admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9d9453b5c81cc0721caea2b8b7dc897af2750940
Odoo-Modules/fusion_claims/security/security.xml
gsinghpal 5200d5baf0 Initial commit
2026-02-22 01:22:18 -05:00

142 lines
7.8 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<odoo>
<!-- ================================================================== -->
<!-- MODULE CATEGORY (required for user settings section rendering) -->
<!-- Odoo 19 organizes privileges by ir.module.category. -->
<!-- Without this, groups fall into the generic Extra Rights list. -->
<!-- ================================================================== -->
<record id="module_category_fusion_claims" model="ir.module.category">
<field name="name">Fusion Claims</field>
<field name="sequence">45</field>
</record>
<!-- ================================================================== -->
<!-- FUSION CLAIMS PRIVILEGE (Odoo 19 pattern) -->
<!-- Linked to module_category_fusion_claims so all groups appear -->
<!-- under a "FUSION CLAIMS" section in user settings. -->
<!-- ================================================================== -->
<record id="res_groups_privilege_fusion_claims" model="res.groups.privilege">
<field name="name">Fusion Claims</field>
<field name="sequence">45</field>
<field name="category_id" ref="module_category_fusion_claims"/>
</record>
<!-- ================================================================== -->
<!-- USER GROUP -->
<!-- Implies sales_team.group_sale_salesman so existing access rules -->
<!-- continue working without changes to ir.model.access.csv -->
<!-- ================================================================== -->
<record id="group_fusion_claims_user" model="res.groups">
<field name="name">User</field>
<field name="sequence">10</field>
<field name="implied_ids" eval="[(4, ref('base.group_user')), (4, ref('sales_team.group_sale_salesman'))]"/>
<field name="privilege_id" ref="res_groups_privilege_fusion_claims"/>
</record>
<!-- ================================================================== -->
<!-- MANAGER GROUP -->
<!-- ================================================================== -->
<record id="group_fusion_claims_manager" model="res.groups">
<field name="name">Administrator</field>
<field name="sequence">20</field>
<field name="privilege_id" ref="res_groups_privilege_fusion_claims"/>
<field name="implied_ids" eval="[(4, ref('group_fusion_claims_user')), (4, ref('sales_team.group_sale_manager'))]"/>
<field name="user_ids" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>
</record>
<!-- DOCUMENT LOCK OVERRIDE GROUP -->
<!-- Only users in this group can edit locked documents when the -->
<!-- "Allow Document Lock Override" setting is enabled. -->
<!-- Not implied by Manager. Must be explicitly assigned. -->
<record id="group_document_lock_override" model="res.groups">
<field name="name">Document Lock Override</field>
<field name="privilege_id" ref="res_groups_privilege_fusion_claims"/>
<field name="comment">Can edit locked documents on old/legacy cases when the override setting is enabled. Assign only to specific trusted users.</field>
</record>
<!-- ================================================================== -->
<!-- FIELD TECHNICIAN GROUP -->
<!-- Standalone group safe for both portal and internal users. -->
<!-- Do NOT imply group_fusion_claims_user — that chain leads to -->
<!-- base.group_user which conflicts with portal users (share=True). -->
<!-- Menu visibility is handled via comma-separated groups= on menus. -->
<!-- ================================================================== -->
<record id="group_field_technician" model="res.groups">
<field name="name">Field Technician</field>
<field name="privilege_id" ref="res_groups_privilege_fusion_claims"/>
</record>
<!-- ================================================================== -->
<!-- TECHNICIAN TASK RECORD RULES -->
<!-- ================================================================== -->
<!-- Managers: full access to all tasks -->
<record id="rule_technician_task_manager" model="ir.rule">
<field name="name">Technician Task: Manager Full Access</field>
<field name="model_id" ref="model_fusion_technician_task"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('sales_team.group_sale_manager'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="True"/>
</record>
<!-- Sales users: read/write all tasks, create tasks -->
<record id="rule_technician_task_sales_user" model="ir.rule">
<field name="name">Technician Task: Sales User Access</field>
<field name="model_id" ref="model_fusion_technician_task"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('sales_team.group_sale_salesman'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- Field Technicians (internal): own tasks only -->
<record id="rule_technician_task_technician" model="ir.rule">
<field name="name">Technician Task: Technician Own Tasks</field>
<field name="model_id" ref="model_fusion_technician_task"/>
<field name="domain_force">[('technician_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('group_field_technician'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- Portal technicians: own tasks only, read + limited write -->
<record id="rule_technician_task_portal" model="ir.rule">
<field name="name">Technician Task: Portal Technician Access</field>
<field name="model_id" ref="model_fusion_technician_task"/>
<field name="domain_force">[('technician_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('base.group_portal'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- ================================================================== -->
<!-- PUSH SUBSCRIPTION RECORD RULES -->
<!-- ================================================================== -->
<!-- Users: own subscriptions only -->
<record id="rule_push_subscription_user" model="ir.rule">
<field name="name">Push Subscription: Own Only</field>
<field name="model_id" ref="model_fusion_push_subscription"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
</record>
<!-- Portal: own subscriptions only -->
<record id="rule_push_subscription_portal" model="ir.rule">
<field name="name">Push Subscription: Portal Own Only</field>
<field name="model_id" ref="model_fusion_push_subscription"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('base.group_portal'))]"/>
</record>
</odoo>
Reference in New Issue View Git Blame Copy Permalink