U ̖mhc@s dZddlZddlmZddlmZddlmZddlm Z ddl m Z ddl mZdd lmZmZmZdd lmZdd lmZmZGd d d eZGdddeZGdddeeeZGdddeZGdddeZGdddeZGdddeZGdddeZdS)aB Adtlas Accounts Models This module contains the custom user authentication models for the Adtlas DAI Management System. It implements a flexible role-based permission system with dynamic roles and comprehensive user management capabilities. Features: - Custom User model with email-based authentication - Dynamic Role system with hierarchical permissions - User profiles with detailed information - Activity tracking and session management - Department-based organization structure Author: Adtlas Development Team Version: 2.0.0 Last Updated: 2025-07-08 N)models)reverse)timezone)RegexValidator) gettext_lazy) ContentType) AbstractUserPermissionsMixin Permission) UserManager) BaseModelTimeStampedModelc@seZdZdZejddddZejddeddgd d Zej dd d Z ej d ej dddddZ ej dejdddddZejdddZGdddZddZddZddZdS) Departmentz Department model for organizing users within the company structure. Departments can have hierarchical relationships and specific permissions. dTz2Department name (e.g., 'Marketing', 'Sales', 'IT') max_lengthunique help_textz ^[A-Z]{2,20}$z#Code must be uppercase letters onlyz,Department code (e.g., 'MKT', 'SALES', 'IT')rr validatorsrz9Detailed description of the department's responsibilitiesblankrselfchildrenz,Parent department for hierarchical structure on_deletenullr related_namerz accounts.UserZheaded_departmentszDepartment head/managerz+Whether this department is currently activedefaultrc@seZdZdZdgZdZdZdS)zDepartment.MetaZaccounts_departmentsnamerZ DepartmentsN)__name__ __module__ __qualname__db_tableordering verbose_nameverbose_name_pluralr)r)0/var/www/html/Adtlas/src/apps/accounts/models.pyMetaQsr+cCs|jd|jdS)N ())r!coderr)r)r*__str__WszDepartment.__str__cCs0t|j}|jD]}||q|S)z%Get all child departments recursively)listrallextendget_all_children)rrchildr)r)r*r4ZszDepartment.get_all_childrencCs(ddlm}|g|}tjj|dS)z1Get all users in this department and its childrenr)Q)Zprofile__department__in)django.db.modelsr6r4Userobjectsfilter)rr6Z departmentsr)r)r* get_all_usersas zDepartment.get_all_usersN)r"r#r$__doc__r CharFieldr!rr. TextField description ForeignKeyCASCADEparentSET_NULLhead BooleanField is_activer+r0r4r;r)r)r)r*r"sP   rc@seZdZdZddddgZejddeded d Zejd de d d gddZ ej dededdZ ejdedddZ ejdejdddddZejedededdZejdededdZejd ed!d"dZejd#d$d%ZGd&d'd'Zd(d)Zd*d+Zd/d-d.Zd,S)0Rolez Role model for dynamic role management. This model allows creating custom roles with specific permissions that can be assigned to users for flexible access control. )systemz System Role)customz Custom Role) departmentzDepartment Role)Zprojectz Project RolerTz Role NamezGUnique name for the role (e.g., 'Campaign Manager', 'Analytics Viewer'))rrr'r2z ^[a-z_]+$z,Code must be lowercase with underscores onlyzr? role_typer@rArWManyToManyFieldr rVrErFPositiveIntegerFieldrS is_defaultr+r0rYr^r)r)r)r*rGhsz  rGcseZdZdZejeddddZejddddddZ ejddd d Z ejddd d Z ej dd d Z ej ddd Zej dededdZejddededdZejddededdZejejdd