feat(plating-views): Layer 3 — field/button gates per role
Phase D Task D5 of permissions overhaul. Adds explicit groups= to form-level elements so non-matching roles don't even SEE the buttons they can't use: - SO Confirm button → group_fp_sales_manager (Sales Rep sees the SO in draft but no Confirm button — matches model-level gate from Phase G) - SO pricing fields (price_unit/subtotal/total/untaxed/tax) → group_fp_sales_rep (Technician/Shop Manager don't see pricing if they navigate to an SO) - Partner Account Hold tab → group_fp_manager (was the fold-in group_fp_accounting; the audit-finding-11 _administrator typo lives in res_partner.py and is Phase G's fix) - CAPA Close + all state-transition buttons → group_fp_quality_manager; edit fields use readonly="not user_has_groups(...)" so Manager retains read+comment per spec section 2.C - Audit Start/Findings/Close buttons → group_fp_quality_manager - AVL Approve/Suspend/Reinstate/Remove → group_fp_quality_manager (model uses Suspend+Remove instead of spec's literal 'Disqualify'; both surfaces gated, semantics match) - Customer Spec edit fields → readonly for non-QM (Manager keeps read access per spec; only inputs lock) - FAIR Approve/Reject buttons → group_fp_quality_manager (Submit- for-Review and Reset stay open to whoever created the FAIR) - Certificate Issue button — Strategy B chosen: single button hidden when cert_type=nadcap_cert AND user is not QM. Cleaner than splitting into two buttons; no separate action_sign exists on fp.certificate (Issue is the sign+publish action). FAIR lives in its own model; fp.certificate only has nadcap_cert as a special type. The ir.rule from Phase C enforces model-level writes independently. - CGP form buttons (7 view files: ai, controlled_good, psa, receipt_shipment, registration, security_incident, visitor) → group_fp_quality_manager on every action button Defense in depth: ir.rules and ACLs (from Phases B + C) already restrict model access. These view gates are the UI layer that matches. Concerns: - Spec line 192 names 'sale.order view — x_fc_account_hold_override' but no such field exists in the codebase. Closest practical match was the partner-side Account Hold management tab, which already had a group= attribute. Re-gated there; no SO-side field to gate. - AVL model has no action_disqualify per spec; uses suspend+remove. Both gated to QM. - fp.certificate has no action_sign (only action_issue). FAIR's approve/reject covers the FAIR side; nadcap-cert Issue covers the cert side via Strategy B. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
gsinghpal
@@ -5,7 +5,7 @@
|
||||
|
||||
{
|
||||
'name': 'Fusion Plating — Quality (QMS)',
|
||||
'version': '19.0.6.6.3',
|
||||
'version': '19.0.6.6.4',
|
||||
'category': 'Manufacturing/Plating',
|
||||
'summary': 'Native QMS for plating shops: NCR, CAPA, calibration, AVL, FAIR, '
|
||||
'internal audits, customer specs, document control. CE + EE compatible.',
|
||||
|
||||
@@ -35,12 +35,17 @@
|
||||
<field name="arch" type="xml">
|
||||
<form string="Audit">
|
||||
<header>
|
||||
<!-- Phase D5 — Audit is QM-only per spec section 2.C
|
||||
(Manager has read; QM owns CRUD + close). -->
|
||||
<button name="action_start" string="Start Audit" type="object"
|
||||
class="oe_highlight" invisible="state != 'planned'"/>
|
||||
class="oe_highlight" invisible="state != 'planned'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_findings" string="Record Findings" type="object"
|
||||
invisible="state != 'in_progress'"/>
|
||||
invisible="state != 'in_progress'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_close" string="Close Audit" type="object"
|
||||
invisible="state not in ('findings','in_progress')"/>
|
||||
invisible="state not in ('findings','in_progress')"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<field name="state" widget="statusbar"
|
||||
statusbar_visible="planned,in_progress,findings,closed"/>
|
||||
</header>
|
||||
|
||||
@@ -38,14 +38,24 @@
|
||||
<field name="arch" type="xml">
|
||||
<form string="Approved Vendor">
|
||||
<header>
|
||||
<!-- Phase D5 — AVL state transitions are QM-only per spec
|
||||
section 2.C (Manager has read; QM owns Add/Approve/
|
||||
Disqualify). Spec lists "Approve / Disqualify"; this
|
||||
model uses Approve + Suspend + Reinstate + Remove,
|
||||
which together implement the disqualify path. All
|
||||
four are gated. -->
|
||||
<button name="action_approve" string="Approve" type="object"
