From 82d62aea348f3869728149cf26b308e6db4e4817 Mon Sep 17 00:00:00 2001 From: emjay0921 Date: Mon, 11 May 2026 12:18:30 +0800 Subject: [PATCH 01/14] fix(roles): align user-role group memberships with OP#951 menu audit (PR-A additive) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per the role/menu audit on OP#951, extend roles in 7 modules with the additional viewer-tier groups they need so menu visibility stays correct once the Hazard / GIS Reports / GRM menu roots are gated in a follow-up. This PR is intentionally additive — no role loses access: - spp_hazard, spp_gis_report, spp_area, spp_service_points: new data/user_roles.xml extending spp_user_roles roles with the relevant viewer-tier group (group_hazard_viewer, group_gis_report_user, group_area_viewer, group_service_points_viewer). - spp_programs/data/user_roles.xml: Program Viewer additionally implies group_registry_viewer + group_approval_viewer; Program Viewer / Validator / Cycle Approver all additionally imply group_hazard_viewer + group_gis_report_user. Adds spp_hazard + spp_gis_report to depends. - spp_change_request_v2/data/user_roles.xml: all 3 CR roles swap group_registry_read (Tier-3, no menu) for group_registry_viewer (Tier-2, with menu) and add group_hazard_viewer. Adds spp_hazard to depends. - spp_farmer_registry/data/user_roles.xml: Farm User + Farm Manager additionally imply group_hazard_viewer + group_gis_report_user. Adds spp_hazard + spp_gis_report to depends. System Admin (group_spp_admin) transitively implies every domain manager via existing extensions in each module's groups.xml, so no admin-role change is needed. Module versions bumped (all 7); HISTORY.md updated per module. --- spp_area/__manifest__.py | 3 +- spp_area/data/user_roles.xml | 20 ++ spp_area/readme/HISTORY.md | 4 + spp_change_request_v2/__manifest__.py | 3 +- spp_change_request_v2/data/user_roles.xml | 9 +- spp_change_request_v2/readme/HISTORY.md | 4 + spp_farmer_registry/__manifest__.py | 5 +- spp_farmer_registry/data/user_roles.xml | 4 + spp_farmer_registry/readme/HISTORY.md | 4 + spp_gis_report/__manifest__.py | 3 +- spp_gis_report/data/user_roles.xml | 18 ++ spp_gis_report/readme/HISTORY.md | 4 + spp_hazard/__manifest__.py | 3 +- spp_hazard/data/user_roles.xml | 31 +++ spp_hazard/readme/HISTORY.md | 4 + spp_programs/README.rst | 225 +++++++++++---------- spp_programs/__manifest__.py | 4 +- spp_programs/data/user_roles.xml | 8 + spp_programs/readme/HISTORY.md | 4 + spp_programs/static/description/index.html | 56 +++-- spp_service_points/__manifest__.py | 3 +- spp_service_points/data/user_roles.xml | 23 +++ spp_service_points/readme/HISTORY.md | 4 + 23 files changed, 304 insertions(+), 142 deletions(-) create mode 100644 spp_area/data/user_roles.xml create mode 100644 spp_gis_report/data/user_roles.xml create mode 100644 spp_hazard/data/user_roles.xml create mode 100644 spp_service_points/data/user_roles.xml diff --git a/spp_area/__manifest__.py b/spp_area/__manifest__.py index 29ef826e..b1e87cc8 100644 --- a/spp_area/__manifest__.py +++ b/spp_area/__manifest__.py @@ -6,7 +6,7 @@ "name": "OpenSPP Area Management", "summary": "Establishes direct associations between OpenSPP registrants, beneficiary groups, and their corresponding geographical administrative areas. It validates registrant-area linkages against official area types, ensuring data integrity and enabling targeted program delivery and analysis.", "category": "OpenSPP/Core", - "version": "19.0.2.0.0", + "version": "19.0.2.0.1", "sequence": 1, "author": "OpenSPP.org", "website": "https://github.com/OpenSPP/OpenSPP2", @@ -30,6 +30,7 @@ "data/area_type_data.xml", "data/area_tag_data.xml", "data/queue_limit_data.xml", + "data/user_roles.xml", "security/privileges.xml", "security/groups.xml", "security/ir.model.access.csv", diff --git a/spp_area/data/user_roles.xml b/spp_area/data/user_roles.xml new file mode 100644 index 00000000..9597d31d --- /dev/null +++ b/spp_area/data/user_roles.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + diff --git a/spp_area/readme/HISTORY.md b/spp_area/readme/HISTORY.md index 4aaf9afe..618438f5 100644 --- a/spp_area/readme/HISTORY.md +++ b/spp_area/readme/HISTORY.md @@ -1,3 +1,7 @@ +### 19.0.2.0.1 + +- fix(security): grant `group_area_viewer` (read-only) to spp_user_roles support roles (Global Support, Global Support Manager, Local Support) so they can browse area records per the OP#951 menu audit. + ### 19.0.2.0.0 - Initial migration to OpenSPP2 diff --git a/spp_change_request_v2/__manifest__.py b/spp_change_request_v2/__manifest__.py index c565429a..1b6bdc64 100644 --- a/spp_change_request_v2/__manifest__.py +++ b/spp_change_request_v2/__manifest__.py @@ -1,6 +1,6 @@ { "name": "OpenSPP Change Request V2", - "version": "19.0.2.0.3", + "version": "19.0.2.0.4", "sequence": 50, "category": "OpenSPP", "summary": "Configuration-driven change request system with UX improvements, conflict detection and duplicate prevention", @@ -16,6 +16,7 @@ "spp_security", "spp_approval", "spp_event_data", + "spp_hazard", "spp_dms", "spp_vocabulary", ], diff --git a/spp_change_request_v2/data/user_roles.xml b/spp_change_request_v2/data/user_roles.xml index 041c3788..c8e4e736 100644 --- a/spp_change_request_v2/data/user_roles.xml +++ b/spp_change_request_v2/data/user_roles.xml @@ -18,7 +18,8 @@ User roles for Change Request module. eval="[ Command.link(ref('base.group_user')), Command.link(ref('group_cr_manager')), - Command.link(ref('spp_registry.group_registry_read')), + Command.link(ref('spp_registry.group_registry_viewer')), + Command.link(ref('spp_hazard.group_hazard_viewer')), ]" /> @@ -34,7 +35,8 @@ User roles for Change Request module. eval="[ Command.link(ref('base.group_user')), Command.link(ref('group_cr_validator')), - Command.link(ref('spp_registry.group_registry_read')), + Command.link(ref('spp_registry.group_registry_viewer')), + Command.link(ref('spp_hazard.group_hazard_viewer')), ]" /> @@ -50,7 +52,8 @@ User roles for Change Request module. eval="[ Command.link(ref('base.group_user')), Command.link(ref('group_cr_validator_hq')), - Command.link(ref('spp_registry.group_registry_read')), + Command.link(ref('spp_registry.group_registry_viewer')), + Command.link(ref('spp_hazard.group_hazard_viewer')), ]" /> diff --git a/spp_change_request_v2/readme/HISTORY.md b/spp_change_request_v2/readme/HISTORY.md index 387d84da..bceb4822 100644 --- a/spp_change_request_v2/readme/HISTORY.md +++ b/spp_change_request_v2/readme/HISTORY.md @@ -1,3 +1,7 @@ +### 19.0.2.0.4 + +- fix(security): align CR Requestor / CR Local Validator / CR HQ Validator roles with the OP#951 menu audit — replace the `spp_registry.group_registry_read` (Tier-3, no menu) link with `spp_registry.group_registry_viewer` so these roles see the Registry menu; add `spp_hazard.group_hazard_viewer` so they retain Hazard visibility once the menu root is gated. Adds `spp_hazard` to module dependencies. + ### 19.0.2.0.3 - fix: add HTML escaping to all computed Html fields with `sanitize=False` to prevent stored XSS (#50) diff --git a/spp_farmer_registry/__manifest__.py b/spp_farmer_registry/__manifest__.py index fc0b9ef7..d15790f3 100644 --- a/spp_farmer_registry/__manifest__.py +++ b/spp_farmer_registry/__manifest__.py @@ -3,7 +3,7 @@ "name": "OpenSPP Farmer Registry", "summary": "Farmer Registry with vocabulary-based fields, CEL variables, and Logic Studio integration", "category": "OpenSPP", - "version": "19.0.2.0.0", + "version": "19.0.2.0.1", "sequence": 1, "author": "OpenSPP.org", "website": "https://github.com/OpenSPP/OpenSPP2", @@ -26,6 +26,9 @@ "spp_land_record", "spp_irrigation", "spp_gis", + # OP#951 menu audit — roles get hazard / GIS reports menu access + "spp_hazard", + "spp_gis_report", ], "excludes": [ "spp_base_farmer_registry", # V1 module - incompatible _inherits definitions diff --git a/spp_farmer_registry/data/user_roles.xml b/spp_farmer_registry/data/user_roles.xml index b4dda081..5007e1a5 100644 --- a/spp_farmer_registry/data/user_roles.xml +++ b/spp_farmer_registry/data/user_roles.xml @@ -17,6 +17,8 @@ Command.link(ref('base.group_user')), Command.link(ref('group_spp_farm_user')), Command.link(ref('spp_registry.group_registry_officer')), + Command.link(ref('spp_hazard.group_hazard_viewer')), + Command.link(ref('spp_gis_report.group_gis_report_user')), ]" /> @@ -35,6 +37,8 @@ Command.link(ref('group_spp_farm_manager')), Command.link(ref('spp_irrigation.group_irrigation_manager')), Command.link(ref('spp_registry.group_registry_manager')), + Command.link(ref('spp_hazard.group_hazard_viewer')), + Command.link(ref('spp_gis_report.group_gis_report_user')), ]" /> diff --git a/spp_farmer_registry/readme/HISTORY.md b/spp_farmer_registry/readme/HISTORY.md index 4aaf9afe..c4f27d48 100644 --- a/spp_farmer_registry/readme/HISTORY.md +++ b/spp_farmer_registry/readme/HISTORY.md @@ -1,3 +1,7 @@ +### 19.0.2.0.1 + +- fix(security): align Farm User / Farm Manager roles with the OP#951 menu audit — both farm roles now imply `spp_hazard.group_hazard_viewer` and `spp_gis_report.group_gis_report_user` so they retain Hazard and GIS Reports menu visibility once those menu roots are gated. Adds `spp_hazard` and `spp_gis_report` to module dependencies. + ### 19.0.2.0.0 - Initial migration to OpenSPP2 diff --git a/spp_gis_report/__manifest__.py b/spp_gis_report/__manifest__.py index 8a5e6d0c..997f8197 100644 --- a/spp_gis_report/__manifest__.py +++ b/spp_gis_report/__manifest__.py @@ -1,6 +1,6 @@ { "name": "OpenSPP GIS Reports", - "version": "19.0.2.0.0", + "version": "19.0.2.0.1", "category": "OpenSPP", "summary": "Geographic visualization and reporting for social protection data", "author": "OpenSPP.org, OpenSPP", @@ -26,6 +26,7 @@ "security/ir.model.access.csv", # Data "data/gis_report_category_data.xml", + "data/user_roles.xml", "data/templates/coverage_templates.xml", "data/templates/disaster_templates.xml", "data/templates/demographic_templates.xml", diff --git a/spp_gis_report/data/user_roles.xml b/spp_gis_report/data/user_roles.xml new file mode 100644 index 00000000..f34da6eb --- /dev/null +++ b/spp_gis_report/data/user_roles.xml @@ -0,0 +1,18 @@ + + + + + + + diff --git a/spp_gis_report/readme/HISTORY.md b/spp_gis_report/readme/HISTORY.md index 4aaf9afe..b8710f16 100644 --- a/spp_gis_report/readme/HISTORY.md +++ b/spp_gis_report/readme/HISTORY.md @@ -1,3 +1,7 @@ +### 19.0.2.0.1 + +- fix(security): grant `group_gis_report_user` to spp_user_roles' Global Program Manager role so the OP#951 menu audit expectation (Program Manager sees GIS Reports) is preserved once the GIS Reports menu root is gated. + ### 19.0.2.0.0 - Initial migration to OpenSPP2 diff --git a/spp_hazard/__manifest__.py b/spp_hazard/__manifest__.py index 1a9e7af0..63196a72 100644 --- a/spp_hazard/__manifest__.py +++ b/spp_hazard/__manifest__.py @@ -8,7 +8,7 @@ "for emergency response. Links registrants to disaster events with geographic scope " "and severity tracking to enable targeted humanitarian assistance.", "category": "OpenSPP/Targeting", - "version": "19.0.2.0.0", + "version": "19.0.2.0.1", "sequence": 1, "author": "OpenSPP.org", "website": "https://github.com/OpenSPP/OpenSPP2", @@ -27,6 +27,7 @@ "security/groups.xml", "security/ir.model.access.csv", "data/impact_type_data.xml", + "data/user_roles.xml", "views/hazard_category_views.xml", "views/hazard_incident_views.xml", "views/hazard_impact_views.xml", diff --git a/spp_hazard/data/user_roles.xml b/spp_hazard/data/user_roles.xml new file mode 100644 index 00000000..3f695013 --- /dev/null +++ b/spp_hazard/data/user_roles.xml @@ -0,0 +1,31 @@ + + + + + + + + + + + + + + + + diff --git a/spp_hazard/readme/HISTORY.md b/spp_hazard/readme/HISTORY.md index 4aaf9afe..adeb5b8c 100644 --- a/spp_hazard/readme/HISTORY.md +++ b/spp_hazard/readme/HISTORY.md @@ -1,3 +1,7 @@ +### 19.0.2.0.1 + +- fix(security): grant `group_hazard_viewer` to spp_user_roles roles (Registry Viewer, Program Manager, Global/Local Registrar) that the OP#951 menu audit identifies as needing read-only Hazard menu access. Other affected roles defined outside this module (program/CR/farm roles) are wired in their own modules. + ### 19.0.2.0.0 - Initial migration to OpenSPP2 diff --git a/spp_programs/README.rst b/spp_programs/README.rst index 0ed5aed9..42eb990d 100644 --- a/spp_programs/README.rst +++ b/spp_programs/README.rst @@ -56,95 +56,95 @@ Key Capabilities Key Models ~~~~~~~~~~ -+---------------------------------------------+----------------------------------+ -| Model | Description | -+=============================================+==================================+ -| ``spp.program`` | Main program with managers, | -| | target type, and funding | -+---------------------------------------------+----------------------------------+ -| ``spp.cycle`` | Time-bound distribution cycle | -| | within a program | -+---------------------------------------------+----------------------------------+ -| ``spp.program.membership`` | Enrolls registrant in program | -| | with state tracking | -+---------------------------------------------+----------------------------------+ -| ``spp.cycle.membership`` | Links registrant to specific | -| | cycle for entitlement prep | -+---------------------------------------------+----------------------------------+ -| ``spp.entitlement`` | Cash entitlement with approval | -| | workflow | -+---------------------------------------------+----------------------------------+ -| ``spp.entitlement.inkind`` | In-kind entitlement with | -| | product, quantity, warehouse | -+---------------------------------------------+----------------------------------+ -| ``spp.payment`` | Individual payment linked to | -| | cash entitlement | -+---------------------------------------------+----------------------------------+ -| ``spp.payment.batch`` | Groups payments for batch | -| | processing and reconciliation | -+---------------------------------------------+----------------------------------+ -| ``spp.payment.batch.tag`` | Tags for categorizing payment | -| | batches | -+---------------------------------------------+----------------------------------+ -| ``spp.eligibility.manager`` | Wrapper