Odoo-Modules

admin/Odoo-Modules

Fork 0

Commit Graph

Author	SHA1	Message	Date
gsinghpal	4f1b7c2df6	fix(fusion_repairs): persona-driven workflow audit - 6 real bugs Full end-to-end walk acting as customer, CS rep, dispatcher, technician, and manager surfaced 6 real bugs (1 critical state-machine, 4 missing UX wires, 1 docstring). Server endpoints existed for everything but several were not wired into the templates. B1 (HIGH) - Visit-report wizard never closed the repair Tech submitted visit -> state stayed 'draft' -> x_fc_done_at never stamped -> NPS cron never fired -> the whole post-visit flow died silently. Customers never got their NPS email. Fix: action_confirm() now drives the Odoo native state machine draft -> action_validate (with _action_repair_confirm fallback) -> action_repair_start -> action_repair_end. Each step guarded by the current state and exception-logged. Leaves the repair open if: - requires_requote=True (variance flag - office must re-quote) - no_show=True (office reschedules) - x_fc_is_quote_only (still a quote) - found_another_issue spawned a stub Posts a clear chatter line on success or failure. Verified: e2e walk now shows state=done + x_fc_done_at stamped + NPS cron fires + flags x_fc_nps_email_sent=True. B2 (HIGH) - /repair/new form never called /repair/self_check The AI self-check engine was the headline weekend feature but it was invisible to the client. The endpoint worked server-side, just had no frontend. Fix: new portal_client_repair.js (Interaction class, registered on registry.category('public.interactions')). 'Try 1-3 safe self-check steps first' button POSTs to /repair/self_check, renders steps via createElement + textContent (no innerHTML - all server output is treated as untrusted text). Shows the AI's safety disclaimer on every result. On escalate_immediately, shows a clear 'submit the form, we'll come to you' message instead of the steps. Verified: HTTP POST returns full JSON with instruction + expected_result + disclaimer; new button + result panel appear in rendered HTML. B3 (HIGH) - No phone-lookup UI for returning clients Same problem - endpoint existed but no UI. Returning clients had to retype everything from scratch. Fix: - lookup_phone now returns a 'partners' array (id, name, email, street, city) - cap of 3 results, rate-limited, every match logged at INFO level for audit. Privacy compromise: a phone holder deserves to see their own pre-fill; rate limit caps harvesting. - JS lookup widget at the top of the form posts to /repair/lookup_phone and pre-fills the 5 contact fields + writes the partner_id to a hidden #fr_known_partner_id input. - controller /repair/submit now trusts known_partner_id if present (skips the phone re-match) so we don't create duplicate partners when the lookup widget already identified the right one. Verified: HTTP POST returns the 2 partner records we have for +19055551234 with full id/name/email/street/city. B4 (MEDIUM) - /repair?sn=<serial> from QR sticker did nothing Spec: 'Client scans QR sticker - portal pre-fills the unit info.' Reality: the form had no serial field; ?sn= was ignored. Fix: new _resolve_serial_info(serial) on the controller resolves the lot via stock.lot.search([('name','=',sn)]) and returns {serial, lot_id, product_id, product_name, category_id}. Both /repair (landing) and /repair/new pass it as serial_info template context. Templates show 'Recognized X (Serial: Y)' + auto-select the matching category in the dropdown. Hidden #fr_serial_number carries it through to /repair/submit, which attaches the lot_id + uses the QR category as fallback if user didn't pick one. Verified: ?sn=stella23-20040164 produces 'Pre-filled from QR scan:' banner + hidden input populated. B5 (MEDIUM) - No upsell after submit Spec required an upsell - 'reduce future calls'. Page was a bare 'Got it'. Fix: /repair/thanks now shows a 2-card layout: - 'Want to avoid this next time?' with 4 bullets (priority booking, free inspection cert, discounted parts, annual reminder) + 'See our maintenance plans' CTA to /shop?category=maintenance - 'What happens next' 4-step bulleted explanation Verified: both cards render. B6 (LOW) - SyntaxWarning '\-->' in repair_service_plan.py Made the module docstring a raw string (r''') so the ASCII flowchart arrows don't trigger Python's invalid-escape-sequence warning. Bumped to 19.0.1.8.0. Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-21 01:06:12 -04:00
gsinghpal	ad553b1082	feat(fusion_repairs): Phase 1 sales rep + public client portals Both portals share the existing fusion.repair.intake.service so behaviour stays identical across all three intake surfaces (backend wizard, sales rep portal, public client portal). Sales rep portal - Hard depends on fusion_authorizer_portal (reuses is_sales_rep_portal flag + group_sales_rep_portal scaffolding) - /my/repair/new - mobile-friendly intake form with phone-first partner search (jsonrpc lookup), category select, third-party flag, urgency, photo capture - /my/repairs - list of repairs the rep submitted (paginated) - /my/repair/<id> - read-only detail with status, equipment, scheduled visit - Interaction-class JS (Odoo 19 public.interactions), safe DOM construction - Mobile SCSS with 44px tap targets, sticky CTA on small screens - Record rule scopes portal users to repairs where x_fc_intake_user_id = user.id Public client portal - auth='public' - voicemail-ready /repair URL - /repair - landing page with 911 disclaimer and Start CTA - /repair/new - single-page form: contact, equipment, issue, urgency, optional photos. QR pre-fill via ?sn=<serial> - /repair/submit - CSRF + honeypot + per-IP rate limit (configurable); finds or creates partner; calls intake service with sudo - /repair/thanks - confirmation with reference number - /repair/lookup_phone (jsonrpc) - safe partner match returning ONLY masked name (first + last initial) + city (no other PII leakage) Security fix: technician record rule on repair.order now uses STORED fields (technician_id + additional_technician_ids) instead of the non-stored all_technician_ids compute, which was failing SQL generation. Verified end-to-end on local westin-v19: - Sales rep create via intake service with the rep user context creates the repair with x_fc_intake_source='sales_rep_portal' and proper activities - /repair/submit posts urlencoded data -> creates partner + repair ('BR-WA/RO/00010', source='client_portal', urgency='urgent') -> redirects to /repair/thanks with the reference Co-authored-by: Cursor <cursoragent@cursor.com>	2026-05-20 21:52:12 -04:00

