# -*- coding: utf-8 -*- """ Adtlas Accounts Views This module contains all views for the accounts app including user management, authentication, profiles, roles, and user activities. Author: Adtlas Development Team Version: 2.0.0 Last Updated: 2025-01-20 """ from django.shortcuts import render, get_object_or_404, redirect from django.contrib.auth import authenticate, login, logout from django.contrib.auth.decorators import login_required from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin from django.contrib import messages from django.core.paginator import Paginator from django.db.models import Q, Count from django.http import JsonResponse, HttpResponseRedirect from django.urls import reverse_lazy, reverse from django.utils import timezone from django.views.generic import ( ListView, DetailView, CreateView, UpdateView, DeleteView, TemplateView, FormView ) from django.views.decorators.http import require_http_methods from django.views.decorators.csrf import csrf_exempt from django.utils.decorators import method_decorator from django.contrib.auth.forms import PasswordChangeForm from django.contrib.auth import update_session_auth_hash from django.core.exceptions import PermissionDenied from django.db import transaction import json from django.views.decorators.http import require_POST, require_GET from .models import ( User, Profile, Department, Role, UserRole, Permission, UserSession, UserActivity, PasswordResetToken ) from apps.common.decorators import ajax_required from apps.common.permissions import has_permission # ============================================================================ # Authentication Views # ============================================================================ class LoginView(TemplateView): """Custom login view.""" template_name = 'accounts/login.html' def get(self, request, *args, **kwargs): if request.user.is_authenticated: return redirect('dashboard') return super().get(request, *args, **kwargs) def post(self, request, *args, **kwargs): email = request.POST.get('email') password = request.POST.get('password') remember_me = request.POST.get('remember_me') if email and password: user = authenticate(request, username=email, password=password) if user is not None: if user.is_active: login(request, user) # Set session expiry if not remember_me: request.session.set_expiry(0) # Update last login IP ip_address = self.get_client_ip(request) user.update_last_login_ip(ip_address) # Log activity UserActivity.objects.create( user=user, action='login', ip_address=ip_address, user_agent=request.META.get('HTTP_USER_AGENT', '') ) next_url = request.GET.get('next', 'dashboard') return redirect(next_url) else: messages.error(request, 'Your account is inactive.') else: messages.error(request, 'Invalid email or password.') else: messages.error(request, 'Please provide both email and password.') return self.get(request, *args, **kwargs) def get_client_ip(self, request): """Get client IP address.""" x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR') if x_forwarded_for: ip = x_forwarded_for.split(',')[0] else: ip = request.META.get('REMOTE_ADDR') return ip @login_required def logout_view(request): """Logout view.""" # Log activity UserActivity.objects.create( user=request.user, action='logout', ip_address=request.META.get('REMOTE_ADDR'), user_agent=request.META.get('HTTP_USER_AGENT', '') ) logout(request) messages.success(request, 'You have been logged out successfully.') return redirect('accounts:login') # ============================================================================ # User Management Views # ============================================================================ class UserListView(LoginRequiredMixin, ListView): """List all users with search and filtering.""" model = User template_name = 'accounts/user_list.html' context_object_name = 'users' paginate_by = 25 def get_queryset(self): queryset = User.objects.select_related('profile__department').prefetch_related('userrole_set__role') # Search functionality search = self.request.GET.get('search') if search: queryset = queryset.filter( Q(email__icontains=search) | Q(first_name__icontains=search) | Q(last_name__icontains=search) | Q(username__icontains=search) ) # Filter by department department = self.request.GET.get('department') if department: queryset = queryset.filter(profile__department_id=department) # Filter by role role = self.request.GET.get('role') if role: queryset = queryset.filter(userrole__role_id=role, userrole__is_active=True) # Filter by status status = self.request.GET.get('status') if status == 'active': queryset = queryset.filter(is_active=True) elif status == 'inactive': queryset = queryset.filter(is_active=False) elif status == 'verified': queryset = queryset.filter(is_verified=True) elif status == 'unverified': queryset = queryset.filter(is_verified=False) return queryset.order_by('-date_joined') def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context['departments'] = Department.objects.filter(is_active=True) context['roles'] = Role.objects.filter(is_active=True) context['search'] = self.request.GET.get('search', '') context['selected_department'] = self.request.GET.get('department', '') context['selected_role'] = self.request.GET.get('role', '') context['selected_status'] = self.request.GET.get('status', '') return context class UserDetailView(LoginRequiredMixin, DetailView): """Display user details.""" model = User template_name = 'accounts/user_detail.html' context_object_name = 'user_obj' def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) user = self.get_object() # Get user roles context['user_roles'] = UserRole.objects.filter( user=user, is_active=True ).select_related('role') # Get recent activities context['recent_activities'] = Activity.objects.filter( user=user ).order_by('-created_at')[:10] # Get active sessions context['active_sessions'] = UserSession.objects.filter( user=user, is_active=True ).order_by('-last_activity')[:5] return context class UserCreateView(LoginRequiredMixin, CreateView): """Create new user.""" model = User template_name = 'accounts/user_form.html' fields = ['email', 'username', 'first_name', 'last_name', 'is_active', 'is_staff'] success_url = reverse_lazy('accounts:user_list') def form_valid(self, form): user = form.save(commit=False) user.set_password('temporary123') # Set temporary password user.save() # Create profile Profile.objects.create(user=user) # Log activity UserActivity.objects.create( user=self.request.user, action='create', object_type='User', object_id=str(user.id), object_repr=str(user) ) messages.success(self.request, f'User {user.email} created successfully.') return super().form_valid(form) class UserUpdateView(LoginRequiredMixin, UpdateView): """Update user information.""" model = User template_name = 'accounts/user_form.html' fields = ['email', 'username', 'first_name', 'last_name', 'is_active', 'is_staff'] def get_success_url(self): return reverse('accounts:user_detail', kwargs={'pk': self.object.pk}) def form_valid(self, form): # Log activity UserActivity.objects.create( user=self.request.user, action='update', object_type='User', object_id=str(self.object.id), object_repr=str(self.object) ) messages.success(self.request, 'User updated successfully.') return super().form_valid(form) class UserDeleteView(LoginRequiredMixin, DeleteView): """Delete user (soft delete).""" model = User template_name = 'accounts/user_confirm_delete.html' success_url = reverse_lazy('accounts:user_list') def delete(self, request, *args, **kwargs): user = self.get_object() # Soft delete - deactivate user user.is_active = False user.save() # Log activity UserActivity.objects.create( user=request.user, action='delete', object_type='User', object_id=str(user.id), object_repr=str(user) ) messages.success(request, f'User {user.email} deactivated successfully.') return HttpResponseRedirect(self.success_url) # ============================================================================ # Profile Views # ============================================================================ @login_required def profile_view(request): """Display user profile.""" profile, created = Profile.objects.get_or_create(user=request.user) context = { 'profile': profile, 'user_roles': UserRole.objects.filter( user=request.user, is_active=True ).select_related('role'), 'recent_activities': Activity.objects.filter( user=request.user ).order_by('-created_at')[:5] } return render(request, 'accounts/profile.html', context) @login_required def profile_edit(request): """Edit user profile.""" profile, created = Profile.objects.get_or_create(user=request.user) if request.method == 'POST': # Update user fields request.user.first_name = request.POST.get('first_name', '') request.user.last_name = request.POST.get('last_name', '') request.user.save() # Update profile fields profile.phone_number = request.POST.get('phone_number', '') profile.bio = request.POST.get('bio', '') profile.job_title = request.POST.get('job_title', '') profile.company = request.POST.get('company', '') profile.website = request.POST.get('website', '') profile.timezone = request.POST.get('timezone', 'UTC') profile.language = request.POST.get('language', 'en') profile.theme = request.POST.get('theme', 'light') profile.notifications_enabled = request.POST.get('notifications_enabled') == 'on' profile.email_notifications = request.POST.get('email_notifications') == 'on' profile.sms_notifications = request.POST.get('sms_notifications') == 'on' # Handle avatar upload if 'avatar' in request.FILES: profile.avatar = request.FILES['avatar'] profile.save() # Log activity UserActivity.objects.create( user=request.user, action='update', object_type='Profile', object_id=str(profile.id), object_repr='Profile updated' ) messages.success(request, 'Profile updated successfully.') return redirect('accounts:profile') context = { 'profile': profile, 'departments': Department.objects.filter(is_active=True) } return render(request, 'accounts/profile_edit.html', context) @login_required def change_password(request): """Change user password.""" if request.method == 'POST': form = PasswordChangeForm(request.user, request.POST) if form.is_valid(): user = form.save() user.password_changed_at = timezone.now() user.save() update_session_auth_hash(request, user) # Log activity UserActivity.objects.create( user=request.user, action='update', object_type='User', object_id=str(user.id), object_repr='Password changed' ) messages.success(request, 'Password changed successfully.') return redirect('accounts:profile') else: form = PasswordChangeForm(request.user) return render(request, 'accounts/change_password.html', {'form': form}) # ============================================================================ # Department Views # ============================================================================ class DepartmentListView(LoginRequiredMixin, ListView): """List all departments.""" model = Department template_name = 'accounts/department_list.html' context_object_name = 'departments' paginate_by = 20 def get_queryset(self): queryset = Department.objects.select_related('head', 'parent') search = self.request.GET.get('search') if search: queryset = queryset.filter( Q(name__icontains=search) | Q(code__icontains=search) | Q(description__icontains=search) ) return queryset.order_by('name') class DepartmentDetailView(LoginRequiredMixin, DetailView): """Display department details.""" model = Department template_name = 'accounts/department_detail.html' context_object_name = 'department' def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) department = self.get_object() # Get department users context['users'] = User.objects.filter( profile__department=department ).select_related('profile') # Get child departments context['child_departments'] = department.children.filter(is_active=True) return context class DepartmentCreateView(LoginRequiredMixin, CreateView): """Create new department.""" model = Department template_name = 'accounts/department_form.html' fields = ['name', 'code', 'description', 'parent', 'head', 'is_active'] success_url = reverse_lazy('accounts:department_list') def form_valid(self, form): messages.success(self.request, 'Department created successfully.') return super().form_valid(form) class DepartmentUpdateView(LoginRequiredMixin, UpdateView): """Update department.""" model = Department template_name = 'accounts/department_form.html' fields = ['name', 'code', 'description', 'parent', 'head', 'is_active'] def get_success_url(self): return reverse('accounts:department_detail', kwargs={'pk': self.object.pk}) def form_valid(self, form): messages.success(self.request, 'Department updated successfully.') return super().form_valid(form) class DepartmentDeleteView(LoginRequiredMixin, DeleteView): """Delete department.""" model = Department template_name = 'accounts/department_confirm_delete.html' success_url = reverse_lazy('accounts:department_list') def delete(self, request, *args, **kwargs): messages.success(self.request, 'Department deleted successfully.') return super().delete(request, *args, **kwargs) def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) department = self.get_object() # Get child departments context['child_departments'] = department.children.filter(is_active=True) return context # ============================================================================ # Role Management Views # ============================================================================ class RoleListView(LoginRequiredMixin, ListView): """List all roles.""" model = Role template_name = 'accounts/role_list.html' context_object_name = 'roles' paginate_by = 20 def get_queryset(self): queryset = Role.objects.prefetch_related('permissions') search = self.request.GET.get('search') if search: queryset = queryset.filter( Q(name__icontains=search) | Q(code__icontains=search) | Q(description__icontains=search) ) role_type = self.request.GET.get('role_type') if role_type: queryset = queryset.filter(role_type=role_type) return queryset.order_by('level', 'name') def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context['role_types'] = Role.ROLE_TYPES context['selected_role_type'] = self.request.GET.get('role_type', '') return context class RoleDetailView(LoginRequiredMixin, DetailView): """Display role details.""" model = Role template_name = 'accounts/role_detail.html' context_object_name = 'role' def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) role = self.get_object() # Get users with this role context['users'] = User.objects.filter( userrole__role=role, userrole__is_active=True ).select_related('profile') # Get all permissions context['all_permissions'] = role.get_all_permissions() return context class RoleCreateView(LoginRequiredMixin, CreateView): """Create new role.""" model = Role template_name = 'accounts/role_form.html' fields = ['name', 'code', 'description', 'role_type', 'parent_role', 'level', 'is_active', 'is_default'] success_url = reverse_lazy('accounts:role_list') def form_valid(self, form): messages.success(self.request, 'Role created successfully.') return super().form_valid(form) class RoleUpdateView(LoginRequiredMixin, UpdateView): """Update role.""" model = Role template_name = 'accounts/role_form.html' fields = ['name', 'code', 'description', 'role_type', 'parent_role', 'level', 'is_active', 'is_default'] def get_success_url(self): return reverse('accounts:role_detail', kwargs={'pk': self.object.pk}) def form_valid(self, form): messages.success(self.request, 'Role updated successfully.') return super().form_valid(form) # ============================================================================ # User Role Assignment Views # ============================================================================ @login_required def assign_role(request, user_id): """Assign role to user.""" user = get_object_or_404(User, id=user_id) if request.method == 'POST': role_id = request.POST.get('role_id') valid_from = request.POST.get('valid_from') valid_until = request.POST.get('valid_until') notes = request.POST.get('notes', '') if role_id: role = get_object_or_404(Role, id=role_id) # Check if user already has this role existing = UserRole.objects.filter(user=user, role=role, is_active=True).first() if existing: messages.warning(request, f'User already has the role {role.name}.') else: UserRole.objects.create( user=user, role=role, assigned_by=request.user, valid_from=valid_from or timezone.now(), valid_until=valid_until or None, notes=notes ) # Log activity UserActivity.objects.create( user=request.user, action='create', object_type='UserRole', object_repr=f'{user.email} assigned {role.name}' ) messages.success(request, f'Role {role.name} assigned to {user.email}.') return redirect('accounts:user_detail', pk=user.id) context = { 'user_obj': user, 'available_roles': Role.objects.filter(is_active=True), 'current_roles': UserRole.objects.filter(user=user, is_active=True) } return render(request, 'accounts/assign_role.html', context) @login_required def revoke_role(request, user_role_id): """Revoke role from user.""" user_role = get_object_or_404(UserRole, id=user_role_id) if request.method == 'POST': user_role.is_active = False user_role.save() # Log activity UserActivity.objects.create( user=request.user, action='delete', object_type='UserRole', object_repr=f'{user_role.user.email} revoked {user_role.role.name}' ) messages.success(request, f'Role {user_role.role.name} revoked from {user_role.user.email}.') return redirect('accounts:user_detail', pk=user_role.user.id) return render(request, 'accounts/revoke_role.html', {'user_role': user_role}) # ============================================================================ # Activity and Session Views # ============================================================================ class UserActivityListView(LoginRequiredMixin, ListView): """ View to display user activities using the enhanced Activity model. """ model = Activity template_name = 'accounts/activity_list.html' context_object_name = 'activities' paginate_by = 50 def get_queryset(self): queryset = Activity.objects.select_related('user') # Filter by user user_id = self.request.GET.get('user') if user_id: