From f3aa16180750e8b858663fc74ea295a7f4a2d048 Mon Sep 17 00:00:00 2001
From: Suherdy Yacob <suherdy.yacob@mapan.co.id>
Date: Fri, 16 Jan 2026 09:01:05 +0700
Subject: [PATCH] feat: Extend user access restrictions to quality check
 buttons on manufacturing orders and stock pickings, and update domain
 handling for Odoo 19.

---
 __manifest__.py                               |   6 ++-
 models/__init__.py                            |   2 +
 models/__pycache__/__init__.cpython-312.pyc   | Bin 299 -> 374 bytes
 .../mrp_production.cpython-312.pyc            | Bin 0 -> 1613 bytes
 .../restricted_models.cpython-312.pyc         | Bin 7791 -> 8067 bytes
 .../__pycache__/stock_picking.cpython-312.pyc | Bin 0 -> 1606 bytes
 models/mrp_production.py                      |  24 +++++++++
 models/restricted_models.py                   |  50 +++++++++---------
 models/stock_picking.py                       |  34 ++++++++++++
 security/ir.model.access.csv                  |   2 +-
 security/ir_rule.xml                          |  11 +---
 views/mrp_production_views.xml                |  31 +++++++++++
 views/stock_picking_views.xml                 |  37 +++++++++++++
 13 files changed, 159 insertions(+), 38 deletions(-)
 create mode 100644 models/__pycache__/mrp_production.cpython-312.pyc
 create mode 100644 models/__pycache__/stock_picking.cpython-312.pyc
 create mode 100644 models/mrp_production.py
 create mode 100644 models/stock_picking.py
 create mode 100644 views/mrp_production_views.xml
 create mode 100644 views/stock_picking_views.xml

diff --git a/__manifest__.py b/__manifest__.py
index 2c5f802..8922bf4 100644
--- a/__manifest__.py
+++ b/__manifest__.py
@@ -1,6 +1,6 @@
 {
     'name': 'Access Restriction By User',
-    'version': '18.0.1.0.0',
+    'version': '19.0.1.0.0',
     'summary': 'Restrict access to Warehouses, Picking Types, Locations, Work Centers, and Approvals by User',
     'description': """
         Restricts visibility of:
@@ -16,12 +16,14 @@
     """,
     'category': 'Extra Tools',
     'author': 'Suherdy Yacob',
-    'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale'],
+    'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale', 'quality_control', 'quality_mrp'],
     'data': [
         'security/ir.model.access.csv',
         'security/ir_rule.xml',
         'security/ir_actions_act_window.xml',
         'views/res_users_views.xml',
+        'views/stock_picking_views.xml',
+        'views/mrp_production_views.xml',
     ],
     'installable': True,
     'application': False,
diff --git a/models/__init__.py b/models/__init__.py
index d5fe265..a751a50 100644
--- a/models/__init__.py
+++ b/models/__init__.py
@@ -1,4 +1,6 @@
 from . import res_users
 from . import restricted_models
 from . import sale_order
+from . import stock_picking
+from . import mrp_production
 
diff --git a/models/__pycache__/__init__.cpython-312.pyc b/models/__pycache__/__init__.cpython-312.pyc
index 2b838bcc0f19619ae7e71a173fb297beea4f86e6..1fcec0c046f2158df6adf556a1f235eaa2a9ed8a 100644
GIT binary patch
delta 168
zcmZ3@^o@!4G%qg~0}yPUl9|~(kynz@VWPUGObSB^OAbRWOB4$u1CY%MWV1%GGBQ-M
zX|hiYF}2fVyv18wlAoL%Uyzxcotc*o6yVD(Du^#A%1<dxF3HT#^V4Lz#ZbfyG`ffd
zM6iMgHW0x+ah4XN<;0_IYCJ$LBM=vh0ErLGjEszT8N}~0$lqm<xXU1Yk3psg<Td~r
C1}Lon

delta 94
zcmeyyw3><cG%qg~0}w3Tmyj7WkynyYW1_kyOC^gY>%<&WK|f8FTMR|aK=~pT5Wza}
oz80g!WG+TG1&}UAATH(u5+9fu85!>~h~H(9zsDd^!~qln0P*M(LjV8(

