refactor: Replace with_context(bypass_user_restriction=True) with sudo() in sale order methods.

.gitignore

@@ -0,0 +1,37 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Odoo
+*.log
+.pylintrc
+.pylint.d/
+
+# VS Code
+.vscode/
+
+# PyCharm
+.idea/
+
+# Translations
+*.pot
+*.po

README.md

@@ -10,6 +10,7 @@ Restrict visibility of the following records based on User configuration:
 *   **Locations** (`stock.location`)
 *   **Work Centers** (`mrp.workcenter`)
 *   **Approval Categories** (`approval.category`)
+*   **Quality Checks Button** (on Manufacturing Orders and Inventory Transfers)
 
 ## Configuration
 
@@ -29,6 +30,16 @@ Restrict visibility of the following records based on User configuration:
 *   **Populated List = Restricted**: If one or more records are added, the user will **ONLY** see those specific records.
 *   **Superuser**: The Superuser (OdooBot) and administrators bypassing access rights are not affected by these restrictions.
 
+## Quality Checks Button Restriction
+
+The visibility of the "Quality Checks" and "Quality Alert" buttons on **Manufacturing Orders** and **Inventory Transfers** is controlled by a specific user setting.
+
+To allow a user to see these buttons:
+1.  Navigate to **Settings > Users & Companies > Users**.
+2.  Enable the checkbox **"Is Allowed todo Quality Checks?"** in the **Access Restrictions** tab.
+
+By default, this setting is unchecked, meaning users will **NOT** see these buttons unless explicitly allowed.
+
 ## Technical Details
 
 This module overrides the `_search` method on the target models to apply a domain filter based on the current user's allowed list. This ensures consistency across views (list, kanban, many2one dropdowns) and avoids common issues associated with Record Rules.

__manifest__.py

@@ -1,6 +1,6 @@
 {
     'name': 'Access Restriction By User',
-    'version': '18.0.1.0.0',
+    'version': '19.0.1.0.1',
     'summary': 'Restrict access to Warehouses, Picking Types, Locations, Work Centers, and Approvals by User',
     'description': """
         Restricts visibility of:
@@ -16,12 +16,14 @@
     """,
     'category': 'Extra Tools',
     'author': 'Suherdy Yacob',
-    'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale'],
+    'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale', 'quality_mrp'],
     'data': [
         'security/ir.model.access.csv',
         'security/ir_rule.xml',
         'security/ir_actions_act_window.xml',
         'views/res_users_views.xml',
+        'views/mrp_production_v19.xml',
+        'views/stock_picking_v19.xml',
     ],
     'installable': True,
     'application': False,

models/__init__.py

@@ -1,4 +1,8 @@
 from . import res_users
 from . import restricted_models
 from . import sale_order
-
+from . import mrp_production
+from . import stock_picking
+from . import approval_request
+from . import procurement_group
+from . import stock_move

models/approval_request.py

@@ -0,0 +1,40 @@
+from odoo import models, api
+from odoo.fields import Domain
+
+def get_allowed_ids(env, table_name, col_name, user_id):
+    # Use SQL to avoid ORM recursion or self-filtering issues
+    query = f"SELECT {col_name} FROM {table_name} WHERE user_id = %s"
+    env.cr.execute(query, (user_id,))
+    return [r[0] for r in env.cr.fetchall()]
+
+class ApprovalCategory(models.Model):
+    _inherit = 'approval.category'
+
+    @api.model
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
+        if self.env.context.get('bypass_user_restriction'):
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+        if not self.env.su and not self.env.user.has_group('base.group_system'):
+            allowed_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
+            if allowed_ids:
+                domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+
+class ApprovalRequest(models.Model):
+    _inherit = 'approval.request'
+
+    @api.model
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
+        if self.env.context.get('bypass_user_restriction'):
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+        if not self.env.su and not self.env.user.has_group('base.group_system'):
+            allowed_category_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
+            if allowed_category_ids:
+                domain = list(Domain(domain or []) & Domain([('category_id', 'in', allowed_category_ids)]))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+
+    def action_confirm(self):
+        return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_confirm()
+
+    def action_approve(self):
+        return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_approve()

