Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sale_margin_security: Don't depend on product cost security #222

Open
rousseldenis opened this issue Dec 11, 2024 · 5 comments
Open

sale_margin_security: Don't depend on product cost security #222

rousseldenis opened this issue Dec 11, 2024 · 5 comments
Labels
bug
Milestone
16.0

Comments

@rousseldenis
Copy link

rousseldenis commented Dec 11, 2024
edited
Loading

People that have access to cost fields should not have access necessarily to sale margin ones.

We should restore the previous implementation.

Due to : #198

@yajo @rafaelbn @lmignon @phschmidt
@yajo
Copy link
Member

yajo commented Dec 11, 2024

If you know the sale price and the margin, you know the cost... All you have to do is a simple multiplication. And vice-versa: if you know the cost and the sale price, with simple math you get the margin.

So, IIUC, both things are the same, and that's why it was refactored for simplification.

@rousseldenis
Copy link
Author

rousseldenis commented Dec 11, 2024
edited
Loading

If you know the sale price and the margin, you know the cost... All you have to do is a simple multiplication. And vice-versa: if you know the cost and the sale price, with simple math you get the margin.

So, IIUC, both things are the same, and that's why it was refactored for simplification.

Yes, but some companies want to split the access rights to explicit margin fields visibility (there are buyers and salesmen).

Of course, people can compute it but they will need to do the exercise.

Restablishing the previous behavior will allow to be flexible and do both scenarios.

@yajo
Copy link
Member

yajo commented Dec 11, 2024

they will need to do the exercise

... and they'll do it. Trust me, it happened. I'm sorry to say this, but I disagree with this proposal. 😅

These modules are labeled "security" for a reason. Restoring the previous behavior would be useful only to reduce security and UX. You would install the modules, but you would have an option to only get a placebo-like sense of security regarding cost information. It'd be a step backwards.

If you still need to do that, I suggest that you do it in a separate module that depends on these ones. I don't think this behavior should be supported by the base ones.

@rousseldenis
Copy link
Author

I don't really want to restore previous behavior:

  • Let the cost group on purchase_price field.

  • Restore the group_sale_marginon margin fields.

  • Add implied_ids on margin group to cost group

  • Maybe add a mixin for margin as for cost

@rousseldenis
Copy link
Author

@jdidderen @jdidderen-nsi As you did the migration for v17

What do you think ?

@rousseldenis rousseldenis mentioned this issue Dec 12, 2024
Open
@rafaelbn rafaelbn added this to the 16.0 milestone Dec 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
16.0
Development

No branches or pull requests
3 participants
@yajo @rafaelbn @rousseldenis