[IMP] payment_*: avoid access error on provider model
As provider model is intended to be used internally restricting the read of some private fields to the employee group avoid creating access issues.
This commit is contained in:
parent
75a196972e
commit
b226510840
|
@ -36,9 +36,9 @@ class AcquirerAdyen(osv.Model):
|
||||||
return providers
|
return providers
|
||||||
|
|
||||||
_columns = {
|
_columns = {
|
||||||
'adyen_merchant_account': fields.char('Merchant Account', required_if_provider='adyen'),
|
'adyen_merchant_account': fields.char('Merchant Account', required_if_provider='adyen', groups='base.group_user'),
|
||||||
'adyen_skin_code': fields.char('Skin Code', required_if_provider='adyen'),
|
'adyen_skin_code': fields.char('Skin Code', required_if_provider='adyen', groups='base.group_user'),
|
||||||
'adyen_skin_hmac_key': fields.char('Skin HMAC Key', required_if_provider='adyen'),
|
'adyen_skin_hmac_key': fields.char('Skin HMAC Key', required_if_provider='adyen', groups='base.group_user'),
|
||||||
}
|
}
|
||||||
|
|
||||||
def _adyen_generate_merchant_sig(self, acquirer, inout, values):
|
def _adyen_generate_merchant_sig(self, acquirer, inout, values):
|
||||||
|
|
|
@ -30,8 +30,8 @@ class PaymentAcquirerAuthorize(models.Model):
|
||||||
providers.append(['authorize', 'Authorize.Net'])
|
providers.append(['authorize', 'Authorize.Net'])
|
||||||
return providers
|
return providers
|
||||||
|
|
||||||
authorize_login = fields.Char(string='API Login Id', required_if_provider='authorize')
|
authorize_login = fields.Char(string='API Login Id', required_if_provider='authorize', groups='base.group_user')
|
||||||
authorize_transaction_key = fields.Char(string='API Transaction Key', required_if_provider='authorize')
|
authorize_transaction_key = fields.Char(string='API Transaction Key', required_if_provider='authorize', groups='base.group_user')
|
||||||
|
|
||||||
def _authorize_generate_hashing(self, values):
|
def _authorize_generate_hashing(self, values):
|
||||||
data = '^'.join([
|
data = '^'.join([
|
||||||
|
|
|
@ -43,8 +43,8 @@ class AcquirerBuckaroo(osv.Model):
|
||||||
return providers
|
return providers
|
||||||
|
|
||||||
_columns = {
|
_columns = {
|
||||||
'brq_websitekey': fields.char('WebsiteKey', required_if_provider='buckaroo'),
|
'brq_websitekey': fields.char('WebsiteKey', required_if_provider='buckaroo', groups='base.group_user'),
|
||||||
'brq_secretkey': fields.char('SecretKey', required_if_provider='buckaroo'),
|
'brq_secretkey': fields.char('SecretKey', required_if_provider='buckaroo', groups='base.group_user'),
|
||||||
}
|
}
|
||||||
|
|
||||||
def _buckaroo_generate_digital_sign(self, acquirer, inout, values):
|
def _buckaroo_generate_digital_sign(self, acquirer, inout, values):
|
||||||
|
|
|
@ -43,11 +43,11 @@ class PaymentAcquirerOgone(osv.Model):
|
||||||
return providers
|
return providers
|
||||||
|
|
||||||
_columns = {
|
_columns = {
|
||||||
'ogone_pspid': fields.char('PSPID', required_if_provider='ogone'),
|
'ogone_pspid': fields.char('PSPID', required_if_provider='ogone', groups='base.group_user'),
|
||||||
'ogone_userid': fields.char('API User ID', required_if_provider='ogone'),
|
'ogone_userid': fields.char('API User ID', required_if_provider='ogone', groups='base.group_user'),
|
||||||
'ogone_password': fields.char('API User Password', required_if_provider='ogone'),
|
'ogone_password': fields.char('API User Password', required_if_provider='ogone', groups='base.group_user'),
|
||||||
'ogone_shakey_in': fields.char('SHA Key IN', size=32, required_if_provider='ogone'),
|
'ogone_shakey_in': fields.char('SHA Key IN', size=32, required_if_provider='ogone', groups='base.group_user'),
|
||||||
'ogone_shakey_out': fields.char('SHA Key OUT', size=32, required_if_provider='ogone'),
|
'ogone_shakey_out': fields.char('SHA Key OUT', size=32, required_if_provider='ogone', groups='base.group_user'),
|
||||||
}
|
}
|
||||||
|
|
||||||
def _ogone_generate_shasign(self, acquirer, inout, values):
|
def _ogone_generate_shasign(self, acquirer, inout, values):
|
||||||
|
|
|
@ -41,17 +41,17 @@ class AcquirerPaypal(osv.Model):
|
||||||
return providers
|
return providers
|
||||||
|
|
||||||
_columns = {
|
_columns = {
|
||||||
'paypal_email_account': fields.char('Paypal Email ID', required_if_provider='paypal'),
|
'paypal_email_account': fields.char('Paypal Email ID', required_if_provider='paypal', groups='base.group_user'),
|
||||||
'paypal_seller_account': fields.char(
