feat(fusion_login_audit): smart button + Login Activity tab on res.users

Adds four x_fc_* fields on res.users: login_audit_ids (One2many), login_audit_count (compute), last_successful_login (compute, stored), last_login_ip (compute, stored). action_fc_view_login_audit returns a window action scoped to the current user. View inheritance adds a smart button to the button box and a "Login Activity" page to the notebook, both gated by base.group_system on the inner XML nodes (NOT on the view record — Odoo 19 forbids that; see CLAUDE.md rule #11). Tests (2 new, 18 total green): test_computed_last_successful_login — uses registry cursor to commit the audit row so the stored compute picks it up across the TransactionCase boundary. test_action_view_login_audit_returns_window_action — smart-button action shape + domain scoping. CLAUDE.md rule #11 added: inherited ir.ui.view records cannot have groups/group_ids on the record; the gate must be on the inner XML nodes. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 21:20:08 -04:00
parent a7cf44249d
commit 72aa28e6c4
5 changed files with 162 additions and 1 deletions
--- a/fusion_login_audit/manifest.py
+++ b/fusion_login_audit/manifest.py
@@ -26,6 +26,7 @@ bursts. Daily retention cron honours a configurable horizon.
    'data': [
        'security/ir.model.access.csv',
        'security/security.xml',
+        'views/res_users_views.xml',
    ],
    'installable': True,
    'application': False,
--- a/fusion_login_audit/models/res_users.py
+++ b/fusion_login_audit/models/res_users.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 import logging

-from odoo import api, fields, models
+from odoo import _, api, fields, models
 from odoo.exceptions import AccessDenied