for eligibility manager | -| | implementations | -+---------------------------------------------+----------------------------------+ -| ``spp.program.membership.manager`` | Base eligibility manager | -| | (abstract) | -+---------------------------------------------+----------------------------------+ -| ``spp.program.membership.manager.default`` | Default eligibility | -| | implementation | -+---------------------------------------------+----------------------------------+ -| ``spp.deduplication.manager`` | Wrapper for deduplication | -| | manager implementations | -+---------------------------------------------+----------------------------------+ -| ``spp.program.notification.manager`` | Notification manager for | -| | beneficiary communications | -+---------------------------------------------+----------------------------------+ -| ``spp.program.manager`` | Wrapper for program lifecycle | -| | manager implementations | -+---------------------------------------------+----------------------------------+ -| ``spp.program.manager.default`` | Default program manager | -| | implementation | -+---------------------------------------------+----------------------------------+ -| ``spp.cycle.manager`` | Wrapper for cycle manager | -| | implementations | -+---------------------------------------------+----------------------------------+ -| ``spp.cycle.manager.default`` | Default cycle manager | -| | implementation | -+---------------------------------------------+----------------------------------+ -| ``spp.program.entitlement.manager`` | Wrapper for entitlement manager | -| | implementations | -+---------------------------------------------+----------------------------------+ -| ``spp.program.entitlement.manager.default`` | Default entitlement manager | -| | implementation | -+---------------------------------------------+----------------------------------+ -| ``spp.program.entitlement.manager.cash`` | Cash entitlement manager with | -| | amount calculation | -+---------------------------------------------+----------------------------------+ -| ``spp.program.entitlement.manager.inkind`` | In-kind entitlement manager with | -| | product configuration | -+---------------------------------------------+----------------------------------+ -| ``spp.program.payment.manager`` | Wrapper for payment manager | -| | implementations | -+---------------------------------------------+----------------------------------+ -| ``spp.program.payment.manager.default`` | Default payment manager | -| | implementation | -+---------------------------------------------+----------------------------------+ -| ``spp.compliance.manager`` | Wrapper for compliance manager | -| | implementations | -+---------------------------------------------+----------------------------------+ -| ``spp.compliance.manager.default`` | Default compliance manager with | -| | CEL support | -+---------------------------------------------+----------------------------------+ -| ``spp.program.fund`` | Tracks program budget and fund | -| | utilization | -+---------------------------------------------+----------------------------------+ -| ``spp.program.fund.report.view`` | Fund balance reporting view | -+---------------------------------------------+----------------------------------+ -| ``spp.program.membership.duplicate`` | Tracks duplicate membership | -| | records | -+---------------------------------------------+----------------------------------+ ++----------------------------------+----------------------------------+ +| Model | Description | ++==================================+==================================+ +| ``spp.program`` | Main program with managers, | +| | target type, and funding | ++----------------------------------+----------------------------------+ +| ``spp.cycle`` | Time-bound distribution cycle | +| | within a program | ++----------------------------------+----------------------------------+ +| ``spp.program.membership`` | Enrolls registrant in program | +| | with state tracking | ++----------------------------------+----------------------------------+ +| ``spp.cycle.membership`` | Links registrant to specific | +| | cycle for entitlement prep | ++----------------------------------+----------------------------------+ +| ``spp.entitlement`` | Cash entitlement with approval | +| | workflow | ++----------------------------------+----------------------------------+ +| ``spp.entitlement.inkind`` | In-kind entitlement with | +| | product, quantity, warehouse | ++----------------------------------+----------------------------------+ +| ``spp.payment`` | Individual payment linked to | +| | cash entitlement | ++----------------------------------+----------------------------------+ +| ``spp.payment.batch`` | Groups payments for batch | +| | processing and reconciliation | ++----------------------------------+----------------------------------+ +| ``spp.payment.batch.tag`` | Tags for categorizing payment | +| | batches | ++----------------------------------+----------------------------------+ +| ``spp.eligibility.manager`` | Wrapper for eligibility manager | +| | implementations | ++----------------------------------+----------------------------------+ +| `` | Base eligibility manager | +| spp.program.membership.manager`` | (abstract) | ++----------------------------------+----------------------------------+ +| ``spp.prog | Default eligibility | +| ram.membership.manager.default`` | implementation | ++----------------------------------+----------------------------------+ +| ``spp.deduplication.manager`` | Wrapper for deduplication | +| | manager implementations | ++----------------------------------+----------------------------------+ +| ``sp | Notification manager for | +| p.program.notification.manager`` | beneficiary communications | ++----------------------------------+----------------------------------+ +| ``spp.program.manager`` | Wrapper for program lifecycle | +| | manager implementations | ++----------------------------------+----------------------------------+ +| ``spp.program.manager.default`` | Default program manager | +| | implementation | ++----------------------------------+----------------------------------+ +| ``spp.cycle.manager`` | Wrapper for cycle manager | +| | implementations | ++----------------------------------+----------------------------------+ +| ``spp.cycle.manager.default`` | Default cycle manager | +| | implementation | ++----------------------------------+----------------------------------+ +| ``s | Wrapper for entitlement manager | +| pp.program.entitlement.manager`` | implementations | ++----------------------------------+----------------------------------+ +| ``spp.progr | Default entitlement manager | +| am.entitlement.manager.default`` | implementation | ++----------------------------------+----------------------------------+ +| ``spp.pr | Cash entitlement manager with | +| ogram.entitlement.manager.cash`` | amount calculation | ++----------------------------------+----------------------------------+ +| ``spp.prog | In-kind entitlement manager with | +| ram.entitlement.manager.inkind`` | product configuration | ++----------------------------------+----------------------------------+ +| ``spp.program.payment.manager`` | Wrapper for payment manager | +| | implementations | ++----------------------------------+----------------------------------+ +| ``spp.p | Default payment manager | +| rogram.payment.manager.default`` | implementation | ++----------------------------------+----------------------------------+ +| ``spp.compliance.manager`` | Wrapper for compliance manager | +| | implementations | ++----------------------------------+----------------------------------+ +| `` | Default compliance manager with | +| spp.compliance.manager.default`` | CEL support | ++----------------------------------+----------------------------------+ +| ``spp.program.fund`` | Tracks program budget and fund | +| | utilization | ++----------------------------------+----------------------------------+ +| ``spp.program.fund.report.view`` | Fund balance reporting view | ++----------------------------------+----------------------------------+ +| ``sp | Tracks duplicate membership | +| p.program.membership.duplicate`` | records | ++----------------------------------+----------------------------------+ Configuration ~~~~~~~~~~~~~ @@ -192,29 +192,30 @@ UI Location Security ~~~~~~~~ -+------------------------------------------------+----------------------------------+ -| Group | Access | -+================================================+==================================+ -| ``spp_programs.group_programs_viewer`` | Read-only on all program data | -+------------------------------------------------+----------------------------------+ -| ``spp_programs.group_programs_officer`` | Read/write/create on all models | -| | (no delete) | -+------------------------------------------------+----------------------------------+ -| ``spp_programs.group_programs_manager`` | Full CRUD on cycles and | -| | memberships, RWC on programs (no | -| | program delete) | -+------------------------------------------------+----------------------------------+ -| ``spp_programs.group_programs_validator`` | Read/write/create on | -| | entitlements and cycles (finance | -| | validation role) | -+------------------------------------------------+----------------------------------+ -| ``spp_programs.group_programs_cycle_approver`` | Read/write/create on | -| | entitlements and cycles | -| | (approval role) | -+------------------------------------------------+----------------------------------+ -| ``spp_programs.group_programs_rejector`` | Read/write/create on | -| | entitlements (rejection role) | -+------------------------------------------------+----------------------------------+ ++----------------------------------+----------------------------------+ +| Group | Access | ++==================================+==================================+ +| ``spp_ | Read-only on all program data | +| programs.group_programs_viewer`` | | ++----------------------------------+----------------------------------+ +| ``spp_p | Read/write/create on all models | +| rograms.group_programs_officer`` | (no delete) | ++----------------------------------+----------------------------------+ +| ``spp_p | Full CRUD on cycles and | +| rograms.group_programs_manager`` | memberships, RWC on programs (no | +| | program delete) | ++----------------------------------+----------------------------------+ +| ``spp_pro | Read/write/create on | +| grams.group_programs_validator`` | entitlements and cycles (finance | +| | validation role) | ++----------------------------------+----------------------------------+ +| ``spp_programs | Read/write/create on | +| .group_programs_cycle_approver`` | entitlements and cycles | +| | (approval role) | ++----------------------------------+----------------------------------+ +| ``spp_pr | Read/write/create on | +| ograms.group_programs_rejector`` | entitlements (rejection role) | ++----------------------------------+----------------------------------+ Extension Points ~~~~~~~~~~~~~~~~ diff --git a/spp_programs/__manifest__.py b/spp_programs/__manifest__.py index 99465c8e..45ef9101 100644 --- a/spp_programs/__manifest__.py +++ b/spp_programs/__manifest__.py @@ -4,7 +4,7 @@ "name": "OpenSPP Programs", "summary": "Manage programs, cycles, beneficiary enrollment, entitlements (cash and in-kind), payments, and fund tracking for social protection.", "category": "OpenSPP/Core", - "version": "19.0.2.1.0", + "version": "19.0.2.1.1", "sequence": 1, "author": "OpenSPP.org", "website": "https://github.com/OpenSPP/OpenSPP2", @@ -27,6 +27,8 @@ "spp_user_roles", "spp_base_common", "spp_approval", + "spp_hazard", + "spp_gis_report", # CEL core libraries for expression-based managers "spp_cel_domain", "spp_cel_widget", diff --git a/spp_programs/data/user_roles.xml b/spp_programs/data/user_roles.xml index 66b6df1a..2337f847 100644 --- a/spp_programs/data/user_roles.xml +++ b/spp_programs/data/user_roles.xml @@ -12,6 +12,10 @@ eval="[ Command.link(ref('base.group_user')), Command.link(ref('group_programs_viewer')), + Command.link(ref('spp_registry.group_registry_viewer')), + Command.link(ref('spp_approval.group_approval_viewer')), + Command.link(ref('spp_hazard.group_hazard_viewer')), + Command.link(ref('spp_gis_report.group_gis_report_user')), ]" /> @@ -68,6 +72,8 @@ Command.link(ref('spp_registry.group_registry_viewer')), Command.link(ref('spp_registry.group_registry_write')), Command.link(ref('spp_approval.group_approval_approver')), + Command.link(ref('spp_hazard.group_hazard_viewer')), + Command.link(ref('spp_gis_report.group_gis_report_user')), ]" /> @@ -87,6 +93,8 @@ Command.link(ref('spp_registry.group_registry_viewer')), Command.link(ref('spp_registry.group_registry_write')), Command.link(ref('spp_approval.group_approval_approver')), + Command.link(ref('spp_hazard.group_hazard_viewer')), + Command.link(ref('spp_gis_report.group_gis_report_user')), ]" /> diff --git a/spp_programs/readme/HISTORY.md b/spp_programs/readme/HISTORY.md index 9c79790f..8f94f1a9 100644 --- a/spp_programs/readme/HISTORY.md +++ b/spp_programs/readme/HISTORY.md @@ -1,3 +1,7 @@ +### 19.0.2.1.1 + +- fix(security): align Program Viewer / Validator / Cycle Approver roles with the OP#951 menu audit — Program Viewer additionally gets `group_registry_viewer` + `group_approval_viewer` (read-only Registry + Approvals access); all three program roles get `group_hazard_viewer` + `group_gis_report_user` so they retain Hazard / GIS Reports visibility once those menu roots are gated. Adds `spp_hazard` and `spp_gis_report` to module dependencies. + ### 19.0.2.0.11 - Fix `TypeError: 'NoneType' object is not iterable` when clicking **Enroll Eligible** on programs with at least 200 beneficiaries (async dispatch path) diff --git a/spp_programs/static/description/index.html b/spp_programs/static/description/index.html index 1ed447a1..a53a3b59 100644 --- a/spp_programs/static/description/index.html +++ b/spp_programs/static/description/index.html @@ -405,8 +405,8 @@