|
||||
class="oe_highlight" invisible="state == 'approved'"/>
|
||||
class="oe_highlight" invisible="state == 'approved'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_suspend" string="Suspend" type="object"
|
||||
invisible="state in ('suspended','removed')"/>
|
||||
invisible="state in ('suspended','removed')"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_reinstate" string="Reinstate" type="object"
|
||||
invisible="state != 'suspended'"/>
|
||||
invisible="state != 'suspended'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_remove" string="Remove" type="object"
|
||||
invisible="state == 'removed'"/>
|
||||
invisible="state == 'removed'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<field name="state" widget="statusbar"
|
||||
statusbar_visible="pending,approved,conditional,suspended,removed"/>
|
||||
</header>
|
||||
|
||||
@@ -35,20 +35,30 @@
|
||||
<field name="arch" type="xml">
|
||||
<form string="CAPA">
|
||||
<header>
|
||||
<!-- Phase D5 — every state-transition button is QM-only.
|
||||
Per spec section 2.C, Manager has read+comment only;
|
||||
QM owns CRUD + close + effectiveness verification. -->
|
||||
<button name="action_start_analysis" string="Start Analysis" type="object"
|
||||
class="oe_highlight" invisible="state != 'draft'"/>
|
||||
class="oe_highlight" invisible="state != 'draft'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_start_implementation" string="Implement" type="object"
|
||||
invisible="state != 'analysis'"/>
|
||||
invisible="state != 'analysis'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_start_verification" string="Verify" type="object"
|
||||
invisible="state != 'implementation'"/>
|
||||
invisible="state != 'implementation'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_mark_effective" string="Mark Effective" type="object"
|
||||
class="oe_highlight" invisible="state != 'verification'"/>
|
||||
class="oe_highlight" invisible="state != 'verification'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_mark_not_effective" string="Not Effective" type="object"
|
||||
invisible="state != 'verification'"/>
|
||||
invisible="state != 'verification'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_close" string="Close" type="object"
|
||||
invisible="state not in ('effective','not_effective')"/>
|
||||
invisible="state not in ('effective','not_effective')"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_reset_to_draft" string="Reset" type="object"
|
||||
invisible="state == 'draft'"/>
|
||||
invisible="state == 'draft'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<field name="state" widget="statusbar"
|
||||
statusbar_visible="draft,analysis,implementation,verification,effective,closed"/>
|
||||
</header>
|
||||
@@ -57,33 +67,48 @@
|
||||
<label for="name"/>
|
||||
<h1><field name="name" readonly="1"/></h1>
|
||||
</div>
|
||||
<!-- Phase D5 — editable fields readonly for non-QM. Per
|
||||
spec section 2.C, Manager retains read+comment only;
|
||||
QM owns CRUD. Form stays visible (Manager needs to
|
||||
read + chatter); only the inputs lock for non-QM. -->
|
||||
<group>
|
||||
<group>
|
||||
<field name="type"/>
|
||||
<field name="ncr_id"/>
|
||||
<field name="type"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
<field name="ncr_id"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
<field name="facility_id" readonly="1"/>
|
||||
<field name="owner_id"/>
|
||||
<field name="owner_id"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</group>
|
||||
<group>
|
||||
<field name="due_date"/>
|
||||
<field name="due_date"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
<field name="is_overdue" readonly="1"/>
|
||||
<field name="verification_date"/>
|
||||
<field name="verification_by_id"/>
|
||||
<field name="verification_date"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
<field name="verification_by_id"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
<field name="is_effective" readonly="1"/>
|
||||
</group>
|
||||
</group>
|
||||
<notebook>
|
||||
<page string="Description">
|
||||
<field name="description"/>
|
||||
<field name="description"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</page>
|
||||
<page string="Root Cause Analysis">
|
||||
<field name="root_cause_analysis" placeholder="5 Whys, fishbone, or any other structured method."/>
|
||||
<field name="root_cause_analysis"
|
||||
placeholder="5 Whys, fishbone, or any other structured method."
