admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
46c62ebefa663b3ea5ce3c68d9ffb8700a5ebb3e
Odoo-Modules/fusion_plating/fusion_plating_jobs/controllers/job_scan.py
gsinghpal de3ec7d97a feat(plating-sec): SO confirm gate + fix _administrator typo + Python sweep 
Phase G of permissions overhaul.

G2: sale.order.action_confirm now requires group_fp_sales_manager
(spec Section 2.B). Sales Reps can save drafts but cannot move SOs
to 'sale' state. UserError raised with clear message if attempted.

G3: Fixed audit-finding-11 typo bug in 2 files. The original code
checked has_group('fusion_plating.group_fusion_plating_administrator'),
an xmlid that has NEVER existed - so the gate always returned False
and only the Manager-side check actually fired. Fixed both:
  - fusion_plating_invoicing/models/res_partner.py:34
  - fusion_plating_configurator/wizard/fp_direct_order_wizard.py:467
Both now check has_group('fusion_plating.group_fp_manager') which
transitively includes Owner via implied_ids.

G4: Swept all Python has_group() calls to reference new group xmlids.
Backward-compat keeps old refs working today (Phase A's implied_ids),
but the sweep ensures correctness after the 30-day rollback window
deletes old groups. Replacements:
  group_fusion_plating_operator    -> group_fp_technician
  group_fusion_plating_supervisor  -> group_fp_shop_manager_v2
  group_fusion_plating_manager     -> group_fp_manager
  group_fusion_plating_admin       -> group_fp_owner
  group_fusion_plating_cgp_officer -> group_fp_quality_manager
  group_fusion_plating_cgp_designated_official -> group_fp_owner
  group_fp_estimator               -> group_fp_sales_rep
  group_fp_accounting              -> group_fp_manager
  group_fp_receiving               -> group_fp_shop_manager_v2
  group_fp_shop_manager (legacy)   -> group_fp_manager

G1: test_sales_manager_gate.py covers the new confirm gate (SR
blocked, SMg allowed, Manager allowed via diamond implication).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 02:11:35 -04:00

39 lines
1.5 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
# Copyright 2026 Nexa Systems Inc.
# License OPL-1 (Odoo Proprietary License v1.0)
#
# /fp/job/<id> — scan-redirect endpoint for native fp.job stickers.
#
# The fp.job sticker (Phase 5) embeds a QR encoding this URL. When a
# warehouse user scans it, this controller redirects them to either
# the fp.job form (for managers) or the upcoming process-tree client
# action (for operators — Phase 6 expansion).
from odoo import http
from odoo.http import request
class FpJobScanController(http.Controller):
@http.route('/fp/job/<int:job_id>', type='http', auth='user', website=False)
def fp_job_scan(self, job_id, **kwargs):
Job = request.env['fp.job'].sudo()
job = Job.browse(job_id).exists()
if not job:
return request.redirect('/odoo/plating-jobs')
# If user is a plating manager → land on the form.
# Otherwise (operator) → land on process tree client action
# (will be wired once process tree is added).
user = request.env.user
is_manager = user.has_group('fusion_plating.group_fp_manager')
if is_manager:
return request.redirect(
'/odoo/action-fusion_plating.action_fp_job/%d' % job.id
)
# Operator path: same form for now (process tree action will replace
# this once it's registered).
return request.redirect(
'/odoo/action-fusion_plating.action_fp_job/%d' % job.id
)
Reference in New Issue View Git Blame Copy Permalink