salman/igny8
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f7115190dc717c611538228240b71294fe3cfecf
igny8/backend/igny8_core/admin/base.py
igny8 60b8188111 Initial commit: igny8 project
2025-11-09 10:27:02 +00:00

110 lines
4.9 KiB
Python
Raw Blame History

"""
Base Admin Mixins for account and site/sector filtering
"""
from django.contrib import admin
from django.core.exceptions import PermissionDenied
class AccountAdminMixin:
"""Mixin for admin classes that need account filtering"""
def get_queryset(self, request):
"""Filter queryset by account"""
qs = super().get_queryset(request)
# Check for account field
has_account_field = hasattr(qs.model, 'account')
if has_account_field:
# Superuser and developers can see all
if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()):
return qs
# Filter by user's account
user_account = getattr(request.user, 'account', None)
if user_account:
return qs.filter(account=user_account)
return qs
def has_view_permission(self, request, obj=None):
"""Check if user can view this object"""
if obj:
obj_account = getattr(obj, 'account', None)
if obj_account:
if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()):
return True
user_account = getattr(request.user, 'account', None)
if user_account:
return obj_account == user_account
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
"""Check if user can change this object"""
if obj:
obj_account = getattr(obj, 'account', None)
if obj_account:
if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()):
return True
user_account = getattr(request.user, 'account', None)
if user_account:
return obj_account == user_account
return super().has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
"""Check if user can delete this object"""
if obj:
obj_account = getattr(obj, 'account', None)
if obj_account:
if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()):
return True
user_account = getattr(request.user, 'account', None)
if user_account:
return obj_account == user_account
return super().has_delete_permission(request, obj)
class SiteSectorAdminMixin:
"""Mixin for admin classes that need site/sector filtering"""
def get_queryset(self, request):
"""Filter queryset by site/sector access"""
qs = super().get_queryset(request)
if hasattr(qs.model, 'site') and hasattr(qs.model, 'sector'):
# Superuser and developers can see all
if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()):
return qs
# Filter by accessible sites
if hasattr(request.user, 'get_accessible_sites'):
accessible_sites = request.user.get_accessible_sites()
return qs.filter(site__in=accessible_sites)
return qs
def has_view_permission(self, request, obj=None):
"""Check if user can view this object"""
if obj and hasattr(obj, 'site'):
if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()):
return True
if hasattr(request.user, 'get_accessible_sites'):
accessible_sites = request.user.get_accessible_sites()
return obj.site in accessible_sites
return super().has_view_permission(request, obj)
def has_change_permission(self, request, obj=None):
"""Check if user can change this object"""
if obj and hasattr(obj, 'site'):
if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()):
return True
if hasattr(request.user, 'get_accessible_sites'):
accessible_sites = request.user.get_accessible_sites()
return obj.site in accessible_sites
return super().has_change_permission(request, obj)
def has_delete_permission(self, request, obj=None):
"""Check if user can delete this object"""
if obj and hasattr(obj, 'site'):
if request.user.is_superuser or (hasattr(request.user, 'is_developer') and request.user.is_developer()):
return True
if hasattr(request.user, 'get_accessible_sites'):
accessible_sites = request.user.get_accessible_sites()
return obj.site in accessible_sites
return super().has_delete_permission(request, obj)
Reference in New Issue View Git Blame Copy Permalink