You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
190 lines
7.9 KiB
Python
190 lines
7.9 KiB
Python
from django.contrib.auth import get_user_model
|
|
from django.contrib.auth.views import LoginView, PasswordChangeView
|
|
from django.http import HttpResponseForbidden, JsonResponse
|
|
from django.shortcuts import render
|
|
from django.urls import reverse_lazy
|
|
from django.utils.decorators import method_decorator
|
|
from django.views import View
|
|
from django.views.generic import TemplateView, FormView, ListView, UpdateView
|
|
from rest_framework.generics import get_object_or_404
|
|
|
|
from accounts.forms import LoginForm, RegisterForm, UserChangePasswordForm, UserEditForm
|
|
from accounts.models import DepotUser
|
|
|
|
from django.contrib.auth.decorators import login_required, user_passes_test
|
|
from django.contrib.auth.mixins import AccessMixin, LoginRequiredMixin, UserPassesTestMixin
|
|
|
|
|
|
# Create your views here.
|
|
|
|
|
|
class DepotLoginView(LoginView):
|
|
template_name = 'registration/login.html'
|
|
# success_url = reverse_lazy('dashboard')
|
|
form_class = LoginForm
|
|
next_page = reverse_lazy('dashboard')
|
|
|
|
|
|
def is_company_admin(user):
|
|
return user.is_authenticated and user.is_company_admin
|
|
|
|
|
|
class RegisterView(LoginRequiredMixin, UserPassesTestMixin, FormView):
|
|
template_name = 'registration/register.html'
|
|
form_class = RegisterForm
|
|
success_url = reverse_lazy('dashboard')
|
|
|
|
def test_func(self):
|
|
user = self.request.user
|
|
return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN
|
|
|
|
def form_valid(self, form):
|
|
user = form.save(commit=False)
|
|
user_type = form.cleaned_data['user_type']
|
|
user.save()
|
|
|
|
if user_type == DepotUser.UserType.CLIENT:
|
|
user.employee_permissions.clear()
|
|
user.company_permissions.set(form.cleaned_data['company_permissions'])
|
|
elif user_type == DepotUser.UserType.EMPLOYEE:
|
|
user.company_permissions.clear()
|
|
user.employee_permissions.set(form.cleaned_data['employee_permissions'])
|
|
|
|
return super().form_valid(form)
|
|
|
|
def get_form(self, form_class = None):
|
|
form = super().get_form(form_class)
|
|
user: DepotUser = self.request.user
|
|
|
|
if user.is_superuser:
|
|
# Superuser can manage all permissions and user types
|
|
form.fields['user_type'].widget.attrs['disabled'] = False
|
|
form.fields['company_permissions'].widget.attrs['disabled'] = False
|
|
form.fields['employee_permissions'].widget.attrs['disabled'] = False
|
|
|
|
# Show relevant permissions based on selected user type
|
|
if form.initial.get('user_type') == DepotUser.UserType.CLIENT:
|
|
form.fields['employee_permissions'].widget.attrs['disabled'] = True
|
|
elif form.initial.get('user_type') == DepotUser.UserType.EMPLOYEE:
|
|
form.fields['company_permissions'].widget.attrs['disabled'] = True
|
|
|
|
elif user.user_type == DepotUser.UserType.COMPANY_ADMIN:
|
|
form.fields['company'].queryset = form.fields['company'].queryset.filter(pk=user.company.pk)
|
|
form.fields['company'].initial = user.company
|
|
form.fields['company'].widget.readonly = True # form.fields['line'].widget.attrs['disabled'] = True
|
|
form.fields['line'].queryset = form.fields['line'].queryset.filter(company=user.company.pk)
|
|
|
|
form.fields['user_type'].choices = [
|
|
(DepotUser.UserType.CLIENT, 'Client')
|
|
]
|
|
form.fields['user_type'].initial = DepotUser.UserType.CLIENT
|
|
|
|
form.fields['company_permissions'].widget.attrs['disabled'] = False
|
|
form.fields['employee_permissions'].widget.attrs['disabled'] = True
|
|
|
|
return form
|
|
|
|
class UserListView(LoginRequiredMixin, UserPassesTestMixin, ListView):
|
|
template_name = 'registration/user-list.html'
|
|
model = get_user_model()
|
|
context_object_name = 'objects'
|
|
paginate_by = 20
|
|
|
|
def test_func(self):
|
|
