changes

fusion-plating/fusion_plating_cgp/models/fp_cgp_security_incident.py

@@ -0,0 +1,124 @@
+# -*- coding: utf-8 -*-
+# Copyright 2026 Nexa Systems Inc.
+# License OPL-1 (Odoo Proprietary License v1.0)
+# Part of the Fusion Plating product family.
+
+from odoo import api, fields, models
+
+
+class FpCgpSecurityIncident(models.Model):
+    """Security incident or breach under the Controlled Goods Program.
+
+    Any event that could have compromised the security of controlled
+    goods — unauthorized access, a missing item, a visitor violation,
+    a cyber intrusion — must be investigated and, depending on
+    severity, reported to PSPC. Incident records are restricted via
+    ``ir.rule`` to the CGP Officer and above.
+    """
+    _name = 'fusion.plating.cgp.security.incident'
+    _description = 'Fusion Plating — CGP Security Incident'
+    _inherit = ['mail.thread', 'mail.activity.mixin']
+    _order = 'incident_date desc, id desc'
+
+    name = fields.Char(
+        string='Reference',
+        required=True,
+        copy=False,
+        readonly=True,
+        default=lambda self: self._default_name(),
+        tracking=True,
+    )
+    incident_date = fields.Datetime(
+        string='Incident Date',
+        default=lambda self: fields.Datetime.now(),
+        required=True,
+        tracking=True,
+    )
+    discovered_by_id = fields.Many2one(
+        'res.users',
+        string='Discovered By',
+        default=lambda self: self.env.user,
+        tracking=True,
+    )
+    incident_type = fields.Selection(
+        [
+            ('unauthorized_access', 'Unauthorized Access'),
+            ('missing_item', 'Missing Item'),
+            ('documentation_error', 'Documentation Error'),
+            ('visitor_violation', 'Visitor Violation'),
+            ('cyber', 'Cyber Incident'),
+            ('other', 'Other'),
+        ],
+        string='Incident Type',
+        default='other',
+        required=True,
+        tracking=True,
+    )
+    severity = fields.Selection(
+        [
+            ('minor', 'Minor'),
+            ('major', 'Major'),
+            ('critical', 'Critical'),
+        ],
+        string='Severity',
+        default='minor',
+        required=True,
+        tracking=True,
+    )
+    description = fields.Html(string='Description')
+    containment = fields.Html(string='Containment Actions')
+    reported_to_pspc = fields.Boolean(
+        string='Reported to PSPC',
+        tracking=True,
+    )
+    pspc_notification_date = fields.Date(
+        string='PSPC Notification Date',
+        tracking=True,
+    )
+    corrective_action = fields.Html(string='Corrective Action')
+    state = fields.Selection(
+        [
+            ('discovered', 'Discovered'),
+            ('investigating', 'Investigating'),
+            ('reported', 'Reported'),
+            ('closed', 'Closed'),
+        ],
+        string='Status',
+        default='discovered',
+        required=True,
+        tracking=True,
+    )
+    company_id = fields.Many2one(
+        'res.company',
+        string='Company',
+        default=lambda self: self.env.company,
+    )
+    active = fields.Boolean(default=True)
+
+    @api.model
+    def _default_name(self):
+        seq = self.env['ir.sequence'].next_by_code('fusion.plating.cgp.incident')
+        return seq or '/'
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        for vals in vals_list:
+            if not vals.get('name') or vals.get('name') == '/':
+                vals['name'] = self._default_name()
+        return super().create(vals_list)
+
+    def action_investigate(self):
+        self.write({'state': 'investigating'})
+
+    def action_report(self):
+        self.write({
+            'state': 'reported',
+            'reported_to_pspc': True,
+            'pspc_notification_date': fields.Date.context_today(self),
+        })
+
+    def action_close(self):
+        self.write({'state': 'closed'})
+
+    def action_reset(self):
+        self.write({'state': 'discovered'})