Odoo Addons (MOVED TO GITHUB)

analytic journal items must be read only

Bug #788156 reported by Ferdinand on 2011-05-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Odoo Addons (MOVED TO GITHUB)	Confirmed	Wishlist	OpenERP R&D Addons Team 3

Bug Description

IMHO analytic journal items are generated by invoices, time sheets and similar.

Hence normal users shouldn't be able to add/modify/delete analytic lines independently of their source to avoid data inconsitency.

Related branches

lp://staging/~openerp-dev/openobject-addons/trunk-bug-788156-uco

Rejected for merging into lp://staging/openobject-addons

Mustufa Rangwala (Open ERP) (community): Needs Fixing on 2011-07-19

qdp (OpenERP): Pending requested 2011-07-19

Revision history for this message

Vishal Parmar(Open ERP) (vpa-openerp) wrote on 2011-05-26:

Hello Dr. Ferdinand,

You can see the related menu contains analytic group.There is not any issue regarding inconsistency, The user can see this menu which have added this group by admin.

Currently I am setting this issue as opinion for more clarification.

Thanks.

Changed in openobject-addons:
status:	New → Opinion

Revision history for this message

Ferdinand (office-chricar) wrote on 2011-05-26:

account analytic lines.png Edit (44.3 KiB, image/png)

as you can see members of many of these groups have create/write/delete access to analytic lines.

while this is necessary in the context of applications like invoice/ht timesheet etc, IMHO it must not be allowed to do so directly at least not for lines which are generated and controlled by other apps.

currently any one who is entitled to enter invoices is also entitled to create, update, delete any of these records using
Menu / Accounting / Journal Entries / Analytic Journal Items.

I agree this should be possible for a restricted group of (very ! experienced) users, but not for everyone.

Revision history for this message

Vishal Parmar(Open ERP) (vpa-openerp) wrote on 2011-05-26:

Hello,

I have agree with you. In analytical journal item it should not be change and it is read only.

Thanks.

Changed in openobject-addons:
status:	Opinion → Confirmed
assignee:	nobody → OpenERP R&D Addons Team 3 (openerp-dev-addons3)
importance:	Undecided → Low

Meera Trambadia (OpenERP) (mtr-openerp) on 2011-05-30

Changed in openobject-addons:
status:	Confirmed → In Progress

Meera Trambadia (OpenERP) (mtr-openerp) on 2011-07-01

Changed in openobject-addons:
status:	In Progress → Confirmed

Ujjvala Collins (uco-openerp) on 2011-07-19

Changed in openobject-addons:
status:	Confirmed → In Progress

Revision history for this message

Ujjvala Collins (uco-openerp) wrote on 2011-07-19:

Hello Dr. Ferdinand,

I have removed the access rights for create / write / delete for the Accounting / Invoice group. The fix has been committed on lp:~openerp-dev/openobject-addons/trunk-bug-788156-uco with revision : 4888 <email address hidden>.

It will be merged into trunk-addons soon.

Thanks,
Ujjvala

Changed in openobject-addons:
status:	In Progress → Fix Committed

Mustufa Rangwala (Open ERP) (mra-tinyerp) on 2011-07-19

Changed in openobject-addons:
milestone:	none → 6.1

Revision history for this message

Ferdinand (office-chricar) wrote on 2011-07-19:

I hape that Accounting / Invoice group will be able to create invoices with analytic movoces

Mustufa Rangwala (Open ERP) (mra-tinyerp) on 2011-07-19

Changed in openobject-addons:
status:	Fix Committed → Confirmed

Revision history for this message

Ujjvala Collins (uco-openerp) wrote on 2011-07-19:

Hello Dr. Ferdinand,

The user with only Accounting / Invoice group will be able to create and validate invoices with no analytic accounts in invoice lines. The user must belong to Useability / Analytic Accounting to see analytic account field on invoice line. But using this patch he won't be able to validate the invoice as he is only having READ access on analytic lines. To achieve this user must belong to Accounting / Accountant group too.

Can you please share your point of view for normal users?

Currently, i.e. without applying the patch, the groups Accounting / Accountant, Accounting / Invoice, Human Resources / Manager are having all the access rights on analytic lines so user belong to any of the group can perform read/create/write/delete operations on it.

Can you please tell us the exact problem?

Thanks,
Ujjvala

Revision history for this message

Ferdinand (office-chricar) wrote on 2011-07-19:

I want to point to my initial comment

"Hence normal users shouldn't be able to add/modify/delete analytic lines independently of their source to avoid data inconsistency.."

the view in "Accounting/Journal Entries/Analytic Journal Items" should probably be read only.

Alternative 1
* have a special group which might change field contents
Alternative 2
* create a wizard which
** duplicates the original with negative values (original or current period ???) AND
** posts a new one
- the classical way how accounting works

Revision history for this message

Ujjvala Collins (uco-openerp) wrote on 2011-07-20:

Hello Dr. Ferdinand,

These suggestions are really great to be implemented. But for the current scenario it can't be treated as a bug so we're considering as a wishlist. For futrue releases we may apply these changes.

Thank you very much for your precious comments.

Thanks,
Ujjvala

Mustufa Rangwala (Open ERP) (mra-tinyerp) on 2011-07-20

Changed in openobject-addons:
importance:	Low → Wishlist
milestone:	6.1 → none

Revision history for this message

Ferdinand (office-chricar) wrote on 2011-07-20:

I hope that will go into 6.1
journals per definition are immutable - at least certain essential fields.

quote http://www.principlesofaccounting.com/chapter%202.htm#THE%20JOURNAL
an accounting journal is just a log book that contains a chronological listing of a company's transactions and events

all changes to journals - if allowed at all - must be documented.

this is valid for
* account move lines (see invoice_cancel)
* account_analytic_line - this bug
* stock_move (didn't discover anything yet)
* other like time tracking, hr expenses etc

first reason:
even if is tempting to allow "small" undocumented corrections, authorities (at least in Austria) will not accept accounting systems which allow violation of these basic rules.

second reason:
in multi user environment:
user A creates a report
user B alters journal entries and creates the same report - with obviously other results.
this is not acceptable, because without documentation nobody ( think of partners ...) can explain why.
the only workaround now is to turn on audit for journals
but see also https://bugs.launchpad.net/openobject-addons/+bug/606172

hence OpenERP is not revision proof

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

account analytic lines.png Edit

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.