models/mrp_production.py

@@ -0,0 +1,21 @@
+from odoo import models, fields, api
+
+class MrpProduction(models.Model):
+    _inherit = 'mrp.production'
+
+    hide_quality_check_button = fields.Boolean(compute='_compute_hide_quality_check_button')
+
+    @api.depends_context('uid')
+    def _compute_hide_quality_check_button(self):
+        for record in self:
+            record.hide_quality_check_button = not self.env.user.allowed_quality_checks
+
+    def action_confirm(self):
+        return super(MrpProduction, self.with_context(bypass_user_restriction=True)).action_confirm()
+
+    def button_mark_done(self):
+        return super(MrpProduction, self.with_context(bypass_user_restriction=True)).button_mark_done()
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        return super(MrpProduction, self.with_context(bypass_user_restriction=True)).create(vals_list)

models/procurement_group.py

@@ -0,0 +1,8 @@
+from odoo import models, api
+
+class StockRule(models.Model):
+    _inherit = 'stock.rule'
+
+    @api.model
+    def run(self, procurements, raise_user_error=True):
+        return super(StockRule, self.with_context(bypass_user_restriction=True)).run(procurements, raise_user_error=raise_user_error)

models/res_users.py

@@ -47,3 +47,10 @@ class ResUsers(models.Model):
         string="Allowed Approvals",
         help="Approval Categories this user is allowed to access. Leave empty to restrict access to none."
     )
+
+    allowed_quality_checks = fields.Boolean(
+        string="Is Allowed todo Quality Checks?",
+        default=False,
+        help="If checked, this user can see the Quality Checks button on Manufacturing Orders.",
+        prefetch=False,
+    )

models/restricted_models.py

@@ -1,6 +1,6 @@
 import logging
 from odoo import models, api
-from odoo.osv import expression
+from odoo.fields import Domain
 
 _logger = logging.getLogger(__name__)
 
@@ -14,35 +14,35 @@ class StockWarehouse(models.Model):
     _inherit = 'stock.warehouse'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_ids = get_allowed_ids(self.env, 'res_users_stock_warehouse_rel', 'warehouse_id', self.env.user.id)
             if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
+                domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
 class StockPickingType(models.Model):
     _inherit = 'stock.picking.type'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_ids = get_allowed_ids(self.env, 'res_users_stock_picking_type_rel', 'picking_type_id', self.env.user.id)
             if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
+                domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
 class StockLocation(models.Model):
     _inherit = 'stock.location'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_ids = get_allowed_ids(self.env, 'res_users_stock_location_rel', 'location_id', self.env.user.id)
             if allowed_ids:
@@ -52,44 +52,19 @@ class StockLocation(models.Model):
                     ('id', 'child_of', allowed_ids),
                     ('usage', 'not in', ['internal', 'transit'])
                 ]
-                domain = expression.AND([domain or [], restrict_domain])
+                domain = Domain(domain or []) & Domain(restrict_domain)
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
 class MrpWorkcenter(models.Model):
     _inherit = 'mrp.workcenter'
 
     @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
         if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
         if not self.env.su and not self.env.user.has_group('base.group_system'):
             allowed_ids = get_allowed_ids(self.env, 'res_users_mrp_workcenter_rel', 'workcenter_id', self.env.user.id)
             if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
+                domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
 
-class ApprovalCategory(models.Model):
-    _inherit = 'approval.category'
-
-    @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
-        if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
-        if not self.env.su and not self.env.user.has_group('base.group_system'):
-            allowed_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
-            if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
-
-class ApprovalRequest(models.Model):
-    _inherit = 'approval.request'
-
-    @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
-        if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
-        if not self.env.su and not self.env.user.has_group('base.group_system'):
-            allowed_category_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
-            if allowed_category_ids:
-                domain = expression.AND([domain or [], [('category_id', 'in', allowed_category_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)

models/sale_order.py

@@ -4,4 +4,10 @@ class SaleOrder(models.Model):
     _inherit = 'sale.order'
 
     def action_confirm(self):
-        return super(SaleOrder, self.with_context(bypass_user_restriction=True)).action_confirm()
+        return super(SaleOrder, self.sudo()).action_confirm()
+
+    def _action_confirm(self):
+        return super(SaleOrder, self.sudo())._action_confirm()
+
+    def _action_launch_stock_rule(self, previous_product_uom_qty=False):
+        return super(SaleOrder, self.sudo())._action_launch_stock_rule(previous_product_uom_qty=previous_product_uom_qty)

