diff --git a/addons/payment/__openerp__.py b/addons/payment/__openerp__.py
index c192bec7c1b..a3843a872c1 100644
--- a/addons/payment/__openerp__.py
+++ b/addons/payment/__openerp__.py
@@ -12,6 +12,7 @@
'views/payment_acquirer.xml',
'views/res_config_view.xml',
'security/ir.model.access.csv',
+ 'security/payment_security.xml',
],
'installable': True,
'auto_install': True,
diff --git a/addons/payment/security/ir.model.access.csv b/addons/payment/security/ir.model.access.csv
index 18f98939472..f52f9a44d4e 100644
--- a/addons/payment/security/ir.model.access.csv
+++ b/addons/payment/security/ir.model.access.csv
@@ -2,6 +2,6 @@ id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
payment_acquirer_all,payment.acquirer.all,model_payment_acquirer,,1,0,0,0
payment_acquirer_user,payment.acquirer.user,model_payment_acquirer,base.group_user,1,1,1,0
payment_acquirer_system,payment.acquirer.system,model_payment_acquirer,base.group_system,1,1,1,1
-payment_transaction_all,payment.transaction.all,model_payment_transaction,,1,1,1,0
+payment_transaction_all,payment.transaction.all,model_payment_transaction,,1,0,0,0
payment_transaction_user,payment.transaction.user,model_payment_transaction,base.group_user,1,1,1,0
payment_transaction_system,payment.transaction.system,model_payment_transaction,base.group_system,1,1,1,1
\ No newline at end of file
diff --git a/addons/payment/security/payment_security.xml b/addons/payment/security/payment_security.xml
new file mode 100644
index 00000000000..8fb4def2811
--- /dev/null
+++ b/addons/payment/security/payment_security.xml
@@ -0,0 +1,24 @@
+
+
+
+
+
+ Access own payment transaction only
+
+ [
+ '|',
+ ('partner_id','=',False),
+ ('partner_id','=',user.partner_id.id)
+ ]
+
+
+
+
+ Access every payment transaction
+
+ [(1, '=', 1)]
+
+
+
+
+
diff --git a/addons/payment_paypal/models/paypal.py b/addons/payment_paypal/models/paypal.py
index a17f6ac83b5..bade2343fa9 100644
--- a/addons/payment_paypal/models/paypal.py
+++ b/addons/payment_paypal/models/paypal.py
@@ -14,6 +14,7 @@ from openerp.addons.payment.models.payment_acquirer import ValidationError
from openerp.addons.payment_paypal.controllers.main import PaypalController
from openerp.osv import osv, fields
from openerp.tools.float_utils import float_compare
+from openerp import SUPERUSER_ID
_logger = logging.getLogger(__name__)
@@ -99,7 +100,7 @@ class AcquirerPaypal(osv.Model):
return fees
def paypal_form_generate_values(self, cr, uid, id, partner_values, tx_values, context=None):
- base_url = self.pool['ir.config_parameter'].get_param(cr, uid, 'web.base.url')
+ base_url = self.pool['ir.config_parameter'].get_param(cr, SUPERUSER_ID, 'web.base.url')
acquirer = self.browse(cr, uid, id, context=context)
paypal_tx_values = dict(tx_values)
diff --git a/addons/website_payment/__openerp__.py b/addons/website_payment/__openerp__.py
index c745f643fec..4c13b562b5e 100644
--- a/addons/website_payment/__openerp__.py
+++ b/addons/website_payment/__openerp__.py
@@ -12,6 +12,7 @@
'payment',
],
'data': [
+ 'payment_security.xml',
'views/website_payment_templates.xml',
'views/website_settings_payment.xml',
],
diff --git a/addons/website_payment/payment_security.xml b/addons/website_payment/payment_security.xml
new file mode 100644
index 00000000000..d8aafa15631
--- /dev/null
+++ b/addons/website_payment/payment_security.xml
@@ -0,0 +1,10 @@
+
+
+
+
+
+
+
+
+
+