from django.core.management.base import BaseCommand from django.contrib.auth.models import Group, Permission from django.contrib.contenttypes.models import ContentType class Command(BaseCommand): help = 'Set up permission groups for the ISP system' def handle(self, *args, **options): self.stdout.write('Setting up permission groups...') groups_permissions = { 'Management': [ # Full system access 'add_customer', 'change_customer', 'view_customer', 'delete_customer', 'add_customertag', 'change_customertag', 'view_customertag', 'delete_customertag', 'add_customerbalancetransaction', 'change_customerbalancetransaction', 'view_customerbalancetransaction', 'delete_customerbalancetransaction', 'add_customerinvitation', 'change_customerinvitation', 'view_customerinvitation', 'delete_customerinvitation', # Service management 'add_service', 'change_service', 'view_service', 'delete_service', # Full billing access 'add_invoice', 'change_invoice', 'view_invoice', 'delete_invoice', 'add_payment', 'change_payment', 'view_payment', 'delete_payment', # All ticket management 'add_ticket', 'change_ticket', 'view_ticket', 'delete_ticket', 'add_ticketcomment', 'change_ticketcomment', 'view_ticketcomment', 'delete_ticketcomment', 'add_ticketattachment', 'change_ticketattachment', 'view_ticketattachment', 'delete_ticketattachment', # Network management 'add_networkdevice', 'change_networkdevice', 'view_networkdevice', 'delete_networkdevice', # Employee management 'add_employee', 'change_employee', 'view_employee', 'delete_employee', 'add_department', 'change_department', 'view_department', 'delete_department', 'add_payslip', 'change_payslip', 'view_payslip', 'delete_payslip', 'add_deduction', 'change_deduction', 'view_deduction', 'delete_deduction', 'add_bonus', 'change_bonus', 'view_bonus', 'delete_bonus', # Expense and budget management 'add_expense', 'change_expense', 'view_expense', 'delete_expense', 'add_expensecategory', 'change_expensecategory', 'view_expensecategory', 'delete_expensecategory', 'add_budgetallocation', 'change_budgetallocation', 'view_budgetallocation', 'delete_budgetallocation', # System settings 'add_systemsettings', 'change_systemsettings', 'view_systemsettings', 'delete_systemsettings', 'add_companyprofile', 'change_companyprofile', 'view_companyprofile', # Marketing permissions (will be added if they exist) 'add_marketingweeklyreport', 'change_marketingweeklyreport', 'view_marketingweeklyreport', 'delete_marketingweeklyreport', 'add_marketingleadinteraction', 'change_marketingleadinteraction', 'view_marketingleadinteraction', 'delete_marketingleadinteraction', 'add_marketingreporttemplate', 'change_marketingreporttemplate', 'view_marketingreporttemplate', 'delete_marketingreporttemplate', ], 'Technician': [ # Full ticket and scheduling management 'add_ticket', 'change_ticket', 'view_ticket', 'delete_ticket', 'add_ticketcomment', 'change_ticketcomment', 'view_ticketcomment', 'delete_ticketcomment', 'add_ticketattachment', 'change_ticketattachment', 'view_ticketattachment', 'delete_ticketattachment', # Full scheduling permissions including calendar access 'view_calendar', 'manage_schedules', 'can_assign_tickets', # Full customer management (needed for tickets and scheduling) 'add_customer', 'change_customer', 'view_customer', 'delete_customer', 'add_customertag', 'change_customertag', 'view_customertag', 'delete_customertag', 'add_customerbalancetransaction', 'change_customerbalancetransaction', 'view_customerbalancetransaction', 'add_customerinvitation', 'change_customerinvitation', 'view_customerinvitation', # Service management (needed for customer support) 'add_service', 'change_service', 'view_service', 'delete_service', # Network device management (support infrastructure) 'add_networkdevice', 'change_networkdevice', 'view_networkdevice', 'delete_networkdevice', # View billing information for customer support 'view_invoice', 'view_payment', ], 'Marketing': [ # Customer management permissions 'view_customer', 'add_customer', 'change_customer', 'view_customertag', 'add_customertag', 'change_customertag', 'view_customerbalancetransaction', 'add_customerbalancetransaction', 'change_customerbalancetransaction', 'view_customerinvitation', 'add_customerinvitation', 'change_customerinvitation', 'view_service', 'add_service', 'change_service', # Ticket management permissions 'view_ticket', 'add_ticket', 'change_ticket', # Marketing report permissions - full CRUD access 'add_marketingweeklyreport', 'change_marketingweeklyreport', 'view_marketingweeklyreport', 'delete_marketingweeklyreport', 'add_marketingleadinteraction', 'change_marketingleadinteraction', 