[REF] portal_sale_personal_data_only: outsource invoice features

Fix OCA#2236 by extracting these features into the new module `portal_account_personal_data_only`.

The module now depends on it and is auto-installed if `sale` is also installed.

@moduon MT-1451

portal_sale_personal_data_only/README.rst

@@ -2,10 +2,13 @@
 Portal Sale Personal Data Only
 ==============================
 
-.. !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+.. 
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    !! This file is generated by oca-gen-addon-readme !!
    !! changes will be overwritten.                   !!
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+   !! source digest: sha256:f914e3f1f064988db2859552c387f79852893d192900d26c2105e00f145b3f60
+   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
 .. |badge1| image:: https://img.shields.io/badge/maturity-Beta-yellow.png
     :target: https://odoo-community.org/page/development-status
@@ -19,13 +22,13 @@ Portal Sale Personal Data Only
 .. |badge4| image:: https://img.shields.io/badge/weblate-Translate%20me-F47D42.png
     :target: https://translation.odoo-community.org/projects/sale-workflow-15-0/sale-workflow-15-0-portal_sale_personal_data_only
     :alt: Translate me on Weblate
-.. |badge5| image:: https://img.shields.io/badge/runbot-Try%20me-875A7B.png
-    :target: https://runbot.odoo-community.org/runbot/167/15.0
-    :alt: Try me on Runbot
+.. |badge5| image:: https://img.shields.io/badge/runboat-Try%20me-875A7B.png
+    :target: https://runboat.odoo-community.org/builds?repo=OCA/sale-workflow&target_branch=15.0
+    :alt: Try me on Runboat
 
 |badge1| |badge2| |badge3| |badge4| |badge5|
 
-By default, portal users are allowed to see all the orders and invoices in
+By default, portal users are allowed to see all the sale orders in
 which a member of their organization are followers. That could cause a leaking
 of  documents between members and departments and of the organization that
 should stay private.
@@ -44,7 +47,7 @@ Usage
 #. Create some portal users belonging to the same company.
 #. Place some orders for several of these users.
 #. Log in with each portal user credential.
-#. Only the orders and invoices belonging to the logged in user's partner or
+#. Only the sale orders belonging to the logged in user's partner or
    his descendants should be accessible.
 #. Invoices associated to a partner's sale order will be visible as well.
 
@@ -53,8 +56,8 @@ Bug Tracker
 
 Bugs are tracked on `GitHub Issues <https://github.com/OCA/sale-workflow/issues>`_.
 In case of trouble, please check there if your issue has already been reported.
-If you spotted it first, help us smashing it by providing a detailed and welcomed
-`feedback <https://github.com/OCA/sale-workflow/issues/new?body=module:%20portal_sale_personal_data_only%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+`feedback <https://github.com/OCA/sale-workflow/issues/new?body=module:%20portal_sale_personal_data_only%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**>`_.
 
 Do not contact contributors directly about support or help with technical issues.
 
@@ -77,6 +80,7 @@ Contributors
   * Víctor Martínez
 
 * Moaad Bourhim <[email protected]>
+* Jairo Llopis (`Moduon <https://www.moduon.team/>`__)
 
