1 files changed, 31 insertions, 0 deletions

diff --git a/addons/payment/security/payment_security.xml b/addons/payment/security/payment_security.xml
new file mode 100644
index 00000000..e51b25f9
--- /dev/null
+++ b/addons/payment/security/payment_security.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo noupdate="1">
+
+    <record id="payment_transaction_user_rule" model="ir.rule">
+        <field name="name">Access own payment transaction only</field>
+        <field name="model_id" ref="payment.model_payment_transaction"/>
+        <field name="domain_force">['|',('partner_id','=',False), ('partner_id','=',user.partner_id.id) ]</field>
+        <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
+    </record>
+    <record id="payment_token_user_rule" model="ir.rule">
+        <field name="name">Access own payment tokens only</field>
+        <field name="model_id" ref="payment.model_payment_token"/>
+        <field name="domain_force">[('partner_id', 'child_of', user.partner_id.commercial_partner_id.id)]</field>
+        <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
+    </record>
+
+    <record id="payment_transaction_billing_rule" model="ir.rule">
+        <field name="name">Access every payment transaction</field>
+        <field name="model_id" ref="payment.model_payment_transaction"/>
+        <field name="domain_force">[(1, '=', 1)]</field>
+        <field name="groups" eval="[(4, ref('account.group_account_invoice'))]"/>
+    </record>
+
+    <record id="payment_token_salesman_rule" model="ir.rule">
+        <field name="name">Access every payment token</field>
+        <field name="model_id" ref="payment.model_payment_token"/>
+        <field name="domain_force">[(1, '=', 1)]</field>
+        <field name="groups" eval="[(4, ref('account.group_account_invoice'))]"/>
+    </record>
+
+</odoo>