feat: Add mrp.production.backorder and mrp.consumption.warning models to bypass user restrictions for their respective actions.

feat: Re-enable user restrictions for stock picking types and introduce purchase order bypass for confirmation and approval.
refactor: remove _search method override from MrpWorkcenter
2026-02-16 16:45:47 +07:00 · 2026-02-12 16:23:17 +07:00 · 2026-02-12 14:36:28 +07:00 · 2026-02-12 10:23:13 +07:00 · 2026-02-11 15:29:52 +07:00 · 2026-02-02 17:13:47 +07:00
23 changed files with 264 additions and 156 deletions
--- a/manifest.py
+++ b/manifest.py
@ -1,6 +1,6 @@
 {
    'name': 'Access Restriction By User',
-    'version': '18.0.1.0.0',
+    'version': '19.0.1.0.1',
    'summary': 'Restrict access to Warehouses, Picking Types, Locations, Work Centers, and Approvals by User',
    'description': """
        Restricts visibility of:
@ -16,14 +16,14 @@
    """,
    'category': 'Extra Tools',
    'author': 'Suherdy Yacob',
-    'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale', 'quality_mrp', 'quality_control'],
+    'depends': ['base', 'stock', 'mrp', 'approvals', 'stock_account', 'sale', 'quality_mrp'],
    'data': [
        'security/ir.model.access.csv',
        'security/ir_rule.xml',
        'security/ir_actions_act_window.xml',
        'views/res_users_views.xml',
-        'views/mrp_production_views.xml',
-        'views/stock_picking_views.xml',
+        'views/mrp_production_v19.xml',
+        'views/stock_picking_v19.xml',
    ],
    'installable': True,
    'application': False,
--- a/pycache/init.cpython-312.pyc
+++ b/pycache/init.cpython-312.pyc
--- a/models/init.py
+++ b/models/init.py
@ -3,4 +3,10 @@ from . import restricted_models
 from . import sale_order
 from . import mrp_production
 from . import stock_picking
-
+from . import mrp_consumption_warning
+from . import mrp_production_backorder
+from . import approval_request
+from . import procurement_group
+from . import stock_move
+from . import report_stock_quantity
+from . import purchase_order
--- a/models/pycache/init.cpython-312.pyc
+++ b/models/pycache/init.cpython-312.pyc
--- a/models/pycache/res_users.cpython-312.pyc
+++ b/models/pycache/res_users.cpython-312.pyc
--- a/models/pycache/restricted_models.cpython-312.pyc
+++ b/models/pycache/restricted_models.cpython-312.pyc
--- a/models/pycache/sale_order.cpython-312.pyc
+++ b/models/pycache/sale_order.cpython-312.pyc
--- a/models/approval_request.py
+++ b/models/approval_request.py
@ -0,0 +1,40 @@
+from odoo import models, api
+from odoo.fields import Domain
+
+def get_allowed_ids(env, table_name, col_name, user_id):
+    # Use SQL to avoid ORM recursion or self-filtering issues
+    query = f"SELECT {col_name} FROM {table_name} WHERE user_id = %s"
+    env.cr.execute(query, (user_id,))
+    return [r[0] for r in env.cr.fetchall()]
+
+class ApprovalCategory(models.Model):
+    _inherit = 'approval.category'
+
+    @api.model
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
+        if self.env.context.get('bypass_user_restriction'):
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+        if not self.env.su and not self.env.user.has_group('base.group_system'):
+            allowed_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
+            if allowed_ids:
+                domain = list(Domain(domain or []) & Domain([('id', 'in', allowed_ids)]))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+
+class ApprovalRequest(models.Model):
+    _inherit = 'approval.request'
+
+    @api.model
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
+        if self.env.context.get('bypass_user_restriction'):
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+        if not self.env.su and not self.env.user.has_group('base.group_system'):
+            allowed_category_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
+            if allowed_category_ids:
+                domain = list(Domain(domain or []) & Domain([('category_id', 'in', allowed_category_ids)]))
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+
+    def action_confirm(self):
+        return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_confirm()
+
+    def action_approve(self):
+        return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_approve()
--- a/models/mrp_consumption_warning.py
+++ b/models/mrp_consumption_warning.py
@ -0,0 +1,10 @@
+from odoo import models
+
+class MrpConsumptionWarning(models.TransientModel):
+    _inherit = 'mrp.consumption.warning'
+
+    def action_confirm(self):
+        return super(MrpConsumptionWarning, self.with_context(bypass_user_restriction=True)).action_confirm()
+
+    def action_set_qty(self):
+        return super(MrpConsumptionWarning, self.with_context(bypass_user_restriction=True)).action_set_qty()
--- a/models/mrp_production.py
+++ b/models/mrp_production.py
@ -5,13 +5,9 @@ class MrpProduction(models.Model):