 # Top-level import (vs lazy inside the method): if the dep is missing — most
@@ -193,3 +193,66 @@ class ResUsers(models.Model):
                _credential=credential,
            )
            raise
+
+    # ──────────────────────────────────────────────────────────────────
+    # Per-user surface — fields + action method backing the smart button
+    # and "Login Activity" tab on the user form view.
+    # ──────────────────────────────────────────────────────────────────
+
+    x_fc_login_audit_ids = fields.One2many(
+        'fusion.login.audit', 'user_id',
+        string='Login Activity',
+    )
+    x_fc_login_audit_count = fields.Integer(
+        string='Login Audit Count',
+        compute='_compute_x_fc_login_audit_count',
+    )
+    x_fc_last_successful_login = fields.Datetime(
+        string='Last Successful Login',
+        compute='_compute_x_fc_last_successful_login',
+        store=True,
+    )
+    x_fc_last_login_ip = fields.Char(
+        string='Last Login IP', size=45,
+        compute='_compute_x_fc_last_successful_login',
+        store=True,
+    )
+
+    @api.depends('x_fc_login_audit_ids')
+    def _compute_x_fc_login_audit_count(self):
+        # Odoo 19: read_group → _read_group, returns list of tuples
+        # (group_key, aggregate_value) when given groupby + aggregates.
+        Audit = self.env['fusion.login.audit'].sudo()
+        rows = Audit._read_group(
+            domain=[('user_id', 'in', self.ids)],
+            groupby=['user_id'],
+            aggregates=['__count'],
+        )
+        counts = {user.id: count for user, count in rows}
+        for user in self:
+            user.x_fc_login_audit_count = counts.get(user.id, 0)
+
+    @api.depends('x_fc_login_audit_ids.event_time',
+                 'x_fc_login_audit_ids.result',
+                 'x_fc_login_audit_ids.ip_address')
+    def _compute_x_fc_last_successful_login(self):
+        Audit = self.env['fusion.login.audit'].sudo()
+        for user in self:
+            row = Audit.search(
+                [('user_id', '=', user.id), ('result', '=', 'success')],
+                order='event_time desc', limit=1,
+            )
+            user.x_fc_last_successful_login = row.event_time or False
+            user.x_fc_last_login_ip = row.ip_address or False
+
+    def action_fc_view_login_audit(self):
+        self.ensure_one()
+        return {
+            'name': _('Login Activity'),
+            'type': 'ir.actions.act_window',
+            'res_model': 'fusion.login.audit',
+            'view_mode': 'list,form',
+            'domain': [('user_id', '=', self.id)],
+            'context': {'create': False, 'edit': False, 'delete': False,
+                        'default_user_id': self.id},
+        }
--- a/fusion_login_audit/tests/test_login_audit.py
+++ b/fusion_login_audit/tests/test_login_audit.py
@@ -227,3 +227,42 @@ class TestFusionLoginAuditModel(TransactionCase):
        self.assertFalse(row.user_id)
        self.assertEqual(row.failure_reason, 'unknown_user')
        self.assertEqual(row.result, 'failure')
+
+    def test_computed_last_successful_login(self):
+        """x_fc_last_successful_login reflects the latest success row."""
+        user = self.env['res.users'].sudo().create({
+            'name': 'Compute Tester',
+            'login': 'compute-tester@example.com',
+            'password': 'compute-tester-pw-1',
+        })
+        # Use registry cursor so the audit row survives the transactional
+        # boundary the way the auth-time path does.
+        with self.env.registry.cursor() as audit_cr:
+            from odoo import api
+            audit_env = api.Environment(audit_cr, self.env.uid, self.env.context)
+            audit_env['fusion.login.audit'].sudo().create({
+                'user_id': user.id,
+                'attempted_login': user.login,
+                'result': 'success',
+                'database': self.env.cr.dbname,
+                'ip_address': '198.51.100.42',
+            })
+        user.invalidate_recordset(['x_fc_last_successful_login',
+                                    'x_fc_login_audit_count',
+                                    'x_fc_last_login_ip'])
+        self.assertTrue(user.x_fc_last_successful_login)
+        self.assertGreaterEqual(user.x_fc_login_audit_count, 1)
+        self.assertEqual(user.x_fc_last_login_ip, '198.51.100.42')
+
+    def test_action_view_login_audit_returns_window_action(self):
+        """The smart-button action returns an act_window scoped to this user."""
+        user = self.env['res.users'].sudo().create({
+            'name': 'Action Tester',
+            'login': 'action-tester@example.com',
+            'password': 'action-tester-pw-1',
+        })
+        action = user.action_fc_view_login_audit()
+        self.assertEqual(action['res_model'], 'fusion.login.audit')
+        self.assertEqual(action['type'], 'ir.actions.act_window')
+        # Domain must filter to this user
+        self.assertIn(('user_id', '=', user.id), action['domain'])
--- a/fusion_login_audit/views/res_users_views.xml
+++ b/fusion_login_audit/views/res_users_views.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+
+    <record id="view_users_form_inherit_login_audit" model="ir.ui.view">
+        <field name="name">res.users.form.inherit.fusion_login_audit</field>
+        <field name="model">res.users</field>
+        <field name="inherit_id" ref="base.view_users_form"/>
+        <!-- Odoo 19: groups MUST be on the inherited XML nodes (button + page
+             below), NOT on the ir.ui.view record itself. Setting `group_ids`
+             on the record raises ParseError "Inherited view cannot have
+             'groups' defined on the record. Use 'groups' attributes inside
+             the view definition". -->
+        <field name="arch" type="xml">
+            <!-- Smart button -->
+            <xpath expr="//div[@name='button_box']" position="inside">
+                <button name="action_fc_view_login_audit"
+                        type="object"
+                        class="oe_stat_button"
+                        icon="fa-key"
+                        groups="base.group_system">
+                    <field name="x_fc_login_audit_count" widget="statinfo"
+                           string="Logins"/>
+                </button>
+            </xpath>
+
+            <!-- Login Activity tab appended at the end of the notebook -->
+            <xpath expr="//notebook" position="inside">
+                <page string="Login Activity"
+                      name="fc_login_activity"
+                      groups="base.group_system">
+                    <group>
+                        <field name="x_fc_last_successful_login" readonly="1"/>
+                        <field name="x_fc_last_login_ip" readonly="1"/>
+                    </group>
+                    <field name="x_fc_login_audit_ids" readonly="1"
+                           context="{'create': False, 'edit': False, 'delete': False}">
+                        <list create="false" edit="false" delete="false"
+                              limit="30" default_order="event_time desc">
+                            <field name="event_time"/>
+                            <field name="result" decoration-success="result=='success'"
+                                                  decoration-danger="result=='failure'"
+                                                  widget="badge"/>
+                            <field name="failure_reason"/>
+                            <field name="ip_address"/>
+                            <field name="country_code"/>
+                            <field name="city"/>
+                            <field name="browser"/>
+                            <field name="os"/>
+                        </list>
+                    </field>
+                </page>
+            </xpath>
+        </field>
+    </record>
+
+</odoo>