[IMP] accounting: inalterability update

To avoid confusion between lock dates and "locking" with hash
we now speak of "securing" (with hash) instead.

In the related community PR we introduce new inalterability features.
  * On account move form view:
    * An indicator next to the 'posted' state whether a move is hashed or not.
    * A checkbox "Secured" in the "Other Info" tab for the same reason.
  * A "Not Secured" filter for account move list views (and account
    move line list views) to find moves (and move lines) that are posted but not hashed.
  * A new wizard to hash all journals (independent of journal settings).

They are invisible by default; the wizard is visible in debug mode.

They can be made visible for a user by activating a special user group
(similar to multi-currency).
This happens automatically for all users in case the "Hash on Post"
option is activated on any journal or the new wizard is used to secure moves.

This commit updates the documentation accordingly.

The inalterability report pictures and description are updated.
I.e. it now checks all journals independent of whether they are restricted ("Hash on Post") or not.
This is since the wizard can be used to hash any journal.

task-4095970

closes odoo/documentation#10906

Related: odoo/odoo#178915
Related: odoo/enterprise#69324
Related: odoo/upgrade#6458
Signed-off-by: Sven Führ (svfu) <svfu@odoo.com>

content/applications/finance/accounting/reporting/data_inalterability.rst

@@ -3,10 +3,10 @@ Data inalterability check report
 ================================
 
 Tax authorities in some countries require companies to **prove their posted accounting entries are
-inalterable**, meaning that once an entry has been posted, it can no longer be changed.
+unaltered**, meaning that once an entry has been secured, it can no longer be changed.
 
-To do so, Odoo can use the **SHA-256 algorithm** to create a unique fingerprint for each posted
-entry. This fingerprint is called a hash. The hash is generated by taking an entry's essential data
+To do so, Odoo creates a unique fingerprint for each secured entry thanks to the **SHA-256 algorithm**.
+This fingerprint is called a hash. The hash is generated by taking an entry's essential data
 (the values of the `name`, `date`, `journal_id`, `company_id`, `debit`, `credit`, `account_id`, and
 `partner_id` fields), concatenating it, and inputting it to the SHA-256 hash function, which then
 outputs a fixed size (256-bit) string of characters. The hash function is deterministic (:dfn:`the
@@ -15,7 +15,7 @@ completely change the resulting hash. Consequently, the SHA-256 algorithm is oft
 others, for data integrity verification purposes.
 
 In addition, the previous entry's hash is always added to the next entry to form a **hash chain**.
-This is used to ensure a new entry is not added afterward between two posted entries, as doing so
+This is used to ensure a new entry is not added afterward between two secured entries, as doing so
 would break the hash chain.
 
 .. note::
@@ -24,23 +24,70 @@ would break the hash chain.
    bigger than the number of atoms in the known universe. This is why hashes are considered unique
    in practice.
 
-.. _data-inalterability/lock:
+.. _data-inalterability/inalterability_features:
 
-Lock posted entries with hash
-=============================
+Inalterability features
+=======================
 
-To start using the hashing function, go to :menuselection:`Accounting --> Configuration > Journals`.
-Open the journal for which you want to activate the feature, go to the :guilabel:`Advanced Settings`
-tab, and enable :guilabel:`Lock Posted Invoices with Hash`.
-This feature is available for sale, purchase, and general journals.
+Inalterability features can be enabled by activating the :ref:`secure posted entries with hash
+<data-inalterability/restricted>` option on any journal or using the :ref:`secure entries wizard
+<data-inalterability/wizard>`.
+
+- Two indicators are added to the journal entry's form view.
+  They show whether the entry is secured or not.
+
+  - A :icon:`fa-lock` or :icon:`fa-unlock` (:guilabel:`lock icon`) next to the :guilabel:`Posted` state.
+  - A :guilabel:`Secured` checkbox in the :guilabel:`Other info` tab.
+
+- A :guilabel:`Not Secured` filter is available on journal entries and journal items' list views.
+  It can be used to find posted journal entries that are not secured yet.
+- The option to open the :ref:`secure entries wizard <data-inalterability/wizard>` is displayed in the
+  :guilabel:`Accounting` menu.
+
+.. _data-inalterability/restricted:
+
+Secure posted entries with hash
+===============================
+
+To activate the hashing function on a specific journal, go to :menuselection:`Accounting -->
+Configuration --> Journals`. Open a sales, purchase, or miscellaneous journal, go to the
+:guilabel:`Advanced Settings` tab, and enable :guilabel:`Secure Posted Entries with Hash`.
+Journals for which the feature is activated are called "restricted".
 
 To compute the hash of an entry, Odoo retrieves the predecessor entries of the chain (i.e., the
 entries with the same sequence prefix) and hashes them in a continuous way from the last hashed
 entry to the new entry to hash.
 
 .. warning::
-   Once you post an entry in a locked journal, you cannot disable the feature anymore, nor edit any
-   locked entry.
+   Once you post an entry in a restricted journal, you cannot disable the feature anymore, nor edit
+   any secured entry.
+
+.. _data-inalterability/wizard:
+
+Secure entries wizard
+=====================
+
+You can also use the :guilabel:`Secure Entries` Wizard to secure all journal entries,
+in **all** journals, up to a specific date.
+
+.. note::
+   The wizard operates independently of the journal settings and journal types.
+
+To open it, activate the :ref:`developer mode <developer-mode>`, go to :menuselection:`Accounting
+--> Accounting`, and click on :guilabel:`Secure Entries`. If the :ref:`inalterability features
+<data-inalterability/inalterability_features>` are activated, it is also visible outside the debug
+mode.
+
+To secure entries, select a date up to which all entries should be secured and press
+:guilabel:`Secure Entries`.
+
+.. warning::
+   After securing the entries, you can no longer edit them.
+
+.. note::
+   It can happen that entries that are past the selected date are secured.
+   This is possible since the hash chain corresponds to the sequence prefix,
+   ordered by sequence number.
 
 .. _data-inalterability/report:
 
@@ -50,17 +97,18 @@ Report download
 To download the data inalterability check report, go to :menuselection:`Accounting --> Configuration
 --> Settings --> Reporting` and click on :guilabel:`Download the Data Inalterability Check Report`.
 
-The report's first section is an overview of all your journals and their configuration. Under the
-inalterability check column, you can see whether or not a journal's entries are locked with a hash
-(V) or not (X). The coverage column tells you when a journal's entries started being locked.
+The report's first section is an overview of all journal sequence prefixes containing hashed entries.
+In the :guilabel:`Restricted` column, you can see whether or not a journal has the :ref:`secure
+posted entries with hash <data-inalterability/restricted>` option (V) activated or not (X). The
+:guilabel:`Check` column tells you whether all entries are correctly hashed.
 
 .. image:: data_inalterability/journal-overview.png
    :align: center
    :alt: Configuration report for two journals
 
-The second section gives you the result of the data consistency check for each hashed journal. You
-can view the first hashed entry and its corresponding hash and the last hashed entry and its
-corresponding hash.
+The second section gives a more detailed result of the data consistency check for each hashed
+journal sequence prefix. You can view the first hashed entry and its corresponding hash,
+as well as the last hashed entry and its corresponding hash.
 
 .. image:: data_inalterability/data-consistency-check.png
    :align: center