[FIX] payment: Deleting payment tokens from website

When deleting payment tokens from website, in My account, by clicking on button "Manage your payment methods", the public user, the user and the portal user got a 403 error. But when creating a subscription for a customer with admin user and setting a payment token for the company of this customer. This payment token could not be deleted or modified by its users. In a few cases, it's needed to delete or modify a payment token, for example, when the expiration date of the payment token is expired. opw:740169
odoo · Apr 25, 2017 · 4c8c996 · 4c8c996
1 parent 08fcda5
commit 4c8c996
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/addons/payment/security/payment_security.xml b/addons/payment/security/payment_security.xml
@@ -15,7 +15,7 @@
         <record id="payment_token_user_rule" model="ir.rule">
             <field name="name">Access own payment tokens only</field>
             <field name="model_id" ref="payment.model_payment_token"/>
-            <field name="domain_force">[('partner_id','=',user.partner_id.id)]</field>
+            <field name="domain_force">['|', ('partner_id','=',user.partner_id.id), ('partner_id', '=', user.partner_id.commercial_partner_id.id)]</field>
             <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
         </record>