feat(promote-customer-spec): NADCAP recipe lock (Phase A+)

Per client review: NADCAP-qualified recipes need manager-only edit permission. Word-doc external approval workflow stays outside ERP; this is the in-app enforcement. - New field fp.process.node.is_locked (recipe root) - write() override blocks non-manager edits when recipe root is_locked Lock checks via recipe_root_id so child ops/steps are also protected Manager bypass via group + env.su (sudo) bypass for system jobs - Amber "LOCKED — Manager Edit Only" ribbon at top of recipe form - Toggle on Specification & Bake page under "Change Control (NADCAP)" - Spec doc updated with Decision 6.5 + backlog from client review: approvals list, doc control auto-sync, oven recorder sync, SOP word-doc workflow, final-inspection signoff on cert Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-15 00:55:07 -04:00
parent 406cac1362
commit c96f27b96c
4 changed files with 67 additions and 3 deletions
--- a/fusion_plating/fusion_plating/views/fp_process_node_views.xml
+++ b/fusion_plating/fusion_plating/views/fp_process_node_views.xml
@@ -45,6 +45,9 @@
                            icon="fa-list-ol"
                            invisible="node_type != 'recipe'"/>
                </header>
+                <widget name="web_ribbon" title="LOCKED — Manager Edit Only"
+                        bg_color="text-bg-warning"
+                        invisible="not is_locked"/>
                <sheet>
                    <div class="oe_button_box" name="button_box">
                        <button name="action_open_tree_editor" type="object"
@@ -248,6 +251,10 @@
                                           invisible="not requires_bake_relief"/>
                                </group>
                            </group>
+                            <group string="Change Control (NADCAP)">
+                                <field name="is_locked" widget="boolean_toggle"
+                                       help="When ON, only managers can edit this recipe and its child operations / steps. Use for NADCAP-qualified processes."/>
+                            </group>
                            <group string="Thickness Options">
                                <field name="thickness_option_ids" nolabel="1">
                                    <list editable="bottom">