 Maintainers
 ~~~~~~~~~~~

portal_sale_personal_data_only/__manifest__.py

@@ -7,7 +7,8 @@
     "author": "Tecnativa, Odoo Community Association (OCA)",
     "website": "https://github.com/OCA/sale-workflow",
     "license": "AGPL-3",
-    "depends": ["sale"],
+    "depends": ["sale", "portal_account_personal_data_only"],
+    "auto_install": True,
     "data": ["security/security.xml"],
     "installable": True,
     "post_init_hook": "post_init_hook",

portal_sale_personal_data_only/hooks.py

@@ -8,14 +8,10 @@ def post_init_hook(cr, registry, vals=None):
     env = api.Environment(cr, SUPERUSER_ID, {})
     env.ref("sale.sale_order_rule_portal").active = False
     env.ref("sale.sale_order_line_rule_portal").active = False
-    env.ref("account.account_invoice_rule_portal").active = False
-    env.ref("account.account_invoice_line_rule_portal").active = False
 
 
 def uninstall_hook(cr, registry, vals=None):
     """Unarchive the overriden ir.rules"""
     env = api.Environment(cr, SUPERUSER_ID, {})
     env.ref("sale.sale_order_rule_portal").active = True
     env.ref("sale.sale_order_line_rule_portal").active = True
-    env.ref("account.account_invoice_rule_portal").active = True
-    env.ref("account.account_invoice_line_rule_portal").active = True

portal_sale_personal_data_only/readme/CONTRIBUTORS.rst

@@ -6,3 +6,4 @@
   * Víctor Martínez
 
 * Moaad Bourhim <[email protected]>
+* Jairo Llopis (`Moduon <https://www.moduon.team/>`__)

portal_sale_personal_data_only/readme/DESCRIPTION.rst

@@ -1,4 +1,4 @@
-By default, portal users are allowed to see all the orders and invoices in
+By default, portal users are allowed to see all the sale orders in
 which a member of their organization are followers. That could cause a leaking
 of  documents between members and departments and of the organization that
 should stay private.

portal_sale_personal_data_only/readme/USAGE.rst

@@ -1,6 +1,6 @@
 #. Create some portal users belonging to the same company.
 #. Place some orders for several of these users.
 #. Log in with each portal user credential.
-#. Only the orders and invoices belonging to the logged in user's partner or
+#. Only the sale orders belonging to the logged in user's partner or
    his descendants should be accessible.
 #. Invoices associated to a partner's sale order will be visible as well.

portal_sale_personal_data_only/security/security.xml

@@ -17,18 +17,22 @@
         <field name="groups" eval="[(4, ref('base.group_portal'))]" />
     </record>
     <record id="portal_account_invoice_user_rule" model="ir.rule">
-        <field name="name">Portal Only Personal Account Invoices</field>
+        <field
+            name="name"
+        >Portal display personal invoices linked to personal sale orders</field>
         <field name="model_id" ref="account.model_account_move" />
         <field name="domain_force">
-            ['|', ('message_partner_ids','child_of', [user.partner_id.id]), ('invoice_line_ids.sale_line_ids.order_id.message_partner_ids', 'child_of', [user.partner_id.id])]
+            [('invoice_line_ids.sale_line_ids.order_id.message_partner_ids', 'child_of', [user.partner_id.id])]
         </field>
         <field name="groups" eval="[(4, ref('base.group_portal'))]" />
     </record>
     <record id="portal_account_invoice_line_rule" model="ir.rule">
-        <field name="name">Portal Only Personal Invoice Lines</field>
+        <field
+            name="name"
+        >Portal display personal invoice lines linked to personal sale orders</field>
         <field name="model_id" ref="account.model_account_move_line" />
         <field name="domain_force">
-            ['|', ('move_id.message_partner_ids','child_of',[user.partner_id.id]), ('sale_line_ids.order_id.message_partner_ids', 'child_of', [user.partner_id.id])]
+            [('sale_line_ids.order_id.message_partner_ids', 'child_of', [user.partner_id.id])]
         </field>
         <field name="groups" eval="[(4, ref('base.group_portal'))]" />
     </record>

portal_sale_personal_data_only/static/description/index.html

@@ -1,20 +1,20 @@
-<?xml version="1.0" encoding="utf-8" ?>
+<?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<meta name="generator" content="Docutils 0.15.1: http://docutils.sourceforge.net/" />
+<meta name="generator" content="Docutils: https://docutils.sourceforge.io/" />
 <title>Portal Sale Personal Data Only</title>
 <style type="text/css">
 
 /*
 :Author: David Goodger ([email protected])
-:Id: $Id: html4css1.css 7952 2016-07-26 18:15:59Z milde $
+:Id: $Id: html4css1.css 8954 2022-01-20 10:10:25Z milde $
 :Copyright: This stylesheet has been placed in the public domain.
 
 Default cascading style sheet for the HTML output of Docutils.
 
