feat(plating-views): Layer 3 — field/button gates per role

Phase D Task D5 of permissions overhaul. Adds explicit groups= to
form-level elements so non-matching roles don't even SEE the buttons
they can't use:

- SO Confirm button → group_fp_sales_manager (Sales Rep sees the SO
  in draft but no Confirm button — matches model-level gate from Phase G)
- SO pricing fields (price_unit/subtotal/total/untaxed/tax) →
  group_fp_sales_rep (Technician/Shop Manager don't see pricing if
  they navigate to an SO)
- Partner Account Hold tab → group_fp_manager (was the fold-in
  group_fp_accounting; the audit-finding-11 _administrator typo lives
  in res_partner.py and is Phase G's fix)
- CAPA Close + all state-transition buttons → group_fp_quality_manager;
  edit fields use readonly="not user_has_groups(...)" so Manager
  retains read+comment per spec section 2.C
- Audit Start/Findings/Close buttons → group_fp_quality_manager
- AVL Approve/Suspend/Reinstate/Remove → group_fp_quality_manager
  (model uses Suspend+Remove instead of spec's literal 'Disqualify';
  both surfaces gated, semantics match)
- Customer Spec edit fields → readonly for non-QM (Manager keeps
  read access per spec; only inputs lock)
- FAIR Approve/Reject buttons → group_fp_quality_manager (Submit-
  for-Review and Reset stay open to whoever created the FAIR)
- Certificate Issue button — Strategy B chosen: single button hidden
  when cert_type=nadcap_cert AND user is not QM. Cleaner than splitting
  into two buttons; no separate action_sign exists on fp.certificate
  (Issue is the sign+publish action). FAIR lives in its own model;
  fp.certificate only has nadcap_cert as a special type. The ir.rule
  from Phase C enforces model-level writes independently.
- CGP form buttons (7 view files: ai, controlled_good, psa,
  receipt_shipment, registration, security_incident, visitor) →
  group_fp_quality_manager on every action button

Defense in depth: ir.rules and ACLs (from Phases B + C) already
restrict model access. These view gates are the UI layer that
matches.

Concerns:
- Spec line 192 names 'sale.order view — x_fc_account_hold_override'
  but no such field exists in the codebase. Closest practical match
  was the partner-side Account Hold management tab, which already had
  a group= attribute. Re-gated there; no SO-side field to gate.
- AVL model has no action_disqualify per spec; uses suspend+remove.
  Both gated to QM.
- fp.certificate has no action_sign (only action_issue). FAIR's
  approve/reject covers the FAIR side; nadcap-cert Issue covers the
  cert side via Strategy B.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

fusion_plating/fusion_plating_cgp/__manifest__.py

@@ -5,7 +5,7 @@
 
 {
     'name': 'Fusion Plating — Controlled Goods Program',
-    'version': '19.0.1.2.2',
+    'version': '19.0.1.2.3',
     'category': 'Manufacturing/Plating',
     'summary': 'Canadian Controlled Goods Program (CGP) compliance for plating '
                'shops handling defence work: registration, authorized individuals, '

fusion_plating/fusion_plating_cgp/views/fp_cgp_ai_views.xml

@@ -36,15 +36,22 @@
         <field name="arch" type="xml">
             <form string="Authorized Individual">
                 <header>
+                    <!-- Phase D5 — all CGP form buttons are QM-only per spec
+                         section 2.C (CGP fold-in lands entirely under
+                         Quality Manager). -->
                     <button name="action_activate" string="Activate" type="object"
                             class="oe_highlight"
-                            invisible="state == 'active'"/>
+                            invisible="state == 'active'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_suspend" string="Suspend" type="object"
-                            invisible="state not in ('active',)"/>
+                            invisible="state not in ('active',)"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_revoke" string="Revoke" type="object"
-                            invisible="state == 'revoked'"/>
+                            invisible="state == 'revoked'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_deactivate" string="Deactivate" type="object"
-                            invisible="state != 'active'"/>
+                            invisible="state != 'active'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <field name="state" widget="statusbar"
                            statusbar_visible="active,inactive,suspended,revoked"/>
                 </header>

fusion_plating/fusion_plating_cgp/views/fp_cgp_controlled_good_views.xml

@@ -35,17 +35,23 @@
         <field name="arch" type="xml">
             <form string="Controlled Good" class="o_fp_cgp_classified">
                 <header>
+                    <!-- Phase D5 — all CGP form buttons are QM-only per spec
+                         section 2.C. -->
                     <button name="action_mark_in_process" string="In Process"
                             type="object"
-                            invisible="state == 'in_process'"/>
+                            invisible="state == 'in_process'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_mark_in_storage" string="In Storage"
                             type="object"
-                            invisible="state == 'in_storage'"/>
+                            invisible="state == 'in_storage'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_mark_shipped" string="Shipped" type="object"
-                            invisible="state == 'shipped'"/>
+                            invisible="state == 'shipped'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_mark_destroyed" string="Destroyed"
                             type="object"
-                            invisible="state == 'destroyed'"/>
+                            invisible="state == 'destroyed'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <field name="state" widget="statusbar"
                            statusbar_visible="received,in_process,in_storage,shipped"/>
                 </header>

