[FIX] payment: Deleting payment tokens from website

When deleting payment tokens from website, in My account, by clicking on button "Manage your payment methods", the public user, the user and the portal user got a 403 error. But when creating a subscription for a customer with admin user and setting a payment token for the company of this customer. This payment token could not be deleted or modified by its users. In a few cases, it's needed to delete or modify a payment token, for example, when the expiration date of the payment token is expired. opw:740169

[FIX] payment: Deleting payment tokens from website
4c8c996f · Goffin Simon · 08fcda5c · 4c8c996f
Commit 4c8c996f authored 8 years ago by Goffin Simon
--- a/addons/payment/security/payment_security.xml
+++ b/addons/payment/security/payment_security.xml
@@ -15,7 +15,7 @@
        <record id="payment_token_user_rule" model="ir.rule">
            <field name="name">Access own payment tokens only</field>
            <field name="model_id" ref="payment.model_payment_token"/>
-            <field name="domain_force">[('partner_id','=',user.partner_id.id)]</field>
+            <field name="domain_force">['|', ('partner_id','=',user.partner_id.id), ('partner_id', '=', user.partner_id.commercial_partner_id.id)]</field>
            <field name="groups" eval="[(4, ref('base.group_user')), (4, ref('base.group_portal')), (4, ref('base.group_public'))]"/>
        </record>