Key Capabilities

Key Models

--++ @@ -454,11 +454,13 @@

Key Models

- + - + @@ -466,7 +468,8 @@

Key Models

- + @@ -486,19 +489,23 @@

Key Models

- + - + - + - + @@ -506,7 +513,8 @@

Key Models

- + @@ -514,7 +522,8 @@

Key Models

- + @@ -525,7 +534,8 @@

Key Models

- + @@ -580,8 +590,8 @@

UI Location

Security

Model Wrapper for eligibility manager implementations
spp.program.membership.manager
`` +spp.program.membership.manager`` Base eligibility manager (abstract)
spp.program.membership.manager.default
spp.prog +ram.membership.manager.default Default eligibility implementation
Wrapper for deduplication manager implementations
spp.program.notification.manager
sp +p.program.notification.manager Notification manager for beneficiary communications
Default cycle manager implementation
spp.program.entitlement.manager
s +pp.program.entitlement.manager Wrapper for entitlement manager implementations
spp.program.entitlement.manager.default
spp.progr +am.entitlement.manager.default Default entitlement manager implementation
spp.program.entitlement.manager.cash
spp.pr +ogram.entitlement.manager.cash Cash entitlement manager with amount calculation
spp.program.entitlement.manager.inkind
spp.prog +ram.entitlement.manager.inkind In-kind entitlement manager with product configuration
Wrapper for payment manager implementations
spp.program.payment.manager.default
spp.p +rogram.payment.manager.default Default payment manager implementation
Wrapper for compliance manager implementations
spp.compliance.manager.default
`` +spp.compliance.manager.default`` Default compliance manager with CEL support
spp.program.fund.report.view Fund balance reporting view
spp.program.membership.duplicate
sp +p.program.membership.duplicate Tracks duplicate membership records
--++ @@ -589,29 +599,35 @@

Security

- + - + - + - + - + - + diff --git a/spp_service_points/__manifest__.py b/spp_service_points/__manifest__.py index 43056d61..587accce 100644 --- a/spp_service_points/__manifest__.py +++ b/spp_service_points/__manifest__.py @@ -4,7 +4,7 @@ { "name": "OpenSPP Service Points Management", "category": "OpenSPP", - "version": "19.0.2.0.0", + "version": "19.0.2.0.1", "sequence": "1", "author": "OpenSPP.org", "website": "https://github.com/OpenSPP/OpenSPP2", @@ -23,6 +23,7 @@ ], "data": [ "data/vocabularies.xml", + "data/user_roles.xml", "security/privileges.xml", "security/security_group.xml", "security/ir.model.access.csv", diff --git a/spp_service_points/data/user_roles.xml b/spp_service_points/data/user_roles.xml new file mode 100644 index 00000000..356d3fa5 --- /dev/null +++ b/spp_service_points/data/user_roles.xml @@ -0,0 +1,23 @@ + + + + + + + + + + diff --git a/spp_service_points/readme/HISTORY.md b/spp_service_points/readme/HISTORY.md index 4aaf9afe..b3b62de3 100644 --- a/spp_service_points/readme/HISTORY.md +++ b/spp_service_points/readme/HISTORY.md @@ -1,3 +1,7 @@ +### 19.0.2.0.1 + +- fix(security): grant `group_service_points_viewer` to spp_user_roles' Global Registrar and Local Registrar roles so they can browse service points per the OP#951 menu audit. + ### 19.0.2.0.0 - Initial migration to OpenSPP2 From f8b920ef758f80ae47bdeb2c78a55e616c77386a Mon Sep 17 00:00:00 2001 From: emjay0921 Date: Mon, 11 May 2026 12:22:49 +0800 Subject: [PATCH 02/14] fix(roles): load user_roles.xml after security/groups.xml (OP#951 PR-A) Modules spp_area and spp_service_points had data/user_roles.xml listed before security/groups.xml in __manifest__.py, so when the role file tried to ref('group_area_viewer') / ref('group_service_points_viewer') the group records didn't exist yet, raising: ValueError: External ID not found in the system: spp_area.group_area_viewer Move user_roles.xml after the security/ entries so the local group XIDs resolve. spp_hazard and spp_gis_report already had the correct order. --- spp_area/__manifest__.py | 2 +- spp_service_points/__manifest__.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/spp_area/__manifest__.py b/spp_area/__manifest__.py index b1e87cc8..ea8d9533 100644 --- a/spp_area/__manifest__.py +++ b/spp_area/__manifest__.py @@ -30,10 +30,10 @@ "data/area_type_data.xml", "data/area_tag_data.xml", "data/queue_limit_data.xml", - "data/user_roles.xml", "security/privileges.xml", "security/groups.xml", "security/ir.model.access.csv", + "data/user_roles.xml", "wizard/area_import_language_wizard_views.xml", "views/area_base.xml", "views/area_tag.xml", diff --git a/spp_service_points/__manifest__.py b/spp_service_points/__manifest__.py index 587accce..833022d8 100644 --- a/spp_service_points/__manifest__.py +++ b/spp_service_points/__manifest__.py @@ -23,11 +23,11 @@ ], "data": [ "data/vocabularies.xml", - "data/user_roles.xml", "security/privileges.xml", "security/security_group.xml", "security/ir.model.access.csv", "security/record_rules.xml", + "data/user_roles.xml", "views/main_view.xml", "views/group_views.xml", "views/service_points_view.xml", From 100ba934298726a36fcdfe3ae89e4bb3324c36b6 Mon Sep 17 00:00:00 2001 From: emjay0921 Date: Mon, 11 May 2026 12:33:13 +0800 Subject: [PATCH 03/14] chore(roles): regenerate READMEs to match CI docutils output (OP#951 PR-A) --- spp_area/README.rst | 8 + spp_area/static/description/index.html | 9 + spp_change_request_v2/README.rst | 11 + .../static/description/index.html | 18 +- spp_farmer_registry/README.rst | 10 + .../static/description/index.html | 11 + spp_gis_report/README.rst | 8 + spp_gis_report/static/description/index.html | 9 + spp_hazard/README.rst | 9 + spp_hazard/static/description/index.html | 10 + spp_programs/README.rst | 236 +++++++++--------- spp_programs/static/description/index.html | 90 ++++--- spp_service_points/README.rst | 7 + .../static/description/index.html | 8 + 14 files changed, 281 insertions(+), 163 deletions(-) diff --git a/spp_area/README.rst b/spp_area/README.rst index bd8dfabb..3798a92b 100644 --- a/spp_area/README.rst +++ b/spp_area/README.rst @@ -140,6 +140,14 @@ Dependencies Changelog ========= +19.0.2.0.1 +~~~~~~~~~~ + +- fix(security): grant ``group_area_viewer`` (read-only) to + spp_user_roles support roles (Global Support, Global Support Manager, + Local Support) so they can browse area records per the OP#951 menu + audit. + 19.0.2.0.0 ~~~~~~~~~~ diff --git a/spp_area/static/description/index.html b/spp_area/static/description/index.html index 131f7568..c560d902 100644 --- a/spp_area/static/description/index.html +++ b/spp_area/static/description/index.html @@ -537,6 +537,15 @@

