audrius/account-financial-tools
1
0
Fork 0
mirror of https://github.com/OCA/account-financial-tools.git synced 2025-02-02 12:47:26 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
6bc0905cae2cb00e4a50dca51a18aad7e116a607
account-financial-tools/account_credit_control/invoice.py
Laurent Mignon b2ada74e5d [FIX] fix security issue on account_invoice 
This fix seems ugly, but I cant figure why I've a security error when an invoice is  displayed for a user without right on credit_control despite the attribute 'groups' declared on the field definition in the form view
2015-06-26 14:26:28 +02:00

71 lines
2.9 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
##############################################################################
#
# Author: Vincent Renaville
# Copyright 2013 Camptocamp SA
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
##############################################################################
from openerp import models, fields, api, _
class AccountInvoice(models.Model):
"""Check on cancelling of an invoice"""
_inherit = 'account.invoice'
credit_policy_id = fields.Many2one(
'credit.control.policy',
string='Credit Control Policy',
help="The Credit Control Policy used for this "
"invoice. If nothing is defined, it will "
"use the account setting or the partner "
"setting.",
readonly=True,
copy=False,
groups="account_credit_control.group_account_credit_control_manager,"
"account_credit_control.group_account_credit_control_user,"
"account_credit_control.group_account_credit_control_info",
)
credit_control_line_ids = fields.One2many(
'credit.control.line', 'invoice_id',
string='Credit Lines',
readonly=True,
copy=False,
)
@api.multi
def action_cancel(self):
"""Prevent to cancel invoice related to credit line"""
# We will search if this invoice is linked with credit
cc_line_obj = self.env['credit.control.line']
for invoice in self:
nondraft_domain = [('invoice_id', '=', invoice.id),
('state', '!=', 'draft')]
cc_nondraft_lines = cc_line_obj.search(nondraft_domain)
if cc_nondraft_lines:
raise api.Warning(
_('You cannot cancel this invoice.\n'
'A payment reminder has already been '
'sent to the customer.\n'
'You must create a credit note and '
'issue a new invoice.')
)
draft_domain = [('invoice_id', '=', invoice.id),
('state', '=', 'draft')]
cc_draft_line = cc_line_obj.search(draft_domain)
cc_draft_line.unlink()
return super(AccountInvoice, self).action_cancel()
Reference in New Issue View Git Blame Copy Permalink