412 lines
13 KiB
Python
412 lines
13 KiB
Python
from django.shortcuts import render, redirect
|
|
from django.contrib.auth import authenticate, login, logout
|
|
from django.contrib.auth.decorators import login_required, permission_required
|
|
from django.contrib import messages
|
|
from django.http import HttpResponse
|
|
from .models import User, Role, Permission, RolePermission, UserRole
|
|
|
|
|
|
def login_view(request):
|
|
"""User login view"""
|
|
if request.method == 'POST':
|
|
username = request.POST['username']
|
|
password = request.POST['password']
|
|
user = authenticate(request, username=username, password=password)
|
|
if user is not None:
|
|
login(request, user)
|
|
return redirect('inventory:dashboard')
|
|
else:
|
|
messages.error(request, 'Invalid username or password')
|
|
|
|
context = {
|
|
'module_title': 'Login',
|
|
}
|
|
return render(request, 'accounts/login.html', context)
|
|
|
|
|
|
def logout_view(request):
|
|
"""User logout view"""
|
|
logout(request)
|
|
messages.info(request, 'You have been logged out')
|
|
return redirect('accounts:login')
|
|
|
|
|
|
def register_view(request):
|
|
"""User registration view"""
|
|
# In a real app, this would contain registration logic
|
|
return HttpResponse("Registration page")
|
|
|
|
|
|
@login_required
|
|
def profile_view(request):
|
|
"""User profile view"""
|
|
context = {
|
|
'module_title': 'User Profile',
|
|
}
|
|
return render(request, 'accounts/profile.html', context)
|
|
|
|
|
|
@login_required
|
|
def edit_profile_view(request):
|
|
"""Edit user profile view"""
|
|
# In a real app, this would contain profile editing logic
|
|
return HttpResponse("Edit profile page")
|
|
|
|
|
|
# User Management Views
|
|
@login_required
|
|
@permission_required('accounts.view_user', raise_exception=True)
|
|
def user_list_view(request):
|
|
"""List all users"""
|
|
users = User.objects.all()
|
|
context = {
|
|
'module_title': 'User Management',
|
|
'users': users,
|
|
}
|
|
return render(request, 'accounts/user_list.html', context)
|
|
|
|
|
|
@login_required
|
|
@permission_required('accounts.add_user', raise_exception=True)
|
|
def create_user_view(request):
|
|
"""Create a new user"""
|
|
if request.method == 'POST':
|
|
from django.contrib import messages
|
|
|
|
username = request.POST.get('username')
|
|
first_name = request.POST.get('first_name')
|
|
last_name = request.POST.get('last_name')
|
|
email = request.POST.get('email')
|
|
password = request.POST.get('password')
|
|
phone = request.POST.get('phone')
|
|
department = request.POST.get('department')
|
|
position = request.POST.get('position')
|
|
is_active = request.POST.get('is_active') == 'on'
|
|
roles = request.POST.getlist('roles')
|
|
|
|
try:
|
|
# Create the user
|
|
user = User.objects.create_user(
|
|
username=username,
|
|
email=email,
|
|
password=password,
|
|
first_name=first_name,
|
|
last_name=last_name
|
|
)
|
|
user.phone = phone
|
|
user.department = department
|
|
user.position = position
|
|
user.is_active = is_active
|
|
user.save()
|
|
|
|
# Assign roles
|
|
for role_id in roles:
|
|
try:
|
|
role = Role.objects.get(id=role_id)
|
|
UserRole.objects.get_or_create(user=user, role=role)
|
|
except Role.DoesNotExist:
|
|
pass
|
|
|
|
messages.success(request, f'User {username} created successfully!')
