I want to let customers download a delivery note from our portal, using this tutorial: https://www.youtube.com/watch?v=W0HPbGUWyTc&t=71s&ab_channel=WebLearns

It seems to work, but the portal user encounters rights issues.

In the website code:

<a t-attf-href="/download/delivery/{{j.id}}">

In the controller:

@http.route(["/download/delivery/<model('stock.picking'):id>"], auth='public', type="http", website=True)

def order_add_attachment(self, id=0, report_type=None, download=False):

return self._show_report(model=id, report_type='pdf', report_ref='REPORTNAME', download=True)

For a portal user: indicates that the user does not have access to stock.picking (the parameter j above is a stock.picking); I have already tried (in a test) to give the portal users all possible rights to stock.picking (and variants such as stock.picking.type)... nope.

Even if I only print a message in the call, the problem remains - and in my opinion it comes from <model('stock.picking'):id>"

I can't possibly solve that via sudo(), because it involves a decorator and not a direct call.

It might be an obvious error, but I seem to be overlooking the proper solution. Does anybody have a solution?