feat(plating-views): Layer 3 — field/button gates per role
Phase D Task D5 of permissions overhaul. Adds explicit groups= to form-level elements so non-matching roles don't even SEE the buttons they can't use: - SO Confirm button → group_fp_sales_manager (Sales Rep sees the SO in draft but no Confirm button — matches model-level gate from Phase G) - SO pricing fields (price_unit/subtotal/total/untaxed/tax) → group_fp_sales_rep (Technician/Shop Manager don't see pricing if they navigate to an SO) - Partner Account Hold tab → group_fp_manager (was the fold-in group_fp_accounting; the audit-finding-11 _administrator typo lives in res_partner.py and is Phase G's fix) - CAPA Close + all state-transition buttons → group_fp_quality_manager; edit fields use readonly="not user_has_groups(...)" so Manager retains read+comment per spec section 2.C - Audit Start/Findings/Close buttons → group_fp_quality_manager - AVL Approve/Suspend/Reinstate/Remove → group_fp_quality_manager (model uses Suspend+Remove instead of spec's literal 'Disqualify'; both surfaces gated, semantics match) - Customer Spec edit fields → readonly for non-QM (Manager keeps read access per spec; only inputs lock) - FAIR Approve/Reject buttons → group_fp_quality_manager (Submit- for-Review and Reset stay open to whoever created the FAIR) - Certificate Issue button — Strategy B chosen: single button hidden when cert_type=nadcap_cert AND user is not QM. Cleaner than splitting into two buttons; no separate action_sign exists on fp.certificate (Issue is the sign+publish action). FAIR lives in its own model; fp.certificate only has nadcap_cert as a special type. The ir.rule from Phase C enforces model-level writes independently. - CGP form buttons (7 view files: ai, controlled_good, psa, receipt_shipment, registration, security_incident, visitor) → group_fp_quality_manager on every action button Defense in depth: ir.rules and ACLs (from Phases B + C) already restrict model access. These view gates are the UI layer that matches. Concerns: - Spec line 192 names 'sale.order view — x_fc_account_hold_override' but no such field exists in the codebase. Closest practical match was the partner-side Account Hold management tab, which already had a group= attribute. Re-gated there; no SO-side field to gate. - AVL model has no action_disqualify per spec; uses suspend+remove. Both gated to QM. - fp.certificate has no action_sign (only action_issue). FAIR's approve/reject covers the FAIR side; nadcap-cert Issue covers the cert side via Strategy B. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
gsinghpal
@@ -5,7 +5,7 @@
|
||||
|
||||
{
|
||||
'name': 'Fusion Plating — Certificates',
|
||||
'version': '19.0.7.9.2',
|
||||
'version': '19.0.7.9.3',
|
||||
'category': 'Manufacturing/Plating',
|
||||
'summary': 'Certificate registry for CoC, thickness reports, and quality documents.',
|
||||
'description': """
|
||||
|
||||
@@ -39,9 +39,19 @@
|
||||
<field name="arch" type="xml">
|
||||
<form>
|
||||
<header>
|
||||
<!-- Phase D5 — Nadcap certs are QM-only to Issue per spec
|
||||
section 2.C (FAIR/Nadcap sign/issue restricted to
|
||||
Quality Manager). Strategy B: single button visible
|
||||
to all when state=draft and cert_type is routine
|
||||
(coc/thickness_report/mill_test/customer_specific);
|
||||
hidden for non-QM when cert_type=nadcap_cert. The
|
||||
ir.rule from Phase C also restricts model writes on
|
||||
FAIR/Nadcap so model-layer enforcement is independent.
|
||||
No separate action_sign exists on this model — Issue
|
||||
is the sign + publish action. -->
|
||||
<button name="action_issue" string="Issue"
|
||||
type="object" class="btn-primary"
|
||||
invisible="state != 'draft'"/>
|
||||
invisible="state != 'draft' or (certificate_type == 'nadcap_cert' and not user_has_groups('fusion_plating.group_fp_quality_manager'))"/>
|
||||
<!-- Print = the same EN report action the gear-menu
|
||||
Print > Certificate of Conformance (English)
|
||||
calls. Routes through fusion_pdf_preview's
|
||||
|
||||
Reference in New Issue
Block a user