# -*- coding: utf-8 -*- from hashlib import sha256 from json import dumps from openerp import models, api, fields from openerp.tools.translate import _ from openerp.exceptions import UserError #forbidden fields MOVE_FIELDS = ['date', 'journal_id', 'company_id'] LINE_FIELDS = ['debit', 'credit', 'account_id', 'partner_id'] class AccountMove(models.Model): _inherit = "account.move" # TO DO in master : refactor hashing algo to go into a mixin l10n_fr_secure_sequence_number = fields.Integer(string="Inalteralbility No Gap Sequence #", readonly=True, copy=False) l10n_fr_hash = fields.Char(string="Inalterability Hash", readonly=True, copy=False) l10n_fr_string_to_hash = fields.Char(compute='_compute_string_to_hash', readonly=True, store=False) def _get_new_hash(self, secure_seq_number): """ Returns the hash to write on journal entries when they get posted""" self.ensure_one() #get the only one exact previous move in the securisation sequence prev_move = self.search([('state', '=', 'posted'), ('company_id', '=', self.company_id.id), ('l10n_fr_secure_sequence_number', '!=', 0), ('l10n_fr_secure_sequence_number', '=', int(secure_seq_number) - 1)]) if prev_move and len(prev_move) != 1: raise UserError( _('An error occured when computing the inalterability. Impossible to get the unique previous posted journal entry.')) #build and return the hash return self._compute_hash(prev_move.l10n_fr_hash if prev_move else '') def _compute_hash(self, previous_hash): """ Computes the hash of the browse_record given as self, based on the hash of the previous record in the company's securisation sequence given as parameter""" self.ensure_one() hash_string = sha256(previous_hash + self.l10n_fr_string_to_hash) return hash_string.hexdigest() def _compute_string_to_hash(self): def _getattrstring(obj, field_str): field_value = obj[field_str] if obj._fields[field_str].type == 'many2one': field_value = field_value.id return str(field_value) for move in self: values = {} for field in MOVE_FIELDS: values[field] = _getattrstring(move, field) for line in move.line_ids: for field in LINE_FIELDS: k = 'line_%d_%s' % (line.id, field) values[k] = _getattrstring(line, field) #make the json serialization canonical # (https://tools.ietf.org/html/draft-staykov-hu-json-canonical-form-00) move.l10n_fr_string_to_hash = dumps(values, sort_keys=True, encoding="utf-8", ensure_ascii=True, indent=None, separators=(',',':')) @api.multi def write(self, vals): has_been_posted = False for move in self: if move.company_id._is_accounting_unalterable(): # write the hash and the secure_sequence_number when posting an account.move if vals.get('state') == 'posted': has_been_posted = True # restrict the operation in case we are trying to write a forbidden field if (move.state == "posted" and set(vals).intersection(MOVE_FIELDS)): raise UserError(_("According to the French law, you cannot modify a journal entry in order for its posted data to be updated or deleted. Unauthorized field: %s.") % ', '.join(MOVE_FIELDS)) # restrict the operation in case we are trying to overwrite existing hash if (move.l10n_fr_hash and 'l10n_fr_hash' in vals) or (move.l10n_fr_secure_sequence_number and 'l10n_fr_secure_sequence_number' in vals): raise UserError(_('You cannot overwrite the values ensuring the inalterability of the accounting.')) res = super(AccountMove, self).write(vals) # write the hash and the secure_sequence_number when posting an account.move if has_been_posted: for move in self.filtered(lambda m: m.company_id._is_accounting_unalterable() and not (m.l10n_fr_secure_sequence_number or m.l10n_fr_hash)): new_number = move.company_id.l10n_fr_secure_sequence_id.next_by_id() vals_hashing = {'l10n_fr_secure_sequence_number': new_number, 'l10n_fr_hash': move._get_new_hash(new_number)} res |= super(AccountMove, move).write(vals_hashing) return res @api.multi def button_cancel(self): #by-pass the normal behavior/message that tells people can cancel a posted journal entry #if the journal allows it. if self.company_id._is_accounting_unalterable(): raise UserError(_('You cannot modify a posted journal entry. This ensures its inalterability.')) super(AccountMove, self).button_cancel() @api.model def _check_hash_integrity(self, company_id): """Checks that all posted moves have still the same data as when they were posted and raises an error with the result. """ def build_move_info(move): entry_reference = _('(ref.: %s)') move_reference_string = move.ref and entry_reference % move.ref or '' return [move.name, move_reference_string] moves = self.search([('state', '=', 'posted'), ('company_id', '=', company_id), ('l10n_fr_secure_sequence_number', '!