Merge pull request #5100 from expsa/Ekram-3844

fix
2025-10-29 14:12:37 +02:00 · 2025-10-29 14:12:37 +02:00 · b3ce0e3906
parent 8b66ece7b7 1434c49a21
commit b3ce0e3906
2 changed files with 53 additions and 5 deletions
--- a/odex25_purchase/purchase_requisition_custom/models/account_payment.py
+++ b/odex25_purchase/purchase_requisition_custom/models/account_payment.py
@ -1,11 +1,31 @@
 from odoo import models, api, _
+from odoo.exceptions import AccessError


 class AccountPayment(models.Model):
    _inherit = 'account.payment'

+    def _is_authorized_to_notify(self):
+
+        user = self.env.user
+
+        authorized_groups = [
+            'account.group_account_manager',
+            'account.group_account_invoice',
+            # 'purchase.group_purchase_manager',
+        ]
+
+        for group_xml_id in authorized_groups:
+            if user.has_group(group_xml_id):
+                return True
+
+        return False
+
    def action_notify_payment(self, payment):
-        # Send Notifications
+        # Check authorization before sending notification
+        if not self._is_authorized_to_notify():
+
+            return
        subject = _('Payment Notification') + ' - {}'.format(payment.partner_id.name)
        message = '{} '.format(payment.partner_id.name) + _('is successfully paid.') + '\n' + _(
            'Payment Amount: ') + '{}'.format(payment.amount) + '\n' + _('Ref: ') + '{}'.format(payment.ref) + '\n' + _(
--- a/odex25_purchase/purchase_requisition_custom/models/account_res.py
+++ b/odex25_purchase/purchase_requisition_custom/models/account_res.py
@ -7,8 +7,36 @@ class AccountPayment(models.Model):

    _inherit = 'account.payment'

+    def _is_authorized_to_notify(self):
+        """
+        Check if the current user is authorized to send payment notifications.
+        Returns True if user belongs to authorized groups.
+        """
+        user = self.env.user
+
+        # Define authorized groups (users who can send payment notifications)
+        authorized_groups = [
+            'account.group_account_manager',  # Account Manager
+            'account.group_account_invoice',  # Billing/Invoicing
+            'purchase.group_purchase_manager',  # Purchase Manager
+        ]
+
+        # Check if user belongs to any authorized group
+        for group_xml_id in authorized_groups:
+            if user.has_group(group_xml_id):
+                return True
+
+        return False
+
    def action_notify_payment(self, payment):
-        # Send Notifications
+        # Check authorization before sending notification
+        if not self._is_authorized_to_notify():
+            # Unauthorized user - don't send notification
+            # You can optionally log this attempt
+            # _logger.warning('Unauthorized payment notification attempt by user: %s', self.env.user.name)
+            return
+
+        # Send Notifications (only if authorized)
        subject = _('Payment Notification') + ' - {}'.format(payment.partner_id.name)
        message = '{} '.format(payment.partner_id.name) + _('is successfully paid.') + '\n' + _('Payment Amount: ') + '{}'.format(payment.amount) + '\n' + _('Ref: ') + '{}'.format(payment.ref) + '\n' + _('On Date: ') + '{}'.format(payment.date)
        group = 'purchase_requisition_custom.group_receive_payment_notification'