diff --git a/__manifest__.py b/__manifest__.py
index 2c5f802..8922bf4 100644
--- a/__manifest__.py
+++ b/__manifest__.py
@@ -1,6 +1,6 @@
{
'name': 'Access Restriction By User',
- 'version': '18.0.1.0.0',
+ 'version': '19.0.1.0.0',
'summary': 'Restrict access to Warehouses, Picking Types, Locations, Work Centers, and Approvals by User',
'description': """
Restricts visibility of:
@@ -16,12 +16,14 @@
""",
'category': 'Extra Tools',
'author': 'Suherdy Yacob',
- 'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale'],
+ 'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale', 'quality_control', 'quality_mrp'],
'data': [
'security/ir.model.access.csv',
'security/ir_rule.xml',
'security/ir_actions_act_window.xml',
'views/res_users_views.xml',
+ 'views/stock_picking_views.xml',
+ 'views/mrp_production_views.xml',
],
'installable': True,
'application': False,
diff --git a/models/__init__.py b/models/__init__.py
index d5fe265..a751a50 100644
--- a/models/__init__.py
+++ b/models/__init__.py
@@ -1,4 +1,6 @@
from . import res_users
from . import restricted_models
from . import sale_order
+from . import stock_picking
+from . import mrp_production
diff --git a/models/__pycache__/__init__.cpython-312.pyc b/models/__pycache__/__init__.cpython-312.pyc
index 2b838bc..1fcec0c 100644
Binary files a/models/__pycache__/__init__.cpython-312.pyc and b/models/__pycache__/__init__.cpython-312.pyc differ
diff --git a/models/__pycache__/mrp_production.cpython-312.pyc b/models/__pycache__/mrp_production.cpython-312.pyc
new file mode 100644
index 0000000..79c6dea
Binary files /dev/null and b/models/__pycache__/mrp_production.cpython-312.pyc differ
diff --git a/models/__pycache__/restricted_models.cpython-312.pyc b/models/__pycache__/restricted_models.cpython-312.pyc
index ef071ed..2c06866 100644
Binary files a/models/__pycache__/restricted_models.cpython-312.pyc and b/models/__pycache__/restricted_models.cpython-312.pyc differ
diff --git a/models/__pycache__/stock_picking.cpython-312.pyc b/models/__pycache__/stock_picking.cpython-312.pyc
new file mode 100644
index 0000000..4e9434b
Binary files /dev/null and b/models/__pycache__/stock_picking.cpython-312.pyc differ
diff --git a/models/mrp_production.py b/models/mrp_production.py
new file mode 100644
index 0000000..32abdfd
--- /dev/null
+++ b/models/mrp_production.py
@@ -0,0 +1,24 @@
+from odoo import models, fields, api
+
+class MrpProduction(models.Model):
+ _inherit = 'mrp.production'
+
+ restrict_quality_check_button = fields.Boolean(compute='_compute_restrict_quality_check_button')
+
+ @api.depends_context('uid')
+ def _compute_restrict_quality_check_button(self):
+ user = self.env.user
+ for production in self:
+ is_inventory_user = user.has_group('stock.group_stock_user')
+ is_mrp_user = user.has_group('mrp.group_mrp_user')
+ is_mrp_manager = user.has_group('mrp.group_mrp_manager')
+
+ is_restricted_role = is_inventory_user or is_mrp_user or is_mrp_manager
+
+ is_quality_manager = user.has_group('quality.group_quality_manager')
+ is_system = user.has_group('base.group_system')
+
+ if is_restricted_role and not (is_quality_manager or is_system):
+ production.restrict_quality_check_button = True
+ else:
+ production.restrict_quality_check_button = False
diff --git a/models/restricted_models.py b/models/restricted_models.py
index 295656c..aac09b3 100644
--- a/models/restricted_models.py
+++ b/models/restricted_models.py
@@ -1,6 +1,6 @@
import logging
from odoo import models, api
-from odoo.osv import expression
+from odoo.fields import Domain
_logger = logging.getLogger(__name__)
@@ -14,35 +14,35 @@ class StockWarehouse(models.Model):
_inherit = 'stock.warehouse'
@api.model
- def _search(self, domain, offset=0, limit=None, order=None):
+ def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'):
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_stock_warehouse_rel', 'warehouse_id', self.env.user.id)
if allowed_ids:
- domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class StockPickingType(models.Model):
_inherit = 'stock.picking.type'
@api.model
- def _search(self, domain, offset=0, limit=None, order=None):
+ def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'):
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_stock_picking_type_rel', 'picking_type_id', self.env.user.id)
if allowed_ids:
- domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class StockLocation(models.Model):
_inherit = 'stock.location'
@api.model
- def _search(self, domain, offset=0, limit=None, order=None):
+ def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'):
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_stock_location_rel', 'location_id', self.env.user.id)
if allowed_ids:
@@ -52,44 +52,44 @@ class StockLocation(models.Model):
('id', 'child_of', allowed_ids),
('usage', 'not in', ['internal', 'transit'])
]
- domain = expression.AND([domain or [], restrict_domain])
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ domain = list(Domain(domain or []) & Domain(restrict_domain))
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class MrpWorkcenter(models.Model):
_inherit = 'mrp.workcenter'