Author

SHA1

Message

Date

gsinghpal

4f1b7c2df6

fix(fusion_repairs): persona-driven workflow audit - 6 real bugs

Full end-to-end walk acting as customer, CS rep, dispatcher, technician,
and manager surfaced 6 real bugs (1 critical state-machine, 4 missing UX
wires, 1 docstring). Server endpoints existed for everything but several
were not wired into the templates.

B1 (HIGH) - Visit-report wizard never closed the repair
  Tech submitted visit -> state stayed 'draft' -> x_fc_done_at never
  stamped -> NPS cron never fired -> the whole post-visit flow died
  silently. Customers never got their NPS email.

  Fix: action_confirm() now drives the Odoo native state machine
  draft -> action_validate (with _action_repair_confirm fallback) ->
  action_repair_start -> action_repair_end. Each step guarded by the
  current state and exception-logged. Leaves the repair open if:
    - requires_requote=True (variance flag - office must re-quote)
    - no_show=True (office reschedules)
    - x_fc_is_quote_only (still a quote)
    - found_another_issue spawned a stub
  Posts a clear chatter line on success or failure.
  Verified: e2e walk now shows state=done + x_fc_done_at stamped +
  NPS cron fires + flags x_fc_nps_email_sent=True.

B2 (HIGH) - /repair/new form never called /repair/self_check
  The AI self-check engine was the headline weekend feature but it was
  invisible to the client. The endpoint worked server-side, just had
  no frontend.

  Fix: new portal_client_repair.js (Interaction class, registered on
  registry.category('public.interactions')). 'Try 1-3 safe self-check
  steps first' button POSTs to /repair/self_check, renders steps via
  createElement + textContent (no innerHTML - all server output is
  treated as untrusted text). Shows the AI's safety disclaimer on
  every result. On escalate_immediately, shows a clear 'submit the
  form, we'll come to you' message instead of the steps.
  Verified: HTTP POST returns full JSON with instruction +
  expected_result + disclaimer; new button + result panel appear in
  rendered HTML.

B3 (HIGH) - No phone-lookup UI for returning clients
  Same problem - endpoint existed but no UI. Returning clients had to
  retype everything from scratch.

