feat(fusion_login_audit): smart button + Login Activity tab on res.users

Adds four x_fc_* fields on res.users: login_audit_ids (One2many),
login_audit_count (compute), last_successful_login (compute, stored),
last_login_ip (compute, stored). action_fc_view_login_audit returns
a window action scoped to the current user. View inheritance adds a
smart button to the button box and a "Login Activity" page to the
notebook, both gated by base.group_system on the inner XML nodes
(NOT on the view record — Odoo 19 forbids that; see CLAUDE.md rule #11).

Tests (2 new, 18 total green):
  test_computed_last_successful_login — uses registry cursor to commit
    the audit row so the stored compute picks it up across the
    TransactionCase boundary.
  test_action_view_login_audit_returns_window_action — smart-button
    action shape + domain scoping.

CLAUDE.md rule #11 added: inherited ir.ui.view records cannot have
groups/group_ids on the record; the gate must be on the inner XML nodes.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

CLAUDE.md

@@ -14,6 +14,7 @@
 5. **res.config.settings**: Only boolean/integer/float/char/selection/many2one/datetime. NO Date fields.
 6. **res.groups**: NO `users` field, NO `category_id` field.
    **res.users**: field was renamed `groups_id` → `group_ids` (also `all_group_ids` for implied). The plural form is gone; using `groups_id` raises `ValueError: Invalid field 'groups_id' in 'res.users'`.
+   **`ir.ui.view`**: same rename — view-level visibility gating uses `group_ids`, not `groups_id`. A record like `<field name="groups_id" eval="[(4, ref('base.group_system'))]"/>` on an `ir.ui.view` raises `ValueError: Invalid field 'groups_id' in 'ir.ui.view'` at module install. (The XML *attribute* `groups="base.group_system"` on form elements like `<page>`, `<button>`, `<field>` is unrelated and still works.)
    **`ir.rule` `groups` field is additive, not restrictive.** A rule with `groups=[some_group]` applies ONLY to users in that group — it does NOT restrict non-members. So `domain_force=[(1,'=',1)]` + `groups=[base.group_system]` does NOT mean "only admins see rows"; it means "admins see all rows (and the rule is silent on everyone else)". Non-admins are gated by the ACL (`ir.model.access.csv`), not the rule. To truly restrict by group at the rule layer, pair a global rule (`groups=[]`, `domain_force=[(0,'=',1)]` = block-all baseline) with a group-scoped allow rule. Default to letting the ACL do the gating; use rules for row-level filters that ACLs cannot express.
 7. **Search views**: NO `group expand="0"` syntax.
 8. **SCSS imports**: `@import "./partial"` is FORBIDDEN in Odoo 19 custom SCSS. It prints a warning and silently falls back to the old cached bundle. Register every SCSS file (including `_partial.scss` tokens) as a separate entry in `web.assets_backend`. Put tokens first; Odoo concatenates bundle files so SCSS variables/mixins from the first file are visible to every later file.
@@ -24,6 +25,7 @@
    ```
    The attribute name after the leading underscore becomes the SQL object name suffix (`{table}_{suffix}`). `models.Index` accepts `DESC`, `WHERE` predicates, and `USING btree (...)`. Sources: `odoo/orm/model_classes.py` (warns at registry build), `odoo/orm/table_objects.py` (Constraint + Index classes).
 10. **`res.users._login` is an instance method in Odoo 19**, not a classmethod as in earlier versions. Signature is `def _login(self, credential, user_agent_env)` — there is no `db` parameter. Override it like any normal instance method (`super()._login(credential, user_agent_env)`). When called via `authenticate()` on an empty recordset, `self` carries the right env. Older recipes that build a separate `api.Environment` from `odoo.modules.registry.Registry(db)` no longer apply. Source: `odoo/addons/base/models/res_users.py:760`.
+11. **Inherited `ir.ui.view` records cannot have `groups`/`group_ids` on the record itself.** Odoo 19 raises `ParseError: Inherited view cannot have 'groups' defined on the record. Use 'groups' attributes inside the view definition` at install time. Move the gate to the inner XML nodes — every `<button>`, `<page>`, `<field>`, `<xpath>`, `<group>` etc. supports a `groups="base.group_system"` attribute. For an inherited form with a smart button + admin tab, put `groups=` on the button and the page individually; leave the `<record model="ir.ui.view">` clean.
 