diff --git a/models/__pycache__/mrp_production.cpython-312.pyc b/models/__pycache__/mrp_production.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..79c6deac29178281eccc7cd5b81f2b8b66b8e274
GIT binary patch
literal 1613
zcma)6&2Jk;6rb5Ie-PVkQIK138mp$r0@+Y;fQA-Ys<c33B9)URvTSxH^*Y{Nv$Gr7
zkuBwrgDWAmNT84d3OPk69QYIHnTvx#wdR5mCvKFKOHa(~hvOgxF^BgxznS-&_xA0N
zsZ<iM_4OBq@k9jRckV<>4voX>%-8}5AlLvVtU^<$3Z_^UArQb#fP_teL=5Zk=-`pw
zXLs^dmD^HL{)3xEkt(K*aDz}~#lQ_jsHim!o$o~}JOvI{SY!)eP=yFo1q7?20I*c|
zIY;0?BjG!79|m?+VW?RB)Nus&kQ8B%yb1P0KsC`;iZPm6aGHybjXd2oY->GjI?YmZ
z?9+>?ZktWd#j1me>lnJLe(Grr!)>d24eP7wvgf+CRfIGa0;%X3NDoQ*xg;j};|?#f
z=oaXJdPreX)rCnfu)DAWZh(*10O$%GSdUsW0Yor*T30*)A&e2y35anCyK+ZtL83s=
zk(d^kmb=Ocr^ZF?#!f)U<IM4n;!Jg7B-x3RI8r)-8Z{ey)<m&meoF#vP>fgBpChiV
zua@pQw%1gBTlENb*3a-31yN=NvFYP6Q?s<Y44Mmj6~d#=Mcb#BHG-oAZQ^3{qxqsl
zMQp86iRYq;nnqMV7tQ_m2auo=!HpFs#kxb26JOA2gQ$kJhAr22+CE$Q3=2inX*zU5
zQuGY-qf{8Fj@`h1>|f+*g5iiynj~1x*=Rleq+GL2Tqa%(JE&b=Y`Znv(%JBpZDiZ8
zy;;^hR!vhw$hJsX({)UaGO`&^mjjyRU|`Ff>Ct;i&9=j5e*N`@$-yc8zd7M2$(KxQ
zfKlez`>lJe``vrpo-{l+^A|`ZuEE~>!`Z@KdN<uK-yF=|>QCj^)=p`=)GuBcoV(il
zV3^DAENw6KUwL<syV0wR@|S+f-}!!(i655wQ!}Idi+eM>GyPXT9OM_7Kg_<clip7E
zU%EWV&h_5=Et5ZZ`O3qy!@0K~B!4;e#%S&xUq61HCqHDwK&6<ZaaFZ66RRpsswyjk
z*WmV)>d$_-6K7pz6*gRl&o_--w^^q&%gHd$;iF132sg2X2rG@{;+E^z?OWiS<%ld7
zu}JW7AeWig1jEevja#F_rEli<D!Y~boc?nG^`-ns&Tia!Bxeug>{rtR`TS!cBQwS#
zP-X)&xR&2oDJoRry>|GuKD~gDyug3KLDpHmHD>ZO{#NkJtIh?s!T(+)$Hbo^gz#5T
ZH~@tw(lopVAIxvv{`~gefZP7@e*p8=sMi1h

