U hn/@sdZddlmZddlmZddlmZddlmZddl m Z ddl m Z ddl mZdd lmZdd lmZGd d d eZd!ddZddZddZddZGdddZddZddZddZdd Zd S)"z Django Permission System for Accounts App This module provides a comprehensive permission system for the accounts app with decorators, mixins, and utility functions for checking user permissions. )wraps)messages) reverse_lazy) JsonResponse)redirect)PermissionDenied)method_decorator)login_required)LoginRequiredMixincs0eZdZdZdZdZfddZddZZS)PermissionRequiredMixinze Mixin that checks if user has required permissions. Can be used with class-based views. Nz.You don't have permission to access this page.csV|sB|jddkr,td|jdddSt||jtdStj |f||S)NX-Requested-WithXMLHttpRequestFsuccessmessagestatuscore:dashboard) has_permissionheadersgetrpermission_denied_messagererrorrsuperdispatch)selfrequestargskwargs __class__4/var/www/html/Focus/src/apps/accounts/permissions.pyrsz PermissionRequiredMixin.dispatchcCs4|js dSt|jtr |jg}n|j}|jj|S)z'Check if user has required permissions.T)permission_required isinstancestrruser has_perms)r permissionsr"r"r#r(s   z&PermissionRequiredMixin.has_permission) __name__ __module__ __qualname____doc__r$rrr __classcell__r"r"r r#r s  r NFcsfdd}|S)a? Decorator for views that checks whether a user has permission to access the view. Args: permission_codename: String or list of permission codenames to check login_url: URL to redirect to if user is not authenticated raise_exception: Whether to raise PermissionDenied exception cs&ttdfdd}|S)N) login_urlcspttrg}n}|j|s`r*t|jddkrLtdddddSt |dt dS|f||S) Nr r F1You don't have permission to perform this action.rrrr) r%r&r'r(rrrrrrrrrrr))permission_codenameraise_exception view_funcr"r# _wrapped_view?s    z=permission_required..decorator.._wrapped_viewrr r4r5r/r2r3r4r# decorator>sz&permission_required..decoratorr")r2r/r3r:r"r8r#r$5s r$csfdd}|S)zH Decorator specifically for AJAX views that checks permissions. csttfdd}|S)NcsDttrg}n}|j|s4tdddddS|f||S)NFr0rrr)r%r&r'r(rr1)r2r4r"r#r5^s  zBajax_permission_required..decorator.._wrapped_viewr6r7r2r9r#r:]s z+ajax_permission_required..decoratorr")r2r:r"r;r#ajax_permission_requiredYs r<cCs t|tr|g}n|}||S)z Utility function to check if a user has specific permission. Args: user: User instance permission_codename: String or list of permission codenames Returns: Boolean indicating if user has permission )r%r&r()r'r2r)r"r"r#user_has_permissionqs r=cCsDddlm}ddlm}|j}|jj|dd}| |}|S)z Get all permissions for a user including role-based permissions. Args: user: User instance Returns: QuerySet of permissions r Permission)UserRoleT)Zrole__userrole__userZrole__userrole__is_active) django.contrib.auth.modelsr?apps.accounts.modelsr@user_permissionsallobjectsfilterdistinctunion)r'r?r@rCZrole_permissionsall_permissionsr"r"r#get_user_permissionss     rJc@s\eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdS)UserManagementPermissionsz)Permission constants for user