bf4464ba37
H1+H2: Field technicians had perm_create=1 perm_write=1 on inspection certs (could forge or edit issued certs). Reduced to read-only - the visit-report wizard already sudos when creating new certs from a tech visit. Added rule_inspection_cert_readonly for the dispatcher group so even dispatchers cannot edit already-issued certs; only the manager can revoke/correct. Sealed audit trail. H3: Replaced display:flex / gap (which wkhtmltopdf 0.12 renders as a vertical stack) with inline-block + margin in the certificate PDF. Footer uses float left/right for the cert-number / inspector signature line so the layout survives wkhtmltopdf rendering. Bumped to 19.0.1.4.1. Co-authored-by: Cursor <cursoragent@cursor.com>
4.3 KiB
4.3 KiB
| 1 | id | name | model_id:id | group_id:id | perm_read | perm_write | perm_create | perm_unlink |
|---|---|---|---|---|---|---|---|---|
| 2 | access_repair_product_category_user | Repair Category User Read | model_fusion_repair_product_category | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 3 | access_repair_product_category_manager | Repair Category Manager Full | model_fusion_repair_product_category | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 4 | access_repair_intake_template_user | Intake Template User Read | model_fusion_repair_intake_template | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 5 | access_repair_intake_template_manager | Intake Template Manager Full | model_fusion_repair_intake_template | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 6 | access_repair_intake_question_user | Intake Question User Read | model_fusion_repair_intake_question | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 7 | access_repair_intake_question_manager | Intake Question Manager Full | model_fusion_repair_intake_question | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 8 | access_repair_intake_answer_user | Intake Answer User Full | model_fusion_repair_intake_answer | group_fusion_repairs_user | 1 | 1 | 1 | 0 |
| 9 | access_repair_intake_answer_manager | Intake Answer Manager Full | model_fusion_repair_intake_answer | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 10 | access_repair_intake_answer_tech_portal | Intake Answer Technician Read | model_fusion_repair_intake_answer | fusion_tasks.group_field_technician | 1 | 0 | 0 | 0 |
| 11 | access_repair_intake_wizard_user | Intake Wizard User Full | model_fusion_repair_intake_wizard | group_fusion_repairs_user | 1 | 1 | 1 | 1 |
| 12 | access_repair_intake_wizard_equipment_user | Intake Wizard Equipment User Full | model_fusion_repair_intake_wizard_equipment | group_fusion_repairs_user | 1 | 1 | 1 | 1 |
| 13 | access_repair_service_catalog_user | Catalogue User Read | model_fusion_repair_service_catalog | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 14 | access_repair_service_catalog_manager | Catalogue Manager Full | model_fusion_repair_service_catalog | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 15 | access_repair_warranty_user | Warranty User Read | model_fusion_repair_warranty_coverage | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 16 | access_repair_warranty_manager | Warranty Manager Full | model_fusion_repair_warranty_coverage | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 17 | access_repair_visit_report_wizard_user | Visit Report Wizard User | model_fusion_repair_visit_report_wizard | group_fusion_repairs_user | 1 | 1 | 1 | 1 |
| 18 | access_repair_visit_report_wizard_line_user | Visit Report Line User | model_fusion_repair_visit_report_wizard_line | group_fusion_repairs_user | 1 | 1 | 1 | 1 |
| 19 | access_repair_maintenance_user | Maintenance Contract User Read | model_fusion_repair_maintenance_contract | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 20 | access_repair_maintenance_dispatcher | Maintenance Contract Dispatcher | model_fusion_repair_maintenance_contract | group_fusion_repairs_dispatcher | 1 | 1 | 1 | 0 |
| 21 | access_repair_maintenance_manager | Maintenance Contract Manager Full | model_fusion_repair_maintenance_contract | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 22 | access_repair_order_repairs_user | Repair Order Repairs User Read/Write | repair.model_repair_order | group_fusion_repairs_user | 1 | 1 | 1 | 0 |
| 23 | access_repair_order_repairs_manager | Repair Order Repairs Manager Full | repair.model_repair_order | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 24 | access_technician_task_repairs_user | Technician Task Repairs User Schedule | fusion_tasks.model_fusion_technician_task | group_fusion_repairs_user | 1 | 1 | 1 | 0 |
| 25 | access_technician_task_repairs_manager | Technician Task Repairs Manager Full | fusion_tasks.model_fusion_technician_task | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 26 | access_repair_self_check_rule_user | Self-Check Rule User Read | model_fusion_repair_self_check_rule | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 27 | access_repair_self_check_rule_manager | Self-Check Rule Manager Full | model_fusion_repair_self_check_rule | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 28 | access_qr_sticker_wizard_user | QR Sticker Wizard User Full | model_fusion_repair_qr_sticker_wizard | group_fusion_repairs_user | 1 | 1 | 1 | 1 |
| 29 | access_repair_inspection_user | Inspection Cert User Read | model_fusion_repair_inspection_certificate | group_fusion_repairs_user | 1 | 0 | 0 | 0 |
| 30 | access_repair_inspection_dispatcher | Inspection Cert Dispatcher | model_fusion_repair_inspection_certificate | group_fusion_repairs_dispatcher | 1 | 1 | 1 | 0 |
| 31 | access_repair_inspection_manager | Inspection Cert Manager Full | model_fusion_repair_inspection_certificate | group_fusion_repairs_manager | 1 | 1 | 1 | 1 |
| 32 | access_repair_inspection_technician | Inspection Cert Field Tech Read-Only | model_fusion_repair_inspection_certificate | fusion_tasks.group_field_technician | 1 | 0 | 0 | 0 |