From 1434c49a219c67d5a8b205b6e70e06752e8e7c6e Mon Sep 17 00:00:00 2001 From: Mazen Abdo Date: Wed, 29 Oct 2025 15:11:32 +0300 Subject: [PATCH] fix --- .../models/account_payment.py | 22 +++++++++++- .../models/account_res.py | 36 ++++++++++++++++--- 2 files changed, 53 insertions(+), 5 deletions(-) diff --git a/odex25_purchase/purchase_requisition_custom/models/account_payment.py b/odex25_purchase/purchase_requisition_custom/models/account_payment.py index 30a41fcec..a2f61c262 100644 --- a/odex25_purchase/purchase_requisition_custom/models/account_payment.py +++ b/odex25_purchase/purchase_requisition_custom/models/account_payment.py @@ -1,11 +1,31 @@ from odoo import models, api, _ +from odoo.exceptions import AccessError class AccountPayment(models.Model): _inherit = 'account.payment' + def _is_authorized_to_notify(self): + + user = self.env.user + + authorized_groups = [ + 'account.group_account_manager', + 'account.group_account_invoice', + # 'purchase.group_purchase_manager', + ] + + for group_xml_id in authorized_groups: + if user.has_group(group_xml_id): + return True + + return False + def action_notify_payment(self, payment): - # Send Notifications + # Check authorization before sending notification + if not self._is_authorized_to_notify(): + + return subject = _('Payment Notification') + ' - {}'.format(payment.partner_id.name) message = '{} '.format(payment.partner_id.name) + _('is successfully paid.') + '\n' + _( 'Payment Amount: ') + '{}'.format(payment.amount) + '\n' + _('Ref: ') + '{}'.format(payment.ref) + '\n' + _( diff --git a/odex25_purchase/purchase_requisition_custom/models/account_res.py b/odex25_purchase/purchase_requisition_custom/models/account_res.py index 32d770621..be5237552 100644 --- a/odex25_purchase/purchase_requisition_custom/models/account_res.py +++ b/odex25_purchase/purchase_requisition_custom/models/account_res.py @@ -4,11 +4,39 @@ from odoo.exceptions import UserError, ValidationError class AccountPayment(models.Model): - + _inherit = 'account.payment' - + + def _is_authorized_to_notify(self): + """ + Check if the current user is authorized to send payment notifications. + Returns True if user belongs to authorized groups. + """ + user = self.env.user + + # Define authorized groups (users who can send payment notifications) + authorized_groups = [ + 'account.group_account_manager', # Account Manager + 'account.group_account_invoice', # Billing/Invoicing + 'purchase.group_purchase_manager', # Purchase Manager + ] + + # Check if user belongs to any authorized group + for group_xml_id in authorized_groups: + if user.has_group(group_xml_id): + return True + + return False + def action_notify_payment(self, payment): - # Send Notifications + # Check authorization before sending notification + if not self._is_authorized_to_notify(): + # Unauthorized user - don't send notification + # You can optionally log this attempt + # _logger.warning('Unauthorized payment notification attempt by user: %s', self.env.user.name) + return + + # Send Notifications (only if authorized) subject = _('Payment Notification') + ' - {}'.format(payment.partner_id.name) message = '{} '.format(payment.partner_id.name) + _('is successfully paid.') + '\n' + _('Payment Amount: ') + '{}'.format(payment.amount) + '\n' + _('Ref: ') + '{}'.format(payment.ref) + '\n' + _('On Date: ') + '{}'.format(payment.date) group = 'purchase_requisition_custom.group_receive_payment_notification' @@ -21,5 +49,5 @@ class AccountPayment(models.Model): res = super(AccountPayment, self).create(vals) # print("Hi payment!", res.amount) self.action_notify_payment(res) - + return res \ No newline at end of file