.partner(41,).name'
 
 During handling of the above exception, another exception occurred:
 
 Traceback (most recent call last):
   File "/usr/lib/python3/dist-packages/odoo/fields.py", line 1187, in __get__
     recs._fetch_field(self)
   File "/usr/lib/python3/dist-packages/odoo/models.py", line 3210, in _fetch_field
     self._read(fnames)
   File "/usr/lib/python3/dist-packages/odoo/models.py", line 3336, in _read
     raise self.env['ir.rule']._make_access_error('read', forbidden)
 odoo.exceptions.AccessError: Due to security restrictions, you are not allowed to access 'Contact' (res.partner) records.
 
 Contact your administrator to request access if necessary.
 
 During handling of the above exception, another exception occurred:
 
 Traceback (most recent call last):
   File "<752>", line 481, in template_752
   File "<752>", line 462, in template_752_content
   File "<752>", line 210, in template_752_t_call_0
   File "/usr/lib/python3/dist-packages/odoo/fields.py", line 1189, in __get__
     record._fetch_field(self)
   File "/usr/lib/python3/dist-packages/odoo/models.py", line 3210, in _fetch_field
     self._read(fnames)
   File "/usr/lib/python3/dist-packages/odoo/models.py", line 3336, in _read
     raise self.env['ir.rule']._make_access_error('read', forbidden)
 odoo.exceptions.AccessError: Due to security restrictions, you are not allowed to access 'Contact' (res.partner) records.
 
 Contact your administrator to request access if necessary.
 
 The above exception was the direct cause of the following exception:
 
 Traceback (most recent call last):
   File "/usr/lib/python3/dist-packages/odoo/http.py", line 2063, in __call__
     response = request._serve_db()
   File "/usr/lib/python3/dist-packages/odoo/http.py", line 1651, in _serve_db
     return service_model.retrying(self._serve_ir_http, self.env)
   File "/usr/lib/python3/dist-packages/odoo/service/model.py", line 133, in retrying
     result = func()
   File "/usr/lib/python3/dist-packages/odoo/http.py", line 1678, in _serve_ir_http
     response = self.dispatcher.dispatch(rule.endpoint, args)
   File "/usr/lib/python3/dist-packages/odoo/http.py", line 1792, in dispatch
     return self.request.registry['ir.http']._dispatch(endpoint)
   File "/usr/lib/python3/dist-packages/odoo/addons/website/models/ir_http.py", line 237, in _dispatch
     response = super()._dispatch(endpoint)
   File "/usr/lib/python3/dist-packages/odoo/addons/base/models/ir_http.py", line 156, in _dispatch
     result.flatten()
   File "/usr/lib/python3/dist-packages/odoo/http.py", line 1182, in flatten
     self.response.append(self.render())
   File "/usr/lib/python3/dist-packages/odoo/http.py", line 1174, in render
     return request.env["ir.ui.view"]._render_template(self.template, self.qcontext)
   File "/usr/lib/python3/dist-packages/odoo/addons/website/models/ir_ui_view.py", line 419, in _render_template
     return super()._render_template(template, values=values)
   File "/usr/lib/python3/dist-packages/odoo/addons/base/models/ir_ui_view.py", line 2129, in _render_template
     return self.env['ir.qweb']._render(template, values)
   File "/usr/lib/python3/dist-packages/odoo/tools/profiler.py", line 294, in _tracked_method_render
     return method_render(self, template, values, **options)
   File "/usr/lib/python3/dist-packages/odoo/addons/base/models/ir_qweb.py", line 587, in _render
     result = ''.join(rendering)
   File "<751>", line 119, in template_751
   File "<751>", line 101, in template_751_content
   File "<751>", line 90, in template_751_t_call_0
   File "<752>", line 487, in template_752
 odoo.addons.base.models.ir_qweb.QWebException: Error while render the template
 AccessError: Due to security restrictions, you are not allowed to access 'Contact' (res.partner) records.
 
 Contact your administrator to request access if necessary.
 Template: helpdesk_mgmt.portal_ticket_list
 Path: /t/t/t/t/tbody/t/tr/td[1]/span
 Node: <span t-esc="ticket.partner_id.name"/>
 2024-11-06 17:14:34,643 18 INFO new werkzeug: 172.18.0.1 - - [06/Nov/2024 17:14:34] "GET /my/tickets HTTP/1.1" 403 - 89 0.021 0.130

Thank you in advance.