Changelog

+

19.0.2.0.1

+
    +
  • fix(security): grant group_area_viewer (read-only) to +spp_user_roles support roles (Global Support, Global Support Manager, +Local Support) so they can browse area records per the OP#951 menu +audit.
    • +
+
+

19.0.2.0.0

  • Initial migration to OpenSPP2
    • diff --git a/spp_change_request_v2/README.rst b/spp_change_request_v2/README.rst index 346551e7..79f32813 100644 --- a/spp_change_request_v2/README.rst +++ b/spp_change_request_v2/README.rst @@ -853,6 +853,17 @@ Before declaring a new CR type complete: Changelog ========= +19.0.2.0.4 +~~~~~~~~~~ + +- fix(security): align CR Requestor / CR Local Validator / CR HQ + Validator roles with the OP#951 menu audit — replace the + ``spp_registry.group_registry_read`` (Tier-3, no menu) link with + ``spp_registry.group_registry_viewer`` so these roles see the Registry + menu; add ``spp_hazard.group_hazard_viewer`` so they retain Hazard + visibility once the menu root is gated. Adds ``spp_hazard`` to module + dependencies. + 19.0.2.0.3 ~~~~~~~~~~ diff --git a/spp_change_request_v2/static/description/index.html b/spp_change_request_v2/static/description/index.html index f8bf3e1a..9aed876c 100644 --- a/spp_change_request_v2/static/description/index.html +++ b/spp_change_request_v2/static/description/index.html @@ -1339,26 +1339,38 @@

    Changelog

+

19.0.2.0.4

+
    +
  • fix(security): align CR Requestor / CR Local Validator / CR HQ +Validator roles with the OP#951 menu audit — replace the +spp_registry.group_registry_read (Tier-3, no menu) link with +spp_registry.group_registry_viewer so these roles see the Registry +menu; add spp_hazard.group_hazard_viewer so they retain Hazard +visibility once the menu root is gated. Adds spp_hazard to module +dependencies.
    • +
+
+

19.0.2.0.3

  • fix: add HTML escaping to all computed Html fields with sanitize=False to prevent stored XSS (#50)
-
+

19.0.2.0.2

  • fix: fix batch approval wizard line deletion (#130)
-
+

19.0.2.0.1

  • fix: skip field types before getattr and isolate detail prefetch (#129)
-
+

19.0.2.0.0

  • Initial migration to OpenSPP2
    • diff --git a/spp_farmer_registry/README.rst b/spp_farmer_registry/README.rst index 2fcf81d3..aeee7f94 100644 --- a/spp_farmer_registry/README.rst +++ b/spp_farmer_registry/README.rst @@ -68,6 +68,16 @@ Model Description Changelog ========= +19.0.2.0.1 +~~~~~~~~~~ + +- fix(security): align Farm User / Farm Manager roles with the OP#951 + menu audit — both farm roles now imply + ``spp_hazard.group_hazard_viewer`` and + ``spp_gis_report.group_gis_report_user`` so they retain Hazard and GIS + Reports menu visibility once those menu roots are gated. Adds + ``spp_hazard`` and ``spp_gis_report`` to module dependencies. + 19.0.2.0.0 ~~~~~~~~~~ diff --git a/spp_farmer_registry/static/description/index.html b/spp_farmer_registry/static/description/index.html index e6e1770a..5e63b280 100644 --- a/spp_farmer_registry/static/description/index.html +++ b/spp_farmer_registry/static/description/index.html @@ -436,6 +436,17 @@

    Changelog

+

19.0.2.0.1

+
    +
  • fix(security): align Farm User / Farm Manager roles with the OP#951 +menu audit — both farm roles now imply +spp_hazard.group_hazard_viewer and +spp_gis_report.group_gis_report_user so they retain Hazard and GIS +Reports menu visibility once those menu roots are gated. Adds +spp_hazard and spp_gis_report to module dependencies.
    • +
+
+

19.0.2.0.0

  • Initial migration to OpenSPP2
    • diff --git a/spp_gis_report/README.rst b/spp_gis_report/README.rst index 4c2b22e7..e05b4ff4 100644 --- a/spp_gis_report/README.rst +++ b/spp_gis_report/README.rst @@ -151,6 +151,14 @@ Dependencies Changelog ========= +19.0.2.0.1 +~~~~~~~~~~ + +- fix(security): grant ``group_gis_report_user`` to spp_user_roles' + Global Program Manager role so the OP#951 menu audit expectation + (Program Manager sees GIS Reports) is preserved once the GIS Reports + menu root is gated. + 19.0.2.0.0 ~~~~~~~~~~ diff --git a/spp_gis_report/static/description/index.html b/spp_gis_report/static/description/index.html index 84ca57a7..3b0bc139 100644 --- a/spp_gis_report/static/description/index.html +++ b/spp_gis_report/static/description/index.html @@ -531,6 +531,15 @@

    Changelog

+

19.0.2.0.1

+
    +
  • fix(security): grant group_gis_report_user to spp_user_roles’ +Global Program Manager role so the OP#951 menu audit expectation +(Program Manager sees GIS Reports) is preserved once the GIS Reports +menu root is gated.
    • +
+
+

19.0.2.0.0

  • Initial migration to OpenSPP2
    • diff --git a/spp_hazard/README.rst b/spp_hazard/README.rst index 292a70e4..24052d70 100644 --- a/spp_hazard/README.rst +++ b/spp_hazard/README.rst @@ -1187,6 +1187,15 @@ encounter unexpected behavior, please report it as a new issue. Changelog ========= +19.0.2.0.1 +~~~~~~~~~~ + +- fix(security): grant ``group_hazard_viewer`` to spp_user_roles roles + (Registry Viewer, Program Manager, Global/Local Registrar) that the + OP#951 menu audit identifies as needing read-only Hazard menu access. + Other affected roles defined outside this module (program/CR/farm + roles) are wired in their own modules. + 19.0.2.0.0 ~~~~~~~~~~ diff --git a/spp_hazard/static/description/index.html b/spp_hazard/static/description/index.html index 1a67aebe..939dc831 100644 --- a/spp_hazard/static/description/index.html +++ b/spp_hazard/static/description/index.html @@ -2455,6 +2455,16 @@

    Changelog

+

19.0.2.0.1

+
    +
  • fix(security): grant group_hazard_viewer to spp_user_roles roles +(Registry Viewer, Program Manager, Global/Local Registrar) that the +OP#951 menu audit identifies as needing read-only Hazard menu access. +Other affected roles defined outside this module (program/CR/farm +roles) are wired in their own modules.
    • +
+
+

