[IMP] payment_*: avoid access error on provider model
As provider model is intended to be used internally restricting the read of some private fields to the employee group avoid creating access issues.
This commit is contained in:
parent
75a196972e
commit
b226510840
|
@ -36,9 +36,9 @@ class AcquirerAdyen(osv.Model):
|
|||
return providers
|
||||
|
||||
_columns = {
|
||||
'adyen_merchant_account': fields.char('Merchant Account', required_if_provider='adyen'),
|
||||
'adyen_skin_code': fields.char('Skin Code', required_if_provider='adyen'),
|
||||
'adyen_skin_hmac_key': fields.char('Skin HMAC Key', required_if_provider='adyen'),
|
||||
'adyen_merchant_account': fields.char('Merchant Account', required_if_provider='adyen', groups='base.group_user'),
|
||||
'adyen_skin_code': fields.char('Skin Code', required_if_provider='adyen', groups='base.group_user'),
|
||||
'adyen_skin_hmac_key': fields.char('Skin HMAC Key', required_if_provider='adyen', groups='base.group_user'),
|
||||
}
|
||||
|
||||
def _adyen_generate_merchant_sig(self, acquirer, inout, values):
|
||||
|
|
|
@ -30,8 +30,8 @@ class PaymentAcquirerAuthorize(models.Model):
|
|||
providers.append(['authorize', 'Authorize.Net'])
|
||||
return providers
|
||||
|
||||
authorize_login = fields.Char(string='API Login Id', required_if_provider='authorize')
|
||||
authorize_transaction_key = fields.Char(string='API Transaction Key', required_if_provider='authorize')
|
||||
authorize_login = fields.Char(string='API Login Id', required_if_provider='authorize', groups='base.group_user')
|
||||
authorize_transaction_key = fields.Char(string='API Transaction Key', required_if_provider='authorize', groups='base.group_user')
|
||||
|
||||
def _authorize_generate_hashing(self, values):
|
||||
data = '^'.join([
|
||||
|
|
|
@ -43,8 +43,8 @@ class AcquirerBuckaroo(osv.Model):
|
|||
return providers
|
||||
|
||||
_columns = {
|
||||
'brq_websitekey': fields.char('WebsiteKey', required_if_provider='buckaroo'),
|
||||
'brq_secretkey': fields.char('SecretKey', required_if_provider='buckaroo'),
|
||||
'brq_websitekey': fields.char('WebsiteKey', required_if_provider='buckaroo', groups='base.group_user'),
|
||||
'brq_secretkey': fields.char('SecretKey', required_if_provider='buckaroo', groups='base.group_user'),
|
||||
}
|
||||
|
||||
def _buckaroo_generate_digital_sign(self, acquirer, inout, values):
|
||||
|
|
|
@ -43,11 +43,11 @@ class PaymentAcquirerOgone(osv.Model):
|
|||
return providers
|
||||
|
||||
_columns = {
|
||||
'ogone_pspid': fields.char('PSPID', required_if_provider='ogone'),
|
||||
'ogone_userid': fields.char('API User ID', required_if_provider='ogone'),
|
||||
'ogone_password': fields.char('API User Password', required_if_provider='ogone'),
|
||||
'ogone_shakey_in': fields.char('SHA Key IN', size=32, required_if_provider='ogone'),
|
||||
'ogone_shakey_out': fields.char('SHA Key OUT', size=32, required_if_provider='ogone'),
|
||||
'ogone_pspid': fields.char('PSPID', required_if_provider='ogone', groups='base.group_user'),
|
||||
'ogone_userid': fields.char('API User ID', required_if_provider='ogone', groups='base.group_user'),
|
||||
'ogone_password': fields.char('API User Password', required_if_provider='ogone', groups='base.group_user'),
|
||||
'ogone_shakey_in': fields.char('SHA Key IN', size=32, required_if_provider='ogone', groups='base.group_user'),
|
||||
'ogone_shakey_out': fields.char('SHA Key OUT', size=32, required_if_provider='ogone', groups='base.group_user'),
|
||||
}
|
||||
|
||||
def _ogone_generate_shasign(self, acquirer, inout, values):
|
||||
|
|
|