'view_marketingleadinteraction', 'delete_marketingleadinteraction', 'add_marketingreporttemplate', 'change_marketingreporttemplate', 'view_marketingreporttemplate', 'delete_marketingreporttemplate', # Full expense management permissions for marketing activities 'add_expense', 'change_expense', 'view_expense', 'delete_expense', 'add_expensecategory', 'change_expensecategory', 'view_expensecategory', 'delete_expensecategory', 'add_budgetallocation', 'change_budgetallocation', 'view_budgetallocation', 'delete_budgetallocation', # Expenditure app permissions 'expenditure.add_expense', 'expenditure.change_expense', 'expenditure.view_expense', 'expenditure.delete_expense', 'expenditure.add_expensecategory', 'expenditure.change_expensecategory', 'expenditure.view_expensecategory', 'expenditure.delete_expensecategory', 'expenditure.add_budgetallocation', 'expenditure.change_budgetallocation', 'expenditure.view_budgetallocation', 'expenditure.delete_budgetallocation', ], 'HR Staff': [ # Employee management 'add_employee', 'change_employee', 'view_employee', 'delete_employee', 'add_department', 'change_department', 'view_department', 'delete_department', 'add_payslip', 'change_payslip', 'view_payslip', 'delete_payslip', 'add_deduction', 'change_deduction', 'view_deduction', 'delete_deduction', 'add_bonus', 'change_bonus', 'view_bonus', 'delete_bonus', ], 'Billing Staff': [ # Invoice and payment management 'add_invoice', 'change_invoice', 'view_invoice', 'delete_invoice', 'add_payment', 'change_payment', 'view_payment', 'delete_payment', # Customer management for billing 'add_customer', 'change_customer', 'view_customer', 'add_service', 'change_service', 'view_service', # Ticket and network device management 'add_ticket', 'change_ticket', 'view_ticket', 'delete_ticket', 'add_networkdevice', 'change_networkdevice', 'view_networkdevice', 'delete_networkdevice', # View employee information 'view_employee', 'view_department', 'view_payslip', ], 'Customer Service': [ # Customer support 'view_customer', 'change_customer', 'add_ticket', 'change_ticket', 'view_ticket', 'view_invoice', 'view_payment', 'add_payment', 'change_payment', ], 'Staff': [ # Full ticket management 'add_ticket', 'change_ticket', 'view_ticket', 'delete_ticket', 'add_ticketcomment', 'change_ticketcomment', 'view_ticketcomment', 'delete_ticketcomment', 'add_ticketattachment', 'change_ticketattachment', 'view_ticketattachment', 'delete_ticketattachment', # Full customer management 'add_customer', 'change_customer', 'view_customer', 'delete_customer', 'add_customertag', 'change_customertag', 'view_customertag', 'delete_customertag', 'add_customerbalancetransaction', 'change_customerbalancetransaction', 'view_customerbalancetransaction', 'delete_customerbalancetransaction', 'add_customerinvitation', 'change_customerinvitation', 'view_customerinvitation', 'delete_customerinvitation', # Service management 'add_service', 'change_service', 'view_service', 'delete_service', # Full billing access 'add_invoice', 'change_invoice', 'view_invoice', 'delete_invoice', 'add_payment', 'change_payment', 'view_payment', 'delete_payment', # Calendar and scheduling 'view_calendar', 'manage_schedules', # Can view but not modify payroll 'view_payslip', # Additional permissions 'view_customers', 'add_customers', 'change_customers', 'delete_customers', 'view_billing', 'process_payments', 'view_tickets', # Basic employee information access (no sensitive data) 'view_employee', # Full marketing report and analytics access for management oversight 'add_marketingweeklyreport', 'change_marketingweeklyreport', 'view_marketingweeklyreport', 'delete_marketingweeklyreport', 'add_marketingleadinteraction', 'change_marketingleadinteraction', 'view_marketingleadinteraction', 'delete_marketingleadinteraction', 'add_marketingreporttemplate', 'change_marketingreporttemplate', 'view_marketingreporttemplate', 'delete_marketingreporttemplate', ], } for group_name, permission_codenames in groups_permissions.items(): group, created = Group.objects.get_or_create(name=group_name) if created: self.stdout.write(f'Created group: {group_name}') else: self.stdout.write(f'Group already exists: {group_name}') # Clear existing permissions group.permissions.clear() # Add permissions for codename in permission_codenames: try: permission = Permission.objects.get(codename=codename) group.permissions.add(permission) except Permission.DoesNotExist: self.stdout.write( self.style.WARNING(f'Permission not found: {codename}') ) self.stdout.write(f'Added {len(permission_codenames)} permissions to {group_name}') self.stdout.write( self.style.SUCCESS('Successfully set up permission groups!') )