literal 0
HcmV?d00001

diff --git a/models/__pycache__/restricted_models.cpython-312.pyc b/models/__pycache__/restricted_models.cpython-312.pyc
index ef071eded67610fc15befcde1ff5079fc186dd34..2c06866e8ff538347d8a389a08a9dd2e8985e7ea 100644
GIT binary patch
literal 8067
zcmeHMZ)_9i8Nc)S{3mwegd~L+2;NdCE;Jq;lt4*aRzlGhOq)PLEa=tTo$a&FKKH$I
z{uoDqL`B#?5=~puty9x!Qi+f@CQVvDb{{4oZ6EGtG^aPFA??$?p(T?#KJ9s5`w}Nj
z$k0fnt(<hv`|o+*d*A1M-k*Q(<KNfT)==>L?njdJ<3@`58!lK6Tgl9YX^NVp1WKS~
zDuPp+Os8!TTbhY5G%ho;J<Uc~nzB(MmGoKzET*FK7L0+Ph)b|vr6O({^#&!dS1G|E
z+LBG>wrY8cDVHK1qUi)p*BY8$qUi?Bnl&_QiKYiMy=!RJ5zSiAtXo6VM>Kt)S-*y6
z{Rkaw_&Z)+IA}8+X+;oa)nuYsDM*`+V@f(IWq5m)G4MuUbIkn$1Z)Idu>Ax!p+JLV
ze#(y83ska7-O45_CbY^pE!Yc8jJ{<n*U{7}J*};;>Uyh^KStePd0U*~ZRed7HOdxP
z!QKLG6SnWV?NB?)_JX8IZiou9;k>iAtGny<(}BDraJ=W#$w0m_(0`(<rz?<CMZ`%$
zpfj*jMR-a<#<cOsbc(|wpVLIs6%#c+5tZej!(_zFpjo3uFUTU7iKd~ESLAZeSsBP=
z-_40=#H5kxfYAcvdB}$nN?Hu5xrB&>k<gnXT0+V2VDyk8D9XM=AwH*SV01xHGHNKw
z^P;M9NK`c>@tUM$xC<j3{y?a_Q6Z~I6u5Ftdv?V1#YK&Si7G=-EeR@WfC+$oC^Zb?
zGIhVMc|0*5nHro<PM_2F9n-yCm%C=|&TGf79KRO65*|M=b#UtWyY`*4{_P*`dVkl4
zq4z^Y|DHd2_Kv?bc62QIonwFW?A7gi{{;zI+;180(M@(9248qAmznzpR9yo{5vd3*
zP!XFzM;OtbBqx1An`8uLjEd2M?W)__-iTw28m1%8UMgre>v}bXPxVKUm{7n3c^?>x
zPqhzO6@0ayxL`yNymNQqsQ-|jT+O#CzE?ewWc4_e27$I912t*blH|GWEKuL82S27`
za0&`c!7kW7U<&Nd>F?9Mt9@~Wg{$wa;`u9pSJG#FeK8dnYj)~88s2O2tURV*7uc0s
zR)WgpCTq0C^j2kSM;!$R+O0KPE!t))SD=S!6;558vgWneCO8CV!4YHP3l`184q1Am
z^nYsIpet-{zA%!F!ucR4&N>NjNM;z*p~PaUsF|!Rr6oudB#7u?!-c3Sw#Si@%W~?7
zs)=cHJM<$1s2uSpZo!}6*vY1Mu_y_qjl7u|FT%TMI(a3diNl)7z=1PaHJ23uFE~|<
zB0gc-)SPL@Q#0L(sLGMAl9PzG<IZ+jf>VusZN_EVRZ)(a4uQZe!iGd!u)tVmI#Mu+
zxN3T;j<o6KI9|q!=Tz+LWq1i(M&OPVY6FpfX6bopugnW8sDA+QIRJsjccbHaN6E9*
z@N6x4b{L)=df?Dq&*6KGTP6-pygL1o-gy4@u20!JXN<=4dfz!Lz2|3rjW>p`58t@>
z?Tgd<KkoRb<KxbcI!kSbjkd%3%i+6ir|$WKH=q6G?wQ^C{$BkIuZvPiOdDdlBqBpZ
zB{64+xuSn?>|3At{P$Y6e-NAQ``NjhsMz}Aulqg`K0S74kKWm*AL%b1IBT??Ew&7d
zJMQ_Kt`A+mG&QLE25!ba>AKTw_y+Wzvsk(Y=3qV43`1}`90r5BID*C;XV!2S8FK*C
zoayDbcXLr0BQ}&=oRk3=mNbMt+GGiU65E-z73=b%EOXopja~o^6|;ud$`%HCLLn?_
zaYF#a=U1s&U*PhI`>gBQz?Fe{o0E;ua}4G1m9wZFlt`C##>slJ?{7+cO3K7fk7ULC
zrZQ4y%T?_f)I9}D*tRbdSR#zm=ou{hAk4sW+^cv8hrNS9pKnQxBoNp_t$2hTSnLL|
z8un~i?t>QkVCdUG^y$;jN_t8urBoxOmQuq;YPgiTXrwL{{e>roKINkw!bbTT76<Vn
ztH9zAuEYXcei1C%)&dLMWu3vImTXkF!bdT?%-5BXLavloMu`XONvT{<h*JIFF-Xp%
zDOF~JDb-6rk$@x#E=-dkb(6G4@CaU^Hf{sz#Ev>2mv$8v?!2qgtw&luSQlQ7AlsHB
zh~+f|Jv<8~;7oL(%z4~dAnO^8Q(|yoN=UMRb8JqH#>KoNqi6vsW4a{ZR45abO{a#U
z85Mq>G28^*C<qC99*d;}3GKmkdqJ2!iv@BODn)*`-OyAaNJ|(}^AhK`APRp$#e`yG
z2vU!JI;!*W5}z{oREf_Te73}^2Co+V8iA<$O`E40XPaB5UcTwkoA%?};pvNd)7NL4
zw@oE(`fm^DyI<9tUVGqX+cu5+=Dn1^bt$7dRXosbw00L;POinH)<UvZz$^%h=dh6i
zAPDW*QH5l+i?j!4%Om10>y2b5QMO+}DIOe5MESZj%C-+JlvhTwr<X(6m#XLg=yLc7
zv;xoI7CnQYRc%%I@t98Y61TH3q!Wy~fiwp&WCJc)Yk|WzVbKVS!+7-p5MKa?74Jm2
z%Q}NY{n2a|DT7h@^{6Js6*Q7>h*oOaf%=fDrw{?V_GP{j?N}r<mUD2HbCfyFLh11^
zV#{*xvtR;y{szLt8NFZ7W64r1W5hD0m}<n-Qf$zO4Ho@F8+RKz1&c;lyn$CA06}2l
zt5qCgMVP={))^*z)<*S+5WH8le7)re?WkPy6eRv9K!Oz@IQ;~I%+BSv9`qJ?A?m?m
zArcaFJ^E^5Hd%q&D*RB(A;nc<x0{zaq6HZJ@L|;ev7UF6wij>j|4qlQI`q!B^>@;`
zqL!2)Lm4V51w$#6luL$k39d)a9<}M-z-PX;F9dMYcTVfQalJF4ACZa&l16K?*pm8h
zZyu+y$+5uiB5HhPE!4p3!3NVQEAcqQLrpvWpA9j1G!pgo;BtFR5@q<G3`gTlHw5#$
zL0d#<A1*sN+!sm>xWt~s|B#Y6E(z(7+Yn(r1k=bAXQ(n&!lCwut|R5}^DF3WDB`G)
zIsxJVL(}x1sk*;X+x|ke-mlp@_FSoEt5LIc>O`?-=Vj+V>~{Kvd9R0#(BplR=O)h0
wQ#e2GCpCkUg^7Yy(|~o3Pj*jq&r>)*zl-QpYF6t-bYhe8g#1r3GMVzf0g7U(%>V!Z

