In my understanding of an ERP system (which also relies on an app store with third-party extensions) it is irresponsible and not guaranteed that an extension e.g. or someone who simply makes a change via API access is able to make a change. This would mean that Odoo would treat the invoices like a simple database table and pass the responsibility 100% to the user instead of intercepting these essential important things in the standard. However, in many countries the requirement of correct accounting (unchangeability, storage obligation etc.) must be implemented, otherwise the system may not be used for theoretical reasons alone.

Hi there

All of that is right but not necessarily wrong since there are scenarios when the states of the documents need to be reverted to draft or cancel it in order to make changes and modify the document. There are some others scenarios where there are checks and constraints in place to prevent the modifications of the records for some states. Odoo is an extensible platform that provides the basis so you could provide extensions to reach your clients goals and requirements. Seems that you are the one that wanna manually make modifications to the records by your own code and you are allowed to do it. Also you could do it too with direct SQL Queries in Odoo or directly in Postgres so, what's the big deal?

It's not an issue by itself, but if it's an issue for you, you could create some constraints, write and unlink checks, security rules, SQL locks, SQL triggers, SQL constrainsts...