19.0.2.0.0

  • Initial migration to OpenSPP2
    • diff --git a/spp_programs/README.rst b/spp_programs/README.rst index 42eb990d..16fdc3ce 100644 --- a/spp_programs/README.rst +++ b/spp_programs/README.rst @@ -56,95 +56,95 @@ Key Capabilities Key Models ~~~~~~~~~~ -+----------------------------------+----------------------------------+ -| Model | Description | -+==================================+==================================+ -| ``spp.program`` | Main program with managers, | -| | target type, and funding | -+----------------------------------+----------------------------------+ -| ``spp.cycle`` | Time-bound distribution cycle | -| | within a program | -+----------------------------------+----------------------------------+ -| ``spp.program.membership`` | Enrolls registrant in program | -| | with state tracking | -+----------------------------------+----------------------------------+ -| ``spp.cycle.membership`` | Links registrant to specific | -| | cycle for entitlement prep | -+----------------------------------+----------------------------------+ -| ``spp.entitlement`` | Cash entitlement with approval | -| | workflow | -+----------------------------------+----------------------------------+ -| ``spp.entitlement.inkind`` | In-kind entitlement with | -| | product, quantity, warehouse | -+----------------------------------+----------------------------------+ -| ``spp.payment`` | Individual payment linked to | -| | cash entitlement | -+----------------------------------+----------------------------------+ -| ``spp.payment.batch`` | Groups payments for batch | -| | processing and reconciliation | -+----------------------------------+----------------------------------+ -| ``spp.payment.batch.tag`` | Tags for categorizing payment | -| | batches | -+----------------------------------+----------------------------------+ -| ``spp.eligibility.manager`` | Wrapper for eligibility manager | -| | implementations | -+----------------------------------+----------------------------------+ -| `` | Base eligibility manager | -| spp.program.membership.manager`` | (abstract) | -+----------------------------------+----------------------------------+ -| ``spp.prog | Default eligibility | -| ram.membership.manager.default`` | implementation | -+----------------------------------+----------------------------------+ -| ``spp.deduplication.manager`` | Wrapper for deduplication | -| | manager implementations | -+----------------------------------+----------------------------------+ -| ``sp | Notification manager for | -| p.program.notification.manager`` | beneficiary communications | -+----------------------------------+----------------------------------+ -| ``spp.program.manager`` | Wrapper for program lifecycle | -| | manager implementations | -+----------------------------------+----------------------------------+ -| ``spp.program.manager.default`` | Default program manager | -| | implementation | -+----------------------------------+----------------------------------+ -| ``spp.cycle.manager`` | Wrapper for cycle manager | -| | implementations | -+----------------------------------+----------------------------------+ -| ``spp.cycle.manager.default`` | Default cycle manager | -| | implementation | -+----------------------------------+----------------------------------+ -| ``s | Wrapper for entitlement manager | -| pp.program.entitlement.manager`` | implementations | -+----------------------------------+----------------------------------+ -| ``spp.progr | Default entitlement manager | -| am.entitlement.manager.default`` | implementation | -+----------------------------------+----------------------------------+ -| ``spp.pr | Cash entitlement manager with | -| ogram.entitlement.manager.cash`` | amount calculation | -+----------------------------------+----------------------------------+ -| ``spp.prog | In-kind entitlement manager with | -| ram.entitlement.manager.inkind`` | product configuration | -+----------------------------------+----------------------------------+ -| ``spp.program.payment.manager`` | Wrapper for payment manager | -| | implementations | -+----------------------------------+----------------------------------+ -| ``spp.p | Default payment manager | -| rogram.payment.manager.default`` | implementation | -+----------------------------------+----------------------------------+ -| ``spp.compliance.manager`` | Wrapper for compliance manager | -| | implementations | -+----------------------------------+----------------------------------+ -| `` | Default compliance manager with | -| spp.compliance.manager.default`` | CEL support | -+----------------------------------+----------------------------------+ -| ``spp.program.fund`` | Tracks program budget and fund | -| | utilization | -+----------------------------------+----------------------------------+ -| ``spp.program.fund.report.view`` | Fund balance reporting view | -+----------------------------------+----------------------------------+ -| ``sp | Tracks duplicate membership | -| p.program.membership.duplicate`` | records | -+----------------------------------+----------------------------------+ ++---------------------------------------------+----------------------------------+ +| Model | Description | ++=============================================+==================================+ +| ``spp.program`` | Main program with managers, | +| | target type, and funding | ++---------------------------------------------+----------------------------------+ +| ``spp.cycle`` | Time-bound distribution cycle | +| | within a program | ++---------------------------------------------+----------------------------------+ +| ``spp.program.membership`` | Enrolls registrant in program | +| | with state tracking | ++---------------------------------------------+----------------------------------+ +| ``spp.cycle.membership`` | Links registrant to specific | +| | cycle for entitlement prep | ++---------------------------------------------+----------------------------------+ +| ``spp.entitlement`` | Cash entitlement with approval | +| | workflow | ++---------------------------------------------+----------------------------------+ +| ``spp.entitlement.inkind`` | In-kind entitlement with | +| | product, quantity, warehouse | ++---------------------------------------------+----------------------------------+ +| ``spp.payment`` | Individual payment linked to | +| | cash entitlement | ++---------------------------------------------+----------------------------------+ +| ``spp.payment.batch`` | Groups payments for batch | +| | processing and reconciliation | ++---------------------------------------------+----------------------------------+ +| ``spp.payment.batch.tag`` | Tags for categorizing payment | +| | batches | ++---------------------------------------------+----------------------------------+ +| ``spp.eligibility.manager`` | Wrapper for eligibility manager | +| | implementations | ++---------------------------------------------+----------------------------------+ +| ``spp.program.membership.manager`` | Base eligibility manager | +| | (abstract) | ++---------------------------------------------+----------------------------------+ +| ``spp.program.membership.manager.default`` | Default eligibility | +| | implementation | ++---------------------------------------------+----------------------------------+ +| ``spp.deduplication.manager`` | Wrapper for deduplication | +| | manager implementations | ++---------------------------------------------+----------------------------------+ +| ``spp.program.notification.manager`` | Notification manager for | +| | beneficiary communications | ++---------------------------------------------+----------------------------------+ +| ``spp.program.manager`` | Wrapper for program lifecycle | +| | manager implementations | ++---------------------------------------------+----------------------------------+ +| ``spp.program.manager.default`` | Default program manager | +| | implementation | ++---------------------------------------------+----------------------------------+ +| ``spp.cycle.manager`` | Wrapper for cycle manager | +| | implementations | ++---------------------------------------------+----------------------------------+ +| ``spp.cycle.manager.default`` | Default cycle manager | +| | implementation | ++---------------------------------------------+----------------------------------+ +| ``spp.program.entitlement.manager`` | Wrapper for entitlement manager | +| | implementations | ++---------------------------------------------+----------------------------------+ +| ``spp.program.entitlement.manager.default`` | Default entitlement manager | +| | implementation | ++---------------------------------------------+----------------------------------+ +| ``spp.program.entitlement.manager.cash`` | Cash entitlement manager with | +| | amount calculation | ++---------------------------------------------+----------------------------------+ +| ``spp.program.entitlement.manager.inkind`` | In-kind entitlement manager with | +| | product configuration | ++---------------------------------------------+----------------------------------+ +| ``spp.program.payment.manager`` | Wrapper for payment manager | +| | implementations | ++---------------------------------------------+----------------------------------+ +| ``spp.program.payment.manager.default`` | Default payment manager | +| | implementation | ++---------------------------------------------+----------------------------------+ +| ``spp.compliance.manager`` | Wrapper for compliance manager | +| | implementations | ++---------------------------------------------+----------------------------------+ +| ``spp.compliance.manager.default`` | Default compliance manager with | +| | CEL support | ++---------------------------------------------+----------------------------------+ +| ``spp.program.fund`` | Tracks program budget and fund | +| | utilization | ++---------------------------------------------+----------------------------------+ +| ``spp.program.fund.report.view`` | Fund balance reporting view | ++---------------------------------------------+----------------------------------+ +| ``spp.program.membership.duplicate`` | Tracks duplicate membership | +| | records | ++---------------------------------------------+----------------------------------+ Configuration ~~~~~~~~~~~~~ @@ -192,30 +192,29 @@ UI Location Security ~~~~~~~~ -+----------------------------------+----------------------------------+ -| Group | Access | -+==================================+==================================+ -| ``spp_ | Read-only on all program data | -| programs.group_programs_viewer`` | | -+----------------------------------+----------------------------------+ -| ``spp_p | Read/write/create on all models | -| rograms.group_programs_officer`` | (no delete) | -+----------------------------------+----------------------------------+ -| ``spp_p | Full CRUD on cycles and | -| rograms.group_programs_manager`` | memberships, RWC on programs (no | -| | program delete) | -+----------------------------------+----------------------------------+ -| ``spp_pro | Read/write/create on | -| grams.group_programs_validator`` | entitlements and cycles (finance | -| | validation role) | -+----------------------------------+----------------------------------+ -| ``spp_programs | Read/write/create on | -| .group_programs_cycle_approver`` | entitlements and cycles | -| | (approval role) | -+----------------------------------+----------------------------------+ -| ``spp_pr | Read/write/create on | -| ograms.group_programs_rejector`` | entitlements (rejection role) | -+----------------------------------+----------------------------------+ ++------------------------------------------------+----------------------------------+ +| Group | Access | ++================================================+==================================+ +| ``spp_programs.group_programs_viewer`` | Read-only on all program data | ++------------------------------------------------+----------------------------------+ +| ``spp_programs.group_programs_officer`` | Read/write/create on all models | +| | (no delete) | ++------------------------------------------------+----------------------------------+ +| ``spp_programs.group_programs_manager`` | Full CRUD on cycles and | +| | memberships, RWC on programs (no | +| | program delete) | ++------------------------------------------------+----------------------------------+ +| ``spp_programs.group_programs_validator`` | Read/write/create on | +| | entitlements and cycles (finance | +| | validation role) | ++------------------------------------------------+----------------------------------+ +| ``spp_programs.group_programs_cycle_approver`` | Read/write/create on | +| | entitlements and cycles | +| | (approval role) | ++------------------------------------------------+----------------------------------+ +| ``spp_programs.group_programs_rejector`` | Read/write/create on | +| | entitlements (rejection role) | ++------------------------------------------------+----------------------------------+ Extension Points ~~~~~~~~~~~~~~~~ @@ -255,6 +254,17 @@ Dependencies Changelog ========= +19.0.2.1.1 +~~~~~~~~~~ + +- fix(security): align Program Viewer / Validator / Cycle Approver roles + with the OP#951 menu audit — Program Viewer additionally gets + ``group_registry_viewer`` + ``group_approval_viewer`` (read-only + Registry + Approvals access); all three program roles get + ``group_hazard_viewer`` + ``group_gis_report_user`` so they retain + Hazard / GIS Reports visibility once those menu roots are gated. Adds + ``spp_hazard`` and ``spp_gis_report`` to module dependencies. + 19.0.2.0.11 ~~~~~~~~~~~ diff --git a/spp_programs/static/description/index.html b/spp_programs/static/description/index.html index a53a3b59..6de041b2 100644 --- a/spp_programs/static/description/index.html +++ b/spp_programs/static/description/index.html @@ -405,8 +405,8 @@

    Key Capabilities

    Key Models

Group
spp_programs.group_programs_viewer
spp_ +programs.group_programs_viewer Read-only on all program data
spp_programs.group_programs_officer
spp_p +rograms.group_programs_officer Read/write/create on all models (no delete)
spp_programs.group_programs_manager
spp_p +rograms.group_programs_manager Full CRUD on cycles and memberships, RWC on programs (no program delete)
spp_programs.group_programs_validator
spp_pro +grams.group_programs_validator Read/write/create on entitlements and cycles (finance validation role)
spp_programs.group_programs_cycle_approver
spp_programs +.group_programs_cycle_approver Read/write/create on entitlements and cycles (approval role)
spp_programs.group_programs_rejector
spp_pr +ograms.group_programs_rejector Read/write/create on entitlements (rejection role)
--++ @@ -454,13 +454,11 @@