literal 7791
zcmeHMU2qfE72aKGCE1cK8{2@zkChsTm4MZxG`OUc&|sh~h#x~-RML&uy^<xZw94I;
ze}ov!3^SOdE%rmkW;z|nQ*i0D^r^fwlfKdE%c^23=ax>G=~Le_#hpoc>bZBdw(QzC
zq&3qYcE;!a?74UEJ@=eX-#z|aLqk0W&yPNQEBV_s9QSA1uphBnc^Kh2Zjw_tg;%*K
zEd`a&2vH&9h&p)McBsyb7!`R=;1HMc*%Qo{$bAdupik7JI4^P0I)OXLDdHtgaUmhq
zYQ3wKw;Wb0>Sda4(DbaJ>0_F8pjp3yW&_jof~Ic;%|@o#0Gf>}X!@C^A2gd*&}<sv
zL(PAo+lzz*;>u_WQgz~p<&q(u)T7}XM!KHVva++rAoMV(Ngn<j1RMrm6n+c`QRG27
zej=WC7P(Z7x?N3G&1ko2S#%a1asHNI_3_*?Bkkj_8G5T)-_KnYWg)@I!kcc6J1-VR
z#n}$;CWIf<IidHw*awnlwIMDfMhfn}-ow4Gp9~gU!2>6b9tjp&g8hejPxJ=!I>J&?
z3GNAQ)iGUC$Uy`d6E_-0a^6716Gw(T5L4BVi#SkrkklKovnrCZu?)PFHPx!Qs}m9N
z?L5LGgvYuIW(%_CksKb-GAOL)2M|_9!pBC80kAI^KCCI4_EJw+&g+Jji7ASf)x$Aa
zh7*wB7z~`04LAzv?1)4^5Vj60Y`;Q^Wc76CMu<Ow3<(yh4MBHO(Qz{@0PMr*5fG!?
zgT}V;f$`|n;EmLcGv-VCO<(V5?~K!Z`M|{kmm?P=<6oWHHTA+h=hm6Prt90TZMz=6
z7A^-~{DXJ<`0=rQW3hMl|K7XZbZ-AU6l`<9arpMFamq0H++(}U!*4>@WpEV4MR|pb
z3JM=}AZLn2`<ynbD2_2M&MU&DI{SE|t}$+ykGlJ~kdrj_8Je8#k6|>Rfe8wJFqE9`
z9<n>+T0fyCXI}atg!_B^<Z`}M^}X7Kq-y7>zEF4@HgJnU=Vs3pSCRW6*tQ5UP;?ZX
zKND_Mx81kg_m<eUUR=iSmw>O7-~RS|sW|Ml>HP*hY4$8Vr{Yw^rQa+CmMH+@#gDy1
z8f&=2XtUp^*4nlCvd9nfIz(Rrz*TV<#keEECj@)7=lRcP$&e>P)}0;6#UK(`Y}q~!
z;V|tWE-fC{kwHW?nMp#SVFlqw&1Yje>P}!SpOf?v-9Q<#3C6JrbcuP6H0L=GU@Gy=
zH<Jnx*k5+qhv|tCx2$CiG;9zDgccF?d=3FJNIHsPd4LFdo;c~!NZmk8m)KWX%;8Ni
z7*l^Dj(w5+({AF_ks2p11wuTT#p~$n^;A&MBHo&qC3TV{t8~wjPD9tik5Sx2wL3u+
z)-H^P?&@l&f_?|YXAtOK|J9x=Jr(bUl6OPJ+fnj%n8B~z^X|UivVLOM#NHdP+}`$)
zc=y!!-f~Ny>Fb;Ew_F{*GJN&iJLhif{GjLko)7lCzo*i<yVSYcd^K{f^XUCR=;oGR
zbWL}eJNwL2vWb!vlqsQ11>q9H6_hWbd^s>U_MMOYf&1;9*Ee6=d~@wjH{O2vPU{`x
zqwkqL$IV?Q%&xw2`^j<FeShnfp(_`r25-ji^xkb7yHNHYH9bck!rHlM2gBe<WZFYK
z5<^x=BJ~nQxjcZbM0}F;c0Q(3^o5p3N@f94lLn>{NJIvP%ub}CYDgKWsw7SGcspq5
zlm)zIS+fPIn2HAaA_(HMOWce<IC|)T=(&9Q;^|qzEgs_^Iyjf#s^T4>#D=Ug<~6Z1
zK9-cz$!y}}NDdX&Sg4n?y1EVMdj@>}v%rTbzG4ckH~@kK7h_n}4<zab495HmdXkC-
zL7V9e9aMCISO!qmFLpK?QYeZ&4M=&z{BF`rYn8NKO6!&Ma49`pNuMjF&y@qke+g2o
zc<rY94^#09-B1kz^w3T!sFCLppmQYzphH#}0UFq$9M<F*rGJG+EBw`JdqL=XU^R^M
zkk#Zo?tcsCdFKgO$m2N=ddi$<2XGl+Gm3}u87S*mS+95%pVE*Jfa8egU7wd16<y2l
zp~qM`)EHR|3mX^1g6$s+61;OQAT@lEAp)t(0dLM4k`{-%%Ro|9Xid!Pu>>l(vYHW0
zW{D>Wqz7kXDsdY)met|cm10Q9gF{f@7pPcBVepI4NBlNJld3$2{o+#hv{+2Amd3O#
zaBv%P=-m1zAXb^hoG?$uOgT}J(<M1wk#i+ESCRFStd|1@gPaGg>!w;}+S;dHz3DYu
zchcJK8|Tc{ugtV<oEo?pxP98}+H1DH_Gz8ixn|ry>*E4j=4sFE3uf2Ba{HlW$<9j1
zv<FOpsd%0mBnX0Wla3l>YMAFHv}(;rhpaX-9l^PN4X0&rBZLc$8Jz1LnrkmWrf0XY
zC37PGrMI!ipbz+fH17ipeHv=oPee!B7WkJ94Ailo1{VQfSe@(5N)i7p*dV52H{EFv
z#6Ly+lD82$WR)YnX<sgfwZWMBddxrx4UZI>W7VE+;3ur>S=|5MTt+(PS%>WglI;c-
z@tA8pQQ)s%>}GcCf15_cQ%G%`GW!)Xo~p#NrFgay*GqA|5+5wZ2g`w>RlSGM^em?0
zAl+#Y1dIJI)%@Bo8T)j|D#yOxK9my(^4hvlXtK||8(TfkBL6=)@<qk<h4ZiO#rF+-
z4Ezlrr(!O#5OObjDIl$OUb6-dbSn+FbZT?mB4@J!pdUV|{~E-q+zL8hzP<BTJ-_TR
z_k7=cD`RSUMH?z<Llv!9(ux)BLP@&-xydd21k)G%*x$J@zq#qI(~O)odt`H$Vs@c&
zd;AM?{yu70Do)bv20<_scy1*WphH5<#I0(H1f&azlm1Hy(~N+X6!p+{x26wT8R<Gm
zWgiArgz=X_2h!PeAhhWJ5Qun${x^{2I9X<dT|yWyVF1O}H_cgOhNhe!dA@F?X1{^o
zgeFa{=o275b?`j@N3QV`ZsVW0jtBJ{#-6X#Zz$Dom^xIh-#Y64tJBHvnDu%2WBm9V
zlV>K*%yP6o8(=+ylf{Xm-P25U4on`NI6TYI`s_BQQ|(!96w`@MsuSwp*vxFn{{Ztb
BL_z=n

