admin/38086-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

permission add

Browse Source
This commit is contained in:
Flatlogic Bot 2026-02-11 17:23:51 +00:00
parent 03fe74ce32
commit fa0a735548
9 changed files with 66 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
accounting/__pycache__/views.cpython-311.pyc
View File

Binary file not shown.

3
accounting/views.py
View File

@ -14,6 +14,9 @@ import json
@login_required @login_required
def vat_report(request): def vat_report(request):
if not (request.user.is_staff or request.user.has_perm('core.view_reports')):
messages.error(request, _("You do not have permission to view reports."))
return redirect('index')
start_date = request.GET.get('start_date') start_date = request.GET.get('start_date')
end_date = request.GET.get('end_date') end_date = request.GET.get('end_date')

BIN
core/__pycache__/models.cpython-311.pyc
View File

Binary file not shown.

BIN
core/__pycache__/views.cpython-311.pyc
View File

Binary file not shown.

17
core/migrations/0038_alter_systemsetting_options.py Normal file
View File

@ -0,0 +1,17 @@
# Generated by Django 5.2.7 on 2026-02-11 17:17
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('core', '0037_alter_systemsetting_options'),
]
operations = [
migrations.AlterModelOptions(
name='systemsetting',
options={'permissions': [('view_dashboard', 'Can view dashboard'), ('view_pos', 'Can access POS'), ('view_reports', 'Can view reports'), ('view_accounting', 'Can view accounting'), ('view_hr', 'Can view HR'), ('view_inventory', 'Can view inventory'), ('view_sales', 'Can view sales'), ('view_purchases', 'Can view purchases'), ('view_customers', 'Can view customers'), ('view_suppliers', 'Can view suppliers'), ('view_expenses', 'Can view expenses'), ('view_lpo', 'Can view LPO'), ('view_quotations', 'Can view quotations'), ('view_system', 'Can view system settings')]},
),
]

17
core/migrations/0039_alter_systemsetting_options.py Normal file
View File

@ -0,0 +1,17 @@
# Generated by Django 5.2.7 on 2026-02-11 17:19
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
('core', '0038_alter_systemsetting_options'),
]
operations = [
migrations.AlterModelOptions(
name='systemsetting',
options={'permissions': [('view_dashboard', 'Can view dashboard'), ('view_pos', 'Can access POS'), ('view_reports', 'Can view reports'), ('view_accounting', 'Can view accounting'), ('view_hr', 'Can view HR'), ('view_inventory', 'Can view inventory'), ('view_sales', 'Can view sales'), ('view_purchases', 'Can view purchases'), ('view_customers', 'Can view customers'), ('view_suppliers', 'Can view suppliers'), ('view_expenses', 'Can view expenses'), ('view_lpo', 'Can view LPO'), ('view_quotations', 'Can view quotations'), ('view_system', 'Can view system settings')], 'verbose_name': 'System & App Access', 'verbose_name_plural': 'System & App Access'},
),
]

3
core/models.py
View File

@ -415,6 +415,8 @@ class SystemSetting(models.Model):
allow_zero_stock_sales = models.BooleanField(_("Allow selling items with 0 stock"), default=False) allow_zero_stock_sales = models.BooleanField(_("Allow selling items with 0 stock"), default=False)
class Meta: class Meta:
verbose_name = _("System & App Access")
verbose_name_plural = _("System & App Access")
permissions = [ permissions = [
("view_dashboard", "Can view dashboard"), ("view_dashboard", "Can view dashboard"),
("view_pos", "Can access POS"), ("view_pos", "Can access POS"),
@ -429,6 +431,7 @@ class SystemSetting(models.Model):
("view_expenses", "Can view expenses"), ("view_expenses", "Can view expenses"),
("view_lpo", "Can view LPO"), ("view_lpo", "Can view LPO"),
("view_quotations", "Can view quotations"), ("view_quotations", "Can view quotations"),
("view_system", "Can view system settings"),
] ]
def __str__(self): def __str__(self):

