feat(fusion_plating_portal): hide customer sidebar from internal staff + redirect them to the clock portal

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

fusion_plating/fusion_plating_portal/tests/__init__.py

@@ -1 +1,2 @@
 from . import test_portal_dashboard
+from . import test_employee_portal_gating

fusion_plating/fusion_plating_portal/tests/test_employee_portal_gating.py

@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+# Copyright 2026 Nexa Systems Inc.
+# License OPL-1.
+
+from odoo.tests import HttpCase, tagged
+
+
+@tagged('post_install', '-at_install', 'fp_portal')
+class TestEmployeePortalGating(HttpCase):
+    """Internal staff get the clean employee experience (no customer sidebar,
+    redirected off the customer dashboard); customers are untouched."""
+
+    @classmethod
+    def setUpClass(cls):
+        super().setUpClass()
+        cls.customer_partner = cls.env['res.partner'].create({
+            'name': 'Gating Customer Co.',
+            'email': 'gating_customer@example.com',
+        })
+        cls.customer_user = cls.env['res.users'].create({
+            'name': 'Gating Portal User',
+            'login': 'gating_portal_user',
+            'password': 'gating_portal_user',
+            'partner_id': cls.customer_partner.id,
+            'group_ids': [(6, 0, [cls.env.ref('base.group_portal').id])],
+        })
+
+    def test_customer_sees_sidebar_on_home(self):
+        """A share/portal user still gets the FP customer sidebar shell."""
+        self.assertTrue(self.customer_user.share)
+        self.authenticate('gating_portal_user', 'gating_portal_user')
+        r = self.url_open('/my/home')
+        self.assertEqual(r.status_code, 200)
+        self.assertIn('o_fp_portal_sidebar', r.text,
+                      "customer should still see the FP sidebar shell")
+
+    def test_internal_employee_redirected_to_clock(self):
+        """An internal user with an employee record is bounced to /my/clock.
+
+        Only meaningful when fusion_clock is installed (the redirect guard
+        checks for its x_fclk_enable_clock field, so it never sends anyone to
+        a non-existent /my/clock). Skip otherwise.
+        """
+        if 'hr.employee' not in self.env:
+            self.skipTest('hr not installed')
+        if 'x_fclk_enable_clock' not in self.env['hr.employee']._fields:
+            self.skipTest('fusion_clock not installed — redirect intentionally inert')
+        internal = self.env['res.users'].create({
+            'name': 'Shop Hand',
+            'login': 'gating_shop_hand',
+            'password': 'gating_shop_hand',
+            'group_ids': [(6, 0, [self.env.ref('base.group_user').id])],
+        })
+        self.assertFalse(internal.share)
+        self.env['hr.employee'].create({'name': 'Shop Hand', 'user_id': internal.id})
+        self.authenticate('gating_shop_hand', 'gating_shop_hand')
+        # Don't follow the redirect — just assert we're bounced toward /my/clock.
+        r = self.url_open('/my/home', allow_redirects=False)
+        self.assertIn(r.status_code, (301, 302, 303, 307, 308))
+        self.assertIn('/my/clock', r.headers.get('Location', ''))