    hide_quality_check_button = fields.Boolean(compute='_compute_hide_quality_check_button')

-    @api.depends('product_id')
    @api.depends_context('uid')
    def _compute_hide_quality_check_button(self):
        for record in self:
-            # Logic: Hide logic is inverse of "is allowed"
-            # If allowed_quality_checks is True, hide = False
-            # If allowed_quality_checks is False, hide = True
            record.hide_quality_check_button = not self.env.user.allowed_quality_checks

    def action_confirm(self):
@ -19,3 +15,7 @@ class MrpProduction(models.Model):

    def button_mark_done(self):
        return super(MrpProduction, self.with_context(bypass_user_restriction=True)).button_mark_done()
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        return super(MrpProduction, self.with_context(bypass_user_restriction=True)).create(vals_list)
--- a/models/mrp_production_backorder.py
+++ b/models/mrp_production_backorder.py
@ -0,0 +1,10 @@
+from odoo import models
+
+class MrpProductionBackorder(models.TransientModel):
+    _inherit = 'mrp.production.backorder'
+
+    def action_backorder(self):
+        return super(MrpProductionBackorder, self.with_context(bypass_user_restriction=True)).action_backorder()
+
+    def action_close_mo(self):
+        return super(MrpProductionBackorder, self.with_context(bypass_user_restriction=True)).action_close_mo()
--- a/models/procurement_group.py
+++ b/models/procurement_group.py
@ -0,0 +1,8 @@
+from odoo import models, api
+
+class StockRule(models.Model):
+    _inherit = 'stock.rule'
+
+    @api.model
+    def run(self, procurements, raise_user_error=True):
+        return super(StockRule, self.with_context(bypass_user_restriction=True)).run(procurements, raise_user_error=raise_user_error)
--- a/models/purchase_order.py
+++ b/models/purchase_order.py
@ -0,0 +1,10 @@
+from odoo import models
+
+class PurchaseOrder(models.Model):
+    _inherit = 'purchase.order'
+
+    def button_confirm(self):
+        return super(PurchaseOrder, self.with_context(bypass_user_restriction=True)).button_confirm()
+
+    def button_approve(self, force=False):
+        return super(PurchaseOrder, self.with_context(bypass_user_restriction=True)).button_approve(force=force)
--- a/models/report_stock_quantity.py
+++ b/models/report_stock_quantity.py
@ -0,0 +1,23 @@
+from odoo import models, api
+from odoo.osv import expression
+
+class ReportStockQuantity(models.Model):
+    _inherit = 'report.stock.quantity'
+
+    @api.model
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
+        user = self.env.user
+        # START Custom Restriction Logic
+        # Bylass for System admins or explicit bypass context
+        if not user.has_group('base.group_system') and not self.env.context.get('bypass_user_restriction'):
+            allowed_wh = user.allowed_warehouse_ids | user.allowed_location_ids.warehouse_id
+            # If user has specific allowed warehouses/locations, restrict report
+            if allowed_wh:
+                domain = expression.AND([domain, [('warehouse_id', 'in', allowed_wh.ids)]])
+                
+            # Note: If allowed_wh is empty but allowed_location_ids is NOT empty, it means 
+            # the allowed locations don't belong to any warehouse (unlikely) or just user config issue.
+            # If BOTH are empty, we fall back to standard access (All).
+        # END Custom Restriction Logic
+        
+        return super()._search(domain, offset, limit, order, **kwargs)
--- a/models/res_users.py
+++ b/models/res_users.py
@ -51,6 +51,6 @@ class ResUsers(models.Model):
    allowed_quality_checks = fields.Boolean(
        string="Is Allowed todo Quality Checks?",
        default=False,
+        help="If checked, this user can see the Quality Checks button on Manufacturing Orders.",
        prefetch=False,
-        help="If checked, this user can see the Quality Checks button on Manufacturing Orders."
    )
--- a/models/restricted_models.py
+++ b/models/restricted_models.py
@ -1,6 +1,6 @@
 import logging
 from odoo import models, api
-from odoo.osv import expression
+from odoo.fields import Domain

