Odoo-Modules

admin/Odoo-Modules

Fork 0

Commit Graph

Author	SHA1	Message	Date
gsinghpal	0047f49d2c	fix(plating-perms): address final-reviewer critical + important issues Pre-deploy fixes for Phase 1 permissions overhaul branch (catches by final-reviewer subagent + main session). CRITICAL FIXES: C1: groups_id -> group_ids (Odoo 19 field rename). Affected ~30 sites across 4 model files, 1 view, 7 test files. Documented project gotcha (feedback_odoo19_groups_id_renamed.md) that the implementer subagents missed because they don't see user memory. C2: action_fp_resolve_plating_landing server action now calls env['ir.actions.act_window'].sudo()._fp_resolve_landing_for_current_user() instead of the old inline priority chain. Phase E's role-based dispatch was previously dead code. C3: New migrations/19.0.21.1.0/post-migrate.py triggers _fp_post_init_role_migration(env) on -u. post_init_hook only fires on INSTALL in Odoo 19, not UPGRADE -- so Phase H's preview creation wouldn't have auto-fired on entech without this script. Module version bumped to 19.0.21.1.0 to match the migration directory. C4: Team kanban template rewritten for Odoo 19 (<t t-name='card'> with semantic <aside>/<main>) instead of legacy <t t-name='kanban-box'>. Previous template threw 'Missing card template' at render. IMPORTANT FIXES: I1: SO state=sent Confirm button (id='action_confirm') now also gated to group_fp_sales_manager. Previously only the state=draft button was gated; Sales Reps could send-and-confirm via the secondary path. I2: Designated Officials picker domain uses all_group_ids (transitive) instead of group_ids (explicit only). Owner users now correctly appear as eligible CGP DO candidates via the implied_ids chain. I3: test_menu_visibility.py compliance hub xmlid corrected to fusion_plating.menu_fp_compliance_hub (was fusion_plating_compliance.menu_fp_compliance_hub which doesn't exist -- the hub menu is defined in core's fp_menu.xml). Tests were silently skipTest-ing. I4: _inverse_plating_role chatter audit reads old role from DB via SQL (bypasses cache) so 'old -> new' displays actual values, and short-circuits no-op writes. I5: _FP_ROLE_MAPPING_RULES reordered: cgp_designated_official fires BEFORE admin/uid_1_or_2 so admin+DO users keep the capability_delta marker that triggers res.company.x_fc_cgp_designated_official_id auto-set during migration. I6: _cron_purge_expired_migrations skips groups with active users instead of unlink-ing unconditionally. Defense against rollback safety being bypassed by manual role assignments post-migration. CLAUDE.md updated with 3 new durable rules (13b kanban card template, 13c group_ids vs all_group_ids, 13d post_init_hook only on install). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-24 08:37:13 -04:00
gsinghpal	de3ec7d97a	feat(plating-sec): SO confirm gate + fix _administrator typo + Python sweep Phase G of permissions overhaul. G2: sale.order.action_confirm now requires group_fp_sales_manager (spec Section 2.B). Sales Reps can save drafts but cannot move SOs to 'sale' state. UserError raised with clear message if attempted. G3: Fixed audit-finding-11 typo bug in 2 files. The original code checked has_group('fusion_plating.group_fusion_plating_administrator'), an xmlid that has NEVER existed - so the gate always returned False and only the Manager-side check actually fired. Fixed both: - fusion_plating_invoicing/models/res_partner.py:34 - fusion_plating_configurator/wizard/fp_direct_order_wizard.py:467 Both now check has_group('fusion_plating.group_fp_manager') which transitively includes Owner via implied_ids. G4: Swept all Python has_group() calls to reference new group xmlids. Backward-compat keeps old refs working today (Phase A's implied_ids), but the sweep ensures correctness after the 30-day rollback window deletes old groups. Replacements: group_fusion_plating_operator -> group_fp_technician group_fusion_plating_supervisor -> group_fp_shop_manager_v2 group_fusion_plating_manager -> group_fp_manager group_fusion_plating_admin -> group_fp_owner group_fusion_plating_cgp_officer -> group_fp_quality_manager group_fusion_plating_cgp_designated_official -> group_fp_owner group_fp_estimator -> group_fp_sales_rep group_fp_accounting -> group_fp_manager group_fp_receiving -> group_fp_shop_manager_v2 group_fp_shop_manager (legacy) -> group_fp_manager G1: test_sales_manager_gate.py covers the new confirm gate (SR blocked, SMg allowed, Manager allowed via diamond implication). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-24 02:11:35 -04:00

Author

SHA1

Message

Date

gsinghpal

0047f49d2c

fix(plating-perms): address final-reviewer critical + important issues

Pre-deploy fixes for Phase 1 permissions overhaul branch (catches by
final-reviewer subagent + main session).

