Community mailing list archives
Re: 8.00 - Bug on address customer in relation with invoice in Odooby
Hello Loic,you can crawl the web and find out that really this isn't the 1st time it has been discussed deeply, likeMay be that "temporal database" could be revisited, see tools around http://pgxn.org/dist/temporal_tables/1.0.0/I guess the law may be different in different countries. A way to also mitigate this is to keep historical backups of past months (I'm not telling it clears your concern).In some countries like Brazil were I work and in other Latin America countries, because of the historically stratospheric tax evasion levels, electronic invoicing has been put in place and countries who were looking like archaic years ago now paradoxically look more much advanced with these things. And I believe such system of legal electronic invoicing clears the legal issue because you keep structured data about invoices (as signed XML transferred to the fiscal authorities) and because the fiscal authorities hence have every invoice as structured data, so there is no more way easy hacking into the SQL or eventually cheating the pdf attachments would enable such "money laundering".On Fri, Oct 31, 2014 at 4:18 PM, Loïc Richard <firstname.lastname@example.org> wrote:I ferdinand, I am agree with you. It was my next question, if I don't generate my pdf invoice, what is the result if the address is change !! it has the new address.I think this problem must be a priority because it's very important.The inspector can tell me :Hey Loic, you realise false invoice, it's money laundering :)Seriuoly, this rpobelm has also a big impact also on the customers.------------------------
loïc Richard2014-10-31 14:02 GMT-04:00 Ferdinand Gassauer <email@example.com>:On 2014-10-31 18:47, Raphaël Valyi wrote:<blockquote cite="mid:CAByrsx1rRna-a32j7E=sVvWvRj4A0UpKDSa=qJhYdATgxMG78A@mail.gmail.com" type="cite">
I just want to add, that this method is not revision proof.
any user with access to invoices can delete and recreate the pds - with the new master data - hence it will not be the "original" any more.
IMO Odoo needs a mechanism to "protect" attachments
- from unauthorized deletion
Example: see above
- unauthorized access
Example HR - not everyone who can "read" hr employee data must be allowed to access personal data of employees stored as attachment.
What you describe was a hot topic back in 2007/2008... And this isn't just with the addresses but any data linked in invoices that are not in the account_invoice table.
At that time it was chosen that a "temporal" data model could be implemented to fix this but that it would have been complex.
A workaround that has been agreed as acceptable at that time is the current system we have where invoice pdf's are stored as attachments and never changed once they have been generated once in a validated state. This doesn't help with queries in the database but ensures that your printed versions of invoices will not changed when data change.
Hope this help.
On Fri, Oct 31, 2014 at 2:07 PM, Loïc Richard <firstname.lastname@example.org> wrote:
Currently I write a webservice between my ecommerce platform and Odoo
When I change a payment address during the payment process (new payment address) on my ecommerce platform, the payment address is write in hard inside database and the old address is not updated.
But in Odoo, this not the same thing, if during the process payment, the customer change this payment address, all the invoice (new and old) has the new address.
I think there is a big bug in odoo because the address has an impact on invoice.
I tried to change just in Odoo, a customer address, all the invoice has impacted, new and old invoice include the validate invoice.
This is a problem, in my opinion, with the law. All invoicemust be had an invoice, and the invoice validated should not be exchange
is the samething if I change a taxe rate. In this case, it can become horrible.
What the solution to resolve this problem, because it's important.