OpenSPP
diff --git a/‎spp_area/README.rst‎
Lines changed: 19 additions & 0 deletions b/‎spp_area/README.rst‎
Lines changed: 19 additions & 0 deletions
diff --git a/‎spp_area/__manifest__.py‎
Lines changed: 3 additions & 1 deletion b/‎spp_area/__manifest__.py‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎spp_area/data/user_roles.xml‎
Lines changed: 20 additions & 0 deletions b/‎spp_area/data/user_roles.xml‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎spp_area/readme/HISTORY.md‎
Lines changed: 8 additions & 0 deletions b/‎spp_area/readme/HISTORY.md‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎spp_area/security/rules.xml‎
Lines changed: 33 additions & 0 deletions b/‎spp_area/security/rules.xml‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎spp_area/static/description/index.html‎
Lines changed: 21 additions & 0 deletions b/‎spp_area/static/description/index.html‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎spp_base_common/README.rst‎
Lines changed: 15 additions & 0 deletions b/‎spp_base_common/README.rst‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎spp_base_common/__manifest__.py‎
Lines changed: 3 additions & 1 deletion b/‎spp_base_common/__manifest__.py‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎spp_base_common/readme/HISTORY.md‎
Lines changed: 4 additions & 0 deletions b/‎spp_base_common/readme/HISTORY.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎spp_base_common/static/description/index.html‎
Lines changed: 16 additions & 0 deletions b/‎spp_base_common/static/description/index.html‎
Lines changed: 16 additions & 0 deletions
@@ -140,6 +140,25 @@ Dependencies
 Changelog
 =========
 
+19.0.2.0.2
+~~~~~~~~~~
+
+- fix(security): grant ``group_area_viewer`` (read-only) to
+  spp_user_roles support roles (Global Support, Global Support Manager,
+  Local Support) so they can browse area records per the OP#951 menu
+  audit.
+
+19.0.2.0.1
+~~~~~~~~~~
+
+- fix(security): add a global ``ir.rule`` on ``res.partner`` that
+  filters registrants by ``area_id`` for users with ``center_area_ids``
+  set (OP#989). Replaces the limited ``search_read`` /
+  ``web_search_read`` override in ``models/registrant.py`` which missed
+  ``name_search`` (Many2one dropdowns), ``search_count``,
+  ``read_group``, and related-field traversal. The rule's conditional
+  domain is a no-op for users without center areas (global roles).
+
 19.0.2.0.0
 ~~~~~~~~~~
 
 
@@ -6,7 +6,7 @@
     "name": "OpenSPP Area Management",
     "summary": "Establishes direct associations between OpenSPP registrants, beneficiary groups, and their corresponding geographical administrative areas. It validates registrant-area linkages against official area types, ensuring data integrity and enabling targeted program delivery and analysis.",
     "category": "OpenSPP/Core",
-    "version": "19.0.2.0.0",
+    "version": "19.0.2.0.2",
     "sequence": 1,
     "author": "OpenSPP.org",
     "website": "https://github.com/OpenSPP/OpenSPP2",
@@ -33,6 +33,8 @@
         "security/privileges.xml",
         "security/groups.xml",
         "security/ir.model.access.csv",
+        "data/user_roles.xml",
+        "security/rules.xml",
         "wizard/area_import_language_wizard_views.xml",
         "views/area_base.xml",
         "views/area_tag.xml",
 
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+Part of OpenSPP. See LICENSE file for full copyright and licensing details.
+
+Role extensions: grant `group_area_viewer` (read-only) to spp_user_roles support
+roles whose audited menu visibility should include "Area" (OP#951).
+
+System Admin sees the menu via `spp_security.group_spp_admin` → `group_area_manager`.
