Merge pull request #5100 from expsa/Ekram-3844

fix

odex25_purchase/purchase_requisition_custom/models/account_payment.py

@@ -1,11 +1,31 @@
 from odoo import models, api, _
+from odoo.exceptions import AccessError
 
 
 class AccountPayment(models.Model):
     _inherit = 'account.payment'
 
+    def _is_authorized_to_notify(self):
+
+        user = self.env.user
+
+        authorized_groups = [
+            'account.group_account_manager',
+            'account.group_account_invoice',
+            # 'purchase.group_purchase_manager',
+        ]
+
+        for group_xml_id in authorized_groups:
+            if user.has_group(group_xml_id):
+                return True
+
+        return False
+
     def action_notify_payment(self, payment):
-        # Send Notifications
+        # Check authorization before sending notification
+        if not self._is_authorized_to_notify():
+
+            return
         subject = _('Payment Notification') + ' - {}'.format(payment.partner_id.name)
         message = '{} '.format(payment.partner_id.name) + _('is successfully paid.') + '\n' + _(
             'Payment Amount: ') + '{}'.format(payment.amount) + '\n' + _('Ref: ') + '{}'.format(payment.ref) + '\n' + _(

odex25_purchase/purchase_requisition_custom/models/account_res.py

@@ -4,11 +4,39 @@ from odoo.exceptions import UserError, ValidationError
 
 
 class AccountPayment(models.Model):
-    
+
     _inherit = 'account.payment'
-    
+
+    def _is_authorized_to_notify(self):
+        """
+        Check if the current user is authorized to send payment notifications.
+        Returns True if user belongs to authorized groups.
+        """
+        user = self.env.user
+
+        # Define authorized groups (users who can send payment notifications)
+        authorized_groups = [
+            'account.group_account_manager',  # Account Manager
+            'account.group_account_invoice',  # Billing/Invoicing
+            'purchase.group_purchase_manager',  # Purchase Manager
+        ]
+
+        # Check if user belongs to any authorized group
+        for group_xml_id in authorized_groups:
+            if user.has_group(group_xml_id):
+                return True
+
+        return False
+
     def action_notify_payment(self, payment):
-        # Send Notifications
+        # Check authorization before sending notification
+        if not self._is_authorized_to_notify():
+            # Unauthorized user - don't send notification
+            # You can optionally log this attempt
+            # _logger.warning('Unauthorized payment notification attempt by user: %s', self.env.user.name)
+            return
+
+        # Send Notifications (only if authorized)
         subject = _('Payment Notification') + ' - {}'.format(payment.partner_id.name)
         message = '{} '.format(payment.partner_id.name) + _('is successfully paid.') + '\n' + _('Payment Amount: ') + '{}'.format(payment.amount) + '\n' + _('Ref: ') + '{}'.format(payment.ref) + '\n' + _('On Date: ') + '{}'.format(payment.date)
         group = 'purchase_requisition_custom.group_receive_payment_notification'
@@ -21,5 +49,5 @@ class AccountPayment(models.Model):
         res = super(AccountPayment, self).create(vals)
         # print("Hi payment!", res.amount)
         self.action_notify_payment(res)
-        
+
         return res