Key Models

- + - + @@ -468,8 +466,7 @@

Key Models

- + @@ -489,23 +486,19 @@

Key Models

- + - + - + - + @@ -513,8 +506,7 @@

Key Models

- + @@ -522,8 +514,7 @@

Key Models

- + @@ -534,8 +525,7 @@

Key Models

- + @@ -590,8 +580,8 @@

UI Location

Security

Model Wrapper for eligibility manager implementations
`` -spp.program.membership.manager``
spp.program.membership.manager Base eligibility manager (abstract)
spp.prog -ram.membership.manager.default
spp.program.membership.manager.default Default eligibility implementation
Wrapper for deduplication manager implementations
sp -p.program.notification.manager
spp.program.notification.manager Notification manager for beneficiary communications
Default cycle manager implementation
s -pp.program.entitlement.manager
spp.program.entitlement.manager Wrapper for entitlement manager implementations
spp.progr -am.entitlement.manager.default
spp.program.entitlement.manager.default Default entitlement manager implementation
spp.pr -ogram.entitlement.manager.cash
spp.program.entitlement.manager.cash Cash entitlement manager with amount calculation
spp.prog -ram.entitlement.manager.inkind
spp.program.entitlement.manager.inkind In-kind entitlement manager with product configuration
Wrapper for payment manager implementations
spp.p -rogram.payment.manager.default
spp.program.payment.manager.default Default payment manager implementation
Wrapper for compliance manager implementations
`` -spp.compliance.manager.default``
spp.compliance.manager.default Default compliance manager with CEL support
spp.program.fund.report.view Fund balance reporting view
sp -p.program.membership.duplicate
spp.program.membership.duplicate Tracks duplicate membership records
--++ @@ -599,35 +589,29 @@

Security

- + - + - + - + - + - + @@ -674,6 +658,18 @@

Changelog

+

19.0.2.1.1

+ +
+

19.0.2.0.11

-
+

19.0.2.0.10

  • Increase parallel-safe channel limits (cycle, eligibility_manager, @@ -697,7 +693,7 @@

    19.0.2.0.10

    submission on double-click
-
+

19.0.2.0.9

  • Add context flags (skip_registrant_statistics, @@ -710,7 +706,7 @@

    19.0.2.0.9

    _compute_has_members
-
+

19.0.2.0.8

  • Replace OFFSET pagination with NTILE-based ID-range batching in all @@ -721,7 +717,7 @@

    19.0.2.0.8

    program and cycle
-
+

19.0.2.0.7

  • Bulk membership creation using raw SQL INSERT ON CONFLICT DO NOTHING @@ -730,7 +726,7 @@

    19.0.2.0.7

    _add_beneficiaries with bulk SQL path
-
+

19.0.2.0.6

  • Remove unused entitlement_base_model.py (dead code, never imported)
    • @@ -739,34 +735,34 @@

    19.0.2.0.6

    payment, and fund tests (172 → 492 tests)
-
+

19.0.2.0.5

  • Batch create entitlements and payments instead of one-by-one ORM creates
-
+

19.0.2.0.4

  • Fetch fund balance once per approval batch instead of per entitlement
-
+

19.0.2.0.3

  • Replace cycle computed fields (total_amount, entitlements_count, approval flags) with SQL aggregation queries
-
+

19.0.2.0.2

  • Add composite indexes for frequent query patterns on entitlements and program memberships
-
+

19.0.2.0.1

  • Replace Python-level uniqueness checks with SQL UNIQUE constraints for @@ -775,7 +771,7 @@

    19.0.2.0.1

    constraint creation
-
+

19.0.2.0.0

  • Initial migration to OpenSPP2
    • diff --git a/spp_service_points/README.rst b/spp_service_points/README.rst index 509ce483..5e874670 100644 --- a/spp_service_points/README.rst +++ b/spp_service_points/README.rst @@ -123,6 +123,13 @@ Dependencies Changelog ========= +19.0.2.0.1 +~~~~~~~~~~ + +- fix(security): grant ``group_service_points_viewer`` to + spp_user_roles' Global Registrar and Local Registrar roles so they can + browse service points per the OP#951 menu audit. + 19.0.2.0.0 ~~~~~~~~~~ diff --git a/spp_service_points/static/description/index.html b/spp_service_points/static/description/index.html index 3b286164..72f89926 100644 --- a/spp_service_points/static/description/index.html +++ b/spp_service_points/static/description/index.html @@ -517,6 +517,14 @@

    Changelog

+

19.0.2.0.1

+
    +
  • fix(security): grant group_service_points_viewer to +spp_user_roles’ Global Registrar and Local Registrar roles so they can +browse service points per the OP#951 menu audit.
    • +
+
+

19.0.2.0.0

  • Initial migration to OpenSPP2
    • From b4f39f7e5c1b356683a75009b582b0384d6b912d Mon Sep 17 00:00:00 2001 From: emjay0921 Date: Mon, 11 May 2026 13:18:52 +0800 Subject: [PATCH 04/14] fix(roles): gate Hazard/GIS Reports/GRM menu roots + Cycle Approver Tier-3 swap (OP#951 PR-B/C) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Completes the OP#951 menu audit on top of the additive role changes in 82d62aea / f8b920ef / 100ba934. Two structural changes: PR-B — top-level menu gating (3 modules): - spp_hazard/views/menu.xml: add groups='spp_hazard.group_hazard_viewer' to hazard_main_menu_root. Was previously visible to every logged-in user (no groups= attribute). - spp_gis_report/views/menu.xml: add groups='spp_gis_report.group_gis_report_user' to menu_gis_report_root. Same — previously ungated. - spp_grm/views/grm_ticket_menu.xml: add groups='spp_grm.group_grm_viewer' to spp_grm_ticket_main_menu. Same — previously ungated. Combined with PR-A's role additions, the audit's no-entries (Hazard / GIS Reports / GRM hidden from Finance, Support, Support Manager, Local Support, Registry Viewer for GIS, etc.) now take effect. PR-C — Global Program Cycle Approver Registry menu hide: - spp_programs/data/user_roles.xml: replace spp_registry.group_registry_viewer (Tier-2, gates menu) with spp_registry.group_registry_write (Tier-3, ACL-only) on Cycle Approver's implied_ids. Tier-3 transitively implies group_registry_read, so read+write data access via Programs cross-references is preserved — only the dedicated Registry top-level menu disappears, matching the audit's no for this role. Modules bumped: spp_grm 19.0.2.0.0 -> 19.0.2.0.1 with HISTORY entry. spp_hazard/spp_gis_report/spp_programs HISTORY entries extended under their existing 19.0.2.0.1 / 19.0.2.1.1 sections from PR-A. QA note: spp_programs/data/user_roles.xml uses noupdate='1'. The Cycle Approver group surgery only takes effect on FRESH install (resetdb + reinstall). Existing deployments need a migration script to call rec.implied_ids = [Command.unlink(ref('group_registry_viewer')), Command.link(ref('group_registry_write'))] manually. For QA via the standard wipe-and-reload flow this is not a concern. --- spp_gis_report/readme/HISTORY.md | 1 + spp_gis_report/views/menu.xml | 1 + spp_grm/README.rst | 54 +++++++++++++-------------- spp_grm/__manifest__.py | 2 +- spp_grm/readme/HISTORY.md | 4 ++ spp_grm/static/description/index.html | 4 +- spp_grm/views/grm_ticket_menu.xml | 1 + spp_hazard/readme/HISTORY.md | 1 + spp_hazard/views/menu.xml | 1 + spp_programs/data/user_roles.xml | 12 +++++- spp_programs/readme/HISTORY.md | 1 + 11 files changed, 51 insertions(+), 31 deletions(-) diff --git a/spp_gis_report/readme/HISTORY.md b/spp_gis_report/readme/HISTORY.md index b8710f16..d519fd50 100644 --- a/spp_gis_report/readme/HISTORY.md +++ b/spp_gis_report/readme/HISTORY.md @@ -1,6 +1,7 @@ ### 19.0.2.0.1 - fix(security): grant `group_gis_report_user` to spp_user_roles' Global Program Manager role so the OP#951 menu audit expectation (Program Manager sees GIS Reports) is preserved once the GIS Reports menu root is gated. +- fix(views): gate the "GIS Reports" top-level menu (`menu_gis_report_root`) on `group_gis_report_user`. Previously visible to every logged-in user; the OP#951 audit requires several roles to NOT see it (Registry Viewer, Global Finance, Global Support, Global Support Manager, Local Support, Global Registrar, Local Registrar, CR roles). ### 19.0.2.0.0 diff --git a/spp_gis_report/views/menu.xml b/spp_gis_report/views/menu.xml index 93b57139..328a7489 100644 --- a/spp_gis_report/views/menu.xml +++ b/spp_gis_report/views/menu.xml @@ -11,6 +11,7 @@ Part of OpenSPP. See LICENSE file for full copyright and licensing details. name="GIS Reports" web_icon="spp_gis_report,static/description/OpenSPP-GIS-Reports-Menu-Icons.png" sequence="50" + groups="spp_gis_report.group_gis_report_user" /> diff --git a/spp_grm/README.rst b/spp_grm/README.rst index c40c98e9..39121bb0 100644 --- a/spp_grm/README.rst +++ b/spp_grm/README.rst @@ -55,33 +55,33 @@ Key Capabilities Key Models ~~~~~~~~~~ -+--------------------------------+-------------------------------------+ -| Model | Description | -+================================+=====================================+ -| ``spp.grm.ticket`` | Main complaint/grievance with SLA | -| | tracking and decision fields | -+--------------------------------+-------------------------------------+ -| ``spp.grm.ticket.stage`` | Workflow stage with access control | -| | and closure configuration | -+--------------------------------+-------------------------------------+ -| ``spp.grm.ticket.category`` | Primary classification with | -| | hierarchical structure | -+--------------------------------+-------------------------------------+ -| ``spp.grm.ticket.subcategory`` | Second-level classification under | -| | category | -+--------------------------------+-------------------------------------+ -| ``spp.grm.team`` | Team of handlers with manager and | -| | geographic areas | -+--------------------------------+-------------------------------------+ -| ``spp.grm.sla.rule`` | Conditional SLA rules with | -| | escalation targets | -+--------------------------------+-------------------------------------+ -| ``spp.grm.ticket.tag`` | Tags for flexible ticket | -| | classification | -+--------------------------------+-------------------------------------+ -| ``spp.grm.ticket.channel`` | Communication channel (email, | -| | phone, walk-in, portal, etc.) | -+--------------------------------+-------------------------------------+ ++--------------------------------+------------------------------------+ +| Model | Description | ++================================+====================================+ +| ``spp.grm.ticket`` | Main complaint/grievance with SLA | +| | tracking and decision fields | ++--------------------------------+------------------------------------+ +| ``spp.grm.ticket.stage`` | Workflow stage with access control | +| | and closure configuration | ++--------------------------------+------------------------------------+ +| ``spp.grm.ticket.category`` | Primary classification with | +| | hierarchical structure | ++--------------------------------+------------------------------------+ +| ``spp.grm.ticket.subcategory`` | Second-level classification under | +| | category | ++--------------------------------+------------------------------------+ +| ``spp.grm.team`` | Team of handlers with manager and | +| | geographic areas | ++--------------------------------+------------------------------------+ +| ``spp.grm.sla.rule`` | Conditional SLA rules with | +| | escalation targets | ++--------------------------------+------------------------------------+ +| ``spp.grm.ticket.tag`` | Tags for flexible ticket | +| | classification | ++--------------------------------+------------------------------------+ +| ``spp.grm.ticket.channel`` | Communication channel (email, | +| | phone, walk-in, portal, etc.) | ++--------------------------------+------------------------------------+ Configuration ~~~~~~~~~~~~~ diff --git a/spp_grm/__manifest__.py b/spp_grm/__manifest__.py index f378571c..179c4300 100644 --- a/spp_grm/__manifest__.py +++ b/spp_grm/__manifest__.py @@ -3,7 +3,7 @@ { "name": "OpenSPP - Grievance Redress Mechanism", "summary": "Provides a centralized Grievance Redress Mechanism for receiving, tracking, and resolving beneficiary complaints and feedback. It supports multi-channel submission, manages resolution workflows through customizable stages, and links grievances directly to individual or group registrants.", - "version": "19.0.2.0.0", + "version": "19.0.2.0.1", "sequence": 1, "author": "OpenSPP.org", "website": "https://github.com/OpenSPP/OpenSPP2", diff --git a/spp_grm/readme/HISTORY.md b/spp_grm/readme/HISTORY.md index 4aaf9afe..ffafdb8f 100644 --- a/spp_grm/readme/HISTORY.md +++ b/spp_grm/readme/HISTORY.md @@ -1,3 +1,7 @@ +### 19.0.2.0.1 + +- fix(views): gate the "Helpdesk" top-level menu (`spp_grm_ticket_main_menu`) on `group_grm_viewer`. Previously the root menu had no `groups=` attribute and was visible to every logged-in user; the OP#951 menu audit requires several roles to NOT see it (Registry Viewer, Global Finance, Global Program Manager, Program Viewer/Validator/Cycle Approver, Global Registrar, CR roles, Farm User/Manager). + ### 19.0.2.0.0 - Initial migration to OpenSPP2 diff --git a/spp_grm/static/description/index.html b/spp_grm/static/description/index.html index 79ed528a..f39cff8e 100644 --- a/spp_grm/static/description/index.html +++ b/spp_grm/static/description/index.html @@ -404,8 +404,8 @@