 _logger = logging.getLogger(__name__)

@ -14,88 +14,42 @@ class StockWarehouse(models.Model):
    _inherit = 'stock.warehouse'

    @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
        if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
        if not self.env.su and not self.env.user.has_group('base.group_system'):
            allowed_ids = get_allowed_ids(self.env, 'res_users_stock_warehouse_rel', 'warehouse_id', self.env.user.id)
            if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+                domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)

 class StockPickingType(models.Model):
    _inherit = 'stock.picking.type'

    @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
+    def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
        if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
+            return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
        if not self.env.su and not self.env.user.has_group('base.group_system'):
            allowed_ids = get_allowed_ids(self.env, 'res_users_stock_picking_type_rel', 'picking_type_id', self.env.user.id)
            if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+                domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
+        return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+
+

-class StockLocation(models.Model):
-    _inherit = 'stock.location'

-    @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
-        if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
-        if not self.env.su and not self.env.user.has_group('base.group_system'):
-            allowed_ids = get_allowed_ids(self.env, 'res_users_stock_location_rel', 'location_id', self.env.user.id)
-            if allowed_ids:
-                restrict_domain = [
-                    '|', '|',
-                    ('id', 'parent_of', allowed_ids),
-                    ('id', 'child_of', allowed_ids),
-                    ('usage', 'not in', ['internal', 'transit'])
-                ]
-                domain = expression.AND([domain or [], restrict_domain])
-        return super()._search(domain, offset=offset, limit=limit, order=order)

 class MrpWorkcenter(models.Model):
    _inherit = 'mrp.workcenter'

-    @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
-        if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
-        if not self.env.su and not self.env.user.has_group('base.group_system'):
-            allowed_ids = get_allowed_ids(self.env, 'res_users_mrp_workcenter_rel', 'workcenter_id', self.env.user.id)
-            if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
+    # @api.model
+    # def _search(self, domain, offset=0, limit=None, order=None, **kwargs):
+    #     if self.env.context.get('bypass_user_restriction'):
+    #         return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)
+    #     if not self.env.su and not self.env.user.has_group('base.group_system'):
+    #         allowed_ids = get_allowed_ids(self.env, 'res_users_mrp_workcenter_rel', 'workcenter_id', self.env.user.id)
+    #         if allowed_ids:
+    #             domain = Domain(domain or []) & Domain([('id', 'in', allowed_ids)])
+    #     return super()._search(domain, offset=offset, limit=limit, order=order, **kwargs)