ZejddddZejddddZejddd ZejddddZejejdd Zej dd d ZeZd!Z d"d#d$gZ!Gd%d&d&Z"d'd(Z#d)d*Z$d+d,Z%d-d.Z&d/d0Z'd1d2Z(d3d4Z)d5d6Z*d7d8Z+d9d:Z,d;d<Z-fd=d>Z.fd?d@Z/dAdBZ0Z1S)Cr8a? Custom User model with email-based authentication and enhanced features. This model replaces Django"s default User model and provides: - Email-based authentication - Enhanced profile information - Role-based access control - Activity tracking - Multi-factor authentication support z Email AddressTz%User's email address (used for login))rrz&Optional username for display purposes)rrrrrzUser's first namerrrzUser's last namez8Designates whether this user should be treated as activerFz7Designates whether the user can log into the admin sitez Is Verifiedz$Whether the user's email is verifiedrPz Last Login IPzIP address of last loginrrr'rzEmail Verified AtzWhen the email was verifiedz&Date when the user account was createdzLast time the user logged inrrrz+Last time the user was active in the systemrz+Number of consecutive failed login attemptszAccount lockout expiration timez"When the password was last changedz.Whether multi-factor authentication is enabledemailusername first_name last_namec@sPeZdZedZedZdZdgZej dgdej ddgdej d gdgZ d S) z User.Metar8ZUsersZaccounts_usersz -date_joinedrgfieldsrF is_verified date_joinedN) r"r#r$rTr'r(r%r&rIndexindexesr)r)r)r*r+Is  r+cCs.|jr(|jr(|jd|jd|jdS|jS)N r,r-)rirjrgr/r)r)r*r0Ts z User.__str__cCs|jd|jp|jS)zGet user"s full name.rq)rirjstriprhr/r)r)r* get_full_nameYszUser.get_full_namecCs |jp |jS)zGet user"s short name.)rirhr/r)r)r*get_short_name]szUser.get_short_namecCs|jrt|jkSdS)z)Check if the account is currently locked.F)account_locked_untilrnowr/r)r)r*is_account_lockedaszUser.is_account_lockedcCs d|_d|_|jddgddS)zUnlock the user account.Nrrufailed_login_attempts update_fields)rurxsaver/r)r)r*unlock_accountgszUser.unlock_accountcCstjj|dddS)z+Get all active roles assigned to this user.T)Zuserrole__userZuserrole__is_activerF)rGr9r:r/r)r)r* get_rolesms zUser.get_rolescCs|j|dS)z"Check if user has a specific role.)r.)r}r:exists)rZ role_coder)r)r*has_roleusz User.has_rolecCs|dS)z%Get the user"s highest priority role.rS)r}order_byfirstr/r)r)r*get_highest_roleyszUser.get_highest_rolecCs(|}|D]}|d|r dSq dS)z(Check if user can access a specific app.viewTF)r}r^)rr\Zrolesroler)r)r*can_access_app}s  zUser.can_access_appcCs$d|_t|_|jddgddS)zMark user"s email as verified.Trmemail_verified_atryN)rmrrvrr{r/r)r)r* verify_emails zUser.verify_emailcCs||_|jdgddS)z$Update user"s last login IP address. last_login_ipryN)rr{)r ip_addressr)r)r*update_last_login_ipszUser.update_last_login_ipcs t|jr|j|_dS)zValidate the model data.N)supercleanrglowerr/ __class__r)r*rs z User.cleancs|tj||dS)z"Override save to add custom logic.N) full_cleanrr{)rargskwargsrr)r*r{sz User.savecCstdd|jidSz-Return the absolute URL for the user profile.zaccounts:profilepk)r)rrr/r)r)r*get_absolute_urlszUser.get_absolute_url)2r"r#r$r<r EmailFieldrTrgr=rhrirjrErFis_staffrmGenericIPAddressFieldr DateTimeFieldrrrvrn