'views/payment_acquirer.xml',
'views/res_config_view.xml',
'security/ir.model.access.csv',
+ 'security/payment_security.xml',
],
'installable': True,
'auto_install': True,
payment_acquirer_all,payment.acquirer.all,model_payment_acquirer,,1,0,0,0
payment_acquirer_user,payment.acquirer.user,model_payment_acquirer,base.group_user,1,1,1,0
payment_acquirer_system,payment.acquirer.system,model_payment_acquirer,base.group_system,1,1,1,1
-payment_transaction_all,payment.transaction.all,model_payment_transaction,,1,1,1,0
+payment_transaction_all,payment.transaction.all,model_payment_transaction,,1,0,0,0
payment_transaction_user,payment.transaction.user,model_payment_transaction,base.group_user,1,1,1,0
payment_transaction_system,payment.transaction.system,model_payment_transaction,base.group_system,1,1,1,1
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>
+<openerp>
+ <data noupdate="1">
+
+ <record id="payment_transaction_user_rule" model="ir.rule">
+ <field name="name">Access own payment transaction only</field>
+ <field name="model_id" ref="payment.model_payment_transaction"/>
+ <field name="domain_force">[
+ '|',
+ ('partner_id','=',False),
+ ('partner_id','=',user.partner_id.id)
+ ]</field>
+ <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
+ </record>
+
+ <record id="payment_transaction_salesman_rule" model="ir.rule">
+ <field name="name">Access every payment transaction</field>
+ <field name="model_id" ref="payment.model_payment_transaction"/>
+ <field name="domain_force">[(1, '=', 1)]</field>
+ <field name="groups" eval="[(4, ref('base.group_sale_salesman'))]"/>
+ </record>
+
+ </data>
+</openerp>
from openerp.addons.payment_paypal.controllers.main import PaypalController
from openerp.osv import osv, fields
from openerp.tools.float_utils import float_compare
+from openerp import SUPERUSER_ID
_logger = logging.getLogger(__name__)
return fees
def paypal_form_generate_values(self, cr, uid, id, partner_values, tx_values, context=None):
- base_url = self.pool['ir.config_parameter'].get_param(cr, uid, 'web.base.url')
+ base_url = self.pool['ir.config_parameter'].get_param(cr, SUPERUSER_ID, 'web.base.url')
acquirer = self.browse(cr, uid, id, context=context)
paypal_tx_values = dict(tx_values)
}
tx_ids = request.registry['payment.transaction'].search(
- cr, uid, [
+ cr, SUPERUSER_ID, [
'|', ('sale_order_id', '=', order.id), ('reference', '=', order.name)
], context=context)
message = ""
validation = None
else:
- tx = request.registry['payment.transaction'].browse(cr, uid, tx_ids[0], context=context)
+ tx = request.registry['payment.transaction'].browse(cr, SUPERUSER_ID, tx_ids[0], context=context)
state = tx.state
if state == 'done':
message = '<p>%s</p>' % _('Your payment has been received.')
transaction_obj = self.pool.get('payment.transaction')
tx_id = request.session.get('sale_transaction_id')
if tx_id:
- tx_ids = transaction_obj.search(cr, uid, [('id', '=', tx_id), ('state', 'not in', ['cancel'])], context=context)
+ tx_ids = transaction_obj.search(cr, SUPERUSER_ID, [('id', '=', tx_id), ('state', 'not in', ['cancel'])], context=context)
if tx_ids:
- return transaction_obj.browse(cr, uid, tx_ids[0], context=context)
+ return transaction_obj.browse(cr, SUPERUSER_ID, tx_ids[0], context=context)
else:
request.session['sale_transaction_id'] = False
return False