-class ApprovalCategory(models.Model):
-    _inherit = 'approval.category'
-
-    @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
-        if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
-        if not self.env.su and not self.env.user.has_group('base.group_system'):
-            allowed_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
-            if allowed_ids:
-                domain = expression.AND([domain or [], [('id', 'in', allowed_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
-
-class ApprovalRequest(models.Model):
-    _inherit = 'approval.request'
-
-    @api.model
-    def _search(self, domain, offset=0, limit=None, order=None):
-        if self.env.context.get('bypass_user_restriction'):
-            return super()._search(domain, offset=offset, limit=limit, order=order)
-        if not self.env.su and not self.env.user.has_group('base.group_system'):
-            allowed_category_ids = get_allowed_ids(self.env, 'res_users_approval_category_rel', 'category_id', self.env.user.id)
-            if allowed_category_ids:
-                domain = expression.AND([domain or [], [('category_id', 'in', allowed_category_ids)]])
-        return super()._search(domain, offset=offset, limit=limit, order=order)
-
-    def action_confirm(self):
-        return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_confirm()
-
-    def action_approve(self, approver=None):
-        return super(ApprovalRequest, self.with_context(bypass_user_restriction=True)).action_approve(approver=approver)
--- a/models/sale_order.py
+++ b/models/sale_order.py
@ -4,7 +4,10 @@ class SaleOrder(models.Model):
    _inherit = 'sale.order'

    def action_confirm(self):
-        return super(SaleOrder, self.with_context(bypass_user_restriction=True)).action_confirm()
+        return super(SaleOrder, self.sudo()).action_confirm()

    def _action_confirm(self):
-        return super(SaleOrder, self.with_context(bypass_user_restriction=True))._action_confirm()
+        return super(SaleOrder, self.sudo())._action_confirm()
+
+    def _action_launch_stock_rule(self, previous_product_uom_qty=False):
+        return super(SaleOrder, self.sudo())._action_launch_stock_rule(previous_product_uom_qty=previous_product_uom_qty)
--- a/models/stock_move.py
+++ b/models/stock_move.py
@ -0,0 +1,8 @@
+from odoo import models, api
+
+class StockMove(models.Model):
+    _inherit = 'stock.move'
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        return super(StockMove, self.with_context(bypass_user_restriction=True)).create(vals_list)
--- a/models/stock_picking.py
+++ b/models/stock_picking.py
@ -5,7 +5,6 @@ class StockPicking(models.Model):

    hide_quality_check_button = fields.Boolean(compute='_compute_hide_quality_check_button')

-    @api.depends('picking_type_id')
    @api.depends_context('uid')
    def _compute_hide_quality_check_button(self):
        for record in self:
@ -16,3 +15,7 @@ class StockPicking(models.Model):

    def button_validate(self):
        return super(StockPicking, self.with_context(bypass_user_restriction=True)).button_validate()
+
+    @api.model_create_multi
+    def create(self, vals_list):
+        return super(StockPicking, self.with_context(bypass_user_restriction=True)).create(vals_list)
--- a/security/ir.model.access.csv
+++ b/security/ir.model.access.csv
@ -1,2 +1,2 @@
 id,name,model_id:id,group_id:id,perm_read,perm_write,perm_create,perm_unlink
-access_stock_valuation_layer_internal_user,stock.valuation.layer.internal.user,stock_account.model_stock_valuation_layer,base.group_user,1,0,0,0
+
--- a/security/ir_rule.xml
+++ b/security/ir_rule.xml
@ -1,96 +1,129 @@
 <?xml version="1.0" encoding="utf-8"?>
 <odoo>
    <data>
-        <!-- Permissive Rules to allow Read access, avoiding Access Errors.
-             Actual visibility restriction is handled by _search method in models/restricted_models.py. -->
+        <!-- 
+            RESTRICTIVE RULES 
+            These rules restrict access based on User's allowed fields.
+            They include a context check 'bypass_user_restriction' to allow system/sudo operations to pass if needed.
+        -->