fusion_plating/fusion_plating_cgp/views/fp_cgp_psa_views.xml

@@ -35,16 +35,22 @@
         <field name="arch" type="xml">
             <form string="Personnel Security Assessment" class="o_fp_cgp_classified">
                 <header>
+                    <!-- Phase D5 — all CGP form buttons are QM-only per spec
+                         section 2.C. -->
                     <button name="action_start" string="Start" type="object"
                             class="oe_highlight"
-                            invisible="state != 'draft'"/>
+                            invisible="state != 'draft'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_complete" string="Complete" type="object"
                             class="oe_highlight"
-                            invisible="state != 'in_progress'"/>
+                            invisible="state != 'in_progress'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_expire" string="Mark Expired" type="object"
-                            invisible="state != 'completed'"/>
+                            invisible="state != 'completed'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_reset_to_draft" string="Reset" type="object"
-                            invisible="state == 'draft'"/>
+                            invisible="state == 'draft'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <field name="state" widget="statusbar"
                            statusbar_visible="draft,in_progress,completed,expired"/>
                 </header>

fusion_plating/fusion_plating_cgp/views/fp_cgp_receipt_shipment_views.xml

@@ -37,16 +37,22 @@
         <field name="arch" type="xml">
             <form string="CGP Receipt / Shipment" class="o_fp_cgp_classified">
                 <header>
+                    <!-- Phase D5 — all CGP form buttons are QM-only per spec
+                         section 2.C. -->
                     <button name="action_authorize" string="Authorize" type="object"
                             class="oe_highlight"
-                            invisible="state != 'draft'"/>
+                            invisible="state != 'draft'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_execute" string="Execute" type="object"
                             class="oe_highlight"
-                            invisible="state != 'authorized'"/>
+                            invisible="state != 'authorized'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_close" string="Close" type="object"
-                            invisible="state != 'executed'"/>
+                            invisible="state != 'executed'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_reset_to_draft" string="Reset" type="object"
-                            invisible="state == 'draft'"/>
+                            invisible="state == 'draft'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <field name="state" widget="statusbar"
                            statusbar_visible="draft,authorized,executed,closed"/>
                 </header>

fusion_plating/fusion_plating_cgp/views/fp_cgp_registration_views.xml

@@ -36,17 +36,24 @@
         <field name="arch" type="xml">
             <form string="CGP Registration" class="o_fp_cgp_classified">
                 <header>
+                    <!-- Phase D5 — all CGP form buttons are QM-only per spec
+                         section 2.C. -->
                     <button name="action_mark_registered" string="Mark Registered"
                             type="object" class="oe_highlight"
-                            invisible="state != 'pending'"/>
+                            invisible="state != 'pending'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_suspend" string="Suspend" type="object"
-                            invisible="state != 'registered'"/>
+                            invisible="state != 'registered'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_expire" string="Mark Expired" type="object"
-                            invisible="state not in ('registered','suspended')"/>
+                            invisible="state not in ('registered','suspended')"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_revoke" string="Revoke" type="object"
-                            invisible="state == 'revoked'"/>
+                            invisible="state == 'revoked'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_reset_to_pending" string="Reset" type="object"
-                            invisible="state == 'pending'"/>
+                            invisible="state == 'pending'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <field name="state" widget="statusbar"
                            statusbar_visible="pending,registered,suspended,expired,revoked"/>
                 </header>

fusion_plating/fusion_plating_cgp/views/fp_cgp_security_incident_views.xml

@@ -39,16 +39,22 @@
         <field name="arch" type="xml">
             <form string="Security Incident" class="o_fp_cgp_classified">
                 <header>
+                    <!-- Phase D5 — all CGP form buttons are QM-only per spec
+                         section 2.C. -->
                     <button name="action_investigate" string="Investigate"
                             type="object" class="oe_highlight"
-                            invisible="state != 'discovered'"/>
+                            invisible="state != 'discovered'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_report" string="Report to PSPC"
                             type="object" class="oe_highlight"
-                            invisible="state != 'investigating'"/>
+                            invisible="state != 'investigating'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_close" string="Close" type="object"
-                            invisible="state not in ('investigating','reported')"/>
+                            invisible="state not in ('investigating','reported')"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_reset" string="Reset" type="object"
-                            invisible="state == 'discovered'"/>
+                            invisible="state == 'discovered'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <field name="state" widget="statusbar"
                            statusbar_visible="discovered,investigating,reported,closed"/>
                 </header>

fusion_plating/fusion_plating_cgp/views/fp_cgp_visitor_views.xml

@@ -39,16 +39,22 @@
         <field name="arch" type="xml">
             <form string="CGP Visitor">
                 <header>
+                    <!-- Phase D5 — all CGP form buttons are QM-only per spec
+                         section 2.C. -->
                     <button name="action_check_in" string="Check In" type="object"
                             class="oe_highlight"
-                            invisible="state != 'scheduled'"/>
+                            invisible="state != 'scheduled'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_check_out" string="Check Out" type="object"
                             class="oe_highlight"
-                            invisible="state != 'checked_in'"/>
+                            invisible="state != 'checked_in'"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_deny" string="Deny" type="object"
-                            invisible="state not in ('scheduled','checked_in')"/>
+                            invisible="state not in ('scheduled','checked_in')"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <button name="action_cancel" string="Cancel" type="object"
-                            invisible="state in ('checked_out','cancelled','denied')"/>
+                            invisible="state in ('checked_out','cancelled','denied')"
+                            groups="fusion_plating.group_fp_quality_manager"/>
                     <field name="state" widget="statusbar"
                            statusbar_visible="scheduled,checked_in,checked_out"/>
                 </header>