last_login last_activityrarxruZpassword_changed_atZ mfa_enabledr r9USERNAME_FIELDREQUIRED_FIELDSr+r0rsrtrwr|r}rrrrrrr{r __classcell__r)r)rr*r8s     r8c@seZdZdZejeejdededdZ e deddZ ej ed e gd d d ed d Z ejeddd d eddZejeddd eddZejd d ededdZej eddd eddZej eddd eddZejd ededd Zejeejd d d!d"d#Zej d$d d d d%d&Zejd d d'd(Zejeejd d d)d*d#Zej d$d+d,d-Zej d.d/d0d-Z ej d1d2d3d4gd5d6d7Z!ej"d d8d9Z#ej"d:ed;ed<d=Z$ej"d ed>ed?d=Z%ej ed@dAd edBdZ&ej edCdAd edDdZ'ej edEdd edEdZ(ej edFdd edGdZ)ej edHd1d edIdZ*ej edJdd edJdZ+ej dd dKdZ,ej d1d dLdZ-GdMdNdNZ.dOdPZ/dQdRZ0dSdTZ1dUdVZ2dWS)XProfilez Extended user profile model for additional user information. This model stores additional user data that doesn"t belong in the core User model, following the principle of separation of concerns. Zprofiler8zAssociated user account)rrr'rz^\+?1?\d{9,15}$zRPhone number must be entered in the format: '+999999999'. Up to 15 digits allowed.)regexmessagez Phone NumberTzUser's phone number)rrrrrZAvatarzavatars/%Y/%m/zUser's profile picture) upload_torrrZ BiographyizUser's biography or descriptionrdz Birth DatezUser's birth daterez Job TitlerzUser job title or positionZCompanyzUser company or organizationZWebsitezUser's website URLrMusersz"User department within the companyrrKzEmployee ID or staff number)rrrrrzDate when the user was hiredrfZ subordinateszUser's direct managerUTCzUser's preferred timezone)rr r enzUser's preferred languager)lightz Light Theme)darkz Dark Theme)autoz Auto (System)rzUser's preferred UI themerNz Whether to receive notificationsrFzSMS NotificationszReceive SMS notificationsrPzEmail NotificationszReceive email notificationszAddress Line 1zStreet addresszAddress Line 2zApartment, suite, etc.ZCityzState/ProvincezState or provincez Postal CodezZIP or postal codeZCountryzEmergency contact person namezEmergency contact phone numberc@s&eZdZedZedZdgZdZdS)z Profile.MetarZProfiles -created_atZaccounts_profileN)r"r#r$rTr'r(r&r%r)r)r)r*r+ssr+cCsd|jp|jjS)z*String representation of the user profile.z Profile for )userrsrgr/r)r)r*r0yszProfile.__str__cCs@|jrZbio DateFieldZ birth_dateZ job_titleZcompanyURLFieldZwebsiter@rrCrJZ employee_idZ hire_datemanagerrlanguageZthemerEZnotifications_enabledZsms_notificationsZemail_notificationsZ address_line1Z address_line2ZcitystateZ postal_codecountryZemergency_contact_nameZemergency_contact_phoner+r0rrrr)r)r)r*rsP       rc@seZdZdZejeejddZeje ejddZ ejeej dddddZ ej ejd d Zej ejd d Zej ddd d Zejddd ZejdddZGdddZddZddZdS)UserRolez Junction model for User-Role relationships with temporal aspects. Allows users to have multiple roles with validity periods. zUser assigned to this role)rrzRole assigned to the userTZassigned_roleszUser who assigned this rolerzWhen this role was assignedrz'When this role assignment becomes validz!When this role assignment expiresrfz0Whether this role assignment is currently activez+Additional notes about this role assignmentrc@s&eZdZdZddgZdZdZdgZdS)z UserRole.MetaZaccounts_user_rolesrrz User Rolez User Rolesz -assigned_atN)r"r#r$r%unique_togetherr'r(r&r)r)r)r*r+s r+cCs |jp|jjd|jjSN - )rrsrgrr!r/r)r)r*r0szUserRole.