diff --git a/models/__pycache__/stock_picking.cpython-312.pyc b/models/__pycache__/stock_picking.cpython-312.pyc
new file mode 100644
index 0000000000000000000000000000000000000000..4e9434b72e36666cfba11ec6060fcbe4b28edf3f
GIT binary patch
literal 1606
zcma)6&2Jk;6rcUJgA=zwrA~|87($Q*@&Xko(8PyQHAM&$DV!{k)n;cBujAb{JL|}f
zY$=BvTnVW~LJARwkW+-hfj<GxT$~z&HHS8c6Sow@r6*?g!*P&;n8Ta*-u&LY-@LbP
ze;OYj19W};rD;Bv0r;I6(UL-CaGNT-00PKWfyI?Li!bq(P!c%6gGB)O9RLNyRbo-#
z*?uGhdP!=EIq45(<OCvH4n$Q<<TVpjAtr)eGmWz#0KzCRSfk!ufIx|Zpu|J2B=7)<
z6`%8H0H7?s6OOpRSCT18sa!gbU=|c343u`jQ3xo-n{rMeiDl0*HkM3d!?f48#xb+<
zlo>P0tY$b?t?nVsMc8vq!_z*i>s8ZhYDO6u8`^5!^Bg<J5hVl?p>9GWq~vE3sbo(Z
z%u??zXn{&dV05eSqgJ4|xfZwsKHUVM&9}Hp)R++<<f4bQg$oe;5FuWG7#6TCwS)$T
zWe&7Ny7P3G+VTZa!;-d@3lP#UbF3x1iI#%LS}`1ha*NlZR)f!LP&sEeM9>7eSaIux
zpcCt^Q?F^huGKMew<ayOmJhsC3w&43`z+no*C{j|_9}!&or{hyuj&|uXSj(yWPNfs
zClUeKn?z)}NW83L&Cf;B|NQ~PiHK2k%^j!RAxiZ5TsE<0+MCGs9JlFHCC^b;#G6cn
zM#zXvQaj3npyoPN<oo``oWv<EV2tB5;dHc~X=>TAkc#VN<ie)9)bz@ZZP2+>9q2f3
zzN;E_T1rcY(6O<q8wSE>8BNF5Rs))9Fso`%_wYISTGM6IzIAhXWMuOHZ$wxi-lJk0
zoFt!r(74}t(7xa9i2bYA{{&a#h0fyXB*?yUIB_u1RTq2H_qvI6|5|20znAak7JAnT
zoe%rz?EcE$O852md+9r!;;9T?y7?%({QU+MKdf{U8RnTi%p7F8Z+zU#E>TZE_2T}-
z-bDA+_j;*YoezFXW{+Q6_;IQ~H~&!i<<i?Ha|{0dRHY0ClpHAL#z;)lY~4bdM#eOa
z7NTBddP4I@KRk)izS0_-p3BCYD7PKjE8TXJ)N<LRk|abmWJ65LV|%FK`K9|7xKj*~
zVnT@on+7~b#SZ8vGu!u0X5RYd?qTtu*u7=^JOjI8_C!i;FaIi~j-}LBS9;Qor~H&u
z7zjX~_O;+rc3&|k6Or}WWtaNo0y@%1?C%@ooMuNu9?xR)!6OUq%k+T#y6|->P6dwR
bo`9KSF!PsqgDX6IXLtUK`M&{G{osE9=(?q6

