test(shopfloor): fp.tablet.session.event is append-only

Owner reads. Technician cannot read. Owner cannot write or unlink. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 12:29:52 -04:00
parent 9f3edd60ae
commit 1dea752a29
2 changed files with 60 additions and 0 deletions
--- a/fusion_plating/fusion_plating_shopfloor/tests/init.py
+++ b/fusion_plating/fusion_plating_shopfloor/tests/init.py
@@ -4,3 +4,4 @@ from . import test_landing_kanban
 from . import test_tablet_pin
 from . import test_tablet_lock_payload
 from . import test_kiosk_user_acl
+from . import test_tablet_session_event_model
--- a/fusion_plating/fusion_plating_shopfloor/tests/test_tablet_session_event_model.py
+++ b/fusion_plating/fusion_plating_shopfloor/tests/test_tablet_session_event_model.py
@@ -0,0 +1,59 @@
+from odoo.tests.common import TransactionCase, tagged
+from odoo.exceptions import AccessError
+
+
+@tagged('-at_install', 'post_install', 'fp_tablet')
+class TestTabletSessionEventAppendOnly(TransactionCase):
+
+    def setUp(self):
+        super().setUp()
+        Users = self.env['res.users'].with_context(no_reset_password=True)
+        self.owner = Users.create({
+            'login': 'audit_owner', 'name': 'Audit Owner',
+            'email': 'audit_owner@example.com',
+            'group_ids': [(6, 0, [
+                self.env.ref('fusion_plating.group_fp_owner').id
+            ])],
+        })
+        self.tech = Users.create({
+            'login': 'audit_tech', 'name': 'Audit Tech',
+            'email': 'audit_tech@example.com',
+            'group_ids': [(6, 0, [
+                self.env.ref('fusion_plating.group_fp_technician').id
+            ])],
+        })
+
+    def test_owner_can_read(self):
+        event = self.env['fp.tablet.session.event'].sudo().create({
+            'event_type': 'unlock',
+            'user_id': self.tech.id,
+        })
+        # Owner reads via their own user
+        e = self.env['fp.tablet.session.event'].with_user(self.owner).browse(event.id)
+        self.assertEqual(e.user_id, self.tech)
+
+    def test_technician_cannot_read(self):
+        event = self.env['fp.tablet.session.event'].sudo().create({
+            'event_type': 'unlock',
+            'user_id': self.tech.id,
+        })
+        with self.assertRaises(AccessError):
+            self.env['fp.tablet.session.event'].with_user(self.tech).browse(event.id).event_type
+
+    def test_owner_cannot_write(self):
+        event = self.env['fp.tablet.session.event'].sudo().create({
+            'event_type': 'unlock',
+            'user_id': self.tech.id,
+        })
+        with self.assertRaises(AccessError):
+            self.env['fp.tablet.session.event'].with_user(self.owner).browse(event.id).write({
+                'event_type': 'failed_unlock',
+            })
+
+    def test_owner_cannot_unlink(self):
+        event = self.env['fp.tablet.session.event'].sudo().create({
+            'event_type': 'unlock',
+            'user_id': self.tech.id,
+        })
+        with self.assertRaises(AccessError):
+            self.env['fp.tablet.session.event'].with_user(self.owner).browse(event.id).unlink()