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</page>
|
||||
<page string="Action Plan">
|
||||
<field name="action_plan"/>
|
||||
<field name="action_plan"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</page>
|
||||
<page string="Effectiveness">
|
||||
<field name="effectiveness_notes"/>
|
||||
<field name="effectiveness_notes"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</page>
|
||||
</notebook>
|
||||
</sheet>
|
||||
|
||||
@@ -32,34 +32,49 @@
|
||||
<form string="Customer Specification">
|
||||
<sheet>
|
||||
<div class="oe_title">
|
||||
<!-- Phase D5 — Customer Spec is QM-only for edits per
|
||||
spec section 2.C (Manager has read + attach to
|
||||
parts; QM owns CRUD as library curator). Form
|
||||
stays visible — only inputs lock for non-QM. -->
|
||||
<label for="name"/>
|
||||
<h1><field name="name"/></h1>
|
||||
<h1><field name="name"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/></h1>
|
||||
</div>
|
||||
<group>
|
||||
<group>
|
||||
<field name="code"/>
|
||||
<field name="revision"/>
|
||||
<field name="spec_type"/>
|
||||
<field name="partner_id"/>
|
||||
<field name="code"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
<field name="revision"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
<field name="spec_type"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
<field name="partner_id"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</group>
|
||||
<group>
|
||||
<field name="effective_date"/>
|
||||
<field name="document_url" widget="url"/>
|
||||
<field name="effective_date"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
<field name="document_url" widget="url"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</group>
|
||||
</group>
|
||||
<group string="Applicable Processes" name="applicable_processes">
|
||||
<field name="process_type_ids" widget="many2many_tags" nolabel="1"/>
|
||||
<field name="process_type_ids" widget="many2many_tags" nolabel="1"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</group>
|
||||
<group string="Applicable Recipes" name="applicable_recipes">
|
||||
<field name="recipe_ids" widget="many2many_tags" nolabel="1"
|
||||
options="{'no_create_edit': True}"/>
|
||||
options="{'no_create_edit': True}"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</group>
|
||||
<group>
|
||||
<field name="print_on_cert"/>
|
||||
<field name="print_on_cert"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</group>
|
||||
<notebook>
|
||||
<page string="Notes">
|
||||
<field name="notes"/>
|
||||
<field name="notes"
|
||||
readonly="not user_has_groups('fusion_plating.group_fp_quality_manager')"/>
|
||||
</page>
|
||||
</notebook>
|
||||
</sheet>
|
||||
|
||||
@@ -38,12 +38,20 @@
|
||||
<field name="arch" type="xml">
|
||||
<form string="First Article Inspection Report">
|
||||
<header>
|
||||
<!-- Phase D5 — FAIR Approve/Reject = sign-off equivalent;
|
||||
QM-only per spec section 2.C (FAIR/Nadcap signing is
|
||||
restricted to Quality Manager regardless of who can
|
||||
see / create the FAIR record). Submit-for-review and
|
||||
reset-to-draft stay open to whoever created the FAIR
|
||||
(Manager+). -->
|
||||
<button name="action_submit_for_review" string="Submit for Review" type="object"
|
||||
class="oe_highlight" invisible="state != 'draft'"/>
|
||||
<button name="action_approve" string="Approve" type="object"
|
||||
class="oe_highlight" invisible="state != 'in_review'"/>
|
||||
class="oe_highlight" invisible="state != 'in_review'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_reject" string="Reject" type="object"
|
||||
invisible="state != 'in_review'"/>
|
||||
invisible="state != 'in_review'"
|
||||
groups="fusion_plating.group_fp_quality_manager"/>
|
||||
<button name="action_reset_to_draft" string="Reset" type="object"
|
||||
invisible="state == 'draft'"/>
|
||||
<field name="state" widget="statusbar"
|
||||
|
||||
Reference in New Issue
Block a user