[FIX] point_of_sale: ACLs for pos users
POS users should not be able to create nor modify payment methods (account.journal) POS users should not be able to create nor modify point of sales (pos.config) At first opened session, if no payment methods was set, this is possible that the pos user should temporary have accesses granted to mark a payment method as pos payment method. This is done by the openerp.SUPERUSER_ID added by this rev. opw-625489
This commit is contained in:
Denis Ledoux
parent
275367581b
commit
e261c44a10
|
|
@ -311,7 +311,7 @@ class pos_session(osv.osv):
|
|||
if not pos_config.journal_id:
|
||||
jid = jobj.default_get(cr, uid, ['journal_id'], context=context)['journal_id']
|
||||
if jid:
|
||||
jobj.write(cr, uid, [pos_config.id], {'journal_id': jid}, context=context)
|
||||
jobj.write(cr, openerp.SUPERUSER_ID, [pos_config.id], {'journal_id': jid}, context=context)
|
||||
else:
|
||||
raise osv.except_osv( _('error!'),
|
||||
_("Unable to open the session. You have to assign a sale journal to your point of sale."))
|
||||
|
|
@ -325,8 +325,8 @@ class pos_session(osv.osv):
|
|||
if not cashids:
|
||||
cashids = journal_proxy.search(cr, uid, [('journal_user','=',True)], context=context)
|
||||
|
||||
journal_proxy.write(cr, uid, cashids, {'journal_user': True})
|
||||
jobj.write(cr, uid, [pos_config.id], {'journal_ids': [(6,0, cashids)]})
|
||||
journal_proxy.write(cr, openerp.SUPERUSER_ID, cashids, {'journal_user': True})
|
||||
jobj.write(cr, openerp.SUPERUSER_ID, [pos_config.id], {'journal_ids': [(6,0, cashids)]})
|
||||
|
||||
|
||||
pos_config = jobj.browse(cr, uid, config_id, context=context)
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ access_product_template_pos_manager,product.template pos manager,product.model_p
|
|||
access_account_move_line,account.move.line,account.model_account_move_line,group_pos_user,1,1,1,0
|
||||
access_account_move_line_manager,account.move.line manager,account.model_account_move_line,group_pos_manager,1,1,1,1
|
||||
access_account_move,account.move,account.model_account_move,group_pos_manager,1,0,0,0
|
||||
access_account_journal,account.journal,account.model_account_journal,group_pos_user,1,1,1,0
|
||||
access_account_journal,account.journal,account.model_account_journal,group_pos_manager,1,1,1,0
|
||||
access_account_journal_period_user,account.journal.period user,account.model_account_journal_period,group_pos_user,1,1,1,1
|
||||
access_account_journal_period_manager,account.journal.period manager,account.model_account_journal_period,group_pos_manager,1,0,0,0
|
||||
access_account_analytic_line,account.analytic.line,analytic.model_account_analytic_line,group_pos_user,1,1,1,0
|
||||
|
|
@ -59,5 +59,6 @@ access_product_pricelist_manager,product.pricelist manager,product.model_product
|
|||
access_product_category_pos_manager,pos.category manager,model_pos_category,group_pos_manager,1,1,1,1
|
||||
access_product_category_pos_user,pos.category user,model_pos_category,group_pos_user,1,0,0,0
|
||||
access_pos_session_user,pos.session user,model_pos_session,group_pos_user,1,1,1,0
|
||||
access_pos_config_user,pos.config user,model_pos_config,group_pos_user,1,1,1,0
|
||||
access_pos_config_user,pos.config user,model_pos_config,group_pos_user,1,0,0,0
|
||||
access_pos_config_manager,pos.config user,model_pos_config,group_pos_manager,1,1,1,0
|
||||
access_ir_sequence_manager,ir.sequence manager,base.model_ir_sequence,group_pos_manager,1,1,1,1
|
||||
|
|
|
|||
|
Loading…
Reference in New Issue