|
|
return redirect('accounts:user_detail', user_id=user.id)
|
|
|
|
except Exception as e:
|
|
messages.error(request, f'Error creating user: {str(e)}')
|
|
|
|
# GET request - show form
|
|
roles = Role.objects.all()
|
|
context = {
|
|
'module_title': 'Create User',
|
|
'roles': roles,
|
|
}
|
|
return render(request, 'accounts/create_user.html', context)
|
|
|
|
|
|
@login_required
|
|
@permission_required('accounts.view_user', raise_exception=True)
|
|
def user_detail_view(request, user_id):
|
|
"""View user details"""
|
|
try:
|
|
user = User.objects.get(id=user_id)
|
|
context = {
|
|
'module_title': 'User Details',
|
|
'user': user,
|
|
}
|
|
return render(request, 'accounts/user_detail.html', context)
|
|
except User.DoesNotExist:
|
|
messages.error(request, 'User not found')
|
|
return redirect('accounts:user_list')
|
|
|
|
|
|
@login_required
|
|
@permission_required('accounts.change_user', raise_exception=True)
|
|
def edit_user_view(request, user_id):
|
|
"""Edit user details"""
|
|
try:
|
|
user = User.objects.get(id=user_id)
|
|
except User.DoesNotExist:
|
|
messages.error(request, 'User not found')
|
|
return redirect('accounts:user_list')
|
|
|
|
if request.method == 'POST':
|
|
from django.contrib import messages
|
|
|
|
# Update basic information
|
|
user.first_name = request.POST.get('first_name')
|
|
user.last_name = request.POST.get('last_name')
|
|
user.email = request.POST.get('email')
|
|
user.phone = request.POST.get('phone')
|
|
user.department = request.POST.get('department')
|
|
user.position = request.POST.get('position')
|
|
user.is_active = request.POST.get('is_active') == 'on'
|
|
|
|
# Update password if provided
|
|
password = request.POST.get('password')
|
|
if password:
|
|
user.set_password(password)
|
|
|
|
user.save()
|
|
|
|
# Update roles
|
|
user.userrole_set.all().delete() # Remove existing roles
|
|
roles = request.POST.getlist('roles')
|
|
for role_id in roles:
|
|
try:
|
|
role = Role.objects.get(id=role_id)
|
|
UserRole.objects.get_or_create(user=user, role=role)
|
|
except Role.DoesNotExist:
|
|
pass
|
|
|
|
messages.success(request, f'User {user.username} updated successfully!')
|
|
return redirect('accounts:user_detail', user_id=user.id)
|
|
|
|
# GET request - show form
|
|
roles = Role.objects.all()
|
|
user_roles = user.userrole_set.values_list('role_id', flat=True)
|
|
|
|
context = {
|
|
'module_title': 'Edit User',
|
|
'user': user,
|
|
'roles': roles,
|
|
'user_roles': user_roles,
|
|
}
|
|
return render(request, 'accounts/edit_user.html', context)
|
|
|
|
|
|
@login_required
|
|
@permission_required('accounts.delete_user', raise_exception=True)
|
|
def delete_user_view(request, user_id):
|
|
"""Delete a user"""
|
|
try:
|
|
user = User.objects.get(id=user_id)
|
|
except User.DoesNotExist:
|
|
messages.error(request, 'User not found')
|
|
return redirect('accounts:user_list')
|
|
|
|
if request.method == 'POST':
|
|
username = user.username
|
|
user.delete()
|
|
messages.success(request, f'User {username} deleted successfully!')
|
|
return redirect('accounts:user_list')
|
|
|
|
context = {
|
|
'module_title': 'Delete User',
|
|
'user': user,
|
|
}
|
|
return render(request, 'accounts/delete_user.html', context)
|
|
|
|
|
|
# Role Management Views
|
|
@login_required
|
|
@permission_required('accounts.view_role', raise_exception=True)
|
|
def role_list_view(request):
|
|
"""List all roles"""
|
|
roles = Role.objects.all()
|
|
context = {
|
|
'module_title': 'Role Management',
|
|
'roles': roles,
|
|
}
|
|
return render(request, 'accounts/role_list.html', context)
|
|
|
|
|
|
@login_required
|
|
@permission_required('accounts.add_role', raise_exception=True)
|
|
def create_role_view(request):
|
|
"""Create a new role"""
|
|
if request.method == 'POST':
|
|
name = request.POST.get('name')
|
|
description = request.POST.get('description')
|
|
permissions = request.POST.getlist('permissions')
|
|
|
|
try:
|
|
role = Role.objects.create(
|
|
name=name,
|
|
description=description
|
|
)
|
|
|
|
# Assign permissions
|
|
for perm_id in permissions:
|
|
try:
|
|
permission = Permission.objects.get(id=perm_id)
|
|
RolePermission.objects.get_or_create(role=role, permission=permission)
|
|
except Permission.DoesNotExist:
|
|
pass
|
|
|
|
messages.success(request, f'Role {name} created successfully!')
