OCA / server-ux

GNU Affero General Public License v3.0
163 stars 531 forks source link

[FIX] [16.0] base_tier_validation: Group to bypass Validation rules #913

Closed Shide closed 4 months ago

Shide commented 4 months ago

A security group has been added to allow skipping all validations and allowing you to edit records freely.

In submodules, security groups can be added to skip only validations that belong to a specific model or group.

PR Series:

MT-6238 @moduon @rafaelbn @Gelojr @yajo @fcvalgar @LoisRForgeFlow please reivew if you want :)

OCA-git-bot commented 4 months ago

Hi @LoisRForgeFlow, some modules you are maintaining are being modified, check this out!

LoisRForgeFlow commented 4 months ago

@Shide Can you describe a bit more your use case?

When someone can approve all tiers, can effectively "skip" (all tiers approved automatically) the validation process. I don't really see a reason to have this group at a first glance.

Thanks!

Shide commented 4 months ago

But when the record is under validation or validated, the record is still in readonly and cannot be modified.

Right now we are facing this issue: Sale is requested for validation and something validates it. Sale is shipped and auto-invoiced (needs an invoice when goods are received by the customer). Customer call us and tells that the price is incorrect. Someone in Accounting team makes a complete refund and goes to the order to change price and generate the invoice again.

Here comes the problem: The record is in readonly state because it's validated and cannot be modified. but Odoo let you modify the price in a confirmed sale (sale state) when the invoiced quantity is 0. (+1 for the first invoice, -1 for the refund). So this line could have a price change if Tier Validation doesn't exists.

The people that requests tier, validates tier and modifies the order are different people with different roles. Commercial, Commercial manager, Accounting

With this improvement, I could give the Accounting people (only peple we want, normally power users) the ability to modify orders no matter in what validation step they are. Also, the sale is in readonly form to the other roles and the traceability of Validation process is not lost.

With the improvement in sale, we could give only this ability to sales (In case we want to install Purchase Validation or something like this).

I've thinking to restart validation, but we don't want to lose the Validation information because it's important to know who requested validation and who approves it.

https://www.loom.com/share/da4ff071dab745acaeecbbf9719d735c?sid=56f6e99b-256d-43d5-b457-4c3a44af0f9f

LoisRForgeFlow commented 4 months ago

@Shide

I see, thanks for the details.

I think this is good use case for the exceptions feature you did. You can add an exception for the price after validation. That would be the same level of security as tier validation just before the forced readonly changes. What else could we miss? the control on who can do it, in this sense what do you think about adding groups to exceptions? Wouldn't it be more configurable and enhance exceptions?

Shide commented 4 months ago

Closed in favor of https://github.com/OCA/server-ux/pull/915