84ed406c8e
Phase C of permissions overhaul (spec Section 2.C).
Manager keeps reactive Quality (NCR/Hold/Check/Cert/RMA — already gated
via Phase B sweep). QM gains exclusive write/create/unlink on strategic
Quality records:
- fusion.plating.capa: Manager → read-only (1,0,0,0); QM → full
- fusion.plating.audit: same split (if model present)
- fp.approved.vendor.list: same split (if model present)
- fusion.plating.customer.spec: same split
- Doc Control models: same split
Plus FAIR/Nadcap cert restriction via two new ir.rule records on
fp.certificate:
- Manager: write/create/unlink on certs where cert_type NOT in
('fair', 'nadcap')
- QM: write/create/unlink on all certs (overrides via OR within group)
- Read access unchanged for both (perm_read=False on the rules)
Tests in fusion_plating/tests/test_quality_split.py verify each side
of the split. Models that may not exist on all DBs (audit, AVL) use
skipTest gracefully.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
70 lines
8.5 KiB
CSV
70 lines
8.5 KiB
CSV
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
|
|
access_fp_ncr_operator,fp.ncr.operator,model_fusion_plating_ncr,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_ncr_supervisor,fp.ncr.supervisor,model_fusion_plating_ncr,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_ncr_manager,fp.ncr.manager,model_fusion_plating_ncr,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_capa_operator,fp.capa.operator,model_fusion_plating_capa,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_capa_supervisor,fp.capa.supervisor,model_fusion_plating_capa,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_capa_manager,fp.capa.manager,model_fusion_plating_capa,fusion_plating.group_fp_manager,1,0,0,0
|
|
access_fp_capa_qm,fp.capa.qm,model_fusion_plating_capa,fusion_plating.group_fp_quality_manager,1,1,1,1
|
|
access_fp_cal_equipment_operator,fp.cal.equipment.operator,model_fusion_plating_calibration_equipment,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_cal_equipment_supervisor,fp.cal.equipment.supervisor,model_fusion_plating_calibration_equipment,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_cal_equipment_manager,fp.cal.equipment.manager,model_fusion_plating_calibration_equipment,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_cal_event_operator,fp.cal.event.operator,model_fusion_plating_calibration_event,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_cal_event_supervisor,fp.cal.event.supervisor,model_fusion_plating_calibration_event,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_cal_event_manager,fp.cal.event.manager,model_fusion_plating_calibration_event,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_avl_operator,fp.avl.operator,model_fusion_plating_avl,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_avl_supervisor,fp.avl.supervisor,model_fusion_plating_avl,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_avl_manager,fp.avl.manager,model_fusion_plating_avl,fusion_plating.group_fp_manager,1,0,0,0
|
|
access_fp_avl_qm,fp.avl.qm,model_fusion_plating_avl,fusion_plating.group_fp_quality_manager,1,1,1,1
|
|
access_fp_customer_spec_operator,fp.customer.spec.operator,model_fusion_plating_customer_spec,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_customer_spec_supervisor,fp.customer.spec.supervisor,model_fusion_plating_customer_spec,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_customer_spec_manager,fp.customer.spec.manager,model_fusion_plating_customer_spec,fusion_plating.group_fp_manager,1,0,0,0
|
|
access_fp_customer_spec_qm,fp.customer.spec.qm,model_fusion_plating_customer_spec,fusion_plating.group_fp_quality_manager,1,1,1,1
|
|
access_fp_audit_operator,fp.audit.operator,model_fusion_plating_audit,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_audit_supervisor,fp.audit.supervisor,model_fusion_plating_audit,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_audit_manager,fp.audit.manager,model_fusion_plating_audit,fusion_plating.group_fp_manager,1,0,0,0
|
|
access_fp_audit_qm,fp.audit.qm,model_fusion_plating_audit,fusion_plating.group_fp_quality_manager,1,1,1,1
|
|
access_fp_fair_operator,fp.fair.operator,model_fusion_plating_fair,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_fair_supervisor,fp.fair.supervisor,model_fusion_plating_fair,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_fair_manager,fp.fair.manager,model_fusion_plating_fair,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_doc_control_operator,fp.doc.control.operator,model_fusion_plating_doc_control,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_doc_control_supervisor,fp.doc.control.supervisor,model_fusion_plating_doc_control,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_doc_control_manager,fp.doc.control.manager,model_fusion_plating_doc_control,fusion_plating.group_fp_manager,1,0,0,0
|
|