queryset = queryset.filter(user_id=user_id) # Filter by action action = self.request.GET.get('action') if action: queryset = queryset.filter(action=action) # Filter by date range date_from = self.request.GET.get('date_from') date_to = self.request.GET.get('date_to') if date_from: queryset = queryset.filter(created_at__date__gte=date_from) if date_to: queryset = queryset.filter(created_at__date__lte=date_to) return queryset.order_by('-created_at') def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context['users'] = User.objects.filter(is_active=True) context['actions'] = Activity.ACTION_CHOICES return context class UserSessionListView(LoginRequiredMixin, ListView): """List user sessions.""" model = UserSession template_name = 'accounts/session_list.html' context_object_name = 'sessions' paginate_by = 50 def get_queryset(self): queryset = UserSession.objects.select_related('user') # Filter by user user_id = self.request.GET.get('user') if user_id: queryset = queryset.filter(user_id=user_id) # Filter by active status is_active = self.request.GET.get('is_active') if is_active == 'true': queryset = queryset.filter(is_active=True) elif is_active == 'false': queryset = queryset.filter(is_active=False) return queryset.order_by('-last_activity') def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context['users'] = User.objects.filter(is_active=True) return context # ============================================================================ # AJAX Views # ============================================================================ @ajax_required @login_required def user_search_ajax(request): """AJAX user search.""" query = request.GET.get('q', '') users = User.objects.filter( Q(email__icontains=query) | Q(first_name__icontains=query) | Q(last_name__icontains=query) )[:10] results = [] for user in users: results.append({ 'id': user.id, 'email': user.email, 'name': user.get_full_name(), 'avatar': user.profile.get_avatar_url() if hasattr(user, 'profile') else None }) return JsonResponse({'results': results}) @ajax_required @login_required def check_email_availability(request): """Check if email is available.""" email = request.GET.get('email', '') user_id = request.GET.get('user_id') if user_id: exists = User.objects.filter(email=email).exclude(id=user_id).exists() else: exists = User.objects.filter(email=email).exists() return JsonResponse({'available': not exists}) @ajax_required @login_required def user_stats_ajax(request): """Get user statistics.""" stats = { 'total_users': User.objects.count(), 'active_users': User.objects.filter(is_active=True).count(), 'verified_users': User.objects.filter(is_verified=True).count(), 'staff_users': User.objects.filter(is_staff=True).count(), 'recent_logins': User.objects.filter( last_login__gte=timezone.now() - timezone.timedelta(days=7) ).count() } return JsonResponse(stats) # ============================================================================ # Dashboard Views # ============================================================================ @login_required def dashboard(request): """Main dashboard view.""" context = { 'user_count': User.objects.filter(is_active=True).count(), 'department_count': Department.objects.filter(is_active=True).count(), 'role_count': Role.objects.filter(is_active=True).count(), 'recent_activities': Activity.objects.select_related('user').order_by('-created_at')[:10], 'active_sessions': UserSession.objects.filter(is_active=True).count(), 'recent_users': User.objects.filter(is_active=True).order_by('-date_joined')[:5] } return render(request, 'accounts/dashboard.html', context) class PermissionListView(LoginRequiredMixin, ListView): """List all permissions.""" model = Permission template_name = 'accounts/permission_list.html' context_object_name = 'permissions' paginate_by = 50 def get_queryset(self): queryset = super().get_queryset() queryset = queryset.filter(is_active=True) return queryset def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context['roles'] = Role.objects.filter(is_active=True) return context class PermissionDetailView(LoginRequiredMixin, DetailView): """Detail view for a specific permission.""" model = Permission template_name = 'accounts/permission_detail.html' context_object_name = 'permission' def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context['roles'] = Role.objects.filter(is_active=True) return context def get_queryset(self): queryset = super().get_queryset() queryset = queryset.filter(is_active=True) return queryset def get_object(self, queryset=None): obj = super().get_object(queryset) if not obj.is_active: raise Http404("Permission does not exist") return obj # class PermissionCreateView(LoginRequiredMixin, CreateView): # """Create a new permission.""" # model = Permission # form_class = PermissionForm # template_name = 'accounts/permission_create.html' # success_url = reverse_lazy('accounts:permission_list') # def form_valid(self, form): # form.instance.created_by = self.request.user # return super().form_valid(form) # class PermissionUpdateView(LoginRequiredMixin, UpdateView): # """Update an existing permission.""" # model = Permission # form_class = PermissionForm # template_name = 'accounts/permission_update.html' # success_url = reverse_lazy('accounts:permission_list') # def get_object(self, queryset=None): # obj = super().get_object(queryset) # if not obj.is_active: # raise Http404("Permission does not exist") # return obj # def form_valid(self, form): # form.instance.updated_by = self.request.user # return super().form_valid(form) # def get_queryset(self): # queryset = super().get_queryset() # queryset = queryset.filter(is_active=True) # return queryset # def get_context_data(self, **kwargs): # context = super().get_context_data(**kwargs) # context['roles'] = Role.objects.filter(is_active=True) # return context # class PermissionDeleteView(LoginRequiredMixin, DeleteView): # """Delete a permission.""" # model = Permission # template_name = 'accounts/permission_delete.html' # success_url = reverse_lazy('accounts:permission_list') # def get_object(self, queryset=None): # obj = super().get_object(queryset) # if not obj.is_active: # raise Http404("Permission does not exist") # return obj # def delete(self, request, *args, **kwargs): # obj = self.get_object() # obj.is_active = False # obj.updated_by = self.request.user # obj.save() # return HttpResponseRedirect(self.get_success_url()) def settings_view(request): """User settings view.""" user = request.user context = { 'user': user, 'profile': user.profile } return render(request, 'accounts/settings.html', context) def profile_update_api(request): """Update user profile.""" if request.method == 'POST': form = ProfileUpdateForm(request.POST, request.FILES, instance=request.user.profile) if form.is_valid(): form.save() return JsonResponse({'message': 'Profile updated successfully'}) return JsonResponse({'message': 'Profile update failed', 'errors': form.errors}) return JsonResponse({'message': 'Invalid request method'}) def change_password_api(request): """Change user password.""" if request.method == 'POST': form = PasswordChangeForm(request.user, request.POST) if form.is_valid(): form.save() return JsonResponse({'message': 'Password updated successfully'}) return JsonResponse({'message': 'Password update failed', 'errors': form.errors}) return JsonResponse({'message': 'Invalid request method'}) @login_required @require_POST @ajax_required def profile_update(request): """Update user profile.""" if request.method == 'POST': form = ProfileUpdateForm(request.POST, request.FILES, instance=request.user.profile) if form.is_valid(): form.save() return JsonResponse({'message': 'Profile updated successfully'}) return JsonResponse({'message': 'Profile update failed', 'errors': form.errors}) return JsonResponse({'message': 'Invalid request method'}) @login_required @require_POST @ajax_required def user_sessions_api(request): """Get user sessions.""" if request.method == 'POST': user_sessions = UserSession.objects.filter(user=request.user, is_active=True) return JsonResponse({'user_sessions': list(user_sessions.values())}) return JsonResponse({'message': 'Invalid request method'}) @login_required @require_POST @ajax_required def user_activities_api(request): """Get user activities.""" if request.method == 'POST': user_activities = Activity.objects.filter(user=request.user) return JsonResponse({'user_activities': list(user_activities.values())}) return JsonResponse({'message': 'Invalid request method'}) @login_required @require_POST @ajax_required def terminate_session_api(request): """Terminate user session.""" if request.method == 'POST': session_id = request.POST.get('session_id') if not session_id: return JsonResponse({'message': 'Invalid request'}) try: session = UserSession.objects.get(id=session_id, user=request.user, is_active=True) session.is_active = False session.save() return JsonResponse({'message': 'Session terminated successfully'}) except UserSession.DoesNotExist: return JsonResponse({'message': 'Invalid session'}) return JsonResponse({'message': 'Invalid request method'})