diff --git a/fusion_plating/fusion_plating_shopfloor/tests/test_workspace_controller.py b/fusion_plating/fusion_plating_shopfloor/tests/test_workspace_controller.py
index 3dfce47b..003adb6d 100644
--- a/fusion_plating/fusion_plating_shopfloor/tests/test_workspace_controller.py
+++ b/fusion_plating/fusion_plating_shopfloor/tests/test_workspace_controller.py
@@ -110,6 +110,10 @@ class TestWorkspaceSignOff(HttpCase):
     def setUp(self):
         super().setUp()
         self.authenticate("admin", "admin")
+        # The HTTP request runs as the authenticated "admin" (base.user_admin);
+        # the controller reads/writes THAT user's x_fc_signature_image, so the
+        # test must set/read it on the same user (NOT self.env.user / uid 1).
+        self.admin = self.env.ref('base.user_admin')
         self.partner = self.env['res.partner'].create({'name': 'Sig Cust'})
         self.product = self.env['product.product'].create({'name': 'Sig Prod'})
         self.job = self.env['fp.job'].create({
@@ -118,16 +122,24 @@ class TestWorkspaceSignOff(HttpCase):
             'product_id': self.product.id,
             'qty': 1,
         })
+        # button_finish requires a recipe link (S21 gate). A minimal step node
+        # (no inputs, no sign-off) makes the gates pass so the step can finish.
+        kind = self.env['fp.step.kind'].search([], limit=1)
+        node_vals = {'name': 'ENP Plate', 'node_type': 'step'}
+        if kind:
+            node_vals['kind_id'] = kind.id
+        self.node = self.env['fusion.plating.process.node'].create(node_vals)
         self.step = self.env['fp.job.step'].create({
             'job_id': self.job.id,
             'name': 'ENP Plate',
             'sequence': 50,
             'state': 'in_progress',
+            'recipe_node_id': self.node.id,
         })
 
     def test_sign_off_rejects_empty_signature(self):
         # Empty drawing AND no saved Plating Signature -> reject.
-        self.env.user.x_fc_signature_image = False
+        self.admin.x_fc_signature_image = False
         res = _rpc(
             self, '/fp/workspace/sign_off',
             step_id=self.step.id, signature_data_uri='',
@@ -145,20 +157,20 @@ class TestWorkspaceSignOff(HttpCase):
         self.assertEqual(self.step.state, 'done')
 
     def test_load_exposes_plating_signature_flags(self):
-        self.env.user.x_fc_signature_image = False
+        self.admin.x_fc_signature_image = False
         res = _rpc(self, '/fp/workspace/load', job_id=self.job.id)
         self.assertFalse(res['user_has_plating_signature'])
         self.assertEqual(res['user_plating_signature'], '')
-        self.env.user.x_fc_signature_image = _TINY_PNG_B64
+        self.admin.x_fc_signature_image = _TINY_PNG_B64
         res2 = _rpc(self, '/fp/workspace/load', job_id=self.job.id)
         self.assertTrue(res2['user_has_plating_signature'])
         self.assertTrue(
             res2['user_plating_signature'].startswith('data:image/png;base64,'))
 
     def test_sign_off_with_drawing_persists_signature_and_drops_attachment(self):
-        # First-time draw: persists to the user's Plating Signature, finishes
+        # First-time draw: persists to the admin's Plating Signature, finishes
         # the (in_progress) step, and creates NO per-step signature attachment.
-        self.env.user.x_fc_signature_image = False
+        self.admin.x_fc_signature_image = False
         data_uri = 'data:image/png;base64,' + _TINY_PNG_B64
         res = _rpc(
             self, '/fp/workspace/sign_off',
@@ -167,18 +179,18 @@ class TestWorkspaceSignOff(HttpCase):
         self.assertTrue(res['ok'])
         self.step.invalidate_recordset(['state'])
         self.assertEqual(self.step.state, 'done')
-        self.env.user.invalidate_recordset(['x_fc_signature_image'])
+        self.admin.invalidate_recordset(['x_fc_signature_image'])
         self.assertTrue(
-            self.env.user.x_fc_signature_image,
+            self.admin.x_fc_signature_image,
             'drawing persisted to the Plating Signature')
         n = self.env['ir.attachment'].search_count([
             ('res_model', '=', 'fp.job.step'), ('res_id', '=', self.step.id)])
         self.assertEqual(n, 0, 'no per-step signature attachment is created')
 
     def test_sign_off_uses_saved_signature_without_drawing(self):
-        # User already has a saved signature -> finishing without a drawing
+        # Admin already has a saved signature -> finishing without a drawing
         # still works (no signature_data_uri sent).
-        self.env.user.x_fc_signature_image = _TINY_PNG_B64
+        self.admin.x_fc_signature_image = _TINY_PNG_B64
         res = _rpc(self, '/fp/workspace/sign_off', step_id=self.step.id)
         self.assertTrue(res['ok'])
         self.step.invalidate_recordset(['state'])