10
core/templates/base.html
View File

@ -328,7 +328,7 @@
</li> </li>
{% endif %} {% endif %}
{% if user.is_staff %} {% if user.is_staff or perms.core.view_system %}
<!-- System Group --> <!-- System Group -->
<li class="sidebar-group-header mt-1"> <li class="sidebar-group-header mt-1">
<a href="#systemSubmenu" data-bs-toggle="collapse" aria-expanded="{% if url_name == 'settings' or url_name == 'user_management' or url_name == 'cashier_registry' or '/admin/' in path %}true{% else %}false{% endif %}" class="dropdown-toggle-custom"> <a href="#systemSubmenu" data-bs-toggle="collapse" aria-expanded="{% if url_name == 'settings' or url_name == 'user_management' or url_name == 'cashier_registry' or '/admin/' in path %}true{% else %}false{% endif %}" class="dropdown-toggle-custom">
@ -336,16 +336,21 @@
<i class="bi bi-chevron-down chevron"></i> <i class="bi bi-chevron-down chevron"></i>
</a> </a>
<ul class="collapse list-unstyled sub-menu {% if url_name == 'settings' or url_name == 'user_management' or url_name == 'cashier_registry' or '/admin/' in path %}show{% endif %}" id="systemSubmenu"> <ul class="collapse list-unstyled sub-menu {% if url_name == 'settings' or url_name == 'user_management' or url_name == 'cashier_registry' or '/admin/' in path %}show{% endif %}" id="systemSubmenu">
{% if user.is_staff or perms.core.view_system %}
<li> <li>
<a href="{% url 'settings' %}" class="{% if url_name == 'settings' %}active{% endif %}"> <a href="{% url 'settings' %}" class="{% if url_name == 'settings' %}active{% endif %}">
<i class="bi bi-gear"></i> {% trans "Settings" %} <i class="bi bi-gear"></i> {% trans "Settings" %}
</a> </a>
</li> </li>
{% endif %}
{% if user.is_staff %}
<li> <li>
<a href="{% url 'user_management' %}" class="{% if url_name == 'user_management' %}active{% endif %}"> <a href="{% url 'user_management' %}" class="{% if url_name == 'user_management' %}active{% endif %}">
<i class="bi bi-person-lock"></i> {% trans "User Management" %} <i class="bi bi-person-lock"></i> {% trans "User Management" %}
</a> </a>
</li> </li>
{% endif %}
{% if user.is_staff or perms.core.view_system %}
<li> <li>
<a href="{% url 'cashier_registry' %}" class="{% if url_name == 'cashier_registry' %}active{% endif %}"> <a href="{% url 'cashier_registry' %}" class="{% if url_name == 'cashier_registry' %}active{% endif %}">
<i class="bi bi-display"></i> {% trans "Cashier Registry" %} <i class="bi bi-display"></i> {% trans "Cashier Registry" %}
@ -356,11 +361,14 @@
<i class="bi bi-clock-history"></i> {% trans "Cashier Sessions" %} <i class="bi bi-clock-history"></i> {% trans "Cashier Sessions" %}
</a> </a>
</li> </li>
{% endif %}
{% if user.is_staff %}
<li> <li>
<a href="/admin/"> <a href="/admin/">
<i class="bi bi-shield-lock"></i> {% trans "Django Admin" %} <i class="bi bi-shield-lock"></i> {% trans "Django Admin" %}
</a> </a>
</li> </li>
{% endif %}
</ul> </ul>
</li> </li>
{% endif %} {% endif %}

18
core/views.py
View File

@ -1031,7 +1031,11 @@ def expense_category_delete_view(request, pk):
@login_required @login_required
def expense_report(request): def expense_report(request):
return render(request, 'core/expense_report.html') if not (request.user.is_staff or request.user.has_perm('core.view_reports')):
messages.error(request, _("You do not have permission to view reports."))
return redirect('index')
start_date = request.GET.get('start_date')
end_date = request.GET.get('end_date')
@login_required @login_required
def export_expenses_excel(request): def export_expenses_excel(request):
@ -1041,10 +1045,16 @@ def export_expenses_excel(request):
@login_required @login_required
def reports(request): def reports(request):
if not (request.user.is_staff or request.user.has_perm('core.view_reports')):
messages.error(request, _("You do not have permission to view reports."))
return redirect('index')
return render(request, 'core/reports.html') return render(request, 'core/reports.html')
@login_required @login_required
def customer_statement(request): def customer_statement(request):
if not (request.user.is_staff or request.user.has_perm('core.view_reports')):
messages.error(request, _("You do not have permission to view reports."))
return redirect('index')
customers = Customer.objects.all().order_by('name') customers = Customer.objects.all().order_by('name')
selected_customer = None selected_customer = None
sales = [] sales = []
@ -1090,6 +1100,9 @@ def customer_statement(request):
@login_required @login_required
def supplier_statement(request): def supplier_statement(request):
if not (request.user.is_staff or request.user.has_perm('core.view_reports')):
messages.error(request, _("You do not have permission to view reports."))
return redirect('index')
suppliers = Supplier.objects.all().order_by('name') suppliers = Supplier.objects.all().order_by('name')
selected_supplier = None selected_supplier = None
purchases = [] purchases = []
@ -1135,6 +1148,9 @@ def supplier_statement(request):
@login_required @login_required
def cashflow_report(request): def cashflow_report(request):
if not (request.user.is_staff or request.user.has_perm('core.view_reports')):
messages.error(request, _("You do not have permission to view reports."))
return redirect('index')
start_date = request.GET.get('start_date') start_date = request.GET.get('start_date')
end_date = request.GET.get('end_date') end_date = request.GET.get('end_date')