access_fp_doc_control_qm,fp.doc.control.qm,model_fusion_plating_doc_control,fusion_plating.group_fp_quality_manager,1,1,1,1
|
|
access_fp_quality_hold_operator,fp.quality.hold.operator,model_fusion_plating_quality_hold,fusion_plating.group_fp_technician,1,0,1,0
|
|
access_fp_quality_hold_supervisor,fp.quality.hold.supervisor,model_fusion_plating_quality_hold,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_quality_hold_manager,fp.quality.hold.manager,model_fusion_plating_quality_hold,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_contract_review_operator,fp.contract.review.operator,model_fp_contract_review,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_contract_review_supervisor,fp.contract.review.supervisor,model_fp_contract_review,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_contract_review_manager,fp.contract.review.manager,model_fp_contract_review,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_qc_check_operator,fusion.plating.quality.check.operator,model_fusion_plating_quality_check,fusion_plating.group_fp_technician,1,1,1,0
|
|
access_fp_qc_check_supervisor,fusion.plating.quality.check.supervisor,model_fusion_plating_quality_check,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_qc_check_manager,fusion.plating.quality.check.manager,model_fusion_plating_quality_check,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_qc_check_line_operator,fusion.plating.quality.check.line.operator,model_fusion_plating_quality_check_line,fusion_plating.group_fp_technician,1,1,1,0
|
|
access_fp_qc_check_line_supervisor,fusion.plating.quality.check.line.supervisor,model_fusion_plating_quality_check_line,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_qc_check_line_manager,fusion.plating.quality.check.line.manager,model_fusion_plating_quality_check_line,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_qc_template_operator,fp.qc.checklist.template.operator,model_fp_qc_checklist_template,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_qc_template_supervisor,fp.qc.checklist.template.supervisor,model_fp_qc_checklist_template,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_qc_template_manager,fp.qc.checklist.template.manager,model_fp_qc_checklist_template,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_qc_template_line_operator,fp.qc.checklist.template.line.operator,model_fp_qc_checklist_template_line,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_qc_template_line_supervisor,fp.qc.checklist.template.line.supervisor,model_fp_qc_checklist_template_line,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_qc_template_line_manager,fp.qc.checklist.template.line.manager,model_fp_qc_checklist_template_line,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_rma_operator,fusion.plating.rma.operator,model_fusion_plating_rma,fusion_plating.group_fp_technician,1,0,0,0
|
|
access_fp_rma_supervisor,fusion.plating.rma.supervisor,model_fusion_plating_rma,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_rma_manager,fusion.plating.rma.manager,model_fusion_plating_rma,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_quality_tag_user,fp.quality.tag.user,model_fp_quality_tag,base.group_user,1,0,0,0
|
|
access_fp_quality_tag_supervisor,fp.quality.tag.supervisor,model_fp_quality_tag,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_quality_tag_manager,fp.quality.tag.manager,model_fp_quality_tag,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_quality_reason_user,fp.quality.reason.user,model_fp_quality_reason,base.group_user,1,0,0,0
|
|
access_fp_quality_reason_supervisor,fp.quality.reason.supervisor,model_fp_quality_reason,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_quality_reason_manager,fp.quality.reason.manager,model_fp_quality_reason,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_quality_team_user,fp.quality.team.user,model_fp_quality_team,base.group_user,1,0,0,0
|
|
access_fp_quality_team_supervisor,fp.quality.team.supervisor,model_fp_quality_team,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_quality_team_manager,fp.quality.team.manager,model_fp_quality_team,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_quality_alert_stage_user,fp.quality.alert.stage.user,model_fp_quality_alert_stage,base.group_user,1,0,0,0
|
|
access_fp_quality_alert_stage_supervisor,fp.quality.alert.stage.supervisor,model_fp_quality_alert_stage,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_quality_alert_stage_manager,fp.quality.alert.stage.manager,model_fp_quality_alert_stage,fusion_plating.group_fp_manager,1,1,1,1
|
|
access_fp_quality_point_user,fp.quality.point.user,model_fp_quality_point,base.group_user,1,0,0,0
|
|
access_fp_quality_point_supervisor,fp.quality.point.supervisor,model_fp_quality_point,fusion_plating.group_fp_shop_manager_v2,1,1,1,0
|
|
access_fp_quality_point_manager,fp.quality.point.manager,model_fp_quality_point,fusion_plating.group_fp_manager,1,1,1,1
|