admin/38686-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38686-vm/core/management/commands/setup_groups.py
Konrad du Plessis 77236dd78f Phase 2B: Enhanced attendance, work history filters, supervisor dashboard 
- Attendance form: date range (start+end), Sat/Sun checkboxes, conflict
  detection with Skip/Overwrite, supervisor auto-set, estimated cost card
- Work history: filter by worker/project/payment status, CSV export,
  payment status badges (Paid/Unpaid)
- Supervisor dashboard: stat cards for projects, teams, workers count
- Forms: supervisor filtering (non-admins only see their projects/workers)
- Navbar: History link now works, cleaned up inline styles in base.html
- Management command: setup_groups creates Admin + Work Logger groups
- No model/migration changes — database is untouched

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-22 16:28:18 +02:00

75 lines
3.1 KiB
Python
Raw Blame History

# === SETUP GROUPS MANAGEMENT COMMAND ===
# Creates two permission groups: "Admin" and "Work Logger".
# Run this once after deploying: python manage.py setup_groups
#
# "Admin" group gets full access to all core models.
# "Work Logger" group can add/change/view WorkLogs, and view-only
# access to Projects, Workers, and Teams.
from django.core.management.base import BaseCommand
from django.contrib.auth.models import Group, Permission
from django.contrib.contenttypes.models import ContentType
from core.models import (
Project, Worker, Team, WorkLog, PayrollRecord,
Loan, PayrollAdjustment, ExpenseReceipt, ExpenseLineItem
)
class Command(BaseCommand):
help = 'Creates the Admin and Work Logger permission groups'
def handle(self, *args, **options):
# --- Create the "Admin" group ---
# Admins get every permission on every core model
admin_group, created = Group.objects.get_or_create(name='Admin')
if created:
self.stdout.write(self.style.SUCCESS('Created "Admin" group'))
else:
self.stdout.write('Admin group already exists — updating permissions')
# Get all permissions for our core models
core_models = [
Project, Worker, Team, WorkLog, PayrollRecord,
Loan, PayrollAdjustment, ExpenseReceipt, ExpenseLineItem
]
all_permissions = Permission.objects.filter(
content_type__in=[
ContentType.objects.get_for_model(model)
for model in core_models
]
)
admin_group.permissions.set(all_permissions)
self.stdout.write(f' Assigned {all_permissions.count()} permissions to Admin group')
# --- Create the "Work Logger" group ---
# Work Loggers can add/change/view WorkLogs, and view-only for
# Projects, Workers, and Teams
logger_group, created = Group.objects.get_or_create(name='Work Logger')
if created:
self.stdout.write(self.style.SUCCESS('Created "Work Logger" group'))
else:
self.stdout.write('Work Logger group already exists — updating permissions')
logger_permissions = Permission.objects.filter(
# WorkLog: add, change, view (but not delete)
content_type=ContentType.objects.get_for_model(WorkLog),
codename__in=['add_worklog', 'change_worklog', 'view_worklog']
) | Permission.objects.filter(
# Projects: view only
content_type=ContentType.objects.get_for_model(Project),
codename='view_project'
) | Permission.objects.filter(
# Workers: view only
content_type=ContentType.objects.get_for_model(Worker),
codename='view_worker'
) | Permission.objects.filter(
# Teams: view only
content_type=ContentType.objects.get_for_model(Team),
codename='view_team'
)
logger_group.permissions.set(logger_permissions)
self.stdout.write(f' Assigned {logger_permissions.count()} permissions to Work Logger group')
self.stdout.write(self.style.SUCCESS('Done! Permission groups are ready.'))
Reference in New Issue View Git Blame Copy Permalink