from django.contrib.auth import get_user_model from django.contrib.auth.views import LoginView, PasswordChangeView from django.http import HttpResponseForbidden, JsonResponse from django.shortcuts import render from django.urls import reverse_lazy from django.utils.decorators import method_decorator from django.views import View from django.views.generic import TemplateView, FormView, ListView, UpdateView from rest_framework.generics import get_object_or_404 from accounts.forms import LoginForm, RegisterForm, UserChangePasswordForm, UserEditForm from accounts.models import DepotUser from django.contrib.auth.decorators import login_required, user_passes_test from django.contrib.auth.mixins import AccessMixin, LoginRequiredMixin, UserPassesTestMixin # Create your views here. class DepotLoginView(LoginView): template_name = 'registration/login.html' # success_url = reverse_lazy('dashboard') form_class = LoginForm next_page = reverse_lazy('dashboard') def is_company_admin(user): return user.is_authenticated and user.is_company_admin class RegisterView(LoginRequiredMixin, UserPassesTestMixin, FormView): template_name = 'registration/register.html' form_class = RegisterForm success_url = reverse_lazy('dashboard') def test_func(self): user = self.request.user return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN def form_valid(self, form): user = form.save(commit=False) user_type = form.cleaned_data['user_type'] user.save() if user_type == DepotUser.UserType.CLIENT: user.employee_permissions.clear() user.company_permissions.set(form.cleaned_data['company_permissions']) elif user_type == DepotUser.UserType.EMPLOYEE: user.company_permissions.clear() user.employee_permissions.set(form.cleaned_data['employee_permissions']) return super().form_valid(form) def get_form(self, form_class = None): form = super().get_form(form_class) user: DepotUser = self.request.user if user.is_superuser: # Superuser can manage all permissions and user types form.fields['user_type'].widget.attrs['disabled'] = False form.fields['company_permissions'].widget.attrs['disabled'] = False form.fields['employee_permissions'].widget.attrs['disabled'] = False # Show relevant permissions based on selected user type if form.initial.get('user_type') == DepotUser.UserType.CLIENT: form.fields['employee_permissions'].widget.attrs['disabled'] = True elif form.initial.get('user_type') == DepotUser.UserType.EMPLOYEE: form.fields['company_permissions'].widget.attrs['disabled'] = True elif user.user_type == DepotUser.UserType.COMPANY_ADMIN: form.fields['company'].queryset = form.fields['company'].queryset.filter(pk=user.company.pk) form.fields['company'].initial = user.company form.fields['company'].widget.readonly = True # form.fields['line'].widget.attrs['disabled'] = True form.fields['line'].queryset = form.fields['line'].queryset.filter(company=user.company.pk) form.fields['user_type'].choices = [ (DepotUser.UserType.CLIENT, 'Client') ] form.fields['user_type'].initial = DepotUser.UserType.CLIENT form.fields['company_permissions'].widget.attrs['disabled'] = False form.fields['employee_permissions'].widget.attrs['disabled'] = True return form class UserListView(LoginRequiredMixin, UserPassesTestMixin, ListView): template_name = 'registration/user-list.html' model = get_user_model() context_object_name = 'objects' paginate_by = 20 def test_func(self): user = self.request.user return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN def get_queryset(self): queryset = super().get_queryset() user = self.request.user data_filter = self.request.GET.get('filter') if data_filter != 'all': queryset = queryset.filter(is_active=True) if user.is_superuser: return queryset.all() elif user.user_type == DepotUser.UserType.COMPANY_ADMIN: return queryset.filter(company=user.company) else: return queryset.none() class UserUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView): template_name = 'registration/register.html' form_class = UserEditForm model = get_user_model() success_url = reverse_lazy('user_list') def test_func(self): user = self.request.user return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN def form_valid(self, form): user = form.save(commit=False) user_type = form.cleaned_data['user_type'] user.save() # Clear irrelevant permissions based on user type if user_type == DepotUser.UserType.CLIENT: user.employee_permissions.clear() user.company_permissions.set(form.cleaned_data['company_permissions']) elif user_type == DepotUser.UserType.EMPLOYEE: user.company_permissions.clear() user.employee_permissions.set(form.cleaned_data['employee_permissions']) return super().form_valid(form) def get_form(self, form_class = None): form = super().get_form(form_class) user: DepotUser = self.request.user if user.is_superuser: # Superuser can manage all permissions and user types form.fields['user_type'].widget.attrs['disabled'] = False form.fields['company_permissions'].widget.attrs['disabled'] = False form.fields['employee_permissions'].widget.attrs['disabled'] = False # Show relevant permissions based on selected user type if form.initial.get('user_type') == DepotUser.UserType.CLIENT: form.fields['employee_permissions'].widget.attrs['disabled'] = True elif form.initial.get('user_type') == DepotUser.UserType.EMPLOYEE: form.fields['company_permissions'].widget.attrs['disabled'] = True elif user.user_type == DepotUser.UserType.COMPANY_ADMIN: form.fields['company'].queryset = form.fields['company'].queryset.filter(pk=user.company.pk) form.fields['company'].initial = user.company form.fields['company'].widget.readonly = True form.fields['line'].queryset = form.fields['line'].queryset.filter(company=user.company.pk) form.fields['user_type'].choices = [ (DepotUser.UserType.CLIENT, 'Client') ] form.fields['user_type'].initial = DepotUser.UserType.CLIENT form.fields['company_permissions'].widget.attrs['disabled'] = False form.fields['employee_permissions'].widget.attrs['disabled'] = True return form class UserActiveView(LoginRequiredMixin, UserPassesTestMixin, View): success_url = reverse_lazy('user_list') def test_func(self): user = self.request.user return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN def post(self, request, pk, *args, **kwargs): user = request.user target_user = get_object_or_404(get_user_model(), pk=pk) if target_user == user: return HttpResponseForbidden("You cannot change your own active status.") target_user.is_active = not target_user.is_active target_user.save() return JsonResponse({'success': True, 'is_active': target_user.is_active}) class CustomPasswordChangeView(LoginRequiredMixin, PasswordChangeView): template_name = 'registration/change_password.html' def get_success_url(self): next_url = self.request.GET.get('next') or self.request.POST.get('next') return next_url or reverse_lazy('dashboard')