admin/Odoo-Modules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dc6afdd021237604db094328d176dd54c92a7ee5
Odoo-Modules/fusion_plating/fusion_plating_cgp/__manifest__.py
gsinghpal 269f9984ef feat(plating-views): Layer 3 — field/button gates per role 
Phase D Task D5 of permissions overhaul. Adds explicit groups= to
form-level elements so non-matching roles don't even SEE the buttons
they can't use:

- SO Confirm button → group_fp_sales_manager (Sales Rep sees the SO
  in draft but no Confirm button — matches model-level gate from Phase G)
- SO pricing fields (price_unit/subtotal/total/untaxed/tax) →
  group_fp_sales_rep (Technician/Shop Manager don't see pricing if
  they navigate to an SO)
- Partner Account Hold tab → group_fp_manager (was the fold-in
  group_fp_accounting; the audit-finding-11 _administrator typo lives
  in res_partner.py and is Phase G's fix)
- CAPA Close + all state-transition buttons → group_fp_quality_manager;
  edit fields use readonly="not user_has_groups(...)" so Manager
  retains read+comment per spec section 2.C
- Audit Start/Findings/Close buttons → group_fp_quality_manager
- AVL Approve/Suspend/Reinstate/Remove → group_fp_quality_manager
  (model uses Suspend+Remove instead of spec's literal 'Disqualify';
  both surfaces gated, semantics match)
- Customer Spec edit fields → readonly for non-QM (Manager keeps
  read access per spec; only inputs lock)
- FAIR Approve/Reject buttons → group_fp_quality_manager (Submit-
  for-Review and Reset stay open to whoever created the FAIR)
- Certificate Issue button — Strategy B chosen: single button hidden
  when cert_type=nadcap_cert AND user is not QM. Cleaner than splitting
  into two buttons; no separate action_sign exists on fp.certificate
  (Issue is the sign+publish action). FAIR lives in its own model;
  fp.certificate only has nadcap_cert as a special type. The ir.rule
  from Phase C enforces model-level writes independently.
- CGP form buttons (7 view files: ai, controlled_good, psa,
  receipt_shipment, registration, security_incident, visitor) →
  group_fp_quality_manager on every action button

Defense in depth: ir.rules and ACLs (from Phases B + C) already
restrict model access. These view gates are the UI layer that
matches.

Concerns:
- Spec line 192 names 'sale.order view — x_fc_account_hold_override'
  but no such field exists in the codebase. Closest practical match
  was the partner-side Account Hold management tab, which already had
  a group= attribute. Re-gated there; no SO-side field to gate.
- AVL model has no action_disqualify per spec; uses suspend+remove.
  Both gated to QM.
- fp.certificate has no action_sign (only action_issue). FAIR's
  approve/reject covers the FAIR side; nadcap-cert Issue covers the
  cert side via Strategy B.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 01:45:39 -04:00

95 lines
3.6 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
# Copyright 2026 Nexa Systems Inc.
# License OPL-1 (Odoo Proprietary License v1.0)
# Part of the Fusion Plating product family.
{
'name': 'Fusion Plating — Controlled Goods Program',
'version': '19.0.1.2.3',
'category': 'Manufacturing/Plating',
'summary': 'Canadian Controlled Goods Program (CGP) compliance for plating '
'shops handling defence work: registration, authorized individuals, '
'personnel security assessments, visitor control, controlled goods '
'log, security incidents.',
'description': """
Fusion Plating — Controlled Goods Program (CGP)
===============================================
Part of the Fusion Plating product family by Nexa Systems Inc.
Canadian Controlled Goods Program compliance pack for plating / metal
finishing shops that handle defence or ITAR-adjacent work. The Controlled
Goods Program is administered by Public Services and Procurement Canada
(PSPC) under the Defence Production Act. Non-compliance is a criminal
offence, so this module defaults every record to restricted access and
keeps sensitive personnel security assessments out of the general
manager's view.
Records included
----------------
* CGP Registration — company registration with PSPC, 5-year renewal cycle
* Authorized Individuals — AI appointment, training, PSA linkage
* Personnel Security Assessments (PSA) — restricted to CGP Officer+
* Visitor Control — PSA-on-file check, escort, approval
* Controlled Goods Inventory — what the shop actually handles
* Receipts & Shipments — movement log with AI authorization
* Security Incidents — breach reporting, PSPC notification (restricted)
* Physical Access Log — entry / exit of controlled areas
* Security Plan — seeded as a doc.control template
Security model
--------------
A new restricted group ``CGP Officer`` is introduced on top of the core
Fusion Plating privilege. PSA and Security Incident records are visible
ONLY to the CGP Officer and the CGP Designated Official — not to the
generic manager role, because not every manager should see personnel
assessments. Admin must grant the new group manually; no user is
assigned by default.
Depends on ``fusion_plating_quality`` for the ``fusion.plating.doc.control``
model (the Security Plan lives there as a controlled document).
Reference: https://www.tpsgc-pwgsc.gc.ca/pmc-cgp/
Copyright (c) 2026 Nexa Systems Inc. All rights reserved.
""",
'author': 'Nexa Systems Inc.',
'website': 'https://www.nexasystems.ca',
'maintainer': 'Nexa Systems Inc.',
'support': 'support@nexasystems.ca',
'license': 'OPL-1',
'price': 0.00,
'currency': 'CAD',
'depends': [
'fusion_plating_quality',
'hr',
],
'data': [
'security/fp_cgp_security.xml',
'security/ir.model.access.csv',
'data/fp_sequence_data.xml',
'data/fp_cgp_doc_template_data.xml',
'views/fp_cgp_registration_views.xml',
'views/fp_cgp_ai_views.xml',
'views/fp_cgp_psa_views.xml',
'views/fp_cgp_visitor_views.xml',
'views/fp_cgp_controlled_good_views.xml',
'views/fp_cgp_receipt_shipment_views.xml',
'views/fp_cgp_security_incident_views.xml',
'views/fp_cgp_access_log_views.xml',
'views/hr_employee_views.xml',
'views/fp_menu.xml',
],
'demo': [
'data/fp_demo_cgp_data.xml',
],
'assets': {
'web.assets_backend': [
'fusion_plating_cgp/static/src/scss/fusion_plating_cgp.scss',
],
},
'installable': True,
'application': False,
'auto_install': False,
}
Reference in New Issue View Git Blame Copy Permalink