  Fix:
  - lookup_phone now returns a 'partners' array (id, name, email,
    street, city) - cap of 3 results, rate-limited, every match logged
    at INFO level for audit. Privacy compromise: a phone holder
    deserves to see their own pre-fill; rate limit caps harvesting.
  - JS lookup widget at the top of the form posts to /repair/lookup_phone
    and pre-fills the 5 contact fields + writes the partner_id to a
    hidden #fr_known_partner_id input.
  - controller /repair/submit now trusts known_partner_id if present
    (skips the phone re-match) so we don't create duplicate partners
    when the lookup widget already identified the right one.
  Verified: HTTP POST returns the 2 partner records we have for
  +19055551234 with full id/name/email/street/city.

B4 (MEDIUM) - /repair?sn=<serial> from QR sticker did nothing
  Spec: 'Client scans QR sticker - portal pre-fills the unit info.'
  Reality: the form had no serial field; ?sn= was ignored.

  Fix: new _resolve_serial_info(serial) on the controller resolves
  the lot via stock.lot.search([('name','=',sn)]) and returns
  {serial, lot_id, product_id, product_name, category_id}. Both
  /repair (landing) and /repair/new pass it as serial_info template
  context. Templates show 'Recognized X (Serial: Y)' + auto-select
  the matching category in the dropdown. Hidden #fr_serial_number
  carries it through to /repair/submit, which attaches the lot_id +
  uses the QR category as fallback if user didn't pick one.
  Verified: ?sn=stella23-20040164 produces 'Pre-filled from QR scan:'
  banner + hidden input populated.

B5 (MEDIUM) - No upsell after submit
  Spec required an upsell - 'reduce future calls'. Page was a bare
  'Got it'.

  Fix: /repair/thanks now shows a 2-card layout:
    - 'Want to avoid this next time?' with 4 bullets (priority booking,
      free inspection cert, discounted parts, annual reminder) +
      'See our maintenance plans' CTA to /shop?category=maintenance
    - 'What happens next' 4-step bulleted explanation
  Verified: both cards render.

B6 (LOW) - SyntaxWarning '\-->' in repair_service_plan.py
  Made the module docstring a raw string (r''') so the ASCII flowchart
  arrows don't trigger Python's invalid-escape-sequence warning.

Bumped to 19.0.1.8.0.

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-05-21 01:06:12 -04:00

gsinghpal

ad553b1082

feat(fusion_repairs): Phase 1 sales rep + public client portals

Both portals share the existing fusion.repair.intake.service so behaviour
stays identical across all three intake surfaces (backend wizard,
sales rep portal, public client portal).

Sales rep portal
- Hard depends on fusion_authorizer_portal (reuses is_sales_rep_portal
  flag + group_sales_rep_portal scaffolding)
- /my/repair/new  - mobile-friendly intake form with phone-first
  partner search (jsonrpc lookup), category select, third-party flag,
  urgency, photo capture
- /my/repairs     - list of repairs the rep submitted (paginated)
- /my/repair/<id> - read-only detail with status, equipment, scheduled
  visit
- Interaction-class JS (Odoo 19 public.interactions), safe DOM construction
- Mobile SCSS with 44px tap targets, sticky CTA on small screens
- Record rule scopes portal users to repairs where
  x_fc_intake_user_id = user.id

Public client portal
- auth='public' - voicemail-ready /repair URL
- /repair         - landing page with 911 disclaimer and Start CTA
- /repair/new     - single-page form: contact, equipment, issue, urgency,
  optional photos. QR pre-fill via ?sn=<serial>
- /repair/submit  - CSRF + honeypot + per-IP rate limit (configurable);
  finds or creates partner; calls intake service with sudo
- /repair/thanks  - confirmation with reference number
- /repair/lookup_phone (jsonrpc) - safe partner match returning ONLY
  masked name (first + last initial) + city (no other PII leakage)

Security fix: technician record rule on repair.order now uses STORED
fields (technician_id + additional_technician_ids) instead of the
non-stored all_technician_ids compute, which was failing SQL generation.

Verified end-to-end on local westin-v19:
- Sales rep create via intake service with the rep user context creates
  the repair with x_fc_intake_source='sales_rep_portal' and proper
  activities
- /repair/submit posts urlencoded data -> creates partner + repair
  ('BR-WA/RO/00010', source='client_portal', urgency='urgent') ->
  redirects to /repair/thanks with the reference

Co-authored-by: Cursor <cursoragent@cursor.com>

2026-05-20 21:52:12 -04:00

2 Commits