@api.model
- def _search(self, domain, offset=0, limit=None, order=None):
+ def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'):
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_mrp_workcenter_rel', 'workcenter_id', self.env.user.id)
if allowed_ids:
- domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class ApprovalCategory(models.Model):
_inherit = 'approval.category'
@api.model
- def _search(self, domain, offset=0, limit=None, order=None):
+ def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'):
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
if allowed_ids:
- domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
class ApprovalRequest(models.Model):
_inherit = 'approval.request'
@api.model
- def _search(self, domain, offset=0, limit=None, order=None):
+ def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
if self.env.context.get('bypass_user_restriction'):
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
if not self.env.su and not self.env.user.has_group('base.group_system'):
allowed_category_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
if allowed_category_ids:
- domain = expression.AND([domain or [], [('category_id', 'in', allowed_category_ids)]])
- return super()._search(domain, offset=offset, limit=limit, order=order)
+ domain = list(Domain(domain or []) & Domain([('category_id', 'in', allowed_category_ids)]))
+ return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
diff --git a/models/stock_picking.py b/models/stock_picking.py
new file mode 100644
index 0000000..ff34b74
--- /dev/null
+++ b/models/stock_picking.py
@@ -0,0 +1,34 @@
+from odoo import models, fields, api
+
+class StockPicking(models.Model):
+ _inherit = 'stock.picking'
+
+ restrict_quality_check_button = fields.Boolean(compute='_compute_restrict_quality_check_button')
+
+ @api.depends_context('uid')
+ def _compute_restrict_quality_check_button(self):
+ user = self.env.user
+ for picking in self:
+ # Check if user is in restricted groups (Inventory User or MPS User/Manager)
+ # MPS user usually relates to Manufacturing Manager or User, but user specifically asked for "MPS User".
+ # Since there is no widespread "MPS User" group in standard, we assume it falls under Manufacturing.
+ # However, we will check strictly for the groups mentioned in the request:
+ # Inventory User: stock.group_stock_user
+ # Manufacturing User: mrp.group_mrp_user
+ # MPS User: mrp.group_mrp_manager (often implies MPS access)
+
+ is_inventory_user = user.has_group('stock.group_stock_user')
+ is_mrp_user = user.has_group('mrp.group_mrp_user')
+ is_mrp_manager = user.has_group('mrp.group_mrp_manager')
+
+ # User is possibly restricted if they have one of these basic roles
+ is_restricted_role = is_inventory_user or is_mrp_user or is_mrp_manager
+
+ # But we must NOT hide if they are Quality Manager or System Admin
+ is_quality_manager = user.has_group('quality.group_quality_manager')
+ is_system = user.has_group('base.group_system')
+
+ if is_restricted_role and not (is_quality_manager or is_system):
+ picking.restrict_quality_check_button = True
+ else:
+ picking.restrict_quality_check_button = False
diff --git a/security/ir.model.access.csv b/security/ir.model.access.csv
index 8ec2cb7..08145a0 100644
--- a/security/ir.model.access.csv
+++ b/security/ir.model.access.csv
@@ -1,2 +1,2 @@
id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-access_stock_valuation_layer_internal_user,stock.valuation.layer.internal.user,stock_account.model_stock_valuation_layer,base.group_user,1,0,0,0
+
diff --git a/security/ir_rule.xml b/security/ir_rule.xml
index f87d7b5..a5ab54d 100644
--- a/security/ir_rule.xml
+++ b/security/ir_rule.xml
@@ -60,16 +60,7 @@
-
- Stock Valuation Layer Permissive Access
-
-
- [(1, '=', 1)]
-
-
-
-
-
+
Stock Quant Permissive Access
diff --git a/views/mrp_production_views.xml b/views/mrp_production_views.xml
new file mode 100644
index 0000000..259b0e4
--- /dev/null
+++ b/views/mrp_production_views.xml
@@ -0,0 +1,31 @@
+
+
+
+
+ mrp.production.view.form.inherit.access.restriction
+ mrp.production
+
+
+
+
+
+
+
+
+ not quality_check_todo or restrict_quality_check_button
+
+
+
+
+ not check_ids or quality_check_fail or not quality_check_todo or restrict_quality_check_button
+
+
+ not check_ids or quality_check_fail or quality_check_todo or restrict_quality_check_button
+
+
+ not check_ids or not quality_check_fail or restrict_quality_check_button
+
+
+
+
+
diff --git a/views/stock_picking_views.xml b/views/stock_picking_views.xml
new file mode 100644
index 0000000..4fe956a
--- /dev/null
+++ b/views/stock_picking_views.xml
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+ stock.picking.view.form.inherit.access.restriction
+ stock.picking
+
+
+
+
+
+
+
+
+ not quality_check_todo or state in ('done', 'cancel') or restrict_quality_check_button
+
+
+
+
+
+
+
+ not check_ids or quality_check_fail or not quality_check_todo or restrict_quality_check_button
+
+
+ not check_ids or quality_check_fail or quality_check_todo or restrict_quality_check_button
+
+
+ not check_ids or not quality_check_fail or restrict_quality_check_button
+
+
+
+
+