from django.shortcuts import render, redirect, get_object_or_404 from django.contrib.auth.decorators import login_required from django.contrib.auth import login, logout, authenticate from django.contrib import messages from django.contrib.auth.views import ( PasswordResetView, PasswordResetDoneView, PasswordResetConfirmView, PasswordResetCompleteView ) from django.urls import reverse_lazy from django.contrib.auth.forms import AuthenticationForm, PasswordResetForm, UserChangeForm, UserCreationForm from django.contrib.auth.models import User, Group from .forms import CustomUserCreationForm, CustomUserChangeForm, GroupForm, GroupPermissionForm, EditProfileForm # Login view def user_login(request): from datetime import datetime if request.method == 'POST': form = AuthenticationForm(request, data=request.POST) if form.is_valid(): user = form.get_user() login(request, user) # Check if user is staff or has staff groups staff_groups = ['Sales', 'Supervisor', 'Manager', 'Administrator'] user_groups = [group.name for group in user.groups.all()] # If user has no staff groups and is not staff, redirect to shop if not any(group in staff_groups for group in user_groups) and not user.is_staff: messages.info(request, 'You have been redirected to the shop. Backend access is restricted to staff members.') return redirect('shop:product_list') # Redirect based on user group if user.groups.exists(): user_group = user.groups.first().name if user_group == 'Sales': return redirect('sales:make_sale') elif user_group == 'Supervisor': return redirect('sales:sale_dashboard') elif user_group in ['Manager', 'Administrator']: return redirect('dashboard') return redirect('dashboard') else: messages.error(request, 'Invalid username or password. Please try again.') else: form = AuthenticationForm() context = { 'form': form, 'current_year': datetime.now().year } return render(request, 'authapp/login.html', context) @login_required(login_url='/auth/login/') def user_edit(request, pk): user = get_object_or_404(User, pk=pk) if request.method == 'POST': form = CustomUserChangeForm(request.POST, instance=user) if form.is_valid(): form.save() messages.success(request, 'User profile updated successfully.') return redirect('user_list') # Redirect to the user list or another relevant page else: form = CustomUserChangeForm(instance=user) return render(request, 'authapp/user_edit.html', {'form': form, 'user': user}) # Logout view @login_required(login_url='/auth/login/') def user_logout(request): logout(request) return redirect('login') # Profile view @login_required(login_url='/auth/login/') def profile(request): return render(request, 'authapp/profile.html') # Password reset views class CustomPasswordResetView(PasswordResetView): template_name = 'authapp/password_reset.html' success_url = reverse_lazy('password_reset_done') email_template_name = 'authapp/password_reset_email.html' subject_template_name = 'authapp/password_reset_subject.txt' class CustomPasswordResetDoneView(PasswordResetDoneView): template_name = 'authapp/password_reset_done.html' class CustomPasswordResetConfirmView(PasswordResetConfirmView): template_name = 'authapp/password_reset_confirm.html' success_url = reverse_lazy('password_reset_complete') class CustomPasswordResetCompleteView(PasswordResetCompleteView): template_name = 'authapp/password_reset_complete.html' # View to list users @login_required(login_url='/auth/login/') def user_list(request): users = User.objects.all() available_groups = Group.objects.all() # Initialize forms add_user_form = CustomUserCreationForm() edit_user_forms = {} if request.method == 'POST': # Handle Add User if 'add_user' in request.POST: add_user_form = CustomUserCreationForm(request.POST, request.FILES) if add_user_form.is_valid(): new_user = add_user_form.save(commit=False) new_user.save() # Save the new user first # Manually handle the group assignment selected_groups = request.POST.getlist('groups') new_user.groups.set(selected_groups) new_user.save() messages.success(request, 'User added successfully') return redirect('user_list') # Handle Edit User elif 'edit_user' in request.POST: user_id = request.POST.get('user_id') user_instance = get_object_or_404(User, id=user_id) edit_user_form = CustomUserChangeForm(request.POST, request.FILES, instance=user_instance) if edit_user_form.is_valid(): updated_user = edit_user_form.save(commit=False) updated_user.save() # Save the updated user first # Manually handle the group assignment selected_groups = request.POST.getlist('groups') updated_user.groups.set(selected_groups) updated_user.save() messages.success(request, 'User updated successfully') return redirect('user_list') else: messages.error(request, 'Error updating user. Please check the form.') # Handle Advanced Edit User elif 'advanced_edit_user' in request.POST: user_id = request.POST.get('user_id') user_instance = get_object_or_404(User, id=user_id) # Check permissions if not request.user.has_perm('auth.change_user'): messages.error(request, 'You do not have permission to edit users.') return redirect('user_list') try: # Update basic fields user_instance.username = request.POST.get('username', user_instance.username) user_instance.first_name = request.POST.get('first_name', '') user_instance.last_name = request.POST.get('last_name', '') user_instance.email = request.POST.get('email', '') # Update status fields user_instance.is_active = 'is_active' in request.POST # Only superuser can change staff and superuser status if request.user.is_superuser: user_instance.is_staff = 'is_staff' in request.POST user_instance.is_superuser = 'is_superuser' in request.POST # Handle lock account if 'lock_account' in request.POST and user_instance != request.user: user_instance.is_active = False user_instance.save() # Handle group assignments selected_groups = request.POST.getlist('groups') user_instance.groups.set(selected_groups) # Handle password reset flag if 'reset_password' in request.POST: # You can implement password reset logic here # For now, we'll just set a flag or send an email messages.info(request, f'Password reset will be required for {user_instance.username} on next login.') messages.success(request, f'User {user_instance.username} has been updated successfully with all changes.') return redirect('user_list') except Exception as e: