margin-analysis icon indicating copy to clipboard operation
margin-analysis copied to clipboard
verified publisher icon OCA

sale_margin_security: Don't depend on product cost security

Open rousseldenis opened this issue 1 year ago • 5 comments

People that have access to cost fields should not have access necessarily to sale margin ones.

We should restore the previous implementation.

Due to : https://github.com/OCA/margin-analysis/pull/198

@yajo @rafaelbn @lmignon @phschmidt

rousseldenis avatar Dec 11 '24 08:12 rousseldenis

If you know the sale price and the margin, you know the cost... All you have to do is a simple multiplication. And vice-versa: if you know the cost and the sale price, with simple math you get the margin.

So, IIUC, both things are the same, and that's why it was refactored for simplification.

yajo avatar Dec 11 '24 08:12 yajo

If you know the sale price and the margin, you know the cost... All you have to do is a simple multiplication. And vice-versa: if you know the cost and the sale price, with simple math you get the margin.

So, IIUC, both things are the same, and that's why it was refactored for simplification.

Yes, but some companies want to split the access rights to explicit margin fields visibility (there are buyers and salesmen).

Of course, people can compute it but they will need to do the exercise.

Restablishing the previous behavior will allow to be flexible and do both scenarios.

rousseldenis avatar Dec 11 '24 09:12 rousseldenis

they will need to do the exercise

... and they'll do it. Trust me, it happened. I'm sorry to say this, but I disagree with this proposal. 😅

These modules are labeled "security" for a reason. Restoring the previous behavior would be useful only to reduce security and UX. You would install the modules, but you would have an option to only get a placebo-like sense of security regarding cost information. It'd be a step backwards.

If you still need to do that, I suggest that you do it in a separate module that depends on these ones. I don't think this behavior should be supported by the base ones.

yajo avatar Dec 11 '24 09:12 yajo

I don't really want to restore previous behavior:

  • Let the cost group on purchase_price field.

  • Restore the group_sale_marginon margin fields.

  • Add implied_ids on margin group to cost group

  • Maybe add a mixin for margin as for cost

rousseldenis avatar Dec 11 '24 09:12 rousseldenis

@jdidderen @jdidderen-nsi As you did the migration for v17

What do you think ?

rousseldenis avatar Dec 11 '24 09:12 rousseldenis

There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. If you want this issue to never become stale, please ask a PSC member to apply the "no stale" label.

github-actions[bot] avatar Jun 22 '25 12:06 github-actions[bot]