From 7b320b42f5619c9052b7e9ffc81e765c3e904fda Mon Sep 17 00:00:00 2001
From: yotsubasuzu <nguyenlinh125891@gmail.com>
Date: Fri, 18 Jul 2025 12:42:51 +0700
Subject: [PATCH] [FIX] point_of_sale: search_read with elevated access

Previously, users in the base.group_user group encountered an AccessError when attempting to read the ir.module.module model. This was due to the base_install_request auto-install mechanism being disabled, which removed the implicit read access that non-admin users previously relied on.

To resolve this issue, this commit updates the _load_pos_data method to explicitly elevate privileges using sudo() when calling search_read() on the model. This ensures that the operation is executed with administrative rights, allowing all users to retrieve module metadata safely, regardless of their group permissions.
---
 addons/point_of_sale/models/ir_module_module.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/addons/point_of_sale/models/ir_module_module.py b/addons/point_of_sale/models/ir_module_module.py
index fcae0cad27a1d..2a240bb07e1bb 100644
--- a/addons/point_of_sale/models/ir_module_module.py
+++ b/addons/point_of_sale/models/ir_module_module.py
@@ -16,6 +16,6 @@ def _load_pos_data(self, data):
         domain = self._load_pos_data_domain()
         fields = self._load_pos_data_fields()
         return {
-            'data': self.search_read(domain, fields, load=False),
+            'data': self.sudo().search_read(domain, fields, load=False),
             'fields': self._load_pos_data_fields(),
         }