=', 0)], order="l10n_fr_secure_sequence_number ASC") if not moves: raise UserError(_('There isn\'t any journal entry flagged for data inalterability yet for the company %s. This mechanism only runs for journal entries generated after the installation of the module France - Certification CGI 286 I-3 bis.') % self.env.user.company_id.name) previous_hash = '' start_move_info = [] for move in moves: if move.l10n_fr_hash != move._compute_hash(previous_hash=previous_hash): raise UserError(_('Corrupted data on journal entry with id %s.') % move.id) if not previous_hash: #save the date and sequence number of the first move hashed start_move_info = build_move_info(move) previous_hash = move.l10n_fr_hash end_move_info = build_move_info(move) report_dict = {'start_move_name': start_move_info[0], 'start_move_ref': start_move_info[1], 'end_move_name': end_move_info[0], 'end_move_ref': end_move_info[1]} # Raise on success raise UserError(_('''Successful test ! The journal entries are guaranteed to be in their original and inalterable state From: %(start_move_name)s %(start_move_ref)s To: %(end_move_name)s %(end_move_ref)s For this report to be legally meaningful, please download your certification from your customer account on Odoo.com (Only for Odoo Enterprise users).''' ) % report_dict) class AccountMoveLine(models.Model): _inherit = "account.move.line" @api.multi def write(self, vals): # restrict the operation in case we are trying to write a forbidden field if set(vals).intersection(LINE_FIELDS): if any(l.company_id._is_accounting_unalterable() and l.move_id.state == 'posted' for l in self): raise UserError(_("According to the French law, you cannot modify a journal item in order for its posted data to be updated or deleted. Unauthorized field: %s.") % ', '.join(LINE_FIELDS)) return super(AccountMoveLine, self).write(vals) class AccountJournal(models.Model): _inherit = "account.journal" @api.onchange('update_posted') def _onchange_update_posted(self): if self.update_posted and self.company_id._is_accounting_unalterable(): field_string = self._fields['update_posted'].get_description(self.env)['string'] raise UserError(_("According to the French law, you cannot modify a journal in order for its posted data to be updated or deleted. Unauthorized field: %s.") % field_string) @api.multi def _is_journal_alterable(self): self.ensure_one() critical_domain = [('journal_id', '=', self.id), '|', ('l10n_fr_hash', '!=', False), '&', ('l10n_fr_secure_sequence_number', '!=', False), ('l10n_fr_secure_sequence_number', '!=', 0)] if self.env['account.move'].search(critical_domain): raise UserError(_('It is not permitted to disable the data inalterability in this journal (%s) since journal entries have already been protected.') % (self.name, )) return True @api.multi def write(self, vals): # restrict the operation in case we are trying to write a forbidden field for journal in self: if journal.company_id._is_accounting_unalterable(): if vals.get('update_posted'): field_string = journal._fields['update_posted'].get_description(self.env)['string'] raise UserError(_("According to the French law, you cannot modify a journal in order for its posted data to be updated or deleted. Unauthorized field: %s.") % field_string) return super(AccountJournal, self).write(vals) @api.model def create(self, vals): # restrict the operation in case we are trying to set a forbidden field if self.company_id._is_accounting_unalterable(): if vals.get('update_posted'): field_string = self._fields['update_posted'].get_description(self.env)['string'] raise UserError(_("According to the French law, you cannot modify a journal in order for its posted data to be updated or deleted. Unauthorized field: %s.") % field_string) return super(AccountJournal, self).create(vals)