From 3a03026393e431246480c97cbeffa6be50d3db4a Mon Sep 17 00:00:00 2001 From: SilviaAmAm Date: Tue, 30 Apr 2024 14:55:58 +0200 Subject: [PATCH] :sparkles: [maykinmedia/archiefbeheercomponent#340] Added role model The users can have a specific role --- .../src/openarchiefbeheer/accounts/admin.py | 18 ++++- .../migrations/0002_role_user_role.py | 76 +++++++++++++++++++ .../src/openarchiefbeheer/accounts/models.py | 42 ++++++++++ 3 files changed, 135 insertions(+), 1 deletion(-) create mode 100644 backend/src/openarchiefbeheer/accounts/migrations/0002_role_user_role.py diff --git a/backend/src/openarchiefbeheer/accounts/admin.py b/backend/src/openarchiefbeheer/accounts/admin.py index d615d288..7eb97757 100644 --- a/backend/src/openarchiefbeheer/accounts/admin.py +++ b/backend/src/openarchiefbeheer/accounts/admin.py @@ -3,9 +3,10 @@ from django.contrib.auth.admin import UserAdmin as _UserAdmin from django.core.exceptions import PermissionDenied, ValidationError from django.urls import reverse_lazy +from django.utils.translation import gettext_lazy as _ from .forms import PreventPrivilegeEscalationMixin, UserChangeForm -from .models import User +from .models import Role, User from .utils import validate_max_user_permissions @@ -13,6 +14,7 @@ class UserAdmin(_UserAdmin): hijack_success_url = reverse_lazy("root") form = UserChangeForm + list_display = _UserAdmin.list_display + ("role",) def get_form(self, request, obj=None, **kwargs): ModelForm = super().get_form(request, obj, **kwargs) @@ -32,3 +34,17 @@ def user_change_password(self, request, id, form_url=""): raise PermissionDenied from exc return super().user_change_password(request, id, form_url) + + def get_fieldsets(self, request, obj=None): + fieldsets = super().get_fieldsets(request, obj) + return tuple(fieldsets) + ((_("Role"), {"fields": ("role",)}),) + + +@admin.register(Role) +class RoleAdmin(admin.ModelAdmin): + list_display = ( + "name", + "can_start_destruction", + "can_review_destruction", + "can_view_case_details", + ) diff --git a/backend/src/openarchiefbeheer/accounts/migrations/0002_role_user_role.py b/backend/src/openarchiefbeheer/accounts/migrations/0002_role_user_role.py new file mode 100644 index 00000000..3cb4593a --- /dev/null +++ b/backend/src/openarchiefbeheer/accounts/migrations/0002_role_user_role.py @@ -0,0 +1,76 @@ +# Generated by Django 4.2.11 on 2024-04-30 12:51 + +from django.db import migrations, models +import django.db.models.deletion + + +class Migration(migrations.Migration): + + dependencies = [ + ("accounts", "0001_initial"), + ] + + operations = [ + migrations.CreateModel( + name="Role", + fields=[ + ( + "id", + models.AutoField( + auto_created=True, + primary_key=True, + serialize=False, + verbose_name="ID", + ), + ), + ( + "name", + models.CharField( + help_text="Name of the role", + max_length=255, + unique=True, + verbose_name="name", + ), + ), + ( + "can_start_destruction", + models.BooleanField( + default=False, + help_text="Indicates whether a user can create a list of cases to be deleted.", + verbose_name="can start destruction", + ), + ), + ( + "can_review_destruction", + models.BooleanField( + default=False, + help_text="Indicates whether a user can review a list of cases to be deleted. They can approve it, reject it or provide feedback.", + verbose_name="can review destruction", + ), + ), + ( + "can_view_case_details", + models.BooleanField( + default=False, + help_text="Indicates whether a user can view the contents of cases in a lists.", + verbose_name="can view case details", + ), + ), + ], + options={ + "verbose_name": "role", + "verbose_name_plural": "roles", + }, + ), + migrations.AddField( + model_name="user", + name="role", + field=models.ForeignKey( + blank=True, + null=True, + on_delete=django.db.models.deletion.SET_NULL, + to="accounts.role", + verbose_name="role", + ), + ), + ] diff --git a/backend/src/openarchiefbeheer/accounts/models.py b/backend/src/openarchiefbeheer/accounts/models.py index f67dc0e5..7078aa4b 100644 --- a/backend/src/openarchiefbeheer/accounts/models.py +++ b/backend/src/openarchiefbeheer/accounts/models.py @@ -43,6 +43,13 @@ class User(AbstractBaseUser, PermissionsMixin): ), ) date_joined = models.DateTimeField(_("date joined"), default=timezone.now) + role = models.ForeignKey( + "accounts.Role", + on_delete=models.SET_NULL, + blank=True, + null=True, + verbose_name=_("role"), + ) objects = UserManager() @@ -63,3 +70,38 @@ def get_full_name(self): def get_short_name(self): "Returns the short name for the user." return self.first_name + + +class Role(models.Model): + name = models.CharField( + _("name"), max_length=255, unique=True, help_text=_("Name of the role") + ) + can_start_destruction = models.BooleanField( + _("can start destruction"), + default=False, + help_text=_( + "Indicates whether a user can create a list of cases to be deleted." + ), + ) + can_review_destruction = models.BooleanField( + _("can review destruction"), + default=False, + help_text=_( + "Indicates whether a user can review a list of cases to be deleted. " + "They can approve it, reject it or provide feedback." + ), + ) + can_view_case_details = models.BooleanField( + _("can view case details"), + default=False, + help_text=_( + "Indicates whether a user can view the contents of cases in a lists." + ), + ) + + class Meta: + verbose_name = _("role") + verbose_name_plural = _("roles") + + def __str__(self): + return self.name