|
'paypal_seller_account': fields.char(
|
||||||
'Paypal Merchant ID',
|
'Paypal Merchant ID', groups='base.group_user',
|
||||||
help='The Merchant ID is used to ensure communications coming from Paypal are valid and secured.'),
|
help='The Merchant ID is used to ensure communications coming from Paypal are valid and secured.'),
|
||||||
'paypal_use_ipn': fields.boolean('Use IPN', help='Paypal Instant Payment Notification'),
|
'paypal_use_ipn': fields.boolean('Use IPN', help='Paypal Instant Payment Notification', groups='base.group_user'),
|
||||||
# Server 2 server
|
# Server 2 server
|
||||||
'paypal_api_enabled': fields.boolean('Use Rest API'),
|
'paypal_api_enabled': fields.boolean('Use Rest API'),
|
||||||
'paypal_api_username': fields.char('Rest API Username'),
|
'paypal_api_username': fields.char('Rest API Username', groups='base.group_user'),
|
||||||
'paypal_api_password': fields.char('Rest API Password'),
|
'paypal_api_password': fields.char('Rest API Password', groups='base.group_user'),
|
||||||
'paypal_api_access_token': fields.char('Access Token'),
|
'paypal_api_access_token': fields.char('Access Token', groups='base.group_user'),
|
||||||
'paypal_api_access_token_validity': fields.datetime('Access Token Validity'),
|
'paypal_api_access_token_validity': fields.datetime('Access Token Validity', groups='base.group_user'),
|
||||||
}
|
}
|
||||||
|
|
||||||
_defaults = {
|
_defaults = {
|
||||||
|
|
|
@ -35,7 +35,7 @@ class SipsController(http.Controller):
|
||||||
|
|
||||||
sips = acquirer_obj.search([('provider', '=', 'sips')], limit=1)
|
sips = acquirer_obj.search([('provider', '=', 'sips')], limit=1)
|
||||||
|
|
||||||
security = sips._sips_generate_shasign(post)
|
security = sips.sudo()._sips_generate_shasign(post)
|
||||||
if security == post['Seal']:
|
if security == post['Seal']:
|
||||||
_logger.debug('Sips: validated data')
|
_logger.debug('Sips: validated data')
|
||||||
res = tx_obj.sudo().form_feedback(post, 'sips')
|
res = tx_obj.sudo().form_feedback(post, 'sips')
|
||||||
|
|
|
@ -41,8 +41,8 @@ class AcquirerSips(models.Model):
|
||||||
_inherit = 'payment.acquirer'
|
_inherit = 'payment.acquirer'
|
||||||
# Fields
|
# Fields
|
||||||
sips_merchant_id = fields.Char('SIPS API User Password',
|
sips_merchant_id = fields.Char('SIPS API User Password',
|
||||||
required_if_provider='sips')
|
required_if_provider='sips', groups='base.group_user')
|
||||||
sips_secret = fields.Char('SIPS Secret', size=64, required_if_provider='sips')
|
sips_secret = fields.Char('SIPS Secret', size=64, required_if_provider='sips', groups='base.group_user')
|
||||||
|
|
||||||
# Methods
|
# Methods
|
||||||
def _get_sips_urls(self, environment):
|
def _get_sips_urls(self, environment):
|
||||||
|
|
|
@ -40,7 +40,7 @@ class sale_order(osv.Model):
|
||||||
for this in self.browse(cr, SUPERUSER_ID, ids, context=context):
|
for this in self.browse(cr, SUPERUSER_ID, ids, context=context):
|
||||||
if this.state not in ('draft', 'cancel') and not this.invoiced:
|
if this.state not in ('draft', 'cancel') and not this.invoiced:
|
||||||
result[this.id] = payment_acquirer.render_payment_block(
|
result[this.id] = payment_acquirer.render_payment_block(
|
||||||
cr, uid, this.name, this.amount_total, this.pricelist_id.currency_id.id,
|
cr, SUPERUSER_ID, this.name, this.amount_total, this.pricelist_id.currency_id.id,
|
||||||
partner_id=this.partner_id.id, company_id=this.company_id.id, context=context)
|
partner_id=this.partner_id.id, company_id=this.company_id.id, context=context)
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
@ -100,7 +100,7 @@ class account_invoice(osv.Model):
|
||||||
for this in self.browse(cr, uid, ids, context=context):
|
for this in self.browse(cr, uid, ids, context=context):
|
||||||
if this.type == 'out_invoice' and this.state not in ('draft', 'done') and not this.reconciled:
|
if this.type == 'out_invoice' and this.state not in ('draft', 'done') and not this.reconciled:
|
||||||
result[this.id] = payment_acquirer.render_payment_block(
|
result[this.id] = payment_acquirer.render_payment_block(
|
||||||
cr, uid, this.number, this.residual, this.currency_id.id,
|
cr, SUPERUSER_ID, this.number, this.residual, this.currency_id.id,
|
||||||
partner_id=this.partner_id.id, company_id=this.company_id.id, context=context)
|
partner_id=this.partner_id.id, company_id=this.company_id.id, context=context)
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue