from django.contrib.auth.base_user import BaseUserManager class UserManager(BaseUserManager): """ Custom user manager for email-based authentication. """ def create_user(self, email, password=None, **extra_fields): if not email: raise ValueError('The Email field must be set') email = self.normalize_email(email) user = self.model(email=email, **extra_fields) user.set_password(password) user.save(using=self._db) # Assign default role if specified - import here to avoid circular import try: from apps.accounts.models import Role, UserRole default_role = Role.objects.filter(is_default=True, is_active=True).first() if default_role: UserRole.objects.create(user=user, role=default_role) except ImportError: pass # Skip role assignment if models not ready return user def create_superuser(self, email, password=None, **extra_fields): extra_fields.setdefault('is_staff', True) extra_fields.setdefault('is_superuser', True) extra_fields.setdefault('is_active', True) extra_fields.setdefault('is_verified', True) if extra_fields.get('is_staff') is not True: raise ValueError('Superuser must have is_staff=True.') if extra_fields.get('is_superuser') is not True: raise ValueError('Superuser must have is_superuser=True.') user = self.create_user(email, password, **extra_fields) # Assign admin role to superuser - import here to avoid circular import try: from django.contrib.auth.models import Permission from apps.accounts.models import Role, UserRole admin_role, created = Role.objects.get_or_create( code="super_admin", defaults={ "name": "Super Administrator", "description": "Full system access", "role_type": "system", "level": 1, "is_active": True } ) if created: # Assign all permissions to super admin role admin_role.permissions.set(Permission.objects.all()) UserRole.objects.get_or_create(user=user, role=admin_role) except ImportError: pass # Skip role assignment if models not ready return user