test(shopfloor): fp.tablet.session.event is append-only

Owner reads. Technician cannot read. Owner cannot write or unlink. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 12:29:52 -04:00
parent 9f3edd60ae
commit 1dea752a29
2 changed files with 60 additions and 0 deletions
--- a/fusion_plating/fusion_plating_shopfloor/tests/init.py
+++ b/fusion_plating/fusion_plating_shopfloor/tests/init.py
@@ -4,3 +4,4 @@ from . import test_landing_kanban
 from . import test_tablet_pin
 from . import test_tablet_lock_payload
 from . import test_kiosk_user_acl
 from . import test_tablet_session_event_model
--- a/fusion_plating/fusion_plating_shopfloor/tests/test_tablet_session_event_model.py
+++ b/fusion_plating/fusion_plating_shopfloor/tests/test_tablet_session_event_model.py
@@ -0,0 +1,59 @@
 from odoo.tests.common import TransactionCase, tagged
 from odoo.exceptions import AccessError
@tagged('-at_install', 'post_install', 'fp_tablet')
 class TestTabletSessionEventAppendOnly(TransactionCase):
    def setUp(self):
        super().setUp()
        Users = self.env['res.users'].with_context(no_reset_password=True)
        self.owner = Users.create({
            'login': 'audit_owner', 'name': 'Audit Owner',
            'email': 'audit_owner@example.com',
            'group_ids': [(6, 0, [
                self.env.ref('fusion_plating.group_fp_owner').id
            ])],
        })
        self.tech = Users.create({
            'login': 'audit_tech', 'name': 'Audit Tech',
            'email': 'audit_tech@example.com',
            'group_ids': [(6, 0, [
                self.env.ref('fusion_plating.group_fp_technician').id
            ])],
        })
    def test_owner_can_read(self):
        event = self.env['fp.tablet.session.event'].sudo().create({
            'event_type': 'unlock',
            'user_id': self.tech.id,
        })
        # Owner reads via their own user
        e = self.env['fp.tablet.session.event'].with_user(self.owner).browse(event.id)
        self.assertEqual(e.user_id, self.tech)
    def test_technician_cannot_read(self):
        event = self.env['fp.tablet.session.event'].sudo().create({
            'event_type': 'unlock',
            'user_id': self.tech.id,
        })
        with self.assertRaises(AccessError):
            self.env['fp.tablet.session.event'].with_user(self.tech).browse(event.id).event_type
    def test_owner_cannot_write(self):
        event = self.env['fp.tablet.session.event'].sudo().create({
            'event_type': 'unlock',
            'user_id': self.tech.id,
        })
        with self.assertRaises(AccessError):
            self.env['fp.tablet.session.event'].with_user(self.owner).browse(event.id).write({
                'event_type': 'failed_unlock',
            })
    def test_owner_cannot_unlink(self):
        event = self.env['fp.tablet.session.event'].sudo().create({
            'event_type': 'unlock',
            'user_id': self.tech.id,
        })
        with self.assertRaises(AccessError):
            self.env['fp.tablet.session.event'].with_user(self.owner).browse(event.id).unlink()