admin/38156-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38156-vm/core/management/commands/setup_groups.py
Konradzar d922a14ec5 Ver 14 - Dashboard redesign, permissions, payslip preview, team tracking 
- Dashboard: Outstanding Payments, Paid This Month, Active Loans cards
- Dashboard: This Week summary, Recent Activity, Quick Actions, Manage Resources
- Dashboard: Active/Inactive/All filter for resources
- Payroll: Preview payslip modal (no DB/email side effects)
- Payroll: Multi-select workers in adjustment modal
- History: Team column + direct team FK on WorkLog
- History: Shift+click multi-date selection on calendar
- Permissions: Replaced PIN system with Django groups (Admin, Work Logger)
- Permissions: Renamed Supervisor to Work Logger throughout
- Nav: Hide financial links (Payroll) from non-admin users
- Admin: Enhanced Django admin with group management
- New migrations: 0011 (remove pin/is_admin), 0012 (add team to WorkLog)
- New management command: setup_groups

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-08 23:43:38 +02:00

70 lines
3.1 KiB
Python
Raw Blame History

from django.core.management.base import BaseCommand
from django.contrib.auth.models import Group, Permission
from django.contrib.contenttypes.models import ContentType
class Command(BaseCommand):
help = 'Creates Admin and Work Logger permission groups with pre-assigned permissions'
def handle(self, *args, **options):
# --- Admin Group ---
# Full access to all core business models + user management
admin_group, created = Group.objects.get_or_create(name='Admin')
admin_perms = []
# All core model permissions
for model in ['project', 'worker', 'team', 'worklog', 'payrollrecord',
'loan', 'payrolladjustment', 'expensereceipt', 'expenselineitem']:
ct = ContentType.objects.filter(app_label='core', model=model).first()
if ct:
admin_perms.extend(Permission.objects.filter(content_type=ct))
# User management permissions
user_ct = ContentType.objects.filter(app_label='auth', model='user').first()
if user_ct:
admin_perms.extend(Permission.objects.filter(content_type=user_ct))
group_ct = ContentType.objects.filter(app_label='auth', model='group').first()
if group_ct:
admin_perms.extend(Permission.objects.filter(content_type=group_ct))
admin_group.permissions.set(admin_perms)
status = 'Created' if created else 'Updated'
self.stdout.write(self.style.SUCCESS(
f'{status} "Admin" group with {admin_group.permissions.count()} permissions'
))
# --- Work Logger Group ---
# Can log work, view history, create receipts - restricted to their teams/projects
supervisor_group, created = Group.objects.get_or_create(name='Work Logger')
supervisor_codenames = [
# Projects - view only
'view_project',
# Workers - view only
'view_worker',
# Teams - view only
'view_team',
# Work logs - full access (log attendance, edit, view)
'add_worklog', 'change_worklog', 'view_worklog',
# Expense receipts - create and view
'add_expensereceipt', 'view_expensereceipt',
# Expense line items - create and view (needed for receipt creation)
'add_expenselineitem', 'view_expenselineitem',
]
supervisor_perms = Permission.objects.filter(
content_type__app_label='core',
codename__in=supervisor_codenames
)
supervisor_group.permissions.set(supervisor_perms)
status = 'Created' if created else 'Updated'
self.stdout.write(self.style.SUCCESS(
f'{status} "Work Logger" group with {supervisor_group.permissions.count()} permissions'
))
self.stdout.write('')
self.stdout.write('To assign a user to a group:')
self.stdout.write(' 1. Go to Admin Panel > Users > select user')
self.stdout.write(' 2. Under "Groups", add them to "Admin" or "Work Logger"')
self.stdout.write(' 3. For Work Loggers, also assign them to Projects/Teams')
Reference in New Issue View Git Blame Copy Permalink