-        <record id="stock_warehouse_permissive_rule" model="ir.rule">
-            <field name="name">Stock Warehouse Permissive Access</field>
+        <!-- Stock Warehouse -->
+        <record id="stock_warehouse_allowed_rule" model="ir.rule">
+            <field name="name">Stock Warehouse Allowed Access</field>
            <field name="model_id" ref="stock.model_stock_warehouse"/>
            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
+            <field name="domain_force">
+                (
+                [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
+                [('id', 'in', user.allowed_warehouse_ids.ids)] if user.allowed_warehouse_ids else [(1, '=', 1)]
+                )
+            </field>
        </record>

-        <record id="stock_picking_type_permissive_rule" model="ir.rule">
-            <field name="name">Stock Picking Type Permissive Access</field>
+        <!-- Stock Picking Type -->
+        <record id="stock_picking_type_allowed_rule" model="ir.rule">
+            <field name="name">Stock Picking Type Allowed Access</field>
            <field name="model_id" ref="stock.model_stock_picking_type"/>
            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
+            <field name="domain_force">
+                (
+                [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
+                ['|', ('id', 'in', user.allowed_picking_type_ids.ids), ('warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_picking_type_ids or user.allowed_warehouse_ids or user.allowed_location_ids) else [(1, '=', 1)]
+                )
+            </field>
        </record>

-        <record id="stock_location_permissive_rule" model="ir.rule">
-            <field name="name">Stock Location Permissive Access</field>
+        <!-- Stock Location -->
+        <record id="stock_location_allowed_rule" model="ir.rule">
+            <field name="name">Stock Location Allowed Access</field>
            <field name="model_id" ref="stock.model_stock_location"/>
            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
+            <field name="domain_force">
+                (
+                [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
+                ['|', '|', '|', ('id', 'in', user.allowed_location_ids.ids), ('id', 'child_of', user.allowed_location_ids.ids), ('id', 'parent_of', user.allowed_location_ids.ids), ('warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_location_ids or user.allowed_warehouse_ids) else [(1, '=', 1)]
+                )
+            </field>
        </record>

-        <record id="mrp_workcenter_permissive_rule" model="ir.rule">
-            <field name="name">MRP Workcenter Permissive Access</field>
-            <field name="model_id" ref="mrp.model_mrp_workcenter"/>
-            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
-        </record>
-
-        <record id="approval_category_permissive_rule" model="ir.rule">
-            <field name="name">Approval Category Permissive Access</field>
-            <field name="model_id" ref="approvals.model_approval_category"/>
-            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
-        </record>
-
-        <!-- New rules to satisfy Inventory Reporting requirements -->
-        <record id="stock_valuation_layer_permissive_rule" model="ir.rule">
-            <field name="name">Stock Valuation Layer Permissive Access</field>
-            <field name="model_id" ref="stock_account.model_stock_valuation_layer"/>
-            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
-        </record>
-
-        <record id="stock_quant_permissive_rule" model="ir.rule">
-            <field name="name">Stock Quant Permissive Access</field>
+        <!-- Stock Quant (The critical one for Reports) -->
+        <record id="stock_quant_allowed_rule" model="ir.rule">
+            <field name="name">Stock Quant Allowed Access</field>
            <field name="model_id" ref="stock.model_stock_quant"/>
            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
+            <field name="domain_force">
+                (
+                [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
+                ['|', ('location_id', 'in', user.allowed_location_ids.ids), ('location_id', 'child_of', user.allowed_location_ids.ids)] if user.allowed_location_ids else [(1, '=', 1)]
+                )
+            </field>
        </record>

