admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(plating-sec): add 8 consolidated role groups + mark old groups deprecated

Browse Source 
Phase A of permissions overhaul (see docs/superpowers/specs/2026-05-23-*).
New groups (technician/sales_rep/shop_manager_v2/sales_manager/manager/
quality_manager/owner) defined in fp_security_v2.xml with implied_ids
chains that include old groups for backward-compat during 30-day rollback
window. Old groups display as [DEPRECATED] in user form.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
gsinghpal
2026-05-24 00:47:54 -04:00
parent 560ffa2cdf
commit a53b03265d
8 changed files with 97 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
fusion_plating/fusion_plating/__manifest__.py
View File

@@ -80,6 +80,7 @@ Copyright (c) 2026 Nexa Systems Inc. All rights reserved.
],
'data': [
'security/fp_security.xml',
'security/fp_security_v2.xml',
'security/ir.model.access.csv',
'data/fp_landing_data.xml',
'data/fp_sequence_data.xml',

8
fusion_plating/fusion_plating/security/fp_security.xml
View File

@@ -32,7 +32,7 @@
<!-- Reads most reference data, writes chemistry logs. -->
<!-- ================================================================== -->
<record id="group_fusion_plating_operator" model="res.groups">
<field name="name">Operator</field>
<field name="name">[DEPRECATED] Operator</field>
<field name="sequence">10</field>
<field name="privilege_id" ref="res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
@@ -43,7 +43,7 @@
<!-- Can manage baths, schedule jobs, review logs. -->
<!-- ================================================================== -->
<record id="group_fusion_plating_supervisor" model="res.groups">
<field name="name">Supervisor</field>
<field name="name">[DEPRECATED] Supervisor</field>
<field name="sequence">20</field>
<field name="privilege_id" ref="res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[(4, ref('group_fusion_plating_operator'))]"/>
@@ -54,7 +54,7 @@
<!-- Full CRUD on configuration objects. -->
<!-- ================================================================== -->
<record id="group_fusion_plating_manager" model="res.groups">
<field name="name">Manager</field>
<field name="name">[DEPRECATED] Manager</field>
<field name="sequence">30</field>
<field name="privilege_id" ref="res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[(4, ref('group_fusion_plating_supervisor'))]"/>
@@ -65,7 +65,7 @@
<!-- Everything a Manager can do, plus system-level settings. -->
<!-- ================================================================== -->
<record id="group_fusion_plating_admin" model="res.groups">
<field name="name">Administrator</field>
<field name="name">[DEPRECATED] Administrator</field>
<field name="sequence">40</field>
<field name="privilege_id" ref="res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[(4, ref('group_fusion_plating_manager'))]"/>

85
fusion_plating/fusion_plating/security/fp_security_v2.xml Normal file
View File

@@ -0,0 +1,85 @@
<?xml version="1.0" encoding="utf-8"?>
<odoo>
<data noupdate="0">
<!-- Phase 1 Permissions Overhaul: 8 consolidated roles -->
<!-- See docs/superpowers/specs/2026-05-23-permissions-overhaul-design.md -->
<record id="group_fp_technician" model="res.groups">
<field name="name">Technician</field>
<field name="sequence">10</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[
(4, ref('base.group_user')),
(4, ref('fusion_plating.group_fusion_plating_operator')),
]"/>
</record>
<record id="group_fp_sales_rep" model="res.groups">
<field name="name">Sales Representative</field>
<field name="sequence">20</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[
(4, ref('base.group_user')),
(4, ref('fusion_plating_configurator.group_fp_estimator')),
]"/>
</record>
<record id="group_fp_shop_manager_v2" model="res.groups">
<field name="name">Shop Manager</field>
<field name="sequence">30</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[
(4, ref('group_fp_technician')),
(4, ref('fusion_plating.group_fusion_plating_supervisor')),
(4, ref('fusion_plating_receiving.group_fp_receiving')),
]"/>
</record>
<record id="group_fp_sales_manager" model="res.groups">
<field name="name">Sales Manager</field>
<field name="sequence">40</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[
(4, ref('group_fp_sales_rep')),
]"/>
</record>
<record id="group_fp_manager" model="res.groups">
<field name="name">Manager</field>
<field name="sequence">50</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[
(4, ref('group_fp_shop_manager_v2')),
(4, ref('group_fp_sales_manager')),
(4, ref('fusion_plating.group_fusion_plating_manager')),
(4, ref('fusion_plating_invoicing.group_fp_accounting')),
]"/>
</record>
<record id="group_fp_quality_manager" model="res.groups">
<field name="name">Quality Manager</field>
<field name="sequence">60</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[
(4, ref('group_fp_manager')),
(4, ref('fusion_plating_cgp.group_fusion_plating_cgp_officer')),
]"/>
</record>
<record id="group_fp_owner" model="res.groups">
<field name="name">Owner</field>
<field name="sequence">70</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[
(4, ref('group_fp_quality_manager')),
(4, ref('fusion_plating.group_fusion_plating_admin')),
(4, ref('fusion_plating_cgp.group_fusion_plating_cgp_designated_official')),
(4, ref('base.group_system')),
]"/>
<field name="user_ids" eval="[
(4, ref('base.user_root')),
(4, ref('base.user_admin')),
]"/>
</record>
</data>
</odoo>

