devops_admin
/
odex25_standard
mirror of https://github.com/hydracp9/odex25_standard
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
odex25_standard/odex25_base/tour_genius/security/security.xml

156 lines
7.4 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<odoo>
<data noupdate="1">
<!-- ============================================================ -->
<!-- Security Groups -->
<!-- ============================================================ -->
<!-- Base Category for Module -->
<record id="module_category_tour_genius" model="ir.module.category">
<field name="name">Tour Genius</field>
<field name="description">Interactive Training Platform</field>
<field name="sequence">50</field>
</record>
<!-- User Group: Can view and complete assigned training -->
<record id="group_genius_user" model="res.groups">
<field name="name">User</field>
<field name="category_id" ref="module_category_tour_genius"/>
<field name="comment">Can view and complete training assigned to them. Read-only access to training content.</field>
</record>
<!-- Instructor Group: Can create and manage training content -->
<record id="group_genius_instructor" model="res.groups">
<field name="name">Instructor</field>
<field name="category_id" ref="module_category_tour_genius"/>
<field name="implied_ids" eval="[(4, ref('group_genius_user'))]"/>
<field name="comment">Can create and manage training plans, topics, and quizzes. Can view all trainees' progress.</field>
</record>
<!-- Admin Group: Full access to everything -->
<record id="group_genius_admin" model="res.groups">
<field name="name">Administrator</field>
<field name="category_id" ref="module_category_tour_genius"/>
<field name="implied_ids" eval="[(4, ref('group_genius_instructor'))]"/>
<field name="comment">Full access to all training content, configuration, and registry management.</field>
<field name="users" eval="[(4, ref('base.user_admin'))]"/>
</record>
<!-- ============================================================ -->
<!-- Record Rules -->
<!-- ============================================================ -->
<!-- Plan: Users see only public plans or assigned plans -->
<record id="rule_plan_user" model="ir.rule">
<field name="name">Training Plan: User Access</field>
<field name="model_id" ref="model_genius_plan"/>
<field name="groups" eval="[(4, ref('group_genius_user'))]"/>
<field name="domain_force">[
'|',
('is_public', '=', True),
('attendee_ids', 'in', [user.id])
]</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="False"/>
<field name="perm_create" eval="False"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- Plan: Instructors can manage their own plans -->
<record id="rule_plan_instructor" model="ir.rule">
<field name="name">Training Plan: Instructor Access</field>
<field name="model_id" ref="model_genius_plan"/>
<field name="groups" eval="[(4, ref('group_genius_instructor'))]"/>
<field name="domain_force">[
'|',
('instructor_ids', 'in', [user.id]),
('create_uid', '=', user.id)
]</field>
</record>
<!-- Plan: Admin sees everything -->
<record id="rule_plan_admin" model="ir.rule">
<field name="name">Training Plan: Admin Full Access</field>
<field name="model_id" ref="model_genius_plan"/>
<field name="groups" eval="[(4, ref('group_genius_admin'))]"/>
<field name="domain_force">[(1, '=', 1)]</field>
</record>
<!-- Progress: Users see only their own progress -->
<record id="rule_progress_user" model="ir.rule">
<field name="name">Progress: User Own Records</field>
<field name="model_id" ref="model_genius_progress"/>
<field name="groups" eval="[(4, ref('group_genius_user'))]"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
<field name="perm_read" eval="True"/>
<field name="perm_write" eval="True"/>
<field name="perm_create" eval="True"/>
<field name="perm_unlink" eval="False"/>
</record>
<!-- Progress: Instructors see all progress in their plans -->
<record id="rule_progress_instructor" model="ir.rule">
<field name="name">Progress: Instructor Access</field>
<field name="model_id" ref="model_genius_progress"/>
<field name="groups" eval="[(4, ref('group_genius_instructor'))]"/>
<field name="domain_force">[
'|',
('plan_id.instructor_ids', 'in', [user.id]),
('plan_id.create_uid', '=', user.id)
]</field>
</record>
<!-- Quiz Attempt: Users see only their own attempts -->
<record id="rule_quiz_attempt_user" model="ir.rule">
<field name="name">Quiz Attempt: User Own Records</field>
<field name="model_id" ref="model_genius_quiz_attempt"/>
<field name="groups" eval="[(4, ref('group_genius_user'))]"/>
<field name="domain_force">[('user_id', '=', user.id)]</field>
</record>
<!-- Admin Rules: Full Access -->
<record id="rule_topic_admin" model="ir.rule">
<field name="name">Training Topic: Admin Full Access</field>
<field name="model_id" ref="model_genius_topic"/>
<field name="groups" eval="[(4, ref('group_genius_admin'))]"/>
<field name="domain_force">[(1, '=', 1)]</field>
</record>
<record id="rule_step_admin" model="ir.rule">
<field name="name">Training Step: Admin Full Access</field>
<field name="model_id" ref="model_genius_topic_step"/>
<field name="groups" eval="[(4, ref('group_genius_admin'))]"/>
<field name="domain_force">[(1, '=', 1)]</field>
</record>
<record id="rule_progress_admin" model="ir.rule">
<field name="name">Training Progress: Admin Full Access</field>
<field name="model_id" ref="model_genius_progress"/>
<field name="groups" eval="[(4, ref('group_genius_admin'))]"/>
<field name="domain_force">[(1, '=', 1)]</field>
</record>
<!-- Multi-company rules -->
<record id="rule_plan_company" model="ir.rule">
<field name="name">Training Plan: Multi-Company</field>
<field name="model_id" ref="model_genius_plan"/>
<field name="domain_force">[
'|',
('company_id', '=', False),
('company_id', 'in', company_ids)
]</field>
</record>
<record id="rule_topic_company" model="ir.rule">
<field name="name">Training Topic: Multi-Company</field>
<field name="model_id" ref="model_genius_topic"/>
<field name="domain_force">[
'|',
('company_id', '=', False),
('company_id', 'in', company_ids)
]</field>
</record>
</data>
</odoo>
Reference in New Issue View Git Blame Copy Permalink