CRITICAL FIXES:

C1: groups_id -> group_ids (Odoo 19 field rename). Affected ~30 sites
    across 4 model files, 1 view, 7 test files. Documented project
    gotcha (feedback_odoo19_groups_id_renamed.md) that the implementer
    subagents missed because they don't see user memory.

C2: action_fp_resolve_plating_landing server action now calls
    env['ir.actions.act_window'].sudo()._fp_resolve_landing_for_current_user()
    instead of the old inline priority chain. Phase E's role-based
    dispatch was previously dead code.

C3: New migrations/19.0.21.1.0/post-migrate.py triggers
    _fp_post_init_role_migration(env) on -u. post_init_hook only fires
    on INSTALL in Odoo 19, not UPGRADE -- so Phase H's preview creation
    wouldn't have auto-fired on entech without this script. Module
    version bumped to 19.0.21.1.0 to match the migration directory.

C4: Team kanban template rewritten for Odoo 19 (<t t-name='card'> with
    semantic <aside>/<main>) instead of legacy <t t-name='kanban-box'>.
    Previous template threw 'Missing card template' at render.

IMPORTANT FIXES:

I1: SO state=sent Confirm button (id='action_confirm') now also gated
    to group_fp_sales_manager. Previously only the state=draft button
    was gated; Sales Reps could send-and-confirm via the secondary path.

I2: Designated Officials picker domain uses all_group_ids (transitive)
    instead of group_ids (explicit only). Owner users now correctly
    appear as eligible CGP DO candidates via the implied_ids chain.

I3: test_menu_visibility.py compliance hub xmlid corrected to
    fusion_plating.menu_fp_compliance_hub (was
    fusion_plating_compliance.menu_fp_compliance_hub which doesn't exist
    -- the hub menu is defined in core's fp_menu.xml). Tests were
    silently skipTest-ing.

I4: _inverse_plating_role chatter audit reads old role from DB via SQL
    (bypasses cache) so 'old -> new' displays actual values, and
    short-circuits no-op writes.

I5: _FP_ROLE_MAPPING_RULES reordered: cgp_designated_official fires
    BEFORE admin/uid_1_or_2 so admin+DO users keep the capability_delta
    marker that triggers res.company.x_fc_cgp_designated_official_id
    auto-set during migration.

I6: _cron_purge_expired_migrations skips groups with active users
    instead of unlink-ing unconditionally. Defense against rollback
    safety being bypassed by manual role assignments post-migration.

CLAUDE.md updated with 3 new durable rules (13b kanban card template,
13c group_ids vs all_group_ids, 13d post_init_hook only on install).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-24 08:37:13 -04:00

gsinghpal

de3ec7d97a

feat(plating-sec): SO confirm gate + fix _administrator typo + Python sweep

Phase G of permissions overhaul.

G2: sale.order.action_confirm now requires group_fp_sales_manager
(spec Section 2.B). Sales Reps can save drafts but cannot move SOs
to 'sale' state. UserError raised with clear message if attempted.

G3: Fixed audit-finding-11 typo bug in 2 files. The original code
checked has_group('fusion_plating.group_fusion_plating_administrator'),
an xmlid that has NEVER existed - so the gate always returned False
and only the Manager-side check actually fired. Fixed both:
  - fusion_plating_invoicing/models/res_partner.py:34
  - fusion_plating_configurator/wizard/fp_direct_order_wizard.py:467
Both now check has_group('fusion_plating.group_fp_manager') which
transitively includes Owner via implied_ids.

G4: Swept all Python has_group() calls to reference new group xmlids.
Backward-compat keeps old refs working today (Phase A's implied_ids),
but the sweep ensures correctness after the 30-day rollback window
deletes old groups. Replacements:
  group_fusion_plating_operator    -> group_fp_technician
  group_fusion_plating_supervisor  -> group_fp_shop_manager_v2
  group_fusion_plating_manager     -> group_fp_manager
  group_fusion_plating_admin       -> group_fp_owner
  group_fusion_plating_cgp_officer -> group_fp_quality_manager
  group_fusion_plating_cgp_designated_official -> group_fp_owner
  group_fp_estimator               -> group_fp_sales_rep
  group_fp_accounting              -> group_fp_manager
  group_fp_receiving               -> group_fp_shop_manager_v2
  group_fp_shop_manager (legacy)   -> group_fp_manager

G1: test_sales_manager_gate.py covers the new confirm gate (SR
blocked, SMg allowed, Manager allowed via diamond implication).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-24 02:11:35 -04:00

2 Commits