literal 0
HcmV?d00001

diff --git a/models/mrp_production.py b/models/mrp_production.py
new file mode 100644
index 0000000..32abdfd
--- /dev/null
+++ b/models/mrp_production.py
@@ -0,0 +1,24 @@
+from odoo import models, fields, api
+
+class MrpProduction(models.Model):
+    _inherit = 'mrp.production'
+
+    restrict_quality_check_button = fields.Boolean(compute='_compute_restrict_quality_check_button')
+
+    @api.depends_context('uid')
+    def _compute_restrict_quality_check_button(self):
+        user = self.env.user
+        for production in self:
+            is_inventory_user = user.has_group('stock.group_stock_user')
+            is_mrp_user = user.has_group('mrp.group_mrp_user')
+            is_mrp_manager = user.has_group('mrp.group_mrp_manager')
+
+            is_restricted_role = is_inventory_user or is_mrp_user or is_mrp_manager
+
+            is_quality_manager = user.has_group('quality.group_quality_manager')
+            is_system = user.has_group('base.group_system')
+
+            if is_restricted_role and not (is_quality_manager or is_system):
+                production.restrict_quality_check_button = True
+            else:
+                production.restrict_quality_check_button = False
diff --git a/models/restricted_models.py b/models/restricted_models.py
index 295656c..aac09b3 100644
--- a/models/restricted_models.py
+++ b/models/restricted_models.py
@@ -1,6 +1,6 @@
 import logging
 from odoo import models, api
-from odoo.osv import expression
+from odoo.fields import Domain
 
