from django.db.models.signals import post_save, post_migrate from django.dispatch import receiver from django.contrib.auth.models import Permission from django.contrib.contenttypes.models import ContentType from .models import User, UserProfile, Role, UserRole import logging logger = logging.getLogger(__name__) @receiver(post_save, sender=User) def create_user_profile(sender, instance, created, **kwargs): """ Create a user profile when a new user is created. """ if created: UserProfile.objects.create(user=instance) logger.info(f"Profile created for user: {instance.email}") # Assign default role to new user try: default_role = Role.objects.filter(is_default=True).first() if default_role: UserRole.objects.create(user=instance, role=default_role) logger.info(f"Default role '{default_role.name}' assigned to user: {instance.email}") except Exception as e: logger.error(f"Failed to assign default role to user {instance.email}: {e}") @receiver(post_save, sender=User) def save_user_profile(sender, instance, **kwargs): """ Save the user profile when the user is saved. """ if hasattr(instance, 'profile'): instance.profile.save() @receiver(post_migrate) def create_default_roles(sender, **kwargs): """ Create default roles and permissions after migration. """ if sender.name == 'apps.accounts': # Create default roles roles_data = [ { 'name': 'admin', 'description': 'Full system access with all permissions', 'is_default': False, 'permissions': 'all' }, { 'name': 'manager', 'description': 'Management access with limited administrative permissions', 'is_default': False, 'permissions': ['view', 'add', 'change'] }, { 'name': 'user', 'description': 'Basic user access with read-only permissions', 'is_default': True, 'permissions': ['view'] } ] for role_data in roles_data: role, created = Role.objects.get_or_create( name=role_data['name'], defaults={ 'description': role_data['description'], 'is_default': role_data['is_default'] } ) if created: logger.info(f"Created role: {role.name}") # Assign permissions to role if role_data['permissions'] == 'all': # Admin gets all permissions role.permissions.set(Permission.objects.all()) else: # Get permissions based on codename patterns permissions = Permission.objects.filter( codename__startswith=tuple(role_data['permissions']) ) role.permissions.set(permissions) logger.info(f"Assigned permissions to role: {role.name}") @receiver(post_migrate) def create_superuser_if_none_exists(sender, **kwargs): """ Create a default superuser if none exists. """ if sender.name == 'apps.accounts': if not User.objects.filter(is_superuser=True).exists(): try: User.objects.create_superuser( email='admin@adtlas.com', password='admin123', first_name='Admin', last_name='User' ) logger.info("Default superuser created: admin@adtlas.com") except Exception as e: logger.error(f"Failed to create default superuser: {e}") @receiver(post_save, sender=UserRole) def log_role_assignment(sender, instance, created, **kwargs): """ Log role assignments for audit purposes. """ if created: logger.info( f"Role '{instance.role.name}' assigned to user '{instance.user.email}' " f"by '{instance.assigned_by.email if instance.assigned_by else 'System'}'" ) @receiver(post_save, sender=User) def log_user_status_changes(sender, instance, created, **kwargs): """ Log important user status changes. """ if not created: # Check if important fields changed if instance.tracker.has_changed('is_active'): status = 'activated' if instance.is_active else 'deactivated' logger.info(f"User {instance.email} was {status}") if instance.tracker.has_changed('email_verified'): if instance.email_verified: logger.info(f"Email verified for user: {instance.email}") if instance.tracker.has_changed('is_staff'): status = 'granted' if instance.is_staff else 'revoked' logger.info(f"Staff access {status} for user: {instance.email}")