management.accounts.view_useraccounts.add_useraccounts.change_useraccounts.delete_useraccounts.view_roleaccounts.add_roleaccounts.change_roleaccounts.delete_rolezauth.view_permissionzauth.add_permissionzauth.change_permissionzauth.delete_permissionaccounts.add_userroleaccounts.delete_userroleaccounts.view_profileaccounts.change_profilezactivities.view_activityaccounts.view_usersessionaccounts.delete_usersessionN)r*r+r,r-CAN_VIEW_USERS CAN_ADD_USERSCAN_CHANGE_USERSZCAN_DELETE_USERSCAN_VIEW_ROLES CAN_ADD_ROLESCAN_CHANGE_ROLESZCAN_DELETE_ROLESCAN_VIEW_PERMISSIONSZCAN_ADD_PERMISSIONSZCAN_CHANGE_PERMISSIONSZCAN_DELETE_PERMISSIONSZCAN_ASSIGN_ROLESZCAN_REVOKE_ROLESZCAN_VIEW_PROFILESZCAN_CHANGE_PROFILESCAN_VIEW_ACTIVITIESCAN_VIEW_SESSIONSZCAN_TERMINATE_SESSIONSr"r"r"r#rKs(rKc Csddlm}ddlm}ddlm}m}m}m}m }ddddd d d d d dg }|D]<\}} |j |} |j j || | d\} } | rPt d|qPdS)zo Create default permissions for the accounts app. This should be called during app initialization. rr>) ContentType)UserRoler@Profile UserSession)can_manage_userszCan manage all users)Zcan_view_user_detailszCan view user details)Zcan_export_userszCan export user data)Zcan_assign_roleszCan assign roles to users)Zcan_manage_permissionszCan manage permissions)Zcan_view_all_profileszCan view all user profiles)Zcan_manage_profileszCan manage user profiles)Zcan_view_all_sessionszCan view all user sessions)Zcan_terminate_sessionszCan terminate user sessions)Zcan_view_all_activitieszCan view all user activities)codenamename content_typezCreated permission: N)rAr?"django.contrib.contenttypes.modelsrcrBrdrer@rfrgrE get_for_model get_or_createprint) r?rcrdrer@rfrgZcustom_permissionsrirjrk permissioncreatedr"r"r#create_default_permissionss.     rrcCsVddlm}ddlm}dddddd d d d d dddddddddddddddddgdd d!ddd d ddddddddg dd"d#d d dd$gdd%d&ddgdd'}|D]\}}|jj||d(|d)d*|d+krd,n|d-krd.n|d/krd0nd1d2|d3kd4d5\}}|rtd6||jjd7d8|d9Dd:}|j |td;| d<|qd=S)>z< Set up default roles with appropriate permissions. rr>)rezSuper Administratorz&Has full access to all system featuresrMrNrOrLrQrRrSrPrTrUzaccounts.view_userrolezaccounts.add_profilerWrVzaccounts.add_usersessionzaccounts.change_usersessionrYrXzaccounts.can_manage_userszaccounts.can_assign_roleszaccounts.can_manage_permissionszaccounts.can_view_all_profileszaccounts.can_view_all_sessionszaccounts.can_terminate_sessionsz accounts.can_view_all_activities)rj descriptionr) Administratorz&Has access to user and role managementManagerzHas access to user managementzaccounts.can_view_user_detailsz Regular UserzBasic user permissions) super_adminadminmanagerr'rjrssystemrvrwrxTr')rjrs role_typelevel is_active is_default)codedefaultszCreated role: cSsg|]}|ddqS).)split).0permr"r"r# 6sz'setup_default_roles..r))Z codename__inzAdded z permissions to N) rAr?rBreitemsrErnrorFr)setcount)r?re default_roles role_code role_datarolerqr)r"r"r#setup_default_roless    +&    rcCs|tjtjtjgS)z2Check if user has any user management permissions.)r(rKrZr[r\r'r"r"r#has_user_management_permission=s rcCs|tjtjtjgS)z2Check if user has any role management permissions.)r(rKr]r^r_rr"r"r#has_role_management_permissionFs r)NF)r- functoolsrdjango.contribr django.urlsr django.httprdjango.shortcutsrdjango.core.exceptionsrdjango.utils.decoratorsrdjango.contrib.auth.decoratorsr django.contrib.auth.mixinsr r r$r<r=rJrKrrrrrr"r"r"r#s&         ! $%-K