From c1bcf20a4c58516e484417885f47e32a8c192dc1 Mon Sep 17 00:00:00 2001
From: Florent de Labarre <florent.mirieu@gmail.com>
Date: Fri, 27 Jan 2023 09:33:00 +0000
Subject: [PATCH] [FIX] account: prevent change restrict mode hash

In case of an user can edit account.journal and have no access of all account.move of this journal, the user can set to false this field : restrict_mode_hash_table.

closes odoo/odoo#111184

Signed-off-by: Nicolas Viseur (vin) <vin@odoo.com>
---
 addons/account/models/account_journal.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/addons/account/models/account_journal.py b/addons/account/models/account_journal.py
index 8a792dbe0f7a..962940d655d3 100644
--- a/addons/account/models/account_journal.py
+++ b/addons/account/models/account_journal.py
@@ -451,8 +451,8 @@ class AccountJournal(models.Model):
                     if bank_account.partner_id != company.partner_id:
                         raise UserError(_("The partners of the journal's company and the related bank account mismatch."))
             if 'restrict_mode_hash_table' in vals and not vals.get('restrict_mode_hash_table'):
-                journal_entry = self.env['account.move'].search([('journal_id', '=', self.id), ('state', '=', 'posted'), ('secure_sequence_number', '!=', 0)], limit=1)
-                if len(journal_entry) > 0:
+                journal_entry = self.env['account.move'].sudo().search([('journal_id', '=', self.id), ('state', '=', 'posted'), ('secure_sequence_number', '!=', 0)], limit=1)
+                if journal_entry:
                     field_string = self._fields['restrict_mode_hash_table'].get_description(self.env)['string']
                     raise UserError(_("You cannot modify the field %s of a journal that already has accounting entries.", field_string))
         result = super(AccountJournal, self).write(vals)
-- 
GitLab