analytic journal items must be read only

Bug #788156 reported by Ferdinand
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Odoo Addons (MOVED TO GITHUB)
Confirmed
Wishlist
OpenERP R&D Addons Team 3

Bug Description

IMHO analytic journal items are generated by invoices, time sheets and similar.

Hence normal users shouldn't be able to add/modify/delete analytic lines independently of their source to avoid data inconsitency.

Related branches

Revision history for this message
Vishal Parmar(Open ERP) (vpa-openerp) wrote :

Hello Dr. Ferdinand,

You can see the related menu contains analytic group.There is not any issue regarding inconsistency, The user can see this menu which have added this group by admin.

Currently I am setting this issue as opinion for more clarification.

Thanks.

Changed in openobject-addons:
status: New → Opinion
Revision history for this message
Ferdinand (office-chricar) wrote :

as you can see members of many of these groups have create/write/delete access to analytic lines.

while this is necessary in the context of applications like invoice/ht timesheet etc, IMHO it must not be allowed to do so directly at least not for lines which are generated and controlled by other apps.

currently any one who is entitled to enter invoices is also entitled to create, update, delete any of these records using
Menu / Accounting / Journal Entries / Analytic Journal Items.

I agree this should be possible for a restricted group of (very ! experienced) users, but not for everyone.

Revision history for this message
Vishal Parmar(Open ERP) (vpa-openerp) wrote :

Hello,

I have agree with you. In analytical journal item it should not be change and it is read only.

Thanks.

Changed in openobject-addons:
status: Opinion → Confirmed
assignee: nobody → OpenERP R&D Addons Team 3 (openerp-dev-addons3)
importance: Undecided → Low
Changed in openobject-addons:
status: Confirmed → In Progress
Changed in openobject-addons:
status: In Progress → Confirmed
Changed in openobject-addons:
status: Confirmed → In Progress
Revision history for this message
Ujjvala Collins (uco-openerp) wrote :

Hello Dr. Ferdinand,

I have removed the access rights for create / write / delete for the Accounting / Invoice group. The fix has been committed on lp:~openerp-dev/openobject-addons/trunk-bug-788156-uco with revision : 4888 <email address hidden>.

It will be merged into trunk-addons soon.

Thanks,
Ujjvala

Changed in openobject-addons:
status: In Progress → Fix Committed
Changed in openobject-addons:
milestone: none → 6.1
Revision history for this message
Ferdinand (office-chricar) wrote :

I hape that Accounting / Invoice group will be able to create invoices with analytic movoces

Changed in openobject-addons:
status: Fix Committed → Confirmed
Revision history for this message
Ujjvala Collins (uco-openerp) wrote :

Hello Dr. Ferdinand,

The user with only Accounting / Invoice group will be able to create and validate invoices with no analytic accounts in invoice lines. The user must belong to Useability / Analytic Accounting to see analytic account field on invoice line. But using this patch he won't be able to validate the invoice as he is only having READ access on analytic lines. To achieve this user must belong to Accounting / Accountant group too.

Can you please share your point of view for normal users?

Currently, i.e. without applying the patch, the groups Accounting / Accountant, Accounting / Invoice, Human Resources / Manager are having all the access rights on analytic lines so user belong to any of the group can perform read/create/write/delete operations on it.

Can you please tell us the exact problem?

Thanks,
Ujjvala

Revision history for this message
Ferdinand (office-chricar) wrote :

I want to point to my initial comment

"Hence normal users shouldn't be able to add/modify/delete analytic lines independently of their source to avoid data inconsistency.."

the view in "Accounting/Journal Entries/Analytic Journal Items" should probably be read only.

Alternative 1
* have a special group which might change field contents
Alternative 2
* create a wizard which
** duplicates the original with negative values (original or current period ???) AND
** posts a new one
 - the classical way how accounting works

Revision history for this message
Ujjvala Collins (uco-openerp) wrote :

Hello Dr. Ferdinand,

These suggestions are really great to be implemented. But for the current scenario it can't be treated as a bug so we're considering as a wishlist. For futrue releases we may apply these changes.

Thank you very much for your precious comments.

Thanks,
Ujjvala

Changed in openobject-addons:
importance: Low → Wishlist
milestone: 6.1 → none
Revision history for this message
Ferdinand (office-chricar) wrote :

I hope that will go into 6.1
journals per definition are immutable - at least certain essential fields.

quote http://www.principlesofaccounting.com/chapter%202.htm#THE%20JOURNAL
an accounting journal is just a log book that contains a chronological listing of a company's transactions and events

all changes to journals - if allowed at all - must be documented.

this is valid for
* account move lines (see invoice_cancel)
* account_analytic_line - this bug
* stock_move (didn't discover anything yet)
* other like time tracking, hr expenses etc

first reason:
even if is tempting to allow "small" undocumented corrections, authorities (at least in Austria) will not accept accounting systems which allow violation of these basic rules.

second reason:
in multi user environment:
user A creates a report
user B alters journal entries and creates the same report - with obviously other results.
this is not acceptable, because without documentation nobody ( think of partners ...) can explain why.
the only workaround now is to turn on audit for journals
but see also https://bugs.launchpad.net/openobject-addons/+bug/606172

hence OpenERP is not revision proof

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.