from django.shortcuts import render, redirect from django.contrib.auth import authenticate, login, logout from django.contrib.auth.decorators import login_required, permission_required from django.contrib import messages from django.http import HttpResponse from .models import User, Role, Permission, RolePermission, UserRole def login_view(request): """User login view""" if request.method == 'POST': username = request.POST['username'] password = request.POST['password'] user = authenticate(request, username=username, password=password) if user is not None: login(request, user) return redirect('inventory:dashboard') else: messages.error(request, 'Invalid username or password') context = { 'module_title': 'Login', } return render(request, 'accounts/login.html', context) def logout_view(request): """User logout view""" logout(request) messages.info(request, 'You have been logged out') return redirect('accounts:login') def register_view(request): """User registration view""" # In a real app, this would contain registration logic return HttpResponse("Registration page") @login_required def profile_view(request): """User profile view""" context = { 'module_title': 'User Profile', } return render(request, 'accounts/profile.html', context) @login_required def edit_profile_view(request): """Edit user profile view""" # In a real app, this would contain profile editing logic return HttpResponse("Edit profile page") # User Management Views @login_required @permission_required('accounts.view_user', raise_exception=True) def user_list_view(request): """List all users""" users = User.objects.all() context = { 'module_title': 'User Management', 'users': users, } return render(request, 'accounts/user_list.html', context) @login_required @permission_required('accounts.add_user', raise_exception=True) def create_user_view(request): """Create a new user""" if request.method == 'POST': from django.contrib import messages username = request.POST.get('username') first_name = request.POST.get('first_name') last_name = request.POST.get('last_name') email = request.POST.get('email') password = request.POST.get('password') phone = request.POST.get('phone') department = request.POST.get('department') position = request.POST.get('position') is_active = request.POST.get('is_active') == 'on' roles = request.POST.getlist('roles') try: # Create the user user = User.objects.create_user( username=username, email=email, password=password, first_name=first_name, last_name=last_name ) user.phone = phone user.department = department user.position = position user.is_active = is_active user.save() # Assign roles for role_id in roles: try: role = Role.objects.get(id=role_id) UserRole.objects.get_or_create(user=user, role=role) except Role.DoesNotExist: pass messages.success(request, f'User {username} created successfully!') return redirect('accounts:user_detail', user_id=user.id) except Exception as e: messages.error(request, f'Error creating user: {str(e)}') # GET request - show form roles = Role.objects.all() context = { 'module_title': 'Create User', 'roles': roles, } return render(request, 'accounts/create_user.html', context) @login_required @permission_required('accounts.view_user', raise_exception=True) def user_detail_view(request, user_id): """View user details""" try: user = User.objects.get(id=user_id) context = { 'module_title': 'User Details', 'user': user, } return render(request, 'accounts/user_detail.html', context) except User.DoesNotExist: messages.error(request, 'User not found') return redirect('accounts:user_list') @login_required @permission_required('accounts.change_user', raise_exception=True) def edit_user_view(request, user_id): """Edit user details""" try: user = User.objects.get(id=user_id) except User.DoesNotExist: messages.error(request, 'User not found') return redirect('accounts:user_list') if request.method == 'POST': from django.contrib import messages # Update basic information user.first_name = request.POST.get('first_name') user.last_name = request.POST.get('last_name') user.email = request.POST.get('email') user.phone = request.POST.get('phone') user.department = request.POST.get('department') user.position = request.POST.get('position') user.is_active = request.POST.get('is_active') == 'on' # Update password if provided password = request.POST.get('password') if password: user.set_password(password) user.save() # Update roles user.userrole_set.all().delete() # Remove existing roles roles = request.POST.getlist('roles') for role_id in roles: try: role = Role.objects.get(id=role_id) UserRole.objects.get_or_create(user=user, role=role) except Role.DoesNotExist: pass messages.success(request, f'User {user.username} updated successfully!') return redirect('accounts:user_detail', user_id=user.id) # GET request - show form roles = Role.objects.all() user_roles = user.userrole_set.values_list('role_id', flat=True) context = { 'module_title': 'Edit User', 'user': user, 'roles': roles, 'user_roles': user_roles, } return render(request, 'accounts/edit_user.html', context) @login_required @permission_required('accounts.delete_user', raise_exception=True) def delete_user_view(request, user_id): """Delete a user""" try: user = User.objects.get(id=user_id) except User.DoesNotExist: messages.error(request, 'User not found') return redirect('accounts:user_list') if request.method == 'POST': username = user.username user.delete() messages.success(request, f'User {username} deleted successfully!') return redirect('accounts:user_list') context = { 'module_title': 'Delete User', 'user': user, } return render(request, 'accounts/delete_user.html', context) # Role Management Views @login_required @permission_required('accounts.view_role', raise_exception=True) def role_list_view(request): """List all roles""" roles = Role.objects.all() context = { 'module_title': 'Role Management', 'roles': roles, } return render(request, 'accounts/role_list.html', context) @login_required @permission_required('accounts.add_role', raise_exception=True) def create_role_view(request): """Create a new role""" if request.method == 'POST': name = request.POST.get('name') description = request.POST.get('description') permissions = request.POST.getlist('permissions') try: role = Role.objects.create( name=name, description=description ) # Assign permissions for perm_id in permissions: try: permission = Permission.objects.get(id=perm_id) RolePermission.objects.get_or_create(role=role, permission=permission) except Permission.DoesNotExist: pass messages.success(request, f'Role {name} created successfully!') return redirect('accounts:role_detail', role_id=role.id) except Exception as e: messages.error(request, f'Error creating role: {str(e)}') # GET request - show form permissions = Permission.objects.all() context = { 'module_title': 'Create Role', 'permissions': permissions, } return render(request, 'accounts/create_role.html', context) @login_required @permission_required('accounts.view_role', raise_exception=True) def role_detail_view(request, role_id): """View role details""" try: role = Role.objects.get(id=role_id) context = { 'module_title': 'Role Details', 'role': role, } return render(request, 'accounts/role_detail.html', context) except Role.DoesNotExist: messages.error(request, 'Role not found') return redirect('accounts:role_list') @login_required @permission_required('accounts.change_role', raise_exception=True) def edit_role_view(request, role_id): """Edit role details""" try: role = Role.objects.get(id=role_id) except Role.DoesNotExist: messages.error(request, 'Role not found') return redirect('accounts:role_list') if request.method == 'POST': name = request.POST.get('name') description = request.POST.get('description') permissions = request.POST.getlist('permissions') try: role.name = name role.description = description role.save() # Update permissions role.rolepermission_set.all().delete() # Remove existing permissions for perm_id in permissions: try: permission = Permission.objects.get(id=perm_id) RolePermission.objects.get_or_create(role=role, permission=permission) except Permission.DoesNotExist: pass messages.success(request, f'Role {name} updated successfully!') return redirect('accounts:role_detail', role_id=role.id) except Exception as e: messages.error(request, f'Error updating role: {str(e)}') # GET request - show form permissions = Permission.objects.all() role_permissions = role.rolepermission_set.values_list('permission_id', flat=True) context = { 'module_title': 'Edit Role', 'role': role, 'permissions': permissions, 'role_permissions': role_permissions, } return render(request, 'accounts/edit_role.html', context) @login_required @permission_required('accounts.delete_role', raise_exception=True) def delete_role_view(request, role_id): """Delete a role""" try: role = Role.objects.get(id=role_id) except Role.DoesNotExist: messages.error(request, 'Role not found') return redirect('accounts:role_list') if request.method == 'POST': role_name = role.name role.delete() messages.success(request, f'Role {role_name} deleted successfully!') return redirect('accounts:role_list') context = { 'module_title': 'Delete Role', 'role': role, } return render(request, 'accounts/delete_role.html', context) # Permission Management Views @login_required @permission_required('accounts.view_permission', raise_exception=True) def permission_list_view(request): """List all permissions""" permissions = Permission.objects.all() context = { 'module_title': 'Permission Management', 'permissions': permissions, } return render(request, 'accounts/permission_list.html', context) @login_required @permission_required('accounts.change_role', raise_exception=True) def assign_permissions_view(request, role_id): """Assign permissions to a role""" try: role = Role.objects.get(id=role_id) except Role.DoesNotExist: messages.error(request, 'Role not found') return redirect('accounts:role_list') if request.method == 'POST': permissions = request.POST.getlist('permissions') try: # Remove existing permissions role.rolepermission_set.all().delete() # Add new permissions for perm_id in permissions: try: permission = Permission.objects.get(id=perm_id) RolePermission.objects.get_or_create(role=role, permission=permission) except Permission.DoesNotExist: pass messages.success(request, f'Permissions updated for role {role.name}!') return redirect('accounts:role_detail', role_id=role.id) except Exception as e: messages.error(request, f'Error updating permissions: {str(e)}') # GET request - show form permissions = Permission.objects.all() role_permissions = role.rolepermission_set.values_list('permission_id', flat=True) context = { 'module_title': f'Assign Permissions to {role.name}', 'role': role, 'permissions': permissions, 'role_permissions': role_permissions, } return render(request, 'accounts/assign_permissions.html', context)