 _logger = logging.getLogger(__name__)
 
@@ -14,35 +14,35 @@ class StockWarehouse(models.Model):
     _inherit = 'stock.warehouse'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_ids = get_allowed_ids(self.env, 'res_users_stock_warehouse_rel', 'warehouse_id', self.env.user.id)
             if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+                domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
 class StockPickingType(models.Model):
     _inherit = 'stock.picking.type'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_ids = get_allowed_ids(self.env, 'res_users_stock_picking_type_rel', 'picking_type_id', self.env.user.id)
             if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+                domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
 class StockLocation(models.Model):
     _inherit = 'stock.location'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_ids = get_allowed_ids(self.env, 'res_users_stock_location_rel', 'location_id', self.env.user.id)
             if allowed_ids:
@@ -52,44 +52,44 @@ class StockLocation(models.Model):
                     ('id', 'child_of', allowed_ids),
                     ('usage', 'not in', ['internal', 'transit'])
                 ]
-                domain = expression.AND([domain or [], restrict_domain])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+                domain = list(Domain(domain or []) & Domain(restrict_domain))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
 class MrpWorkcenter(models.Model):
     _inherit = 'mrp.workcenter'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_ids = get_allowed_ids(self.env, 'res_users_mrp_workcenter_rel', 'workcenter_id', self.env.user.id)
             if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+                domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
 class ApprovalCategory(models.Model):
     _inherit = 'approval.category'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
             if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+                domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
 class ApprovalRequest(models.Model):
     _inherit = 'approval.request'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_category_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
             if allowed_category_ids:
-                domain = expression.AND([domain or [], [('category_id', 'in', allowed_category_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+                domain = list(Domain(domain or []) & Domain([('category_id', 'in', allowed_category_ids)]))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
diff --git a/models/stock_picking.py b/models/stock_picking.py
new file mode 100644
index 0000000..ff34b74
--- /dev/null
+++ b/models/stock_picking.py
@@ -0,0 +1,34 @@
+from odoo import models, fields, api
+
+class StockPicking(models.Model):
+    _inherit = 'stock.picking'
+
+    restrict_quality_check_button = fields.Boolean(compute='_compute_restrict_quality_check_button')
+
+    @api.depends_context('uid')
+    def _compute_restrict_quality_check_button(self):
+        user = self.env.user
+        for picking in self:
+            # Check if user is in restricted groups (Inventory User or MPS User/Manager)
+            # MPS user usually relates to Manufacturing Manager or User, but user specifically asked for "MPS User".
+            # Since there is no widespread "MPS User" group in standard, we assume it falls under Manufacturing.
+            # However, we will check strictly for the groups mentioned in the request:
+            # Inventory User: stock.group_stock_user
+            # Manufacturing User: mrp.group_mrp_user
+            # MPS User: mrp.group_mrp_manager (often implies MPS access)
+            
+            is_inventory_user = user.has_group('stock.group_stock_user')
+            is_mrp_user = user.has_group('mrp.group_mrp_user')
+            is_mrp_manager = user.has_group('mrp.group_mrp_manager')
+
+            # User is possibly restricted if they have one of these basic roles
+            is_restricted_role = is_inventory_user or is_mrp_user or is_mrp_manager
+
+            # But we must NOT hide if they are Quality Manager or System Admin
+            is_quality_manager = user.has_group('quality.group_quality_manager')
+            is_system = user.has_group('base.group_system')
+
+            if is_restricted_role and not (is_quality_manager or is_system):
+                picking.restrict_quality_check_button = True
+            else:
+                picking.restrict_quality_check_button = False
diff --git a/security/ir.model.access.csv b/security/ir.model.access.csv
index 8ec2cb7..08145a0 100644
--- a/security/ir.model.access.csv
+++ b/security/ir.model.access.csv
@@ -1,2 +1,2 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-access_stock_valuation_layer_internal_user,stock.valuation.layer.internal.user,stock_account.model_stock_valuation_layer,base.group_user,1,0,0,0
+
diff --git a/security/ir_rule.xml b/security/ir_rule.xml
index f87d7b5..a5ab54d 100644
--- a/security/ir_rule.xml
+++ b/security/ir_rule.xml
@@ -60,16 +60,7 @@
         </record>
 
