o 'h=.@sddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZmZdd lmZd d lmZmZmZdd lZeeZGd ddZGdddZGdddZGdddZd S))settings)logout)timezone) timedelta)redirect)messages)reverse)Http404HttpResponseForbidden)PermissionDenied)has_financial_accesscan_assign_ticketscan_delete_customersNc@ eZdZdZddZddZdS)CustomerOnlyMiddlewarez6Middleware to restrict certain views to customers onlycC ||_dSN get_responseselfrr3/var/www/html/optinet_system/accounts/middleware.py__init__ zCustomerOnlyMiddleware.__init__cC||}|Srrrrequestresponserrr__call__ zCustomerOnlyMiddleware.__call__N__name__ __module__ __qualname____doc__rr rrrrr rc@sPeZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ dS)DepartmentPermissionMiddlewarez2Middleware to enforce department-based permissionscCs0||_gdgdgdddggdd|_dS)N) /billing/z /payments/z/customers/invoices/z/customers/payments/z/customers/balance/ /expenditure/)z/hr/employees/z /hr/payslip/z/hr/deduction/z /hr/bonus/z/hr/department/z/hr/generate-payslips/)z/settings/system/z/settings/dashboard//admin/z/tickets/assign/z/tickets/schedule/)z/customers/add/z/customers/create/z/customers/.*/edit/z/customers/.*/delete/) financialhrrticket_assignmentcustomer_management)rprotected_urlsrrrrrs z'DepartmentPermissionMiddleware.__init__cCrrrrrrrr 4r!z'DepartmentPermissionMiddleware.__call__c Cs^z|jjr||}|r|WSWdSty.}ztdt|WYd}~dSd}~ww)zProcess view before it's calledNzMiddleware process_view error: )useris_authenticated_check_url_permissions Exceptionloggererrorstr)rr view_func view_args view_kwargsresulterrr process_view8s z+DepartmentPermissionMiddleware.process_viewc Csz4gd}|j}|D] }||rWdSq |jjrWdSt|jdr/||j|s2tdWSWdSWdStyQ}zt dt |WYd}~dSd}~ww)z6Check if user has permission to access the current URL)r+z/accounts/login/z/accounts/logout/z/accounts/employee-login/z/accounts/customer-login//static//media/z/api/Nemployee_profilez.You don't have permission to access this page.zPermission check error: ) path_info startswithr1 is_superuserhasattr_has_url_permissionr r4r5r6r7)rr skip_urls current_pathskip_urlr<rrrr3Hs&    z5DepartmentPermissionMiddleware._check_url_permissionscsrddlm}||}dd|jdD}tfdd|Dr+d|vr+d |vr+td d vrCd |vrCd |vrCd|vrCd |vrCtdtfdd|jdDr]d|vr]d|vr]tdtfdd|jdDrr|jsrtdtfdd|jdDrd|vrtdtfdd|jdDrdrd|vrtdd vsd!vrd"|vrd#|vrtd$d%S)&z5Helper to check permissions for a given user and pathr )get_user_permissionscSsg|] }|ds|qS)r*)rB.0urlrrr tszFDepartmentPermissionMiddleware._has_url_permission..r,c3|]}|vVqdSrrrJpathrr uzEDepartmentPermissionMiddleware._has_url_permission.. view_billingmanage_billingzZAccess to financial modules requires billing permissions. Contact your department manager.r* view_expense add_expensezIAccess to expense management requires appropriate department permissions.c3rNrrrJrOrrrQrRr-view_employeesmanage_employeesz\Access to HR modules requires employee management permissions. Contact system administrator.c3rNrrrJrOrrrQrRrz6System settings are restricted to administrators only.c3rNrrrJrOrrrQrRr.assign_ticketsz?Ticket assignment requires technician or management privileges.c3rNrrrJrOrrrQrRr/z/delete/delete_customersz/Customer deletion requires management approval.z/add/z/create/ add_customers add_customerz=Adding customers requires appropriate department permissions.T) permissionsrIr0anyr rCendswith)rr1rPrIuser_permissionsfinancial_urlsrrOrrEms4 z2DepartmentPermissionMiddleware._has_url_permissionc8|jtfdd|jDrt|jstddSdS)z*Check if user has access to financial URLsc3rNrrrJrOrrrQrRzIDepartmentPermissionMiddleware._check_financial_access..zFinancial access requiredN)rPr^rar r1r rrrrOr_check_financial_access  z6DepartmentPermissionMiddleware._check_financial_accesscrb)z Check if user can assign ticketsc3rNrrrJrOrrrQrRzQDepartmentPermissionMiddleware._check_ticket_assignment_access..z!Ticket assignment access requiredN)rPr^ticket_assignment_urlsrr1r rcrrOr_check_ticket_assignment_accessrez>DepartmentPermissionMiddleware._check_ticket_assignment_accesscsF|jtfdd|jDr|jdvrt|js!tddSdSdS)z"Check if user can delete customersc3rNrrrJrOrrrQrRzODepartmentPermissionMiddleware._check_customer_delete_access..)POSTDELETEz!Customer deletion access requiredN)rPr^customer_delete_urlsmethodrr1r rcrrOr_check_customer_delete_accesss " z.T)rhPUTric3rrrrrrrrQr)r>r?z/api/heartbeat/F)r^rrkrcrrrrs z$ActivityLoggingMiddleware.should_logc Csrz.tjj|j|jd|j|||jdddd|j|jt |j |j j ddWdSt y8YdSw)zLog user activity HTTP_USER_AGENTNi)rkrP query_params session_key)r1action ip_address user_agentadditional_data)UserActivityLogobjectscreater1rkrP get_client_ipMETArzdictGETryrr4rcrrrrs z&ActivityLoggingMiddleware.log_activitycCs2|jd}|r|dd}|S|jd}|S)NHTTP_X_FORWARDED_FOR,r REMOTE_ADDR)rrzsplit)rrx_forwarded_foriprrrrs  z'ActivityLoggingMiddleware.get_client_ipN) r#r$r%r&rr rrrrrrrrs  r) django.confrdjango.contrib.authr django.utilsrdatetimerdjango.shortcutsrdjango.contribr django.urlsr django.httpr r django.core.exceptionsr r]r rrlogging getLoggerr#r5rr(rmrrrrrs"         )