-        <record id="approval_request_permissive_rule" model="ir.rule">
-            <field name="name">Approval Request Permissive Access</field>
-            <field name="model_id" ref="approvals.model_approval_request"/>
+        <!-- Stock Move -->
+        <record id="stock_move_allowed_rule" model="ir.rule">
+            <field name="name">Stock Move Allowed Access</field>
+            <field name="model_id" ref="stock.model_stock_move"/>
            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
-            <field name="domain_force">[(1, '=', 1)]</field>
-            <field name="perm_read" eval="True"/>
-            <field name="perm_write" eval="False"/>
-            <field name="perm_create" eval="False"/>
-            <field name="perm_unlink" eval="False"/>
+            <field name="domain_force">
+                (
+                [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
+                ['|', '|', ('location_id', 'in', user.allowed_location_ids.ids), ('location_id', 'child_of', user.allowed_location_ids.ids),
+                 '|', ('location_dest_id', 'in', user.allowed_location_ids.ids), ('location_dest_id', 'child_of', user.allowed_location_ids.ids)] if user.allowed_location_ids else [(1, '=', 1)]
+                )
+            </field>
+        </record>
+
+        <!-- Stock Move Line -->
+        <record id="stock_move_line_allowed_rule" model="ir.rule">
+            <field name="name">Stock Move Line Allowed Access</field>
+            <field name="model_id" ref="stock.model_stock_move_line"/>
+            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
+            <field name="domain_force">
+                (
+                [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
+                ['|', '|', ('location_id', 'in', user.allowed_location_ids.ids), ('location_id', 'child_of', user.allowed_location_ids.ids),
+                 '|', ('location_dest_id', 'in', user.allowed_location_ids.ids), ('location_dest_id', 'child_of', user.allowed_location_ids.ids)] if user.allowed_location_ids else [(1, '=', 1)]
+                )
+            </field>
+        </record>
+
+        <!-- MRP Workcenter -->
+        <record id="mrp_workcenter_allowed_rule" model="ir.rule">
+            <field name="name">MRP Workcenter Allowed Access</field>
+            <field name="model_id" ref="mrp.model_mrp_workcenter"/>
+            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
+            <field name="domain_force">
+                (
+                [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
+                [('id', 'in', user.allowed_workcenter_ids.ids)] if user.allowed_workcenter_ids else [(1, '=', 1)]
+                )
+            </field>
+        </record>
+        
+        <!-- Approval Category -->
+        <record id="approval_category_allowed_rule" model="ir.rule">
+            <field name="name">Approval Category Allowed Access</field>
+            <field name="model_id" ref="approvals.model_approval_category"/>
+            <field name="groups" eval="[(4, ref('base.group_user'))]"/>
+            <field name="domain_force">
+                (
+                [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
+                [('id', 'in', user.allowed_approval_category_ids.ids)] if user.allowed_approval_category_ids else [(1, '=', 1)]
+                )
+            </field>
+        </record>
+
+        <!-- Report Stock Quantity -->
+        <record id="report_stock_quantity_allowed_rule" model="ir.rule">
+            <field name="name">Report Stock Quantity Allowed Access</field>
+            <field name="model_id" ref="stock.model_report_stock_quantity"/>
+            <field name="global" eval="True"/>
+            <field name="domain_force">
+                (
+                [(1, '=', 1)] if user.env.context.get('bypass_user_restriction') or user.has_group('base.group_system') else
+                [('warehouse_id', 'in', (user.allowed_warehouse_ids + user.allowed_location_ids.warehouse_id).ids)] if (user.allowed_warehouse_ids or user.allowed_location_ids) else [(1, '=', 1)]
+                )
+            </field>
        </record>

