diff --git a/addons/payment/__openerp__.py b/addons/payment/__openerp__.py
index c192bec7c1b..a3843a872c1 100644
--- a/addons/payment/__openerp__.py
+++ b/addons/payment/__openerp__.py
@@ -12,6 +12,7 @@
'views/payment_acquirer.xml',
'views/res_config_view.xml',
'security/ir.model.access.csv',
+ 'security/payment_security.xml',
],
'installable': True,
'auto_install': True,
diff --git a/addons/payment/security/ir.model.access.csv b/addons/payment/security/ir.model.access.csv
index 18f98939472..f52f9a44d4e 100644
--- a/addons/payment/security/ir.model.access.csv
+++ b/addons/payment/security/ir.model.access.csv
@@ -2,6 +2,6 @@ id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
payment_acquirer_all,payment.acquirer.all,model_payment_acquirer,,1,0,0,0
payment_acquirer_user,payment.acquirer.user,model_payment_acquirer,base.group_user,1,1,1,0
payment_acquirer_system,payment.acquirer.system,model_payment_acquirer,base.group_system,1,1,1,1
-payment_transaction_all,payment.transaction.all,model_payment_transaction,,1,1,1,0
+payment_transaction_all,payment.transaction.all,model_payment_transaction,,1,0,0,0
payment_transaction_user,payment.transaction.user,model_payment_transaction,base.group_user,1,1,1,0
payment_transaction_system,payment.transaction.system,model_payment_transaction,base.group_system,1,1,1,1
\ No newline at end of file
diff --git a/addons/payment/security/payment_security.xml b/addons/payment/security/payment_security.xml
new file mode 100644
index 00000000000..7bae346c648
--- /dev/null
+++ b/addons/payment/security/payment_security.xml
@@ -0,0 +1,24 @@
+
+
%s
' % _('Your payment has been received.') diff --git a/addons/website_sale/models/sale_order.py b/addons/website_sale/models/sale_order.py index d9855034018..f4e7691cd77 100644 --- a/addons/website_sale/models/sale_order.py +++ b/addons/website_sale/models/sale_order.py @@ -201,9 +201,9 @@ class website(orm.Model): transaction_obj = self.pool.get('payment.transaction') tx_id = request.session.get('sale_transaction_id') if tx_id: - tx_ids = transaction_obj.search(cr, uid, [('id', '=', tx_id), ('state', 'not in', ['cancel'])], context=context) + tx_ids = transaction_obj.search(cr, SUPERUSER_ID, [('id', '=', tx_id), ('state', 'not in', ['cancel'])], context=context) if tx_ids: - return transaction_obj.browse(cr, uid, tx_ids[0], context=context) + return transaction_obj.browse(cr, SUPERUSER_ID, tx_ids[0], context=context) else: request.session['sale_transaction_id'] = False return False