From c5545fea6d122409b7c2fde3c4fed13ddcd0bc45 Mon Sep 17 00:00:00 2001
From: Kev-Roche <kevin.roche@akretion.com>
Date: Wed, 18 Mar 2026 11:32:40 +0100
Subject: [PATCH] [18.0][FIX] impersonate_login access issues

---
 impersonate_login/models/model.py             | 11 ++++++
 .../tests/test_impersonate_login.py           | 39 +++++++++++++++++++
 2 files changed, 50 insertions(+)

diff --git a/impersonate_login/models/model.py b/impersonate_login/models/model.py
index 726c57ccad..8b99ff27bc 100644
--- a/impersonate_login/models/model.py
+++ b/impersonate_login/models/model.py
@@ -9,8 +9,17 @@
 class BaseModel(models.AbstractModel):
     _inherit = "base"
 
+    def _keep_real_user_on_create_write(self):
+        # Avoid overriding the create_uid and write_uid
+        # when the model is abstract or transient
+        if self._abstract or self._transient:
+            return True
+        return False
+
     def _prepare_create_values(self, vals_list):
         result_vals_list = super()._prepare_create_values(vals_list)
+        if self._keep_real_user_on_create_write():
+            return result_vals_list
         if (
             request
             and request.session.impersonate_from_uid
@@ -23,6 +32,8 @@ def _prepare_create_values(self, vals_list):
     def write(self, vals):
         """Overwrite the write_uid with the impersonating user"""
         res = super().write(vals)
+        if self._keep_real_user_on_create_write():
+            return res
         if (
             request
             and request.session.impersonate_from_uid
diff --git a/impersonate_login/tests/test_impersonate_login.py b/impersonate_login/tests/test_impersonate_login.py
index b6a4f352eb..667e13660c 100644
--- a/impersonate_login/tests/test_impersonate_login.py
+++ b/impersonate_login/tests/test_impersonate_login.py
@@ -263,3 +263,42 @@ def test_04_write_uid(self):
         self.assertEqual(contact.id, contact_id)
         self.assertEqual(contact.ref, "abc")
         self.assertEqual(contact.write_uid, self.admin_user)
+
+    def test_05_create_uid_on_transient_model(self):
+        """Check the create_uid of records created
+        during an impersonated session on a transient model"""
+        # Login as admin
+        self.authenticate(user="admin", password="admin")
+
+        # Impersonate demo user and create a wizard record
+        self._impersonate_user(self.demo_user)
+
+        response = self.url_open(
+            "/web/dataset/call_kw/mail.wizard.invite/web_save",
+            data=json.dumps(
+                {
+                    "params": {
+                        "model": "mail.wizard.invite",
+                        "method": "web_save",
+                        "args": [
+                            [],
+                            {
+                                "res_model": "res.partner",
+                                "message": "Hello",
+                            },
+                            {},
+                        ],
+                        "kwargs": {},
+                    },
+                }
+            ),
+            headers={"Content-Type": "application/json"},
+        )
+        self.assertEqual(response.status_code, 200)
+        data = response.json()
+        result = data["result"]
+        settings_id = result[0]["id"]
+
+        wizard = self.env["mail.wizard.invite"].browse(settings_id)
+        self.assertIn("Hello", wizard.message)
+        self.assertEqual(wizard.create_uid, self.demo_user)