admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d7657bb356cea9572005dc26531d0eb5db7a5250
Odoo-Modules/fusion_claims/security/security.xml
gsinghpal 3c8f83b8e6 fix: remove invalid category_id from res.groups (not supported in Odoo 19) 
Odoo 19 replaced category_id with privilege_id on res.groups.
Keep only privilege_id=False to clear it from the dropdown.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-02-25 12:55:17 -05:00

142 lines
7.9 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<odoo>
<!-- ================================================================== -->
<!-- MODULE CATEGORY (required for user settings section rendering) -->
<!-- Odoo 19 organizes privileges by ir.module.category. -->
<!-- Without this, groups fall into the generic Extra Rights list. -->
<!-- ================================================================== -->
<record id="module_category_fusion_claims" model="ir.module.category">
<field name="name">Fusion Claims</field>
<field name="sequence">45</field>
</record>
<!-- ================================================================== -->
<!-- FUSION CLAIMS PRIVILEGE (Odoo 19 pattern) -->
<!-- Linked to module_category_fusion_claims so all groups appear -->
<!-- under a "FUSION CLAIMS" section in user settings. -->
<!-- ================================================================== -->
<record id="res_groups_privilege_fusion_claims" model="res.groups.privilege">
<field name="name">Fusion Claims</field>
<field name="sequence">45</field>
<field name="category_id" ref="module_category_fusion_claims"/>
</record>
<!-- ================================================================== -->
<!-- USER GROUP -->
<!-- Implies sales_team.group_sale_salesman so existing access rules -->
<!-- continue working without changes to ir.model.access.csv -->
<!-- ================================================================== -->
<record id="group_fusion_claims_user" model="res.groups">
<field name="name">User</field>
<field name="sequence">10</field>
<field name="implied_ids" eval="[(4, ref('base.group_user')), (4, ref('sales_team.group_sale_salesman'))]"/>
<field name="privilege_id" ref="res_groups_privilege_fusion_claims"/>
</record>
<!-- ================================================================== -->
<!-- MANAGER GROUP -->
<!-- ================================================================== -->
<record id="group_fusion_claims_manager" model="res.groups">
<field name="name">Administrator</field>
<field name="sequence">20</field>
<field name="privilege_id" ref="res_groups_privilege_fusion_claims"/>
<field name="implied_ids" eval="[(4, ref('group_fusion_claims_user')), (4, ref('sales_team.group_sale_manager'))]"/>
<field name="user_ids" eval="[(4, ref('base.user_root')), (4, ref('base.user_admin'))]"/>
</record>
<!-- DOCUMENT LOCK OVERRIDE GROUP -->
<!-- Only users in this group can edit locked documents when the -->
<!-- "Allow Document Lock Override" setting is enabled. -->
<!-- Not implied by Manager. Must be explicitly assigned. -->
<record id="group_document_lock_override" model="res.groups">
<field name="name">Fusion: Document Lock Override</field>
<field name="privilege_id" eval="False"/>
<field name="comment">Temporary permission for editing locked documents on old/legacy cases. Requires the "Allow Document Lock Override" setting to be enabled in Fusion Claims Settings. Once all legacy cases are handled, disable the setting and remove this permission from users.</field>
</record>
<!-- ================================================================== -->
<!-- FIELD TECHNICIAN GROUP -->
<!-- Standalone group safe for both portal and internal users. -->
<!-- Do NOT imply group_fusion_claims_user — that chain leads to -->
<!-- base.group_user which conflicts with portal users (share=True). -->
<!-- Menu visibility is handled via comma-separated groups= on menus. -->
<!-- ================================================================== -->
<record id="group_field_technician" model="res.groups">
<field name="name">Field Technician</field>
<field name="privilege_id" ref="res_groups_privilege_fusion_claims"/>
</record>
<!-- ================================================================== -->
<!-- TECHNICIAN TASK RECORD RULES -->
<!-- ================================================================== -->
<!-- Managers: full access to all tasks -->
<record id="rule_technician_task_manager" model="ir.rule">
<field name="name">Technician Task: Manager Full Access</field>
<field name="model_id" ref="model_fusion_technician_task"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('sales_team.group_sale_manager'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="True"/>
</record>
<!-- Sales users: read/write all tasks, create tasks -->
<record id="rule_technician_task_sales_user" model="ir.rule">
<field name="name">Technician Task: Sales User Access</field>
<field name="model_id" ref="model_fusion_technician_task"/>
<field name="domain_force">[(1, '=', 1)]</field>
<field name="groups" eval="[(4, ref('sales_team.group_sale_salesman'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- Field Technicians (internal): own tasks only -->
<record id="rule_technician_task_technician" model="ir.rule">
<field name="name">Technician Task: Technician Own Tasks</field>
<field name="model_id" ref="model_fusion_technician_task"/>
<field name="domain_force">[('technician_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('group_field_technician'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- Portal technicians: own tasks only, read + limited write -->
<record id="rule_technician_task_portal" model="ir.rule">
<field name="name">Technician Task: Portal Technician Access</field>
<field name="model_id" ref="model_fusion_technician_task"/>
<field name="domain_force">[('technician_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('base.group_portal'))]"/>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- ================================================================== -->
<!-- PUSH SUBSCRIPTION RECORD RULES -->
<!-- ================================================================== -->
<!-- Users: own subscriptions only -->
<record id="rule_push_subscription_user" model="ir.rule">
<field name="name">Push Subscription: Own Only</field>
<field name="model_id" ref="model_fusion_push_subscription"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('base.group_user'))]"/>
</record>
<!-- Portal: own subscriptions only -->
<record id="rule_push_subscription_portal" model="ir.rule">
<field name="name">Push Subscription: Portal Own Only</field>
<field name="model_id" ref="model_fusion_push_subscription"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
<field name="groups" eval="[(4, ref('base.group_portal'))]"/>
</record>
</odoo>
Reference in New Issue View Git Blame Copy Permalink