admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(shopfloor): kiosk user ACL has near-zero access

Browse Source 
7 tests covering allowed reads (res.users, ir.config_parameter)
and forbidden everything else (fp.job, sale.order, fp.certificate,
fp.part.catalog, res.users write).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
gsinghpal
2026-05-24 12:06:52 -04:00
parent 97deb93ee7
commit a52ef29a84
2 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
fusion_plating/fusion_plating_shopfloor/tests/__init__.py
View File

@@ -3,3 +3,4 @@ from . import test_workspace_controller
from . import test_landing_kanban
from . import test_tablet_pin
from . import test_tablet_lock_payload
from . import test_kiosk_user_acl

52
fusion_plating/fusion_plating_shopfloor/tests/test_kiosk_user_acl.py Normal file
View File

@@ -0,0 +1,52 @@
from odoo.tests.common import TransactionCase, tagged
from odoo.exceptions import AccessError
@tagged('-at_install', 'post_install', 'fp_tablet')
class TestKioskUserAcl(TransactionCase):
"""Kiosk user can do ONLY what the lock screen needs:
read res.users (tile grid) + read ir.config_parameter (settings).
EVERYTHING else MUST raise AccessError."""
def setUp(self):
super().setUp()
kiosk = self.env.ref(
'fusion_plating_shopfloor.user_fp_tablet_kiosk',
raise_if_not_found=False,
)
if not kiosk:
self.skipTest('fp_tablet_kiosk user not yet provisioned')
self.kiosk = kiosk
def test_kiosk_can_read_users(self):
Users = self.env['res.users'].with_user(self.kiosk)
Users.check_access_rights('read') # raises if denied
def test_kiosk_can_read_config_param(self):
ICP = self.env['ir.config_parameter'].with_user(self.kiosk)
ICP.check_access_rights('read')
def test_kiosk_cannot_write_users(self):
Users = self.env['res.users'].with_user(self.kiosk)
with self.assertRaises(AccessError):
Users.check_access_rights('write')
def test_kiosk_cannot_read_jobs(self):
Jobs = self.env['fp.job'].with_user(self.kiosk)
with self.assertRaises(AccessError):
Jobs.check_access_rights('read')
def test_kiosk_cannot_read_sale_orders(self):
SO = self.env['sale.order'].with_user(self.kiosk)
with self.assertRaises(AccessError):
SO.check_access_rights('read')
def test_kiosk_cannot_read_certificates(self):
Cert = self.env['fp.certificate'].with_user(self.kiosk)
with self.assertRaises(AccessError):
Cert.check_access_rights('read')
def test_kiosk_cannot_read_part_catalog(self):
Part = self.env['fp.part.catalog'].with_user(self.kiosk)
with self.assertRaises(AccessError):
Part.check_access_rights('read')