@@ -132,6 +132,9 @@ def _deploy_model(self):
132132 # Ensure existing model is marked as event model
133133 if not existing_model .is_event_model :
134134 existing_model .sudo ().write ({"is_event_model" : True })
135+
136+ # Ensure security access exists for existing model
137+ self ._create_security_access (existing_model )
135138 else :
136139 # Create the model
137140 model_vals = {
@@ -194,12 +197,104 @@ def _deploy_model(self):
194197 new_model = self .env ["ir.model" ].sudo ().create (model_vals )
195198 _logger .info ("Created model %s (ID: %s)" , model_name , new_model .id )
196199
200+ # Create security access records for the new model
201+ self ._create_security_access (new_model )
202+
197203 # Store the actual deployed model name for later reference
198204 if not self .technical_name .startswith ("x_" ):
199205 self .technical_name = model_name
200206
201207 self .model_deployed = True
202208
209+ def _create_security_access (self , model ):
210+ """
211+ Create security access rules for a dynamic event model.
212+ Applies the same security groups as spp_event_data:
213+ - Admin (full access)
214+ - Registrar (read, write, create)
215+ - Read Registry (read only)
216+ - Write Registry (read, write)
217+ - Create Registry (read, write, create)
218+ """
219+ self .ensure_one ()
220+
221+ # Get the model name for access rule naming
222+ model_name_clean = model .model .replace ("." , "_" ).replace ("x_" , "" )
223+
224+ # Define security access rules
225+ access_rules = [
226+ {
227+ "name" : f"{ model_name_clean } ,
228+ "model_id" : model .id ,
229+ "group_id" : self .env .ref ("g2p_registry_base.group_g2p_admin" ).id ,
230+ "perm_read" : True ,
231+ "perm_write" : True ,
232+ "perm_create" : True ,
233+ "perm_unlink" : True ,
234+ },
235+ {
236+ "name" : f"{ model_name_clean } ,
237+ "model_id" : model .id ,
238+ "group_id" : self .env .ref ("g2p_registry_base.group_g2p_registrar" ).id ,
239+ "perm_read" : True ,
240+ "perm_write" : True ,
241+ "perm_create" : True ,
242+ "perm_unlink" : False ,
243+ },
244+ {
245+ "name" : f"{ model_name_clean } ,
246+ "model_id" : model .id ,
247+ "group_id" : self .env .ref ("spp_base_common.read_registry" ).id ,
248+ "perm_read" : True ,
249+ "perm_write" : False ,
250+ "perm_create" : False ,
251+ "perm_unlink" : False ,
252+ },
253+ {
254+ "name" : f"{ model_name_clean } ,
255+ "model_id" : model .id ,
256+ "group_id" : self .env .ref ("spp_base_common.write_registry" ).id ,
257+ "perm_read" : True ,
258+ "perm_write" : True ,
259+ "perm_create" : False ,
260+ "perm_unlink" : False ,
261+ },
262+ {
263+ "name" : f"{ model_name_clean } ,
264+ "model_id" : model .id ,
265+ "group_id" : self .env .ref ("spp_base_common.create_registry" ).id ,
266+ "perm_read" : True ,
267+ "perm_write" : True ,
268+ "perm_create" : True ,
269+ "perm_unlink" : False ,
270+ },
271+ ]
272+
273+ # Create access rules
274+ for rule in access_rules :
275+ # Check if rule already exists
276+ existing_rule = self .env ["ir.model.access" ].search (
277+ [
278+ ("name" , "=" , rule ["name" ]),
279+ ("model_id" , "=" , rule ["model_id" ]),
280+ ],
281+ limit = 1 ,
282+ )
283+
284+ if not existing_rule :
285+ self .env ["ir.model.access" ].sudo ().create (rule )
286+ _logger .info (
287+ "Created security access rule: %s for model %s" ,
288+ rule ["name" ],
289+ model .model ,
290+ )
291+ else :
292+ _logger .debug (
293+ "Security access rule %s already exists for model %s" ,
294+ rule ["name" ],
295+ model .model ,
296+ )
297+
203298 def _deploy_views (self ):
204299 """Create tree and form views for the event type"""
205300 self .ensure_one ()
0 commit comments