feat(fusion_plating): lift operator ACL for cert write + thickness create + override read

Plan task P2.6. Per the spec's "techs wear multiple hats" rule, lift gates so technicians can do their work without permission walls: fp.certificate operator: read → read+write (flip draft→issued from tablet) fp.thickness.reading operator: read → read+write+create (capture Fischerscope readings from tablet) fp.job.node.override operator: NEW read-only (see opt-out badges on steps) Supervisor-only operations (step Skip, hold Release, override Re-include) remain enforced in workspace_controller, not ACL — so the ACL stays minimal and the controller centralizes the gate logic. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 22:04:05 -04:00
parent c06d3d442a
commit 3c2efae951
3 changed files with 4 additions and 3 deletions
--- a/fusion_plating/fusion_plating_certificates/manifest.py
+++ b/fusion_plating/fusion_plating_certificates/manifest.py
@@ -5,7 +5,7 @@

 {
    'name': 'Fusion Plating — Certificates',
-    'version': '19.0.7.8.0',
+    'version': '19.0.7.9.0',
    'category': 'Manufacturing/Plating',
    'summary': 'Certificate registry for CoC, thickness reports, and quality documents.',
    'description': """
--- a/fusion_plating/fusion_plating_certificates/security/ir.model.access.csv
+++ b/fusion_plating/fusion_plating_certificates/security/ir.model.access.csv
@@ -1,8 +1,8 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-access_fp_certificate_operator,fp.certificate.operator,model_fp_certificate,fusion_plating.group_fusion_plating_operator,1,0,0,0
+access_fp_certificate_operator,fp.certificate.operator,model_fp_certificate,fusion_plating.group_fusion_plating_operator,1,1,0,0
 access_fp_certificate_supervisor,fp.certificate.supervisor,model_fp_certificate,fusion_plating.group_fusion_plating_supervisor,1,1,1,0
 access_fp_certificate_manager,fp.certificate.manager,model_fp_certificate,fusion_plating.group_fusion_plating_manager,1,1,1,1
-access_fp_thickness_reading_operator,fp.thickness.reading.operator,model_fp_thickness_reading,fusion_plating.group_fusion_plating_operator,1,0,0,0
+access_fp_thickness_reading_operator,fp.thickness.reading.operator,model_fp_thickness_reading,fusion_plating.group_fusion_plating_operator,1,1,1,0
 access_fp_thickness_reading_supervisor,fp.thickness.reading.supervisor,model_fp_thickness_reading,fusion_plating.group_fusion_plating_supervisor,1,1,1,0
 access_fp_thickness_reading_manager,fp.thickness.reading.manager,model_fp_thickness_reading,fusion_plating.group_fusion_plating_manager,1,1,1,1
 access_fp_cert_void_wiz_sup,fp.cert.void.wiz.supervisor,model_fp_cert_void_wizard,fusion_plating.group_fusion_plating_supervisor,1,1,1,1
--- a/fusion_plating/fusion_plating_shopfloor/security/ir.model.access.csv
+++ b/fusion_plating/fusion_plating_shopfloor/security/ir.model.access.csv
@@ -14,3 +14,4 @@ access_fp_first_piece_gate_manager,fp.first.piece.gate.manager,model_fusion_plat
 access_fp_operator_queue_operator,fp.operator.queue.operator,model_fusion_plating_operator_queue,fusion_plating.group_fusion_plating_operator,1,1,1,1
 access_fp_operator_queue_supervisor,fp.operator.queue.supervisor,model_fusion_plating_operator_queue,fusion_plating.group_fusion_plating_supervisor,1,1,1,1
 access_fp_operator_queue_manager,fp.operator.queue.manager,model_fusion_plating_operator_queue,fusion_plating.group_fusion_plating_manager,1,1,1,1
+access_fp_job_node_override_operator,fp.job.node.override.operator,fusion_plating_jobs.model_fp_job_node_override,fusion_plating.group_fusion_plating_operator,1,0,0,0