4
fusion_plating/fusion_plating_cgp/security/fp_cgp_security.xml
View File

@@ -17,7 +17,7 @@
<!-- CGP OFFICER: day-to-day CGP compliance operator -->
<record id="group_fusion_plating_cgp_officer" model="res.groups">
<field name="name">CGP Officer</field>
<field name="name">[DEPRECATED] CGP Officer</field>
<field name="sequence">50</field>
<field name="privilege_id"
ref="fusion_plating.res_groups_privilege_fusion_plating"/>
@@ -27,7 +27,7 @@
<!-- CGP DESIGNATED OFFICIAL: legally accountable per PSPC registration -->
<record id="group_fusion_plating_cgp_designated_official" model="res.groups">
<field name="name">CGP Designated Official</field>
<field name="name">[DEPRECATED] CGP Designated Official</field>
<field name="sequence">60</field>
<field name="privilege_id"
ref="fusion_plating.res_groups_privilege_fusion_plating"/>

4
fusion_plating/fusion_plating_configurator/security/fp_configurator_security.xml
View File

@@ -7,14 +7,14 @@
<odoo>
<record id="group_fp_estimator" model="res.groups">
<field name="name">Estimator</field>
<field name="name">[DEPRECATED] Estimator</field>
<field name="sequence">50</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[(4, ref('fusion_plating.group_fusion_plating_supervisor'))]"/>
</record>
<record id="group_fp_shop_manager" model="res.groups">
<field name="name">Shop Manager</field>
<field name="name">[DEPRECATED] Shop Manager</field>
<field name="sequence">60</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[

2
fusion_plating/fusion_plating_invoicing/security/fp_invoicing_security.xml
View File

@@ -7,7 +7,7 @@
<odoo>
<record id="group_fp_accounting" model="res.groups">
<field name="name">Accounting</field>
<field name="name">[DEPRECATED] Accounting</field>
<field name="sequence">58</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[(4, ref('fusion_plating.group_fusion_plating_supervisor'))]"/>

2
fusion_plating/fusion_plating_jobs/security/legacy_groups.xml
View File

@@ -6,7 +6,7 @@
admin can manually add themselves via Settings > Users if
they need to access historical MO/WO data. -->
<record id="group_fusion_plating_legacy_menus" model="res.groups">
<field name="name">Plating Legacy Menus</field>
<field name="name">[DEPRECATED] Plating Legacy Menus</field>
<field name="comment">Internal group to hide legacy MO/WO menus that have been replaced by the native fp.job model. Add a user to this group only if they need to navigate historical mrp.production / mrp.workorder records directly.</field>
</record>
</odoo>

2
fusion_plating/fusion_plating_receiving/security/fp_receiving_security.xml
View File

@@ -7,7 +7,7 @@
<odoo>
<record id="group_fp_receiving" model="res.groups">
<field name="name">Receiving</field>
<field name="name">[DEPRECATED] Receiving</field>
<field name="sequence">55</field>
<field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
<field name="implied_ids" eval="[(4, ref('fusion_plating.group_fusion_plating_operator'))]"/>