From 8b56d364e631f51908dbc4c383d87a703a7164bf Mon Sep 17 00:00:00 2001
From: Samir Ladoui <whitexhunter23@gmail.com>
Date: Mon, 28 Oct 2024 13:24:07 +0100
Subject: [PATCH] [FIX] odex_mobile: employee access

---
 .../odex_mobile/controllers/rest_api_v2/attendance.py         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/odex25_mobile/odex_mobile/controllers/rest_api_v2/attendance.py b/odex25_mobile/odex_mobile/controllers/rest_api_v2/attendance.py
index 6385d701a..59666f77f 100644
--- a/odex25_mobile/odex_mobile/controllers/rest_api_v2/attendance.py
+++ b/odex25_mobile/odex_mobile/controllers/rest_api_v2/attendance.py
@@ -186,7 +186,7 @@ class AttendanceController(http.Controller):
             return http_helper.response(code=400, message=_("Enter Device Id"), success=False)
         if not body.get('latitude') or not body.get('longitude'):
             return http_helper.response(code=400, message=_("Enter Zone  Data for Check in"), success=False)
-        employee = http.request.env['hr.employee'].search([('user_id', '=', user.id)], limit=1)
+        employee = http.request.env['hr.employee'].sudo().search([('user_id', '=', user.id)], limit=1)
         if not employee:
             return http_helper.response(code=400, message=_("You are not allowed to perform this operation. please check with one of your team admins"), success=False)
         if employee.device_id != body.get('device_id'):
@@ -503,7 +503,7 @@ class AttendanceController(http.Controller):
             )
 
         # Find employee linked to the user
-        employee = request.env['hr.employee'].search([('user_id', '=', user.id)], limit=1)
+        employee = request.env['hr.employee'].sudo().search([('user_id', '=', user.id)], limit=1)
         if not employee:
             return http_helper.response(
                 code=400,