+-->
+<odoo noupdate="1">
+    <record id="spp_user_roles.global_role_support" model="res.users.role">
+        <field name="implied_ids" eval="[Command.link(ref('group_area_viewer'))]" />
+    </record>
+    <record id="spp_user_roles.global_role_support_manager" model="res.users.role">
+        <field name="implied_ids" eval="[Command.link(ref('group_area_viewer'))]" />
+    </record>
+    <record id="spp_user_roles.local_role_support" model="res.users.role">
+        <field name="implied_ids" eval="[Command.link(ref('group_area_viewer'))]" />
+    </record>
+</odoo>
@@ -1,3 +1,11 @@
+### 19.0.2.0.2
+
+- fix(security): grant `group_area_viewer` (read-only) to spp_user_roles support roles (Global Support, Global Support Manager, Local Support) so they can browse area records per the OP#951 menu audit.
+
+### 19.0.2.0.1
+
+- fix(security): add a global `ir.rule` on `res.partner` that filters registrants by `area_id` for users with `center_area_ids` set (OP#989). Replaces the limited `search_read` / `web_search_read` override in `models/registrant.py` which missed `name_search` (Many2one dropdowns), `search_count`, `read_group`, and related-field traversal. The rule's conditional domain is a no-op for users without center areas (global roles).
+
 ### 19.0.2.0.0
 
 - Initial migration to OpenSPP2
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!--
+Part of OpenSPP. See LICENSE file for full copyright and licensing details.
+
+Area-based row-level filtering for registrants (OP#989).
+
+Replaces / strengthens the `_prepare_domain` override in models/registrant.py
+which only catches `search_read` / `web_search_read`. An ir.rule applies to
+every ORM read path automatically: `search`, `search_count`, `read_group`,
+`name_search` (Many2one dropdowns), `read`, and related-field traversal.
+
+The rule is scoped to `is_registrant = True` only — non-registrant contacts
+(users' own partners, admins, companies, system bots, mail followers) must
+remain readable, otherwise every record using `message_partner_ids` /
+`message_follower_ids` blows up for local users with `center_area_ids`.
+
+The conditional domain makes the rule a no-op for users without
+`center_area_ids` (global roles).
+-->
+<odoo noupdate="1">
+    <record id="rule_res_partner_area_filter" model="ir.rule">
+        <field name="name">Registrants: visible only within user's center areas</field>
+        <field name="model_id" ref="base.model_res_partner" />
+        <field
+            name="domain_force"
+        >['|', ('is_registrant', '=', False), ('area_id', 'child_of', user.center_area_ids.ids)] if user.center_area_ids else []</field>
+        <field name="global" eval="True" />
+        <field name="perm_read" eval="True" />
+        <field name="perm_write" eval="True" />
+        <field name="perm_create" eval="True" />
+        <field name="perm_unlink" eval="True" />
+    </record>
+</odoo>
@@ -537,6 +537,27 @@ <h2><a class="toc-backref" href="#toc-entry-1">Changelog</a></h2>
 </div>
 </div>
 <div class="section" id="section-1">
+<h1>19.0.2.0.2</h1>
+<ul class="simple">
+<li>fix(security): grant <tt class="docutils literal">group_area_viewer</tt> (read-only) to
+spp_user_roles support roles (Global Support, Global Support Manager,
+Local Support) so they can browse area records per the OP#951 menu
+audit.</li>
+</ul>
+</div>
+<div class="section" id="section-2">
+<h1>19.0.2.0.1</h1>
+<ul class="simple">
+<li>fix(security): add a global <tt class="docutils literal">ir.rule</tt> on <tt class="docutils literal">res.partner</tt> that
+filters registrants by <tt class="docutils literal">area_id</tt> for users with <tt class="docutils literal">center_area_ids</tt>
+set (OP#989). Replaces the limited <tt class="docutils literal">search_read</tt> /
+<tt class="docutils literal">web_search_read</tt> override in <tt class="docutils literal">models/registrant.py</tt> which missed
+<tt class="docutils literal">name_search</tt> (Many2one dropdowns), <tt class="docutils literal">search_count</tt>,
+<tt class="docutils literal">read_group</tt>, and related-field traversal. The rule’s conditional
+domain is a no-op for users without center areas (global roles).</li>
+</ul>
+</div>
+<div class="section" id="section-3">
 <h1>19.0.2.0.0</h1>
 <ul class="simple">
 <li>Initial migration to OpenSPP2</li>
 
@@ -120,6 +120,21 @@ Dependencies
 Changelog
 =========
 
+19.0.2.0.1
+~~~~~~~~~~
+
+- fix(security): add ``groups="base.group_system"`` to the existing
+  ``<menuitem id="base.menu_management" />`` override in
+  ``views/main_view.xml``. Out of the box the Apps top-level menu has no
+  group restriction and is visible to every logged-in user, violating
+  the OP#951 audit's ``Apps: no`` rows. The override here is the single
+  authoritative declaration for this menu's attributes in the OpenSPP
+  install (sequence, custom OpenSPP icon, and now group_ids); doing the
+  gating anywhere upstream (e.g. a ``post_init_hook`` in
+  ``spp_security``) is unreliable because this ``<menuitem>`` reload
+  re-writes the record without a ``groups`` attribute and resets
+  ``group_ids`` to empty.