user = self.request.user
|
|
return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN
|
|
|
|
def get_queryset(self):
|
|
queryset = super().get_queryset()
|
|
user = self.request.user
|
|
|
|
data_filter = self.request.GET.get('filter')
|
|
|
|
if data_filter != 'all':
|
|
queryset = queryset.filter(is_active=True)
|
|
|
|
if user.is_superuser:
|
|
return queryset.all()
|
|
elif user.user_type == DepotUser.UserType.COMPANY_ADMIN:
|
|
return queryset.filter(company=user.company)
|
|
else:
|
|
return queryset.none()
|
|
|
|
class UserUpdateView(LoginRequiredMixin, UserPassesTestMixin, UpdateView):
|
|
template_name = 'registration/register.html'
|
|
form_class = UserEditForm
|
|
model = get_user_model()
|
|
success_url = reverse_lazy('user_list')
|
|
|
|
def test_func(self):
|
|
user = self.request.user
|
|
return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN
|
|
|
|
def form_valid(self, form):
|
|
user = form.save(commit=False)
|
|
user_type = form.cleaned_data['user_type']
|
|
user.save()
|
|
# Clear irrelevant permissions based on user type
|
|
if user_type == DepotUser.UserType.CLIENT:
|
|
user.employee_permissions.clear()
|
|
user.company_permissions.set(form.cleaned_data['company_permissions'])
|
|
elif user_type == DepotUser.UserType.EMPLOYEE:
|
|
user.company_permissions.clear()
|
|
user.employee_permissions.set(form.cleaned_data['employee_permissions'])
|
|
return super().form_valid(form)
|
|
|
|
def get_form(self, form_class = None):
|
|
form = super().get_form(form_class)
|
|
user: DepotUser = self.request.user
|
|
|
|
if user.is_superuser:
|
|
# Superuser can manage all permissions and user types
|
|
form.fields['user_type'].widget.attrs['disabled'] = False
|
|
form.fields['company_permissions'].widget.attrs['disabled'] = False
|
|
form.fields['employee_permissions'].widget.attrs['disabled'] = False
|
|
|
|
# Show relevant permissions based on selected user type
|
|
if form.initial.get('user_type') == DepotUser.UserType.CLIENT:
|
|
form.fields['employee_permissions'].widget.attrs['disabled'] = True
|
|
elif form.initial.get('user_type') == DepotUser.UserType.EMPLOYEE:
|
|
form.fields['company_permissions'].widget.attrs['disabled'] = True
|
|
|
|
elif user.user_type == DepotUser.UserType.COMPANY_ADMIN:
|
|
form.fields['company'].queryset = form.fields['company'].queryset.filter(pk=user.company.pk)
|
|
form.fields['company'].initial = user.company
|
|
form.fields['company'].widget.readonly = True
|
|
form.fields['line'].queryset = form.fields['line'].queryset.filter(company=user.company.pk)
|
|
form.fields['user_type'].choices = [
|
|
(DepotUser.UserType.CLIENT, 'Client')
|
|
]
|
|
form.fields['user_type'].initial = DepotUser.UserType.CLIENT
|
|
form.fields['company_permissions'].widget.attrs['disabled'] = False
|
|
form.fields['employee_permissions'].widget.attrs['disabled'] = True
|
|
|
|
return form
|
|
|
|
class UserActiveView(LoginRequiredMixin, UserPassesTestMixin, View):
|
|
success_url = reverse_lazy('user_list')
|
|
|
|
def test_func(self):
|
|
user = self.request.user
|
|
return user.is_superuser or user.user_type == DepotUser.UserType.COMPANY_ADMIN
|
|
|
|
|
|
def post(self, request, pk, *args, **kwargs):
|
|
user = request.user
|
|
target_user = get_object_or_404(get_user_model(), pk=pk)
|
|
if target_user == user:
|
|
return HttpResponseForbidden("You cannot change your own active status.")
|
|
|
|
target_user.is_active = not target_user.is_active
|
|
target_user.save()
|
|
return JsonResponse({'success': True, 'is_active': target_user.is_active})
|
|
|
|
|
|
class CustomPasswordChangeView(LoginRequiredMixin, PasswordChangeView):
|
|
template_name = 'registration/change_password.html'
|
|
|
|
def get_success_url(self):
|
|
next_url = self.request.GET.get('next') or self.request.POST.get('next')
|
|
return next_url or reverse_lazy('dashboard') |