 15. **There is NO `sale.subscription` model in Odoo 19** (Enterprise `sale_subscription`). A subscription is a **`sale.order`** with `is_subscription=True`, `plan_id` → **`sale.subscription.plan`** (the recurrence), plus `subscription_state` / `next_invoice_date` / `recurring_monthly`. Any Many2one or relation that targets "a subscription" must point at `sale.order` (filter `domain=[('is_subscription','=',True)]`) — **not** `sale.subscription`, which does not exist and fails at install. The surviving `sale.subscription.*` records are only the plan + wizards/reports (`sale.subscription.plan`, `sale.subscription.report`, `sale.subscription.change.customer.wizard`, `sale.subscription.close.reason.wizard`). Verified on live `nexamain` (odoo-nexa, 19.0): `SELECT model FROM ir_model WHERE model LIKE 'sale.subscription%'`.
 

fusion_login_audit/__manifest__.py

@@ -26,6 +26,7 @@ bursts. Daily retention cron honours a configurable horizon.
     'data': [
         'security/ir.model.access.csv',
         'security/security.xml',
+        'views/res_users_views.xml',
     ],
     'installable': True,
     'application': False,

fusion_login_audit/models/res_users.py

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 import logging
 
-from odoo import api, fields, models
+from odoo import _, api, fields, models
 from odoo.exceptions import AccessDenied
 
 # Top-level import (vs lazy inside the method): if the dep is missing — most
@@ -193,3 +193,66 @@ class ResUsers(models.Model):
                 _credential=credential,
             )
             raise
+
+    # ──────────────────────────────────────────────────────────────────
+    # Per-user surface — fields + action method backing the smart button
+    # and "Login Activity" tab on the user form view.
+    # ──────────────────────────────────────────────────────────────────
+
+    x_fc_login_audit_ids = fields.One2many(
+        'fusion.login.audit', 'user_id',
+        string='Login Activity',
+    )
+    x_fc_login_audit_count = fields.Integer(
+        string='Login Audit Count',
+        compute='_compute_x_fc_login_audit_count',
+    )
+    x_fc_last_successful_login = fields.Datetime(
+        string='Last Successful Login',
+        compute='_compute_x_fc_last_successful_login',
+        store=True,
+    )
+    x_fc_last_login_ip = fields.Char(
+        string='Last Login IP', size=45,
+        compute='_compute_x_fc_last_successful_login',
+        store=True,
+    )
+
+    @api.depends('x_fc_login_audit_ids')
+    def _compute_x_fc_login_audit_count(self):
+        # Odoo 19: read_group → _read_group, returns list of tuples
+        # (group_key, aggregate_value) when given groupby + aggregates.
+        Audit = self.env['fusion.login.audit'].sudo()
+        rows = Audit._read_group(
+            domain=[('user_id', 'in', self.ids)],
+            groupby=['user_id'],
+            aggregates=['__count'],
+        )
+        counts = {user.id: count for user, count in rows}
+        for user in self:
+            user.x_fc_login_audit_count = counts.get(user.id, 0)
+
+    @api.depends('x_fc_login_audit_ids.event_time',
+                 'x_fc_login_audit_ids.result',
+                 'x_fc_login_audit_ids.ip_address')
+    def _compute_x_fc_last_successful_login(self):
+        Audit = self.env['fusion.login.audit'].sudo()
+        for user in self:
+            row = Audit.search(
+                [('user_id', '=', user.id), ('result', '=', 'success')],
+                order='event_time desc', limit=1,
+            )
+            user.x_fc_last_successful_login = row.event_time or False
+            user.x_fc_last_login_ip = row.ip_address or False
+
+    def action_fc_view_login_audit(self):
+        self.ensure_one()
+        return {
+            'name': _('Login Activity'),
+            'type': 'ir.actions.act_window',
+            'res_model': 'fusion.login.audit',
+            'view_mode': 'list,form',
+            'domain': [('user_id', '=', self.id)],
+            'context': {'create': False, 'edit': False, 'delete': False,
+                        'default_user_id': self.id},
+        }