+
 19.0.2.0.0
 ~~~~~~~~~~
 
 
@@ -5,7 +5,7 @@
 {
     "name": "OpenSPP Base (Common)",
     "category": "OpenSPP/Core",
-    "version": "19.0.2.0.0",
+    "version": "19.0.2.0.1",
     "sequence": 1,
     "author": "OpenSPP.org",
     "website": "https://github.com/OpenSPP/OpenSPP2",
@@ -38,6 +38,8 @@
             "spp_base_common/static/src/xml/custom_list_create_template.xml",
             "spp_base_common/static/src/js/filterable_radio_field.js",
             "spp_base_common/static/src/xml/filterable_radio_field.xml",
+            "spp_base_common/static/src/xml/pager_hide_single.xml",
+            "spp_base_common/static/src/scss/pager_hide_single.scss",
         ],
         "web._assets_primary_variables": [
             "spp_base_common/static/src/scss/colors.scss",
 
@@ -1,3 +1,7 @@
+### 19.0.2.0.1
+
+- fix(security): add `groups="base.group_system"` to the existing `<menuitem id="base.menu_management" />` override in `views/main_view.xml`. Out of the box the Apps top-level menu has no group restriction and is visible to every logged-in user, violating the OP#951 audit's `Apps: no` rows. The override here is the single authoritative declaration for this menu's attributes in the OpenSPP install (sequence, custom OpenSPP icon, and now group_ids); doing the gating anywhere upstream (e.g. a `post_init_hook` in `spp_security`) is unreliable because this `<menuitem>` reload re-writes the record without a `groups` attribute and resets `group_ids` to empty.
+
 ### 19.0.2.0.0
 
 - Initial migration to OpenSPP2
@@ -495,6 +495,22 @@ <h2><a class="toc-backref" href="#toc-entry-1">Changelog</a></h2>
 </div>
 </div>
 <div class="section" id="section-1">
+<h1>19.0.2.0.1</h1>
+<ul class="simple">
+<li>fix(security): add <tt class="docutils literal"><span class="pre">groups=&quot;base.group_system&quot;</span></tt> to the existing
+<tt class="docutils literal">&lt;menuitem <span class="pre">id=&quot;base.menu_management&quot;</span> /&gt;</tt> override in
+<tt class="docutils literal">views/main_view.xml</tt>. Out of the box the Apps top-level menu has no
+group restriction and is visible to every logged-in user, violating
+the OP#951 audit’s <tt class="docutils literal">Apps: no</tt> rows. The override here is the single
+authoritative declaration for this menu’s attributes in the OpenSPP
+install (sequence, custom OpenSPP icon, and now group_ids); doing the
+gating anywhere upstream (e.g. a <tt class="docutils literal">post_init_hook</tt> in
+<tt class="docutils literal">spp_security</tt>) is unreliable because this <tt class="docutils literal">&lt;menuitem&gt;</tt> reload
+re-writes the record without a <tt class="docutils literal">groups</tt> attribute and resets
+<tt class="docutils literal">group_ids</tt> to empty.</li>
+</ul>
+</div>
+<div class="section" id="section-2">
 <h1>19.0.2.0.0</h1>
 <ul class="simple">
 <li>Initial migration to OpenSPP2</li>