@ -41,17 +41,17 @@ class AcquirerPaypal(osv.Model):
|
|||
return providers
|
||||
|
||||
_columns = {
|
||||
'paypal_email_account': fields.char('Paypal Email ID', required_if_provider='paypal'),
|
||||
'paypal_email_account': fields.char('Paypal Email ID', required_if_provider='paypal', groups='base.group_user'),
|
||||
'paypal_seller_account': fields.char(
|
||||
'Paypal Merchant ID',
|
||||
'Paypal Merchant ID', groups='base.group_user',
|
||||
help='The Merchant ID is used to ensure communications coming from Paypal are valid and secured.'),
|
||||
'paypal_use_ipn': fields.boolean('Use IPN', help='Paypal Instant Payment Notification'),
|
||||
'paypal_use_ipn': fields.boolean('Use IPN', help='Paypal Instant Payment Notification', groups='base.group_user'),
|
||||
# Server 2 server
|
||||
'paypal_api_enabled': fields.boolean('Use Rest API'),
|
||||
'paypal_api_username': fields.char('Rest API Username'),
|
||||
'paypal_api_password': fields.char('Rest API Password'),
|
||||
'paypal_api_access_token': fields.char('Access Token'),
|
||||
'paypal_api_access_token_validity': fields.datetime('Access Token Validity'),
|
||||
'paypal_api_username': fields.char('Rest API Username', groups='base.group_user'),
|
||||
'paypal_api_password': fields.char('Rest API Password', groups='base.group_user'),
|
||||
'paypal_api_access_token': fields.char('Access Token', groups='base.group_user'),
|
||||
'paypal_api_access_token_validity': fields.datetime('Access Token Validity', groups='base.group_user'),
|
||||
}
|
||||
|
||||
_defaults = {
|
||||
|
|
|
@ -35,7 +35,7 @@ class SipsController(http.Controller):
|
|||
|
||||
sips = acquirer_obj.search([('provider', '=', 'sips')], limit=1)
|
||||
|
||||
security = sips._sips_generate_shasign(post)
|
||||
security = sips.sudo()._sips_generate_shasign(post)
|
||||
if security == post['Seal']:
|
||||
_logger.debug('Sips: validated data')
|
||||
res = tx_obj.sudo().form_feedback(post, 'sips')
|
||||
|
|
|
@ -41,8 +41,8 @@ class AcquirerSips(models.Model):
|
|||
_inherit = 'payment.acquirer'
|
||||
# Fields
|
||||
sips_merchant_id = fields.Char('SIPS API User Password',
|
||||
required_if_provider='sips')
|
||||
sips_secret = fields.Char('SIPS Secret', size=64, required_if_provider='sips')
|
||||
required_if_provider='sips', groups='base.group_user')
|
||||
sips_secret = fields.Char('SIPS Secret', size=64, required_if_provider='sips', groups='base.group_user')
|
||||
|
||||
# Methods
|
||||
def _get_sips_urls(self, environment):
|
||||
|
|
|
@ -40,7 +40,7 @@ class sale_order(osv.Model):
|
|||
for this in self.browse(cr, SUPERUSER_ID, ids, context=context):
|
||||
if this.state not in ('draft', 'cancel') and not this.invoiced:
|
||||
result[this.id] = payment_acquirer.render_payment_block(
|
||||
cr, uid, this.name, this.amount_total, this.pricelist_id.currency_id.id,
|
||||
cr, SUPERUSER_ID, this.name, this.amount_total, this.pricelist_id.currency_id.id,
|
||||
partner_id=this.partner_id.id, company_id=this.company_id.id, context=context)
|
||||
return result
|
||||
|
||||
|
@ -100,7 +100,7 @@ class account_invoice(osv.Model):
|
|||
for this in self.browse(cr, uid, ids, context=context):
|
||||
if this.type == 'out_invoice' and this.state not in ('draft', 'done') and not this.reconciled:
|
||||
result[this.id] = payment_acquirer.render_payment_block(
|
||||
cr, uid, this.number, this.residual, this.currency_id.id,
|
||||
cr, SUPERUSER_ID, this.number, this.residual, this.currency_id.id,
|
||||
partner_id=this.partner_id.id, company_id=this.company_id.id, context=context)
|
||||
return result
|
||||
|
||||
|
|
Loading…
Reference in New Issue