         <!-- New rules to satisfy Inventory Reporting requirements -->
-        <record id="stock_valuation_layer_permissive_rule" model="ir.rule">
-            <field name="name">Stock Valuation Layer Permissive Access</field>
-            <field name="model_id" ref="stock_account.model_stock_valuation_layer"/>
-            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
-        </record>
+
 
         <record id="stock_quant_permissive_rule" model="ir.rule">
             <field name="name">Stock Quant Permissive Access</field>
diff --git a/views/mrp_production_views.xml b/views/mrp_production_views.xml
new file mode 100644
index 0000000..259b0e4
--- /dev/null
+++ b/views/mrp_production_views.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <!-- Inherit from quality_mrp view -->
+    <record id="view_mrp_production_form_inherit_access_restriction" model="ir.ui.view">
+        <field name="name">mrp.production.view.form.inherit.access.restriction</field>
+        <field name="model">mrp.production</field>
+        <field name="inherit_id" ref="quality_mrp.mrp_production_view_form_inherit_quality"/>
+        <field name="arch" type="xml">
+            <field name="state" position="before">
+                 <field name="restrict_quality_check_button" invisible="1"/>
+            </field>
+
+            <!-- Header Button -->
+            <xpath expr="//button[@name='check_quality']" position="attributes">
+                <attribute name="invisible">not quality_check_todo or restrict_quality_check_button</attribute>
+            </xpath>
+
+             <!-- Smart Buttons -->
+            <xpath expr="//button[@name='%(quality_mrp.quality_check_action_mo)d'][1]" position="attributes">
+                <attribute name="invisible">not check_ids or quality_check_fail or not quality_check_todo or restrict_quality_check_button</attribute>
+            </xpath>
+            <xpath expr="//button[@name='%(quality_mrp.quality_check_action_mo)d'][2]" position="attributes">
+                <attribute name="invisible">not check_ids or quality_check_fail or quality_check_todo or restrict_quality_check_button</attribute>
+            </xpath>
+             <xpath expr="//button[@name='%(quality_mrp.quality_check_action_mo)d'][3]" position="attributes">
+                <attribute name="invisible">not check_ids or not quality_check_fail or restrict_quality_check_button</attribute>
+            </xpath>
+
+        </field>
+    </record>
+</odoo>
diff --git a/views/stock_picking_views.xml b/views/stock_picking_views.xml
new file mode 100644
index 0000000..4fe956a
--- /dev/null
+++ b/views/stock_picking_views.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <!-- Inherit from the quality control view that adds the button -->
+    <!-- We need to ensure we target the right buttons. The Quality Checks button is added by quality_control/views/stock_picking_views.xml -->
+    <!-- The button names are 'check_quality', 'open_quality_alert_picking', 'action_open_quality_check_picking' -->
+    
+    <record id="view_picking_form_inherit_access_restriction" model="ir.ui.view">
+        <field name="name">stock.picking.view.form.inherit.access.restriction</field>
+        <field name="model">stock.picking</field>
+        <field name="inherit_id" ref="quality_control.stock_picking_view_form_inherit_quality"/>
+        <field name="arch" type="xml">
+            <field name="state" position="before">
+                <field name="restrict_quality_check_button" invisible="1"/>
+            </field>
+            
+            <!-- Hide the 'Quality Checks' button (header) -->
+            <xpath expr="//button[@name='check_quality']" position="attributes">
+                <attribute name="invisible">not quality_check_todo or state in ('done', 'cancel') or restrict_quality_check_button</attribute>
+            </xpath>
+
+            <!-- Hide the 'Quality Checks' smart buttons -->
+            <!-- There are multiple buttons with same name/icon but different states/colors -->
+            <!-- We target all of them if possible, or specifically by their index/attributes -->
+            
+            <xpath expr="//button[@name='action_open_quality_check_picking'][1]" position="attributes">
+                 <attribute name="invisible">not check_ids or quality_check_fail or not quality_check_todo or restrict_quality_check_button</attribute>
+            </xpath>
+             <xpath expr="//button[@name='action_open_quality_check_picking'][2]" position="attributes">
+                 <attribute name="invisible">not check_ids or quality_check_fail or quality_check_todo or restrict_quality_check_button</attribute>
+            </xpath>
+             <xpath expr="//button[@name='action_open_quality_check_picking'][3]" position="attributes">
+                 <attribute name="invisible">not check_ids or not quality_check_fail or restrict_quality_check_button</attribute>
+            </xpath>
+            
+        </field>
+    </record>
+</odoo>