diff --git a/models/__init__.py b/models/__init__.py
index ab87c94..26e4cbc 100644
--- a/models/__init__.py
+++ b/models/__init__.py
@@ -1,3 +1,4 @@
from . import hr_employee
from . import pos_config
+from . import pos_session
from . import res_users
diff --git a/models/__pycache__/__init__.cpython-312.pyc b/models/__pycache__/__init__.cpython-312.pyc
index e5fbc03..459921e 100644
Binary files a/models/__pycache__/__init__.cpython-312.pyc and b/models/__pycache__/__init__.cpython-312.pyc differ
diff --git a/models/__pycache__/hr_employee.cpython-312.pyc b/models/__pycache__/hr_employee.cpython-312.pyc
index dbabc22..4c07b77 100644
Binary files a/models/__pycache__/hr_employee.cpython-312.pyc and b/models/__pycache__/hr_employee.cpython-312.pyc differ
diff --git a/models/hr_employee.py b/models/hr_employee.py
index 01d63c0..252478d 100644
--- a/models/hr_employee.py
+++ b/models/hr_employee.py
@@ -1,3 +1,4 @@
+import hashlib
from odoo import models, fields, api, _
class HrEmployee(models.Model):
@@ -91,7 +92,40 @@ class HrEmployee(models.Model):
return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+ @api.model
+ def _load_pos_data_read(self, records, config):
+ """Override to read employee data (including work_contact_id / res.partner)
+ with sudo() so cashier users whose user.company_ids doesn't include the
+ employee partner's company_id don't get a read access error on session open.
+ The employee records are already filtered by _load_pos_data_domain before
+ arriving here, so sudo() is safe — we're only relaxing the partner rule.
+ """
+ fields = self._load_pos_data_fields(config)
+ # Read with sudo to bypass res.partner multi-company rule for work_contact_id
+ read_records = records.sudo().read(fields, load=False)
+ manager_ids = records.filtered(
+ lambda emp: config.group_pos_manager_id.id in emp.user_id.all_group_ids.ids
+ ).ids
+ employees_barcode_pin = records.get_barcodes_and_pin_hashed()
+ bp_per_employee_id = {bp_e['id']: bp_e for bp_e in employees_barcode_pin}
+
+ for employee in read_records:
+ if employee['id'] in manager_ids:
+ role = 'manager'
+ employee['_user_role'] = 'admin'
+ elif employee['id'] in config.advanced_employee_ids.ids:
+ role = 'manager'
+ elif employee['id'] in config.minimal_employee_ids.ids:
+ role = 'minimal'
+ else:
+ role = 'cashier'
+
+ employee['_role'] = role
+ employee['_barcode'] = bp_per_employee_id[employee['id']]['barcode']
+ employee['_pin'] = bp_per_employee_id[employee['id']]['pin']
+
+ return read_records
class HrEmployeePublic(models.Model):
diff --git a/models/pos_session.py b/models/pos_session.py
new file mode 100644
index 0000000..24287c8
--- /dev/null
+++ b/models/pos_session.py
@@ -0,0 +1,22 @@
+from odoo import models
+
+
+class PosSession(models.Model):
+ _inherit = 'pos.session'
+
+ def _get_message_author(self):
+ """Override to read employee partner with sudo() to avoid res.partner
+ access errors when the cashier's allowed companies don't include the
+ company_id set on work_contact_id (caused by hr_multi_company_employee
+ assigning employees to branch companies).
+ """
+ if not self.employee_id:
+ return None
+
+ # Use sudo() to bypass multi-company partner rule when reading
+ # the employee's work_contact_id or user partner for message posting.
+ employee = self.employee_id.sudo()
+ if related_partners := employee._get_related_partners():
+ return related_partners[0]
+
+ return self.sudo().user_id.partner_id
diff --git a/security/hr_security.xml b/security/hr_security.xml
index d2bf101..6b6e66f 100644
--- a/security/hr_security.xml
+++ b/security/hr_security.xml
@@ -16,7 +16,11 @@
- ['|', '|', ('partner_share', '=', False), ('company_id', 'parent_of', company_ids), ('company_id', '=', False)]
+
+ ['|', '|', '|', ('partner_share', '=', False), ('company_id', 'parent_of', company_ids), ('company_id', 'in', user.company_ids.ids), ('company_id', '=', False)]