-See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
+See https://docutils.sourceforge.io/docs/howto/html-stylesheets.html for how to
 customize this style sheet.
 */
 
@@ -366,9 +366,11 @@ <h1 class="title">Portal Sale Personal Data Only</h1>
 <!-- !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 !! This file is generated by oca-gen-addon-readme !!
 !! changes will be overwritten.                   !!
+!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+!! source digest: sha256:f914e3f1f064988db2859552c387f79852893d192900d26c2105e00f145b3f60
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! -->
-<p><a class="reference external" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external" href="https://github.com/OCA/sale-workflow/tree/15.0/portal_sale_personal_data_only"><img alt="OCA/sale-workflow" src="https://img.shields.io/badge/github-OCA%2Fsale--workflow-lightgray.png?logo=github" /></a> <a class="reference external" href="https://translation.odoo-community.org/projects/sale-workflow-15-0/sale-workflow-15-0-portal_sale_personal_data_only"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external" href="https://runbot.odoo-community.org/runbot/167/15.0"><img alt="Try me on Runbot" src="https://img.shields.io/badge/runbot-Try%20me-875A7B.png" /></a></p>
-<p>By default, portal users are allowed to see all the orders and invoices in
+<p><a class="reference external image-reference" href="https://odoo-community.org/page/development-status"><img alt="Beta" src="https://img.shields.io/badge/maturity-Beta-yellow.png" /></a> <a class="reference external image-reference" href="http://www.gnu.org/licenses/agpl-3.0-standalone.html"><img alt="License: AGPL-3" src="https://img.shields.io/badge/licence-AGPL--3-blue.png" /></a> <a class="reference external image-reference" href="https://github.com/OCA/sale-workflow/tree/15.0/portal_sale_personal_data_only"><img alt="OCA/sale-workflow" src="https://img.shields.io/badge/github-OCA%2Fsale--workflow-lightgray.png?logo=github" /></a> <a class="reference external image-reference" href="https://translation.odoo-community.org/projects/sale-workflow-15-0/sale-workflow-15-0-portal_sale_personal_data_only"><img alt="Translate me on Weblate" src="https://img.shields.io/badge/weblate-Translate%20me-F47D42.png" /></a> <a class="reference external image-reference" href="https://runboat.odoo-community.org/builds?repo=OCA/sale-workflow&amp;target_branch=15.0"><img alt="Try me on Runboat" src="https://img.shields.io/badge/runboat-Try%20me-875A7B.png" /></a></p>
+<p>By default, portal users are allowed to see all the sale orders in
 which a member of their organization are followers. That could cause a leaking
 of  documents between members and departments and of the organization that
 should stay private.</p>
@@ -377,57 +379,58 @@ <h1 class="title">Portal Sale Personal Data Only</h1>
 <p><strong>Table of contents</strong></p>
 <div class="contents local topic" id="contents">
 <ul class="simple">
-<li><a class="reference internal" href="#usage" id="id1">Usage</a></li>
-<li><a class="reference internal" href="#bug-tracker" id="id2">Bug Tracker</a></li>
-<li><a class="reference internal" href="#credits" id="id3">Credits</a><ul>
-<li><a class="reference internal" href="#authors" id="id4">Authors</a></li>
-<li><a class="reference internal" href="#contributors" id="id5">Contributors</a></li>
-<li><a class="reference internal" href="#maintainers" id="id6">Maintainers</a></li>
+<li><a class="reference internal" href="#usage" id="toc-entry-1">Usage</a></li>
+<li><a class="reference internal" href="#bug-tracker" id="toc-entry-2">Bug Tracker</a></li>
+<li><a class="reference internal" href="#credits" id="toc-entry-3">Credits</a><ul>
+<li><a class="reference internal" href="#authors" id="toc-entry-4">Authors</a></li>
+<li><a class="reference internal" href="#contributors" id="toc-entry-5">Contributors</a></li>
+<li><a class="reference internal" href="#maintainers" id="toc-entry-6">Maintainers</a></li>
 </ul>
 </li>
 </ul>
 </div>
 <div class="section" id="usage">
-<h1><a class="toc-backref" href="#id1">Usage</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-1">Usage</a></h1>
 <ol class="arabic simple">
 <li>Create some portal users belonging to the same company.</li>
 <li>Place some orders for several of these users.</li>
 <li>Log in with each portal user credential.</li>
-<li>Only the orders and invoices belonging to the logged in user’s partner or
+<li>Only the sale orders belonging to the logged in user’s partner or
 his descendants should be accessible.</li>
 <li>Invoices associated to a partner’s sale order will be visible as well.</li>
 </ol>
 </div>
 <div class="section" id="bug-tracker">
-<h1><a class="toc-backref" href="#id2">Bug Tracker</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-2">Bug Tracker</a></h1>
 <p>Bugs are tracked on <a class="reference external" href="https://github.com/OCA/sale-workflow/issues">GitHub Issues</a>.
 In case of trouble, please check there if your issue has already been reported.
-If you spotted it first, help us smashing it by providing a detailed and welcomed
-<a class="reference external" href="https://github.com/OCA/sale-workflow/issues/new?body=module:%20portal_sale_personal_data_only%0Aversion:%2014.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
+If you spotted it first, help us to smash it by providing a detailed and welcomed
+<a class="reference external" href="https://github.com/OCA/sale-workflow/issues/new?body=module:%20portal_sale_personal_data_only%0Aversion:%2015.0%0A%0A**Steps%20to%20reproduce**%0A-%20...%0A%0A**Current%20behavior**%0A%0A**Expected%20behavior**">feedback</a>.</p>
 <p>Do not contact contributors directly about support or help with technical issues.</p>
 </div>
 <div class="section" id="credits">
-<h1><a class="toc-backref" href="#id3">Credits</a></h1>
+<h1><a class="toc-backref" href="#toc-entry-3">Credits</a></h1>
 <div class="section" id="authors">
-<h2><a class="toc-backref" href="#id4">Authors</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-4">Authors</a></h2>
 <ul class="simple">
 <li>Tecnativa</li>
 </ul>
 </div>
 <div class="section" id="contributors">
-<h2><a class="toc-backref" href="#id5">Contributors</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-5">Contributors</a></h2>
 <ul class="simple">
 <li>Harald Panten &lt;<a class="reference external" href="mailto:harald.panten&#64;sygel.es">harald.panten&#64;sygel.es</a>&gt;</li>
 <li><a class="reference external" href="https://www.tecnativa.com">Tecnativa</a>:<ul>
 <li>David Vidal</li>
 <li>Víctor Martínez</li>
 </ul>
 </li>
-    <li>Moaad Bourhim &lt;<a class="reference external" href="mailto:moaad.bourhim&#64;gmail.com">moaad.bourhim&#64;gmail.com</a>&gt;</li>
+<li>Moaad Bourhim &lt;<a class="reference external" href="mailto:moaad.bourhim&#64;gmail.com">moaad.bourhim&#64;gmail.com</a>&gt;</li>
+<li>Jairo Llopis (<a class="reference external" href="https://www.moduon.team/">Moduon</a>)</li>
 </ul>
 </div>
 <div class="section" id="maintainers">
-<h2><a class="toc-backref" href="#id6">Maintainers</a></h2>
+<h2><a class="toc-backref" href="#toc-entry-6">Maintainers</a></h2>
 <p>This module is maintained by the OCA.</p>
 <a class="reference external image-reference" href="https://odoo-community.org"><img alt="Odoo Community Association" src="https://odoo-community.org/logo.png" /></a>
 <p>OCA, or the Odoo Community Association, is a nonprofit organization whose

portal_sale_personal_data_only/tests/test_partner_access.py

@@ -1,10 +1,14 @@
 # Copyright 2021 Tecnativa - Víctor Martínez
+# Copyright 2022 Moduon
 # License AGPL-3.0 or later (https://www.gnu.org/licenses/agpl)
 
-from odoo.tests import Form, common
+from odoo.tests.common import Form, tagged
 
+from odoo.addons.account.tests.common import TestAccountReconciliationCommon
 
-class TestPartnerAccess(common.SavepointCase):
+
+@tagged("post_install", "-at_install")
+class TestPartnerAccess(TestAccountReconciliationCommon):
     @classmethod
     def setUpClass(cls):
         super().setUpClass()
@@ -72,22 +76,3 @@ def test_access_sale_order_followers(self):
         self.order_a.message_subscribe(partner_ids=self.partner_b.ids)
         orders_b = self.env["sale.order"].with_user(self.user_b).search([])
         self.assertTrue(self.order_a in orders_b)
-
-    def test_access_invoice(self):
-        invoices_a = self.env["account.move"].with_user(self.user_a).search([])
-        self.assertTrue(self.order_a.invoice_ids in invoices_a)
-        self.assertTrue(self.order_b.invoice_ids not in invoices_a)
-        self.assertTrue(self.order_c.invoice_ids not in invoices_a)
-        invoices_b = self.env["account.move"].with_user(self.user_b).search([])
-        self.assertTrue(self.order_a.invoice_ids not in invoices_b)
-        self.assertTrue(self.order_b.invoice_ids in invoices_b)
-        self.assertTrue(self.order_c.invoice_ids not in invoices_b)
-        invoices_c = self.env["account.move"].with_user(self.user_c).search([])
-        self.assertTrue(self.order_a.invoice_ids not in invoices_c)
-        self.assertTrue(self.order_b.invoice_ids not in invoices_c)
-        self.assertTrue(self.order_c.invoice_ids in invoices_c)
-
-    def test_access_invoice_followers(self):
-        self.order_a.invoice_ids.message_subscribe(partner_ids=self.partner_b.ids)
-        invoices_b = self.env["account.move"].with_user(self.user_b).search([])
-        self.assertTrue(self.order_a.invoice_ids in invoices_b)