    Key Capabilities

    Key Models

Group
spp_ -programs.group_programs_viewer
spp_programs.group_programs_viewer Read-only on all program data
spp_p -rograms.group_programs_officer
spp_programs.group_programs_officer Read/write/create on all models (no delete)
spp_p -rograms.group_programs_manager
spp_programs.group_programs_manager Full CRUD on cycles and memberships, RWC on programs (no program delete)
spp_pro -grams.group_programs_validator
spp_programs.group_programs_validator Read/write/create on entitlements and cycles (finance validation role)
spp_programs -.group_programs_cycle_approver
spp_programs.group_programs_cycle_approver Read/write/create on entitlements and cycles (approval role)
spp_pr -ograms.group_programs_rejector
spp_programs.group_programs_rejector Read/write/create on entitlements (rejection role)
--++ diff --git a/spp_grm/views/grm_ticket_menu.xml b/spp_grm/views/grm_ticket_menu.xml index 6dc40e4c..3a629d00 100644 --- a/spp_grm/views/grm_ticket_menu.xml +++ b/spp_grm/views/grm_ticket_menu.xml @@ -6,6 +6,7 @@ name="Helpdesk" sequence="16" web_icon="spp_grm,static/description/OpenSPP-Helpdesk2-Icons.png" + groups="spp_grm.group_grm_viewer" /> diff --git a/spp_programs/data/user_roles.xml b/spp_programs/data/user_roles.xml index 2337f847..0e429db7 100644 --- a/spp_programs/data/user_roles.xml +++ b/spp_programs/data/user_roles.xml @@ -79,6 +79,17 @@ + Global Program Cycle Approver global @@ -90,7 +101,6 @@ Command.link(ref('base.group_user')), Command.link(ref('spp_programs.group_programs_cycle_approver')), Command.link(ref('spp_programs.group_programs_viewer')), - Command.link(ref('spp_registry.group_registry_viewer')), Command.link(ref('spp_registry.group_registry_write')), Command.link(ref('spp_approval.group_approval_approver')), Command.link(ref('spp_hazard.group_hazard_viewer')), diff --git a/spp_programs/readme/HISTORY.md b/spp_programs/readme/HISTORY.md index 8f94f1a9..a05504a0 100644 --- a/spp_programs/readme/HISTORY.md +++ b/spp_programs/readme/HISTORY.md @@ -1,6 +1,7 @@ ### 19.0.2.1.1 - fix(security): align Program Viewer / Validator / Cycle Approver roles with the OP#951 menu audit — Program Viewer additionally gets `group_registry_viewer` + `group_approval_viewer` (read-only Registry + Approvals access); all three program roles get `group_hazard_viewer` + `group_gis_report_user` so they retain Hazard / GIS Reports visibility once those menu roots are gated. Adds `spp_hazard` and `spp_gis_report` to module dependencies. +- fix(security): hide the Registry top-level menu for Global Program Cycle Approver per the OP#951 audit. Swap Tier-2 `spp_registry.group_registry_viewer` (which gates the Registry menu) for Tier-3 `spp_registry.group_registry_write` (ACL-only, no menu). `group_registry_write` transitively implies `group_registry_read`, so the role keeps read+write access to registrant data via Programs cross-references — only the dedicated top-level menu disappears. ### 19.0.2.0.11 From 92a540530147b9aaeb1ea8aab7e289b6d8b062a7 Mon Sep 17 00:00:00 2001 From: emjay0921 Date: Mon, 11 May 2026 13:29:49 +0800 Subject: [PATCH 05/14] chore(roles): regenerate READMEs to match CI docutils output (OP#951 PR-B/C) --- spp_gis_report/README.rst | 6 ++ spp_gis_report/static/description/index.html | 6 ++ spp_grm/README.rst | 65 ++++++++++++-------- spp_grm/static/description/index.html | 16 ++++- spp_hazard/README.rst | 6 ++ spp_hazard/static/description/index.html | 6 ++ spp_programs/README.rst | 7 +++ spp_programs/static/description/index.html | 7 +++ 8 files changed, 90 insertions(+), 29 deletions(-) diff --git a/spp_gis_report/README.rst b/spp_gis_report/README.rst index e05b4ff4..a4779a87 100644 --- a/spp_gis_report/README.rst +++ b/spp_gis_report/README.rst @@ -158,6 +158,12 @@ Changelog Global Program Manager role so the OP#951 menu audit expectation (Program Manager sees GIS Reports) is preserved once the GIS Reports menu root is gated. +- fix(views): gate the "GIS Reports" top-level menu + (``menu_gis_report_root``) on ``group_gis_report_user``. Previously + visible to every logged-in user; the OP#951 audit requires several + roles to NOT see it (Registry Viewer, Global Finance, Global Support, + Global Support Manager, Local Support, Global Registrar, Local + Registrar, CR roles). 19.0.2.0.0 ~~~~~~~~~~ diff --git a/spp_gis_report/static/description/index.html b/spp_gis_report/static/description/index.html index 3b0bc139..19db8e2c 100644 --- a/spp_gis_report/static/description/index.html +++ b/spp_gis_report/static/description/index.html @@ -537,6 +537,12 @@

19.0.2.0.1

Global Program Manager role so the OP#951 menu audit expectation (Program Manager sees GIS Reports) is preserved once the GIS Reports menu root is gated. +
  • fix(views): gate the “GIS Reports” top-level menu +(menu_gis_report_root) on group_gis_report_user. Previously +visible to every logged-in user; the OP#951 audit requires several +roles to NOT see it (Registry Viewer, Global Finance, Global Support, +Global Support Manager, Local Support, Global Registrar, Local +Registrar, CR roles).
    • diff --git a/spp_grm/README.rst b/spp_grm/README.rst index 39121bb0..d3502d33 100644 --- a/spp_grm/README.rst +++ b/spp_grm/README.rst @@ -55,33 +55,33 @@ Key Capabilities Key Models ~~~~~~~~~~ -+--------------------------------+------------------------------------+ -| Model | Description | -+================================+====================================+ -| ``spp.grm.ticket`` | Main complaint/grievance with SLA | -| | tracking and decision fields | -+--------------------------------+------------------------------------+ -| ``spp.grm.ticket.stage`` | Workflow stage with access control | -| | and closure configuration | -+--------------------------------+------------------------------------+ -| ``spp.grm.ticket.category`` | Primary classification with | -| | hierarchical structure | -+--------------------------------+------------------------------------+ -| ``spp.grm.ticket.subcategory`` | Second-level classification under | -| | category | -+--------------------------------+------------------------------------+ -| ``spp.grm.team`` | Team of handlers with manager and | -| | geographic areas | -+--------------------------------+------------------------------------+ -| ``spp.grm.sla.rule`` | Conditional SLA rules with | -| | escalation targets | -+--------------------------------+------------------------------------+ -| ``spp.grm.ticket.tag`` | Tags for flexible ticket | -| | classification | -+--------------------------------+------------------------------------+ -| ``spp.grm.ticket.channel`` | Communication channel (email, | -| | phone, walk-in, portal, etc.) | -+--------------------------------+------------------------------------+ ++--------------------------------+-------------------------------------+ +| Model | Description | ++================================+=====================================+ +| ``spp.grm.ticket`` | Main complaint/grievance with SLA | +| | tracking and decision fields | ++--------------------------------+-------------------------------------+ +| ``spp.grm.ticket.stage`` | Workflow stage with access control | +| | and closure configuration | ++--------------------------------+-------------------------------------+ +| ``spp.grm.ticket.category`` | Primary classification with | +| | hierarchical structure | ++--------------------------------+-------------------------------------+ +| ``spp.grm.ticket.subcategory`` | Second-level classification under | +| | category | ++--------------------------------+-------------------------------------+ +| ``spp.grm.team`` | Team of handlers with manager and | +| | geographic areas | ++--------------------------------+-------------------------------------+ +| ``spp.grm.sla.rule`` | Conditional SLA rules with | +| | escalation targets | ++--------------------------------+-------------------------------------+ +| ``spp.grm.ticket.tag`` | Tags for flexible ticket | +| | classification | ++--------------------------------+-------------------------------------+ +| ``spp.grm.ticket.channel`` | Communication channel (email, | +| | phone, walk-in, portal, etc.) | ++--------------------------------+-------------------------------------+ Configuration ~~~~~~~~~~~~~ @@ -153,6 +153,17 @@ Dependencies Changelog ========= +19.0.2.0.1 +~~~~~~~~~~ + +- fix(views): gate the "Helpdesk" top-level menu + (``spp_grm_ticket_main_menu``) on ``group_grm_viewer``. Previously the + root menu had no ``groups=`` attribute and was visible to every + logged-in user; the OP#951 menu audit requires several roles to NOT + see it (Registry Viewer, Global Finance, Global Program Manager, + Program Viewer/Validator/Cycle Approver, Global Registrar, CR roles, + Farm User/Manager). + 19.0.2.0.0 ~~~~~~~~~~ diff --git a/spp_grm/static/description/index.html b/spp_grm/static/description/index.html index f39cff8e..0d1621de 100644 --- a/spp_grm/static/description/index.html +++ b/spp_grm/static/description/index.html @@ -404,8 +404,8 @@