models/stock_move.py

@@ -0,0 +1,8 @@
+from odoo import models, api
+
+class StockMove(models.Model):
+    _inherit = 'stock.move'
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        return super(StockMove, self.with_context(bypass_user_restriction=True)).create(vals_list)

models/stock_picking.py

@@ -0,0 +1,21 @@
+from odoo import models, fields, api
+
+class StockPicking(models.Model):
+    _inherit = 'stock.picking'
+
+    hide_quality_check_button = fields.Boolean(compute='_compute_hide_quality_check_button')
+
+    @api.depends_context('uid')
+    def _compute_hide_quality_check_button(self):
+        for record in self:
+            record.hide_quality_check_button = not self.env.user.allowed_quality_checks
+
+    def action_confirm(self):
+        return super(StockPicking, self.with_context(bypass_user_restriction=True)).action_confirm()
+
+    def button_validate(self):
+        return super(StockPicking, self.with_context(bypass_user_restriction=True)).button_validate()
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        return super(StockPicking, self.with_context(bypass_user_restriction=True)).create(vals_list)

security/ir.model.access.csv

@@ -1,2 +1,2 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-access_stock_valuation_layer_internal_user,stock.valuation.layer.internal.user,stock_account.model_stock_valuation_layer,base.group_user,1,0,0,0
+

security/ir_rule.xml

@@ -60,16 +60,7 @@
         </record>
 
         <!-- New rules to satisfy Inventory Reporting requirements -->
-        <record id="stock_valuation_layer_permissive_rule" model="ir.rule">
+
-            <field name="name">Stock Valuation Layer Permissive Access</field>
-            <field name="model_id" ref="stock_account.model_stock_valuation_layer"/>
-            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
-        </record>
 
         <record id="stock_quant_permissive_rule" model="ir.rule">
             <field name="name">Stock Quant Permissive Access</field>

views/mrp_production_v19.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <record id="mrp_production_view_form_inherit_access_restriction_v19" model="ir.ui.view">
+        <field name="name">mrp.production.view.form.inherit.access.restriction</field>
+        <field name="model">mrp.production</field>
+        <field name="priority">99999</field>
+        <field name="inherit_id" ref="mrp.mrp_production_form_view"/>
+        <field name="arch" type="xml">
+            <sheet position="inside">
+                <field name="hide_quality_check_button" invisible="1"/>
+            </sheet>
+            <xpath expr="//button[@name='check_quality']" position="attributes">
+                <attribute name="invisible">hide_quality_check_button</attribute>
+            </xpath>
+             <xpath expr="//button[@name='button_quality_alert']" position="attributes">
+                <attribute name="invisible">hide_quality_check_button</attribute>
+            </xpath>
+        </field>
+    </record>
+</odoo>

views/res_users_views.xml

@@ -16,6 +16,7 @@
                         <group string="Manufacturing &amp; others">
                             <field name="allowed_workcenter_ids" widget="many2many_tags"/>
                             <field name="allowed_approval_category_ids" widget="many2many_tags"/>
+                            <field name="allowed_quality_checks"/>
                         </group>
                     </group>
                 </page>

views/stock_picking_v19.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<odoo>
+    <record id="stock_picking_view_form_inherit_access_restriction_v19" model="ir.ui.view">
+        <field name="name">stock.picking.view.form.inherit.access.restriction</field>
+        <field name="model">stock.picking</field>
+        <field name="priority">1000</field>
+        <field name="inherit_id" ref="stock.view_picking_form"/>
+        <field name="arch" type="xml">
+            <xpath expr="//sheet" position="inside">
+                <field name="hide_quality_check_button" invisible="1"/>
+            </xpath>
+            <xpath expr="//button[@name='check_quality']" position="attributes">
+                <attribute name="invisible">hide_quality_check_button</attribute>
+            </xpath>
+             <xpath expr="//button[@name='button_quality_alert']" position="attributes">
+                <attribute name="invisible">hide_quality_check_button</attribute>
+            </xpath>
+        </field>
+    </record>
+</odoo>