__str__cCs,t}|jo*|j|ko*|jdkp*|j|kS)z0Check if the role assignment is currently valid.N)rrvrF valid_from valid_until)rrvr)r)r*is_valids zUserRole.is_validN)r"r#r$r<rr@r8rArrGrrCZ assigned_byrrrvZ assigned_atrrrErFr>Znotesr+r0rr)r)r)r*rsVrc@seZdZdZejeejdddZej ddddZ ej ddd d Z ej dd d Zej d dddZejdddZejejddZejddZGdddZddZddZdS) UserSessionzB Track user sessions for security and analytics purposes. sessionsz!User associated with this sessionrrr(TzDjango session keyrzIP address of the sessionrfBrowser user agent stringrz"Geographic location (if available)rdz'Whether the session is currently activerzLast activity timestampzWhen the session expiresrc@seZdZdZdZdZdgZdS)zUserSession.MetaZaccounts_user_sessionsz User Sessionz User Sessionsz-last_activityNr"r#r$r%r'r(r&r)r)r)r*r+sr+cCs|jjd|jdddS)Nrz...)rrg session_keyr/r)r)r*r0szUserSession.__str__cCst|jkS)z!Check if the session has expired.rrv expires_atr/r)r)r* is_expiredszUserSession.is_expiredN)r"r#r$r<rr@r8rArr=rrrr> user_agentlocationrErFrrrvrrr+r0rr)r)r)r*rsPrc @seZdZdZdddddddd d g Zejeejd d d Z ej deddZ ej ddddZ ej ddddZ ej ddddZejedddZejddddZejdddZGdddZd d!Zd"S)# UserActivityzA Track user activities for audit and analytics purposes. )loginLogin)logoutLogout)createCreate)readView)rXUpdate)deleteDelete)exportExport)importImport)adminz Admin ActionZ activitieszUser who performed the actionrrzType of action performed)rrOrrKTz$Type of object affected (model name)rdzID of the affected objectrz,String representation of the affected objectz#Additional details about the action)r rrz.IP address from which the action was performedrfrrc@sJeZdZdZdZdZdgZejddgdejdgdejd d gdgZ d S) zUserActivity.MetaZaccounts_user_activitiesz User ActivityzUser Activitiesrractionrk created_at object_type object_idN) r"r#r$r%r'r(r&rrorpr)r)r)r*r+Es r+cCs|jjd|jd|jSr)rrgrrr/r)r)r*r0PszUserActivity.__str__N)r"r#r$r<Z ACTION_TYPESrr@r8rArr=rrr object_repr JSONFielddictdetailsrrr>rr+r0r)r)r)r*r sj  rc@seZdZdZejeejdddZej e j dddZ ej dd Zejd d d Zejddd dZGdddZddZddZddZdS)PasswordResetTokenz7 Secure password reset tokens with expiration. Z reset_tokenszUser requesting password resetrTzUnique reset token)r rrzWhen the token expiresrFzWhether the token has been usedrz)IP address from which reset was requestedrfc@seZdZdZdZdZdgZdS)zPasswordResetToken.MetaZaccounts_password_reset_tokenszPassword Reset TokenzPassword Reset TokensrNrr)r)r)r*r+qsr+cCsd|jjS)NzReset token for )rrgr/r)r)r*r0wszPasswordResetToken.__str__cCst|jkS)zCheck if the token has expired.rr/r)r)r*rzszPasswordResetToken.is_expiredcCs|j o| S)z$Check if the token is valid for use.)is_usedrr/r)r)r*r~szPasswordResetToken.is_validN)r"r#r$r<rr@r8rAr UUIDFielduuiduuid4tokenrrrErrrr+r0rrr)r)r)r*rTs8r) r<r django.dbr django.urlsr django.utilsrZdjango.core.validatorsrdjango.utils.translationrrT"django.contrib.contenttypes.modelsrdjango.contrib.auth.modelsrr r Zapps.accounts.managersr apps.common.modelsr r rrGr8rrrrrr)r)r)r*s(       FoLpB8I