In step 4, we call self.sudo(). This method returns a new recordset with a new environment in which the user is not the same as the one in self. When called without an argument, sudo() will link the Odoo superuser, Administrator, to the environment. All method calls via the returned recordset are made with the new environment and therefore with superuser privileges.
If you need a specific user, you can pass either a recordset containing that user or the database id of the user. The following snippet allows you to search books that are visible, using the public user:
public_user = self.env.ref('base.public_user')
public_book = self.env['library.book'].sudo(public_user)
Caution when using sudo(): There is no traceability of the action; the author of the last modification of the company in our recipe will be the Administrator, not the user originally calling update_phone_number.
The community addon, base_suspend_security, found at https://github.com/OCA/server-backend/, can be used to work around this limitation.
The community addon, base_suspend_security, found at https://github.com/OCA/server-backend/, can be used to work around this limitation.