audrius/rma
1
0
Fork 1
mirror of https://github.com/OCA/rma.git synced 2025-02-16 17:11:47 +02:00
Code Issues Packages Projects Releases Wiki Activity

[FIX] rma: refund permissions

Browse Source 
Up to v12, account.invoice, was allowed for a wide variety of users. In
this version though, with account.move conversion, those permissions are
quite restricted.

We want to keep the possibility to open a refund for the RMA users.
Although only Invoicing users will be able to post it anyway.

TT34644
This commit is contained in:
david
2022-02-17 13:06:56 +01:00
committed by Nikolaus Weingartmair
parent b5dc3b0843
commit 2f15018b66
4 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
rma/models/rma.py
View File

@@ -649,7 +649,9 @@ class Rma(models.Model):
for rmas in group_dict.values(): for rmas in group_dict.values():
origin = ", ".join(rmas.mapped("name")) origin = ", ".join(rmas.mapped("name"))
invoice_form = Form( invoice_form = Form(
self.env["account.move"].with_context( self.env["account.move"]
.sudo()
.with_context(
default_move_type="out_refund", default_move_type="out_refund",
company_id=rmas[0].company_id.id, company_id=rmas[0].company_id.id,
), ),
@@ -676,7 +678,7 @@ class Rma(models.Model):
} }
) )
refund.invoice_origin = origin refund.invoice_origin = origin
refund.message_post_with_view( refund.with_user(self.env.uid).message_post_with_view(
"mail.message_origin_link", "mail.message_origin_link",
values={"self": refund, "origin": rmas}, values={"self": refund, "origin": rmas},
subtype_id=self.env.ref("mail.mt_note").id, subtype_id=self.env.ref("mail.mt_note").id,

2
rma/security/ir.model.access.csv
View File

@@ -14,3 +14,5 @@ access_rma_finalization_portal,rma.finalization.portal,model_rma_finalization,ba
access_rma_finalization_user_own,rma.finalization.user.own,model_rma_finalization,rma_group_user_own,1,0,0,0 access_rma_finalization_user_own,rma.finalization.user.own,model_rma_finalization,rma_group_user_own,1,0,0,0
access_rma_finalization_manager,rma.finalization.manager,model_rma_finalization,rma_group_manager,1,1,1,1 access_rma_finalization_manager,rma.finalization.manager,model_rma_finalization,rma_group_manager,1,1,1,1
access_rma_finalization_wizard_user_own,rma.finalization.wizard.user.own,model_rma_finalization_wizard,group_rma_manual_finalization,1,1,1,1 access_rma_finalization_wizard_user_own,rma.finalization.wizard.user.own,model_rma_finalization_wizard,group_rma_manual_finalization,1,1,1,1
access_account_move_rma_user,account_move rma_user,account.model_account_move,rma.rma_group_user_own,1,0,0,0
access_account_move_line_rma_user,account_move_line rma_user,account.model_account_move_line,rma.rma_group_user_own,1,0,0,0
1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
14 access_rma_finalization_user_own rma.finalization.user.own model_rma_finalization rma_group_user_own 1 0 0 0
15 access_rma_finalization_manager rma.finalization.manager model_rma_finalization rma_group_manager 1 1 1 1
16 access_rma_finalization_wizard_user_own rma.finalization.wizard.user.own model_rma_finalization_wizard group_rma_manual_finalization 1 1 1 1
17 access_account_move_rma_user account_move rma_user account.model_account_move rma.rma_group_user_own 1 0 0 0
18 access_account_move_line_rma_user account_move_line rma_user account.model_account_move_line rma.rma_group_user_own 1 0 0 0

17
rma/security/rma_security.xml
View File

@@ -91,6 +91,23 @@
name="domain_force" name="domain_force"
> ['|', ('company_id', 'in', company_ids), ('company_id', '=', False)]</field> > ['|', ('company_id', 'in', company_ids), ('company_id', '=', False)]</field>
</record> </record>
<!-- Allow to refund RMAs -->
<record id="rma_account_move_personal_rule" model="ir.rule">
<field name="name">RMA Personal Invoice</field>
<field ref="model_account_move" name="model_id" />
<field
name="domain_force"
>[('move_type', '=', 'out_refund'), '|', ('invoice_user_id', '=', user.id), ('invoice_user_id', '=', False)]</field>
<field name="groups" eval="[(4, ref('rma.rma_group_user_own'))]" />
</record>
<record id="rma_account_move_line_personal_rule" model="ir.rule">
<field name="name">RMA Personal Invoice Lines</field>
<field ref="model_account_move_line" name="model_id" />
<field
name="domain_force"
>[('move_id.move_type', '=', 'out_refund'), '|', ('move_id.invoice_user_id', '=', user.id), ('move_id.invoice_user_id', '=', False)]</field>
<field name="groups" eval="[(4, ref('rma.rma_group_user_own'))]" />
</record>
<!-- New users will belong to rma_group_user_own --> <!-- New users will belong to rma_group_user_own -->
<record id="base.default_user" model="res.users"> <record id="base.default_user" model="res.users">
<field name="groups_id" eval="[(4, ref('rma_group_user_own'))]" /> <field name="groups_id" eval="[(4, ref('rma_group_user_own'))]" />

12
rma/tests/test_rma.py
View File

@@ -2,13 +2,18 @@
# License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl). # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl).
from odoo.exceptions import UserError, ValidationError from odoo.exceptions import UserError, ValidationError
from odoo.tests import Form, SavepointCase from odoo.tests import Form, SavepointCase, new_test_user, users
class TestRma(SavepointCase): class TestRma(SavepointCase):
@classmethod @classmethod
def setUpClass(cls): def setUpClass(cls):
super(TestRma, cls).setUpClass() super(TestRma, cls).setUpClass()
cls.user_rma = new_test_user(
cls.env,
login="user_rma",
groups="rma.rma_group_user_own,stock.group_stock_user",
)
cls.res_partner = cls.env["res.partner"] cls.res_partner = cls.env["res.partner"]
cls.product_product = cls.env["product.product"] cls.product_product = cls.env["product.product"]
cls.company = cls.env.user.company_id cls.company = cls.env.user.company_id
@@ -256,6 +261,7 @@ class TestRmaCase(TestRma):
self.assertEqual(rma_1.state, "draft") self.assertEqual(rma_1.state, "draft")
self.assertEqual(rma_2.state, "received") self.assertEqual(rma_2.state, "received")
@users("__system__", "user_rma")
def test_action_refund(self): def test_action_refund(self):
rma = self._create_confirm_receive(self.partner, self.product, 10, self.rma_loc) rma = self._create_confirm_receive(self.partner, self.product, 10, self.rma_loc)
self.assertEqual(rma.state, "received") self.assertEqual(rma.state, "received")
@@ -272,6 +278,10 @@ class TestRmaCase(TestRma):
self.assertFalse(rma.can_be_refunded) self.assertFalse(rma.can_be_refunded)
self.assertFalse(rma.can_be_returned) self.assertFalse(rma.can_be_returned)
self.assertFalse(rma.can_be_replaced) self.assertFalse(rma.can_be_replaced)
# A regular user can create the refund but only Invoicing users will be able
# to edit it and post it
if self.env.user.login != "__system__":
return
with Form(rma.refund_line_id.move_id) as refund_form: with Form(rma.refund_line_id.move_id) as refund_form:
with refund_form.invoice_line_ids.edit(0) as refund_line: with refund_form.invoice_line_ids.edit(0) as refund_line:
refund_line.quantity = 9 refund_line.quantity = 9