fusion_login_audit/tests/test_login_audit.py

@@ -227,3 +227,42 @@ class TestFusionLoginAuditModel(TransactionCase):
         self.assertFalse(row.user_id)
         self.assertEqual(row.failure_reason, 'unknown_user')
         self.assertEqual(row.result, 'failure')
+
+    def test_computed_last_successful_login(self):
+        """x_fc_last_successful_login reflects the latest success row."""
+        user = self.env['res.users'].sudo().create({
+            'name': 'Compute Tester',
+            'login': 'compute-tester@example.com',
+            'password': 'compute-tester-pw-1',
+        })
+        # Use registry cursor so the audit row survives the transactional
+        # boundary the way the auth-time path does.
+        with self.env.registry.cursor() as audit_cr:
+            from odoo import api
+            audit_env = api.Environment(audit_cr, self.env.uid, self.env.context)
+            audit_env['fusion.login.audit'].sudo().create({
+                'user_id': user.id,
+                'attempted_login': user.login,
+                'result': 'success',
+                'database': self.env.cr.dbname,
+                'ip_address': '198.51.100.42',
+            })
+        user.invalidate_recordset(['x_fc_last_successful_login',
+                                    'x_fc_login_audit_count',
+                                    'x_fc_last_login_ip'])
+        self.assertTrue(user.x_fc_last_successful_login)
+        self.assertGreaterEqual(user.x_fc_login_audit_count, 1)
+        self.assertEqual(user.x_fc_last_login_ip, '198.51.100.42')
+
+    def test_action_view_login_audit_returns_window_action(self):
+        """The smart-button action returns an act_window scoped to this user."""
+        user = self.env['res.users'].sudo().create({
+            'name': 'Action Tester',
+            'login': 'action-tester@example.com',
+            'password': 'action-tester-pw-1',
+        })
+        action = user.action_fc_view_login_audit()
+        self.assertEqual(action['res_model'], 'fusion.login.audit')
+        self.assertEqual(action['type'], 'ir.actions.act_window')
+        # Domain must filter to this user
+        self.assertIn(('user_id', '=', user.id), action['domain'])

fusion_login_audit/views/res_users_views.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+
+    <record id="view_users_form_inherit_login_audit" model="ir.ui.view">
+        <field name="name">res.users.form.inherit.fusion_login_audit</field>
+        <field name="model">res.users</field>
+        <field name="inherit_id" ref="base.view_users_form"/>
+        <!-- Odoo 19: groups MUST be on the inherited XML nodes (button + page
+             below), NOT on the ir.ui.view record itself. Setting `group_ids`
+             on the record raises ParseError "Inherited view cannot have
+             'groups' defined on the record. Use 'groups' attributes inside
+             the view definition". -->
+        <field name="arch" type="xml">
+            <!-- Smart button -->
+            <xpath expr="//div[@name='button_box']" position="inside">
+                <button name="action_fc_view_login_audit"
+                        type="object"
+                        class="oe_stat_button"
+                        icon="fa-key"
+                        groups="base.group_system">
+                    <field name="x_fc_login_audit_count" widget="statinfo"
+                           string="Logins"/>
+                </button>
+            </xpath>
+
+            <!-- Login Activity tab appended at the end of the notebook -->
+            <xpath expr="//notebook" position="inside">
+                <page string="Login Activity"
+                      name="fc_login_activity"
+                      groups="base.group_system">
+                    <group>
+                        <field name="x_fc_last_successful_login" readonly="1"/>
+                        <field name="x_fc_last_login_ip" readonly="1"/>
+                    </group>
+                    <field name="x_fc_login_audit_ids" readonly="1"
+                           context="{'create': False, 'edit': False, 'delete': False}">
+                        <list create="false" edit="false" delete="false"
+                              limit="30" default_order="event_time desc">
+                            <field name="event_time"/>
+                            <field name="result" decoration-success="result=='success'"
+                                                  decoration-danger="result=='failure'"
+                                                  widget="badge"/>
+                            <field name="failure_reason"/>
+                            <field name="ip_address"/>
+                            <field name="country_code"/>
+                            <field name="city"/>
+                            <field name="browser"/>
+                            <field name="os"/>
+                        </list>
+                    </field>
+                </page>
+            </xpath>
+        </field>
+    </record>
+
+</odoo>