fix: restrict journal access enforcement to write, create, and delete operations to prevent read errors

models/account_journal.py

@@ -40,7 +40,7 @@ class AccountJournal(models.Model):
     def check_access_rule(self, operation):
         """
         Overridden to bypass multi-company record rules for allowed journals,
-        and enforce the allowed journals restriction for all operations.
+        and enforce the allowed journals restriction for write, create, and delete operations.
         """
         if self.env.su:
             return super(AccountJournal, self).check_access_rule(operation)
@@ -48,10 +48,15 @@ class AccountJournal(models.Model):
         user = self.env.user
         allowed_journals = user.sudo().allowed_journal_ids
         if allowed_journals:
-            # Enforce restriction: all records in self MUST be in allowed_journal_ids
+            # Enforce restriction for write, create, and delete operations.
+            # Read operations are allowed to prevent access errors when loading
+            # documents (payments/moves) referencing other journals.
+            if operation in ('write', 'create', 'unlink'):
                 if not all(j.id in allowed_journals.ids for j in self):
                     raise AccessError(_("You do not have access to this journal."))
-            # If all records in self are allowed, bypass standard record rules
+            
+            # If all records in self are allowed, bypass standard record rules.
+            if all(j.id in allowed_journals.ids for j in self):
                 return
 
         return super(AccountJournal, self).check_access_rule(operation)