messages.error(request, f'Error updating user: {str(e)}') return redirect('user_list') # Initialize edit forms for each user for user in users: if user.id not in edit_user_forms: edit_user_forms[user.id] = CustomUserChangeForm(instance=user) context = { 'users': users, 'add_user_form': add_user_form, 'edit_user_forms': edit_user_forms, 'available_groups': available_groups, } return render(request, 'authapp/user_list.html', context) # View to edit a user profile @login_required(login_url='/auth/login/') def edit_user(request, user_id): user = get_object_or_404(User, id=user_id) if request.method == 'POST': form = CustomUserChangeForm(request.POST, instance=user) if form.is_valid(): form.save() messages.success(request, 'User updated successfully') return redirect('user_list') else: form = CustomUserChangeForm(instance=user) return render(request, 'authapp/edit_user.html', {'form': form, 'user_obj': user}) # View to add a new user @login_required(login_url='/auth/login/') def add_user(request): if request.method == 'POST': form = CustomUserCreationForm(request.POST) if form.is_valid(): form.save() messages.success(request, 'User added successfully') return redirect('user_list') else: form = CustomUserCreationForm() return render(request, 'authapp/add_user.html', {'form': form}) # View to list and manage groups @login_required(login_url='/auth/login/') def group_list(request): groups = Group.objects.all() return render(request, 'authapp/group_list.html', {'groups': groups}) # View to edit a group @login_required(login_url='/auth/login/') def edit_group(request, group_id): group = get_object_or_404(Group, id=group_id) if request.method == 'POST': form = GroupForm(request.POST, instance=group) if form.is_valid(): form.save() messages.success(request, 'Group updated successfully') return redirect('group_list') else: form = GroupForm(instance=group) return render(request, 'authapp/edit_group.html', {'form': form, 'group_obj': group}) # View to add a new group @login_required(login_url='/auth/login/') def add_group(request): if request.method == 'POST': form = GroupForm(request.POST) if form.is_valid(): form.save() messages.success(request, 'Group added successfully') return redirect('group_list') else: form = GroupForm() return render(request, 'authapp/add_group.html', {'form': form}) @login_required(login_url='/auth/login/') def delete_user(request, user_id): user = get_object_or_404(User, id=user_id) user.delete() messages.success(request, 'User deleted successfully') return redirect('user_list') # List all groups @login_required(login_url='/auth/login/') def group_list(request): groups = Group.objects.all() return render(request, 'authapp/group_list.html', {'groups': groups}) # Create a new group @login_required(login_url='/auth/login/') def group_create(request): if request.method == 'POST': form = GroupForm(request.POST) if form.is_valid(): form.save() messages.success(request, 'Group created successfully') return redirect('group_list') else: form = GroupForm() return render(request, 'authapp/group_create.html', {'form': form}) # Edit an existing group @login_required(login_url='/auth/login/') def group_edit(request, group_id): group = get_object_or_404(Group, id=group_id) if request.method == 'POST': form = GroupForm(request.POST, instance=group) if form.is_valid(): form.save() messages.success(request, 'Group updated successfully') return redirect('group_list') else: form = GroupForm(instance=group) return render(request, 'authapp/group_edit.html', {'form': form, 'group': group}) # Delete a group @login_required(login_url='/auth/login/') def group_delete(request, group_id): group = get_object_or_404(Group, id=group_id) if request.method == 'POST': group.delete() messages.success(request, 'Group deleted successfully') return redirect('group_list') return render(request, 'authapp/group_delete_confirm.html', {'group': group}) # Group detail view to assign permissions @login_required(login_url='/auth/login/') def group_detail(request, group_id): group = get_object_or_404(Group, id=group_id) if request.method == 'POST': form = GroupPermissionForm(request.POST, instance=group) if form.is_valid(): form.save() messages.success(request, 'Permissions updated successfully') return redirect('group_detail', group_id=group_id) else: form = GroupPermissionForm(instance=group) return render(request, 'authapp/group_detail.html', {'group': group, 'form': form}) # Edit profile view @login_required(login_url='/auth/login/') def edit_profile(request): if request.method == 'POST': form = EditProfileForm(request.POST, request.FILES, instance=request.user) if form.is_valid(): user = form.save() # Handle profile picture upload if 'profile_picture' in request.FILES: profile_picture = request.FILES['profile_picture'] # Save the profile picture to media/profile_pictures/ import os from django.conf import settings from django.core.files.storage import default_storage # Create directory if it doesn't exist upload_dir = os.path.join(settings.MEDIA_ROOT, 'profile_pictures') os.makedirs(upload_dir, exist_ok=True) # Save file with user ID as filename file_extension = os.path.splitext(profile_picture.name)[1] filename = f'user_{user.id}{file_extension}' file_path = os.path.join('profile_pictures', filename) # Delete old profile picture if exists old_file_path = os.path.join(upload_dir, f'user_{user.id}.*') import glob for old_file in glob.glob(old_file_path.replace('.*', '*')): try: os.remove(old_file) except: pass # Save new file saved_path = default_storage.save(file_path, profile_picture) # You can add a profile_picture field to User model or create a UserProfile model # For now, we'll store the path in session or handle it differently request.session['profile_picture'] = saved_path messages.success(request, 'Your profile has been updated successfully.') return redirect('edit_profile') else: messages.error(request, 'Please correct the errors below.') else: form = EditProfileForm(instance=request.user) # Get profile picture from session if available profile_picture_url = None if 'profile_picture' in request.session: from django.conf import settings profile_picture_url = f"{settings.MEDIA_URL}{request.session['profile_picture']}" context = { 'form': form, 'profile_picture_url': profile_picture_url } return render(request, 'authapp/edit_profile.html', context)