    </data>
--- a/views/mrp_production_views.xml
+++ b/views/mrp_production_views.xml
@ -1,14 +1,14 @@
 <?xml version="1.0" encoding="utf-8"?>
 <odoo>
-    <record id="mrp_production_view_form_inherit_access_restriction" model="ir.ui.view">
+    <record id="mrp_production_view_form_inherit_access_restriction_v19" model="ir.ui.view">
        <field name="name">mrp.production.view.form.inherit.access.restriction</field>
        <field name="model">mrp.production</field>
        <field name="priority">99999</field>
        <field name="inherit_id" ref="mrp.mrp_production_form_view"/>
        <field name="arch" type="xml">
-            <xpath expr="//sheet" position="inside">
+            <sheet position="inside">
                <field name="hide_quality_check_button" invisible="1"/>
-            </xpath>
+            </sheet>
            <xpath expr="//button[@name='check_quality']" position="attributes">
                <attribute name="invisible">hide_quality_check_button</attribute>
            </xpath>
--- a/views/stock_picking_views.xml
+++ b/views/stock_picking_views.xml
@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <odoo>
-    <record id="stock_picking_view_form_inherit_access_restriction" model="ir.ui.view">
+    <record id="stock_picking_view_form_inherit_access_restriction_v19" model="ir.ui.view">
        <field name="name">stock.picking.view.form.inherit.access.restriction</field>
        <field name="model">stock.picking</field>
        <field name="priority">1000</field>
Author	SHA1	Message	Date
Suherdy Yacob	a338b24da3	feat: Add `mrp.production.backorder` and `mrp.consumption.warning` models to bypass user restrictions for their respective actions.	2026-02-16 16:45:47 +07:00
Suherdy Yacob	f914c64c5f	feat: Re-enable user restrictions for stock picking types and introduce purchase order bypass for confirmation and approval.	2026-02-12 16:23:17 +07:00
Suherdy Yacob	fa34513ecc	refactor: remove `_search` method override from `MrpWorkcenter`	2026-02-12 14:36:28 +07:00
Suherdy Yacob	ebb4ea65db	feat: Extend access restrictions for picking types and locations to include warehouse-based rules and remove redundant `_search` override.	2026-02-12 10:23:13 +07:00
Suherdy Yacob	9dfecde29e	feat: Restrict access to stock quantity reports by user allowed warehouses and refactor stock model access control to use ir.rules.	2026-02-11 15:29:52 +07:00
Suherdy Yacob	172d6c1349	refactor: Replace `with_context(bypass_user_restriction=True)` with `sudo()` in sale order methods.	2026-02-02 17:13:47 +07:00
Suherdy Yacob	6ce00d0f2f	feat: Add `bypass_user_restriction` context to `sale.order`'s `_action_launch_stock_rule` and `stock.picking`'s and `mrp.production`'s `create` methods.	2026-01-29 08:50:52 +07:00
Suherdy Yacob	ea5a37bb70	refactor: Remove redundant list conversion when combining Odoo Domain objects.	2026-01-28 11:27:54 +07:00
Suherdy Yacob	d32984dc04	fix procuerement group error on odoo 19	2026-01-23 13:02:59 +07:00
Suherdy Yacob	4a228662a3	feat: Add `ProcurementGroup` and `StockMove` models to bypass user restrictions during procurement run and stock move creation.	2026-01-23 10:08:08 +07:00
Suherdy Yacob	56f526abd6	feat: Implement access restrictions for approval requests and add `bypass_user_restriction` context to various action methods across multiple models.	2026-01-21 15:17:45 +07:00
Suherdy Yacob	c347e6f4d1	Fix: Stop tracking __pycache__ files	2026-01-19 10:40:30 +07:00
Suherdy Yacob	7a0cf23df9	feat: Update module to Odoo 19 by bumping version, adapting MRP and Stock Picking views, and removing stock valuation layer access rules.	2026-01-19 10:33:18 +07:00
Suherdy Yacob	4eee218534	feat: Implement user-specific control for quality check button visibility on manufacturing orders and inventory transfers via a new `allowed_quality_checks` field on users.	2026-01-19 10:32:49 +07:00
Suherdy Yacob	88494104cc	feat: Hide quality check buttons on manufacturing orders for specific user groups with exceptions for quality roles.	2026-01-19 10:32:23 +07:00
Suherdy Yacob	f3aa161807	feat: Extend user access restrictions to quality check buttons on manufacturing orders and stock pickings, and update domain handling for Odoo 19.	2026-01-16 09:01:05 +07:00