    Key Capabilities

    Key Models

    Model
    --++ @@ -536,6 +536,18 @@

    Changelog

    +

    19.0.2.0.1

    + +
    +

    19.0.2.0.0

    diff --git a/spp_programs/README.rst b/spp_programs/README.rst index 16fdc3ce..f0ef8015 100644 --- a/spp_programs/README.rst +++ b/spp_programs/README.rst @@ -264,6 +264,13 @@ Changelog ``group_hazard_viewer`` + ``group_gis_report_user`` so they retain Hazard / GIS Reports visibility once those menu roots are gated. Adds ``spp_hazard`` and ``spp_gis_report`` to module dependencies. +- fix(security): hide the Registry top-level menu for Global Program + Cycle Approver per the OP#951 audit. Swap Tier-2 + ``spp_registry.group_registry_viewer`` (which gates the Registry menu) + for Tier-3 ``spp_registry.group_registry_write`` (ACL-only, no menu). + ``group_registry_write`` transitively implies ``group_registry_read``, + so the role keeps read+write access to registrant data via Programs + cross-references — only the dedicated top-level menu disappears. 19.0.2.0.11 ~~~~~~~~~~~ diff --git a/spp_programs/static/description/index.html b/spp_programs/static/description/index.html index 6de041b2..fd57a4e2 100644 --- a/spp_programs/static/description/index.html +++ b/spp_programs/static/description/index.html @@ -667,6 +667,13 @@

    19.0.2.1.1

    group_hazard_viewer + group_gis_report_user so they retain Hazard / GIS Reports visibility once those menu roots are gated. Adds spp_hazard and spp_gis_report to module dependencies. +
  • fix(security): hide the Registry top-level menu for Global Program +Cycle Approver per the OP#951 audit. Swap Tier-2 +spp_registry.group_registry_viewer (which gates the Registry menu) +for Tier-3 spp_registry.group_registry_write (ACL-only, no menu). +group_registry_write transitively implies group_registry_read, +so the role keeps read+write access to registrant data via Programs +cross-references — only the dedicated top-level menu disappears.
    • From 606c83de175e1e450a753fc784da93259a93b7de Mon Sep 17 00:00:00 2001 From: emjay0921 Date: Mon, 11 May 2026 14:27:02 +0800 Subject: [PATCH 06/14] =?UTF-8?q?fix(spp=5Fstudio):=20drop=20Program=20Man?= =?UTF-8?q?ager=20=E2=86=92=20group=5Fstudio=5Fviewer=20per=20OP#951=20men?= =?UTF-8?q?u=20audit?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OP#951 menu audit specifies that Global Program Manager should NOT see the Studio top-level menu, but spp_studio/data/user_roles.xml extended the role with group_studio_viewer which gates the menu's visibility. Remove the extension file entirely and de-register it from the manifest data list. System Admin keeps Studio visibility via spp_security.group_spp_admin → group_studio_manager (wired in spp_studio/security/groups.xml), so the only effective change is that Program Manager no longer sees the Studio menu. Migration caveat (same as PR-C): noupdate='1' on the previous extension means existing prod deployments retain group_studio_viewer on Program Manager users until a separate migration script unlinks it. Fresh installs (the wipe-and-reload QA flow) get the correct behavior automatically. --- spp_studio/__manifest__.py | 3 +-- spp_studio/data/user_roles.xml | 13 ------------- spp_studio/readme/HISTORY.md | 4 ++++ 3 files changed, 5 insertions(+), 15 deletions(-) delete mode 100644 spp_studio/data/user_roles.xml diff --git a/spp_studio/__manifest__.py b/spp_studio/__manifest__.py index 1fa3921b..ea14eb2c 100644 --- a/spp_studio/__manifest__.py +++ b/spp_studio/__manifest__.py @@ -1,6 +1,6 @@ { "name": "OpenSPP Studio", - "version": "19.0.2.0.0", + "version": "19.0.2.0.1", "category": "OpenSPP/Configuration", "summary": "No-code customization interface for OpenSPP", "author": "OpenSPP.org", @@ -33,7 +33,6 @@ "data/placement_zones.xml", "data/server_actions.xml", "data/audit_rules.xml", - "data/user_roles.xml", "data/variable_categories.xml", "data/standard_variables.xml", "data/default_personas.xml", diff --git a/spp_studio/data/user_roles.xml b/spp_studio/data/user_roles.xml deleted file mode 100644 index 59b58d6c..00000000 --- a/spp_studio/data/user_roles.xml +++ /dev/null @@ -1,13 +0,0 @@ - - - - - - - diff --git a/spp_studio/readme/HISTORY.md b/spp_studio/readme/HISTORY.md index 4aaf9afe..1354baa3 100644 --- a/spp_studio/readme/HISTORY.md +++ b/spp_studio/readme/HISTORY.md @@ -1,3 +1,7 @@ +### 19.0.2.0.1 + +- fix(security): drop the Program Manager → `group_studio_viewer` extension per the OP#951 menu audit (Program Manager should NOT see the Studio top-level menu). Removes `data/user_roles.xml` from the module entirely; System Admin retains Studio visibility via `spp_security.group_spp_admin` → `group_studio_manager` (wired in `spp_studio/security/groups.xml`). + ### 19.0.2.0.0 - Initial migration to OpenSPP2 From 7624e13af3add44faaad1d8d3245f94bc3e901db Mon Sep 17 00:00:00 2001 From: emjay0921 Date: Mon, 11 May 2026 14:36:05 +0800 Subject: [PATCH 07/14] chore(spp_studio): regenerate README to match CI docutils output (OP#951) --- spp_studio/README.rst | 10 ++++++++++ spp_studio/static/description/index.html | 11 +++++++++++ 2 files changed, 21 insertions(+) diff --git a/spp_studio/README.rst b/spp_studio/README.rst index 9ef3fa7e..0fe4bef8 100644 --- a/spp_studio/README.rst +++ b/spp_studio/README.rst @@ -149,6 +149,16 @@ Dependencies Changelog ========= +19.0.2.0.1 +~~~~~~~~~~ + +- fix(security): drop the Program Manager → ``group_studio_viewer`` + extension per the OP#951 menu audit (Program Manager should NOT see + the Studio top-level menu). Removes ``data/user_roles.xml`` from the + module entirely; System Admin retains Studio visibility via + ``spp_security.group_spp_admin`` → ``group_studio_manager`` (wired in + ``spp_studio/security/groups.xml``). + 19.0.2.0.0 ~~~~~~~~~~ diff --git a/spp_studio/static/description/index.html b/spp_studio/static/description/index.html index 2ec2563a..52b9095a 100644 --- a/spp_studio/static/description/index.html +++ b/spp_studio/static/description/index.html @@ -532,6 +532,17 @@

    Changelog

    +

    19.0.2.0.1

    + +
    +

    19.0.2.0.0

    -

    19.0.2.0.1

    +

    19.0.2.0.2

    +

    19.0.2.0.1

    + +
    +

    19.0.2.0.0

    -

    19.0.2.0.1

    +

    19.0.2.0.2

    +

    19.0.2.0.1

    + +
    +

    19.0.2.0.0

    -

    19.0.2.1.1

    +

    19.0.2.1.2

    +

    19.0.2.1.1

    + +
    +

    19.0.2.0.11

    -
    +

    19.0.2.0.10

    • Increase parallel-safe channel limits (cycle, eligibility_manager, @@ -700,7 +709,7 @@

      19.0.2.0.10

      submission on double-click
    -
    +

    19.0.2.0.9

    • Add context flags (skip_registrant_statistics, @@ -713,7 +722,7 @@

      19.0.2.0.9

      _compute_has_members
    -
    +

    19.0.2.0.8

    • Replace OFFSET pagination with NTILE-based ID-range batching in all @@ -724,7 +733,7 @@

      19.0.2.0.8

      program and cycle
    -
    +

    19.0.2.0.7

    • Bulk membership creation using raw SQL INSERT ON CONFLICT DO NOTHING @@ -733,7 +742,7 @@

      19.0.2.0.7

      _add_beneficiaries with bulk SQL path
    -
    +

    19.0.2.0.6

    • Remove unused entitlement_base_model.py (dead code, never imported)
      • @@ -742,34 +751,34 @@

      19.0.2.0.6

      payment, and fund tests (172 → 492 tests)
    -
    +

    19.0.2.0.5

    • Batch create entitlements and payments instead of one-by-one ORM creates
    -
    +

    19.0.2.0.4

    • Fetch fund balance once per approval batch instead of per entitlement
    -
    +

    19.0.2.0.3

    • Replace cycle computed fields (total_amount, entitlements_count, approval flags) with SQL aggregation queries
    -
    +

    19.0.2.0.2

    • Add composite indexes for frequent query patterns on entitlements and program memberships
    -
    +

    19.0.2.0.1

    • Replace Python-level uniqueness checks with SQL UNIQUE constraints for @@ -778,7 +787,7 @@

      19.0.2.0.1

      constraint creation
    -
    +

    19.0.2.0.0

    • Initial migration to OpenSPP2
      • diff --git a/spp_service_points/README.rst b/spp_service_points/README.rst index 5e874670..18f99997 100644 --- a/spp_service_points/README.rst +++ b/spp_service_points/README.rst @@ -123,13 +123,20 @@ Dependencies Changelog ========= -19.0.2.0.1 +19.0.2.0.2 ~~~~~~~~~~ - fix(security): grant ``group_service_points_viewer`` to spp_user_roles' Global Registrar and Local Registrar roles so they can browse service points per the OP#951 menu audit. +19.0.2.0.1 +~~~~~~~~~~ + +- fix(views): apply ``spp_registry.x2many_no_padding`` widget to the + service points list on group forms — removes the four empty + placeholder rows Odoo 19 inserts on inline list-in-form views (#943). + 19.0.2.0.0 ~~~~~~~~~~ diff --git a/spp_service_points/static/description/index.html b/spp_service_points/static/description/index.html index 72f89926..0509270e 100644 --- a/spp_service_points/static/description/index.html +++ b/spp_service_points/static/description/index.html @@ -517,7 +517,7 @@

      Changelog

    -

    19.0.2.0.1

    +

    19.0.2.0.2

    • fix(security): grant group_service_points_viewer to spp_user_roles’ Global Registrar and Local Registrar roles so they can @@ -525,6 +525,14 @@

      19.0.2.0.1

    +

    19.0.2.0.1

    +
      +
    • fix(views): apply spp_registry.x2many_no_padding widget to the +service points list on group forms — removes the four empty +placeholder rows Odoo 19 inserts on inline list-in-form views (#943).
      • +
    +
    +

    19.0.2.0.0

    • Initial migration to OpenSPP2
    Model