From e5998791e91a6a5a9261e773d430e9d1760640f2 Mon Sep 17 00:00:00 2001
From: Suherdy Yacob <suherdy.yacob@mapan.co.id>
Date: Thu, 28 May 2026 15:00:07 +0700
Subject: [PATCH] refactor: revert res_partner_rule to standard domain to
 prevent AccessError and update module author

---
 __manifest__.py                               |   2 +-
 .../__pycache__/hr_employee.cpython-312.pyc   | Bin 5579 -> 5530 bytes
 models/hr_employee.py                         |   9 ++++++---
 security/hr_security.xml                      |   4 ----
 4 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/__manifest__.py b/__manifest__.py
index 914f362..9766418 100644
--- a/__manifest__.py
+++ b/__manifest__.py
@@ -7,7 +7,7 @@
         This module overrides the standard Odoo restriction of one company per employee.
         It allows an employee to be associated with multiple branch companies.
     """,
-    'author': 'Antigravity',
+    'author': 'Suherdy Yacob',
     'depends': ['hr', 'pos_hr', 'hr_attendance'],
     'data': [
         'security/hr_security.xml',
diff --git a/models/__pycache__/hr_employee.cpython-312.pyc b/models/__pycache__/hr_employee.cpython-312.pyc
index 3e257f80e9af217db2e149586e6da4b9d409801f..980ff58f840beb6be55492924b98e30c8a8260ca 100644
GIT binary patch
delta 165
zcmX@DJxiPKG%qg~0}$|h70)UX-^gdn$CMvEIfyTJ^9Q~@Mo#|xqRjNnyu_TzO#;{S
zI2hyum^%D#@C#q(SGdTpu)zNkzwr$Lk?EWhIVW>p7f`$?pt!(pgZ%|1=PLp(o7)7-
znRql<0~kLuGqCZ0VbWO4DZ<EDJef;$rbZ4UV*uj>vFS1sWxg<gIbRZ(IT+a{lufUh
OSo4(u$Sjfrx(fhmLone0

delta 187
zcmbQGeOjCEG%qg~0}#xdz?0P_wvo@4k9}#hdX2h{!en2*TtOWL4fWLAf}H%y)YSOQ
zlw!TfiOh<dck}f!vT)_4mQM~8xTeR%Amzy1;dO&w_&UGBMSg_^UYGdwZU~4>=bXqn
znftnc;za?)1$G;(E-2Yu5wPDJDp=0Mqskh<_?el3jsFXi>f#&1jEn`7Z;H&+$Yf*;
lV4NT}U1p-p7X~orOB6E)Bin?s=`|B;zA^xrMRGvb0sy&tH}wDj

diff --git a/models/hr_employee.py b/models/hr_employee.py
index d237e30..d629eb3 100644
--- a/models/hr_employee.py
+++ b/models/hr_employee.py
@@ -72,9 +72,12 @@ class HrEmployee(models.Model):
         super()._register_hook()
         rule = self.env.ref('base.res_partner_rule', raise_if_not_found=False)
         if rule:
-            new_domain = "['|', '|', '|', ('partner_share', '=', False), ('company_id', 'parent_of', company_ids), ('company_id', '=', False), ('employee_ids.company_ids', 'in', company_ids)]"
-            if rule.domain_force != new_domain:
-                rule.sudo().write({'domain_force': new_domain})
+            # Revert res_partner_rule to standard Odoo 19 domain.
+            # The custom override traversed `employee_ids` (hr.employee relation), which throws AccessError
+            # for portal/public/new/guest users who do not have access to the hr.employee model.
+            original_domain = "['|', '|', ('partner_share', '=', False), ('company_id', 'parent_of', company_ids), ('company_id', '=', False)]"
+            if rule.domain_force != original_domain:
+                rule.sudo().write({'domain_force': original_domain})
 
         rule_public = self.env.ref('hr.hr_employee_public_comp_rule', raise_if_not_found=False)
         if rule_public:
diff --git a/security/hr_security.xml b/security/hr_security.xml
index 2892211..44203f2 100644
--- a/security/hr_security.xml
+++ b/security/hr_security.xml
@@ -14,9 +14,5 @@
             <field name="global" eval="True"/>
             <field name="domain_force">['|', '|', '|', '|', ('company_ids', 'in', company_ids), ('company_id', 'in', company_ids + [False]), ('parent_id.user_id', '=', user.id), ('id', '=', user.employee_id.parent_id.id), ('user_id', '=', user.id)]</field>
         </record>
-
-        <record id="base.res_partner_rule" model="ir.rule">
-            <field name="domain_force">['|', '|', '|', ('partner_share', '=', False), ('company_id', 'parent_of', company_ids), ('company_id', '=', False), ('employee_ids.company_ids', 'in', company_ids)]</field>
-        </record>
     </data>
 </odoo>