|
|
return redirect('accounts:role_detail', role_id=role.id)
|
|
|
|
except Exception as e:
|
|
messages.error(request, f'Error creating role: {str(e)}')
|
|
|
|
# GET request - show form
|
|
permissions = Permission.objects.all()
|
|
context = {
|
|
'module_title': 'Create Role',
|
|
'permissions': permissions,
|
|
}
|
|
return render(request, 'accounts/create_role.html', context)
|
|
|
|
|
|
@login_required
|
|
@permission_required('accounts.view_role', raise_exception=True)
|
|
def role_detail_view(request, role_id):
|
|
"""View role details"""
|
|
try:
|
|
role = Role.objects.get(id=role_id)
|
|
context = {
|
|
'module_title': 'Role Details',
|
|
'role': role,
|
|
}
|
|
return render(request, 'accounts/role_detail.html', context)
|
|
except Role.DoesNotExist:
|
|
messages.error(request, 'Role not found')
|
|
return redirect('accounts:role_list')
|
|
|
|
|
|
@login_required
|
|
@permission_required('accounts.change_role', raise_exception=True)
|
|
def edit_role_view(request, role_id):
|
|
"""Edit role details"""
|
|
try:
|
|
role = Role.objects.get(id=role_id)
|
|
except Role.DoesNotExist:
|
|
messages.error(request, 'Role not found')
|
|
return redirect('accounts:role_list')
|
|
|
|
if request.method == 'POST':
|
|
name = request.POST.get('name')
|
|
description = request.POST.get('description')
|
|
permissions = request.POST.getlist('permissions')
|
|
|
|
try:
|
|
role.name = name
|
|
role.description = description
|
|
role.save()
|
|
|
|
# Update permissions
|
|
role.rolepermission_set.all().delete() # Remove existing permissions
|
|
for perm_id in permissions:
|
|
try:
|
|
permission = Permission.objects.get(id=perm_id)
|
|
RolePermission.objects.get_or_create(role=role, permission=permission)
|
|
except Permission.DoesNotExist:
|
|
pass
|
|
|
|
messages.success(request, f'Role {name} updated successfully!')
|
|
return redirect('accounts:role_detail', role_id=role.id)
|
|
|
|
except Exception as e:
|
|
messages.error(request, f'Error updating role: {str(e)}')
|
|
|
|
# GET request - show form
|
|
permissions = Permission.objects.all()
|
|
role_permissions = role.rolepermission_set.values_list('permission_id', flat=True)
|
|
|
|
context = {
|
|
'module_title': 'Edit Role',
|
|
'role': role,
|
|
'permissions': permissions,
|
|
'role_permissions': role_permissions,
|
|
}
|
|
return render(request, 'accounts/edit_role.html', context)
|
|
|
|
|
|
@login_required
|
|
@permission_required('accounts.delete_role', raise_exception=True)
|
|
def delete_role_view(request, role_id):
|
|
"""Delete a role"""
|
|
try:
|
|
role = Role.objects.get(id=role_id)
|
|
except Role.DoesNotExist:
|
|
messages.error(request, 'Role not found')
|
|
return redirect('accounts:role_list')
|
|
|
|
if request.method == 'POST':
|
|
role_name = role.name
|
|
role.delete()
|
|
messages.success(request, f'Role {role_name} deleted successfully!')
|
|
return redirect('accounts:role_list')
|
|
|
|
context = {
|
|
'module_title': 'Delete Role',
|
|
'role': role,
|
|
}
|
|
return render(request, 'accounts/delete_role.html', context)
|
|
|
|
|
|
# Permission Management Views
|
|
@login_required
|
|
@permission_required('accounts.view_permission', raise_exception=True)
|
|
def permission_list_view(request):
|
|
"""List all permissions"""
|
|
permissions = Permission.objects.all()
|
|
context = {
|
|
'module_title': 'Permission Management',
|
|
'permissions': permissions,
|
|
}
|
|
return render(request, 'accounts/permission_list.html', context)
|
|
|
|
|
|
@login_required
|
|
@permission_required('accounts.change_role', raise_exception=True)
|
|
def assign_permissions_view(request, role_id):
|
|
"""Assign permissions to a role"""
|
|
try:
|
|
role = Role.objects.get(id=role_id)
|
|
except Role.DoesNotExist:
|
|
messages.error(request, 'Role not found')
|
|
return redirect('accounts:role_list')
|
|
|
|
if request.method == 'POST':
|
|
permissions = request.POST.getlist('permissions')
|
|
|
|
try:
|
|
# Remove existing permissions
|
|
role.rolepermission_set.all().delete()
|
|
|
|
# Add new permissions
|
|
for perm_id in permissions:
|
|
try:
|
|
permission = Permission.objects.get(id=perm_id)
|
|
RolePermission.objects.get_or_create(role=role, permission=permission)
|
|
except Permission.DoesNotExist:
|
|
pass
|
|
|
|
messages.success(request, f'Permissions updated for role {role.name}!')
|
|
return redirect('accounts:role_detail', role_id=role.id)
|
|
|
|
except Exception as e:
|
|
messages.error(request, f'Error updating permissions: {str(e)}')
|
|
|
|
# GET request - show form
|
|
permissions = Permission.objects.all()
|
|
role_permissions = role.rolepermission_set.values_list('permission_id', flat=True)
|
|
|
|
context = {
|
|
'module_title': f'Assign Permissions to {role.name}',
|
|
'role': role,
|
|
'permissions': permissions,
|
|
'role_permissions': role_permissions,
|
|
}
|
|
return render(request, 'accounts/assign_permissions.html', context)
|