feat(plating-sec): add 8 consolidated role groups + mark old groups deprecated

Phase A of permissions overhaul (see docs/superpowers/specs/2026-05-23-*). New groups (technician/sales_rep/shop_manager_v2/sales_manager/manager/ quality_manager/owner) defined in fp_security_v2.xml with implied_ids chains that include old groups for backward-compat during 30-day rollback window. Old groups display as [DEPRECATED] in user form. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 00:47:54 -04:00
parent 560ffa2cdf
commit a53b03265d
8 changed files with 97 additions and 11 deletions
--- a/fusion_plating/fusion_plating/manifest.py
+++ b/fusion_plating/fusion_plating/manifest.py
@@ -80,6 +80,7 @@ Copyright (c) 2026 Nexa Systems Inc. All rights reserved.
    ],
    'data': [
        'security/fp_security.xml',
+        'security/fp_security_v2.xml',
        'security/ir.model.access.csv',
        'data/fp_landing_data.xml',
        'data/fp_sequence_data.xml',
--- a/fusion_plating/fusion_plating/security/fp_security.xml
+++ b/fusion_plating/fusion_plating/security/fp_security.xml
@@ -32,7 +32,7 @@
    <!-- Reads most reference data, writes chemistry logs.                  -->
    <!-- ================================================================== -->
    <record id="group_fusion_plating_operator" model="res.groups">
-        <field name="name">Operator</field>
+        <field name="name">[DEPRECATED] Operator</field>
        <field name="sequence">10</field>
        <field name="privilege_id" ref="res_groups_privilege_fusion_plating"/>
        <field name="implied_ids" eval="[(4, ref('base.group_user'))]"/>
@@ -43,7 +43,7 @@
    <!-- Can manage baths, schedule jobs, review logs.                      -->
    <!-- ================================================================== -->
    <record id="group_fusion_plating_supervisor" model="res.groups">
-        <field name="name">Supervisor</field>
+        <field name="name">[DEPRECATED] Supervisor</field>
        <field name="sequence">20</field>
        <field name="privilege_id" ref="res_groups_privilege_fusion_plating"/>
        <field name="implied_ids" eval="[(4, ref('group_fusion_plating_operator'))]"/>
@@ -54,7 +54,7 @@
    <!-- Full CRUD on configuration objects.                                -->
    <!-- ================================================================== -->
    <record id="group_fusion_plating_manager" model="res.groups">
-        <field name="name">Manager</field>
+        <field name="name">[DEPRECATED] Manager</field>
        <field name="sequence">30</field>
        <field name="privilege_id" ref="res_groups_privilege_fusion_plating"/>
        <field name="implied_ids" eval="[(4, ref('group_fusion_plating_supervisor'))]"/>
@@ -65,7 +65,7 @@
    <!-- Everything a Manager can do, plus system-level settings.           -->
    <!-- ================================================================== -->
    <record id="group_fusion_plating_admin" model="res.groups">
-        <field name="name">Administrator</field>
+        <field name="name">[DEPRECATED] Administrator</field>
        <field name="sequence">40</field>
        <field name="privilege_id" ref="res_groups_privilege_fusion_plating"/>
        <field name="implied_ids" eval="[(4, ref('group_fusion_plating_manager'))]"/>
--- a/fusion_plating/fusion_plating/security/fp_security_v2.xml
+++ b/fusion_plating/fusion_plating/security/fp_security_v2.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <data noupdate="0">
+        <!-- Phase 1 Permissions Overhaul: 8 consolidated roles -->
+        <!-- See docs/superpowers/specs/2026-05-23-permissions-overhaul-design.md -->
+
+        <record id="group_fp_technician" model="res.groups">
+            <field name="name">Technician</field>
+            <field name="sequence">10</field>
+            <field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
+            <field name="implied_ids" eval="[
+                (4, ref('base.group_user')),
+                (4, ref('fusion_plating.group_fusion_plating_operator')),
+            ]"/>
+        </record>
+
+        <record id="group_fp_sales_rep" model="res.groups">
+            <field name="name">Sales Representative</field>
+            <field name="sequence">20</field>
+            <field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
+            <field name="implied_ids" eval="[
+                (4, ref('base.group_user')),
+                (4, ref('fusion_plating_configurator.group_fp_estimator')),
+            ]"/>
+        </record>
+
+        <record id="group_fp_shop_manager_v2" model="res.groups">
+            <field name="name">Shop Manager</field>
+            <field name="sequence">30</field>
+            <field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
+            <field name="implied_ids" eval="[
+                (4, ref('group_fp_technician')),
+                (4, ref('fusion_plating.group_fusion_plating_supervisor')),
+                (4, ref('fusion_plating_receiving.group_fp_receiving')),
+            ]"/>
+        </record>
+
+        <record id="group_fp_sales_manager" model="res.groups">
+            <field name="name">Sales Manager</field>
+            <field name="sequence">40</field>
+            <field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
+            <field name="implied_ids" eval="[
+                (4, ref('group_fp_sales_rep')),
+            ]"/>
+        </record>
+
+        <record id="group_fp_manager" model="res.groups">
+            <field name="name">Manager</field>
+            <field name="sequence">50</field>
+            <field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
+            <field name="implied_ids" eval="[
+                (4, ref('group_fp_shop_manager_v2')),
+                (4, ref('group_fp_sales_manager')),
+                (4, ref('fusion_plating.group_fusion_plating_manager')),
+                (4, ref('fusion_plating_invoicing.group_fp_accounting')),
+            ]"/>
+        </record>
+
+        <record id="group_fp_quality_manager" model="res.groups">
+            <field name="name">Quality Manager</field>
+            <field name="sequence">60</field>
+            <field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
+            <field name="implied_ids" eval="[
+                (4, ref('group_fp_manager')),
+                (4, ref('fusion_plating_cgp.group_fusion_plating_cgp_officer')),
+            ]"/>
+        </record>
+
+        <record id="group_fp_owner" model="res.groups">
+            <field name="name">Owner</field>
+            <field name="sequence">70</field>
+            <field name="privilege_id" ref="fusion_plating.res_groups_privilege_fusion_plating"/>
+            <field name="implied_ids" eval="[
+                (4, ref('group_fp_quality_manager')),
+                (4, ref('fusion_plating.group_fusion_plating_admin')),
+                (4, ref('fusion_plating_cgp.group_fusion_plating_cgp_designated_official')),
+                (4, ref('base.group_system')),
+            ]"/>
+            <field name="user_ids" eval="[
+                (4, ref('base.user_root')),
+                (4, ref('base.user_admin')),
+            ]"/>
+        </record>
+    </data>
+</odoo>