""" Base Admin Mixins for account and site/sector filtering """ from django.contrib import admin from django.core.exceptions import PermissionDenied class AccountAdminMixin: """Mixin for admin classes that need account filtering""" def get_queryset(self, request): """Filter queryset by account""" qs = super().get_queryset(request) # Check for account field has_account_field = hasattr(qs.model, 'account') if has_account_field: # Superuser and developers can see all if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()): return qs # Filter by user's account user_account = getattr(request.user, 'account', None) if user_account: return qs.filter(account=user_account) return qs def has_view_permission(self, request, obj=None): """Check if user can view this object""" if obj: obj_account = getattr(obj, 'account', None) if obj_account: if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()): return True user_account = getattr(request.user, 'account', None) if user_account: return obj_account == user_account return super().has_view_permission(request, obj) def has_change_permission(self, request, obj=None): """Check if user can change this object""" if obj: obj_account = getattr(obj, 'account', None) if obj_account: if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()): return True user_account = getattr(request.user, 'account', None) if user_account: return obj_account == user_account return super().has_change_permission(request, obj) def has_delete_permission(self, request, obj=None): """Check if user can delete this object""" if obj: obj_account = getattr(obj, 'account', None) if obj_account: if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()): return True user_account = getattr(request.user, 'account', None) if user_account: return obj_account == user_account return super().has_delete_permission(request, obj) class SiteSectorAdminMixin: """Mixin for admin classes that need site/sector filtering""" def get_queryset(self, request): """Filter queryset by site/sector access""" qs = super().get_queryset(request) if hasattr(qs.model, 'site') and hasattr(qs.model, 'sector'): # Superuser and developers can see all if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()): return qs # Filter by accessible sites if hasattr(request.user, 'get_accessible_sites'): accessible_sites = request.user.get_accessible_sites() return qs.filter(site__in=accessible_sites) return qs def has_view_permission(self, request, obj=None): """Check if user can view this object""" if obj and hasattr(obj, 'site'): if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()): return True if hasattr(request.user, 'get_accessible_sites'): accessible_sites = request.user.get_accessible_sites() return obj.site in accessible_sites return super().has_view_permission(request, obj) def has_change_permission(self, request, obj=None): """Check if user can change this object""" if obj and hasattr(obj, 'site'): if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()): return True if hasattr(request.user, 'get_accessible_sites'): accessible_sites = request.user.get_accessible_sites() return obj.site in accessible_sites return super().has_change_permission(request, obj) def has_delete_permission(self, request, obj=None): """Check if user can delete this object""" if obj and hasattr(obj, 'site'): if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()): return True if hasattr(request.user, 'get_accessible_sites'): accessible_sites = request.user.get_accessible_sites() return obj.site in accessible_sites return super().has_delete_permission(request, obj)