added users management and permissions

This commit is contained in:
2026-02-23 15:01:58 +02:00
parent a993f8944d
commit 574de2c32d
11 changed files with 440 additions and 82 deletions
@@ -0,0 +1,33 @@
# Generated by Django 6.0.1 on 2026-02-22 19:43
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("api", "0003_documentcounter"),
]
operations = [
migrations.AddField(
model_name="user",
name="can_edit_documents",
field=models.BooleanField(default=False),
),
migrations.AddField(
model_name="user",
name="can_manage_entities",
field=models.BooleanField(default=False),
),
migrations.AddField(
model_name="user",
name="can_manually_measure",
field=models.BooleanField(default=False),
),
migrations.AddField(
model_name="user",
name="can_measure",
field=models.BooleanField(default=False),
),
]
+4
View File
@@ -12,6 +12,10 @@ class User(AbstractUser):
role = models.CharField(max_length=20, choices=ROLE_CHOICES, default='viewer')
is_admin = models.BooleanField(default=False)
can_measure = models.BooleanField(default=False)
can_manually_measure = models.BooleanField(default=False)
can_manage_entities = models.BooleanField(default=False)
can_edit_documents = models.BooleanField(default=False)
class Meta:
db_table = 'api_user'
+4 -2
View File
@@ -11,7 +11,8 @@ class UserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ['id', 'username', 'email', 'first_name', 'last_name',
'role', 'is_admin', 'is_active', 'date_joined', 'password']
'role', 'is_admin', 'is_active', 'date_joined', 'password',
'can_measure', 'can_manually_measure', 'can_manage_entities', 'can_edit_documents']
read_only_fields = ['id', 'date_joined']
extra_kwargs = {
'password': {'write_only': True}
@@ -40,7 +41,8 @@ class UserDetailSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ['id', 'username', 'email', 'first_name', 'last_name',
'role', 'is_admin', 'is_active', 'date_joined']
'role', 'is_admin', 'is_active', 'date_joined',
'can_measure', 'can_manually_measure', 'can_manage_entities', 'can_edit_documents']
read_only_fields = ['id', 'date_joined']
+19 -3
View File
@@ -14,6 +14,11 @@ from nomenclatures.models import Nomenclature, NomenclatureEntry
from scalesapp.sse import sse_broadcast_update
class IsAdminUser(IsAuthenticated):
def has_permission(self, request, view):
return bool(request.user and request.user.is_authenticated and request.user.is_admin)
class UserViewSet(viewsets.ModelViewSet):
"""
API endpoint for user management.
@@ -22,7 +27,7 @@ class UserViewSet(viewsets.ModelViewSet):
create: Create a new user
retrieve: Get a specific user
update: Update a user
destroy: Delete a user
destroy: Soft-delete a user (sets is_active=False)
me: Get current authenticated user
change_password: Change password for current user
"""
@@ -31,13 +36,24 @@ class UserViewSet(viewsets.ModelViewSet):
filterset_fields = ['role', 'is_admin', 'is_active']
ordering = ['username']
@action(detail=False, methods=['get'], permission_classes=[IsAuthenticated])
def get_permissions(self):
if self.action in ('me', 'change_password'):
return [IsAuthenticated()]
return [IsAuthenticated(), IsAdminUser()]
def destroy(self, request, *args, **kwargs):
instance = self.get_object()
instance.is_active = False
instance.save()
return Response(status=status.HTTP_204_NO_CONTENT)
@action(detail=False, methods=['get'])
def me(self, request):
"""Get current authenticated user details"""
serializer = UserDetailSerializer(request.user)
return Response(serializer.data)
@action(detail=False, methods=['post'], permission_classes=[IsAuthenticated],
@action(detail=False, methods=['post'],
url_path='change-password', url_name='change_password')
def change_password(self, request):
"""Change password for current user"""