from django.contrib.auth.models import AbstractUser from django.db import models class CustomUser(AbstractUser): ROLE_CHOICES = [ ('admin', 'Admin'), ('technician', 'Technician'), ('client', 'Client'), ] role = models.CharField(max_length=20, choices=ROLE_CHOICES, default='client') phone = models.CharField(max_length=15, blank=True) address = models.TextField(blank=True) first_login_required = models.BooleanField(default=False) def __str__(self): return f"{self.username} ({self.get_role_display()})" @property def is_admin(self): """Check if user is admin/management - Superusers are ALWAYS admins""" # Superusers have ultimate admin privileges if self.is_superuser: return True if hasattr(self, 'employee_profile') and self.employee_profile: return self.employee_profile.department and self.employee_profile.department.name == 'Management' return False @property def is_technician(self): """Check if user is technician/staff""" if self.is_staff and not self.is_superuser: return True if hasattr(self, 'employee_profile') and self.employee_profile: return self.employee_profile.department and self.employee_profile.department.name in ['Technician', 'Marketing', 'HR Staff', 'Billing Staff', 'Customer Service'] return self.role == 'technician' @property def is_client(self): """Check if user is client""" return self.role == 'client' or hasattr(self, 'customer_profile') class UserActivityLog(models.Model): ACTIVITY_TYPES = [ ('login', 'Login'), ('logout', 'Logout'), ('create', 'Create'), ('update', 'Update'), ('delete', 'Delete'), ('view', 'View'), ('permission_change', 'Permission Change'), ] user = models.ForeignKey(CustomUser, on_delete=models.SET_NULL, null=True, blank=True) activity_type = models.CharField(max_length=20, choices=ACTIVITY_TYPES) description = models.TextField(default="No description provided") ip_address = models.GenericIPAddressField(null=True, blank=True) user_agent = models.TextField(blank=True) timestamp = models.DateTimeField(auto_now_add=True) class Meta: ordering = ['-timestamp'] indexes = [ models.Index(fields=['user', 'timestamp']), models.Index(fields=['activity_type', 'timestamp']), ] def __str__(self): return f"{self.user} - {self.activity_type} - {self.timestamp}" class GroupPermissionManager(models.Model): """Model to manage dynamic permissions for user groups/departments""" PERMISSION_CATEGORIES = [ ('customer', 'Customer Management'), ('billing', 'Billing & Invoicing'), ('ticket', 'Ticket Management'), ('employee', 'Employee Management'), ('financial', 'Financial Access'), ('system', 'System Settings'), ('network', 'Network Management'), ('marketing', 'Marketing'), ('hr', 'Human Resources'), ('expenditure', 'Expenditure Management'), ('reports', 'Reports & Analytics'), ] name = models.CharField(max_length=100, unique=True, help_text="Permission identifier") display_name = models.CharField(max_length=150, help_text="Human readable permission name") description = models.TextField(blank=True, help_text="Description of what this permission allows") category = models.CharField(max_length=20, choices=PERMISSION_CATEGORIES, help_text="Permission category") is_active = models.BooleanField(default=True) created_at = models.DateTimeField(auto_now_add=True) updated_at = models.DateTimeField(auto_now=True) class Meta: ordering = ['category', 'display_name'] verbose_name = "System Permission" verbose_name_plural = "System Permissions" def __str__(self): return f"{self.display_name} ({self.name})" class DepartmentPermissionAssignment(models.Model): """Model to track which permissions are assigned to which departments""" department = models.ForeignKey('hr.Department', on_delete=models.CASCADE, related_name='permission_assignments') permission = models.ForeignKey(GroupPermissionManager, on_delete=models.CASCADE, related_name='department_assignments') assigned_by = models.ForeignKey(CustomUser, on_delete=models.SET_NULL, null=True, related_name='assigned_permissions') assigned_at = models.DateTimeField(auto_now_add=True) class Meta: unique_together = ['department', 'permission'] ordering = ['department', 'permission__category', 'permission__display_name'] def __str__(self): return f"{self.department.name} - {self.permission.display_name}"