From 2388e82fe609b6dee3fd1a79c97647bd015e3d6e Mon Sep 17 00:00:00 2001
From: Florent Xicluna <florent.xicluna@camptocamp.com>
Date: Wed, 8 May 2024 19:51:42 +0200
Subject: [PATCH] edi_oca: Fix Access error for Administrator

---
 edi_oca/models/edi_exchange_record.py | 11 +++++++----
 edi_oca/tests/test_security.py        |  2 +-
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/edi_oca/models/edi_exchange_record.py b/edi_oca/models/edi_exchange_record.py
index e1f3154024..6f715291b6 100644
--- a/edi_oca/models/edi_exchange_record.py
+++ b/edi_oca/models/edi_exchange_record.py
@@ -468,8 +468,8 @@ def _search(
             count=False,
             access_rights_uid=access_rights_uid,
         )
-        if self.env.is_system():
-            # restrictions do not apply to group "Settings"
+        if self.env.is_superuser():
+            # restrictions do not apply for the superuser
             return len(ids) if count else ids
 
         # TODO highlight orphaned EDI records in UI:
@@ -514,11 +514,14 @@ def _search(
                         list(targets[res_id]),
                     )
                 recs = recs - missing
-            allowed = (
+            allowed = list(
                 self.env[model]
                 .with_context(active_test=False)
                 ._search([("id", "in", recs.ids)])
             )
+            if self.env.is_system():
+                # Group "Settings" can list exchanges where record is deleted
+                allowed.extend(missing.ids)
             for target_id in allowed:
                 result += list(targets[target_id])
         if len(orig_ids) == limit and len(result) < len(orig_ids):
@@ -545,7 +548,7 @@ def read(self, fields=None, load="_classic_read"):
     def check_access_rule(self, operation):
         """In order to check if we can access a record, we are checking if we can access
         the related document"""
-        super(EDIExchangeRecord, self).check_access_rule(operation)
+        super().check_access_rule(operation)
         if self.env.is_superuser():
             return
         default_checker = self.env["edi.exchange.consumer.mixin"].get_edi_access
diff --git a/edi_oca/tests/test_security.py b/edi_oca/tests/test_security.py
index e6a3e615f2..54638f8fbb 100644
--- a/edi_oca/tests/test_security.py
+++ b/edi_oca/tests/test_security.py
@@ -194,7 +194,7 @@ def test_search_no_record_admin(self):
         exchange_record = self.create_record()
         exchange_record.res_id = -1
         admin_group = self.env.ref("base.group_system")
-        self.user.write({"groups_id": [(4, admin_group.id)]})
+        self.user.write({"groups_id": [(4, self.group.id), (4, admin_group.id)]})
         self.assertEqual(
             1,
             self.env["edi.exchange.record"]