admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(fusion_repairs): Bundle 4 review - lock cert editing + drop flex in PDF

Browse Source 
H1+H2: Field technicians had perm_create=1 perm_write=1 on inspection
certs (could forge or edit issued certs). Reduced to read-only - the
visit-report wizard already sudos when creating new certs from a tech
visit. Added rule_inspection_cert_readonly for the dispatcher group so
even dispatchers cannot edit already-issued certs; only the manager can
revoke/correct. Sealed audit trail.

H3: Replaced display:flex / gap (which wkhtmltopdf 0.12 renders as a
vertical stack) with inline-block + margin in the certificate PDF.
Footer uses float left/right for the cert-number / inspector signature
line so the layout survives wkhtmltopdf rendering.

Bumped to 19.0.1.4.1.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
gsinghpal
2026-05-21 00:16:05 -04:00
parent 65c4d8801c
commit bf4464ba37
4 changed files with 30 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fusion_repairs/security/ir.model.access.csv
View File

@@ -29,4 +29,4 @@ access_qr_sticker_wizard_user,QR Sticker Wizard User Full,model_fusion_repair_qr
access_repair_inspection_user,Inspection Cert User Read,model_fusion_repair_inspection_certificate,group_fusion_repairs_user,1,0,0,0
access_repair_inspection_dispatcher,Inspection Cert Dispatcher,model_fusion_repair_inspection_certificate,group_fusion_repairs_dispatcher,1,1,1,0
access_repair_inspection_manager,Inspection Cert Manager Full,model_fusion_repair_inspection_certificate,group_fusion_repairs_manager,1,1,1,1
access_repair_inspection_technician,Inspection Cert Field Tech Create,model_fusion_repair_inspection_certificate,fusion_tasks.group_field_technician,1,1,1,0
access_repair_inspection_technician,Inspection Cert Field Tech Read-Only,model_fusion_repair_inspection_certificate,fusion_tasks.group_field_technician,1,0,0,0
1 id name model_id:id group_id:id perm_read perm_write perm_create perm_unlink
29 access_repair_inspection_user Inspection Cert User Read model_fusion_repair_inspection_certificate group_fusion_repairs_user 1 0 0 0
30 access_repair_inspection_dispatcher Inspection Cert Dispatcher model_fusion_repair_inspection_certificate group_fusion_repairs_dispatcher 1 1 1 0
31 access_repair_inspection_manager Inspection Cert Manager Full model_fusion_repair_inspection_certificate group_fusion_repairs_manager 1 1 1 1
32 access_repair_inspection_technician Inspection Cert Field Tech Create Inspection Cert Field Tech Read-Only model_fusion_repair_inspection_certificate fusion_tasks.group_field_technician 1 1 0 1 0 0

13
fusion_repairs/security/security.xml
View File

@@ -138,6 +138,19 @@
<field name="global" eval="True"/>
</record>
<!-- Inspection certs: only manager can edit AFTER issue (everyone else read-only).
Visit-report wizard uses sudo() to create new certs from a tech visit. -->
<record id="rule_inspection_cert_readonly" model="ir.rule">
<field name="name">Inspection Certificate: Read-only for non-managers</field>
<field name="model_id" ref="model_fusion_repair_inspection_certificate"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('group_fusion_repairs_dispatcher'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- Sales Rep Portal: sees only repair orders they submitted -->
<record id="rule_repair_order_sales_rep_portal" model="ir.rule">
<field name="name">Repair Order: Sales Rep Portal - Own Repairs</field>