100 lines
3.5 KiB
Python
100 lines
3.5 KiB
Python
from django.contrib import admin
|
|
|
|
from .models import OrganizationRole, RolePermission, UserPermission, UserRole
|
|
|
|
|
|
@admin.register(RolePermission)
|
|
class RolePermissionAdmin(admin.ModelAdmin):
|
|
list_display = ('codename', 'modulo', 'descripcion')
|
|
list_filter = ('modulo',)
|
|
search_fields = ('codename', 'descripcion')
|
|
ordering = ('modulo', 'codename')
|
|
|
|
def get_readonly_fields(self, request, obj=None):
|
|
# Al editar un permiso existente los campos son readonly para evitar inconsistencias
|
|
if obj:
|
|
return ('codename', 'modulo', 'descripcion')
|
|
return ()
|
|
|
|
def has_add_permission(self, request):
|
|
return request.user.is_superuser
|
|
|
|
def has_change_permission(self, request, obj=None):
|
|
return request.user.is_superuser
|
|
|
|
def has_delete_permission(self, request, obj=None):
|
|
return request.user.is_superuser
|
|
|
|
|
|
class UserRoleInline(admin.TabularInline):
|
|
model = UserRole
|
|
extra = 0
|
|
autocomplete_fields = ('user',)
|
|
readonly_fields = ('created_at',)
|
|
|
|
|
|
@admin.register(OrganizationRole)
|
|
class OrganizationRoleAdmin(admin.ModelAdmin):
|
|
list_display = ('nombre', 'organizacion', 'is_admin_role', 'permisos_count', 'usuarios_count')
|
|
list_filter = ('organizacion', 'is_admin_role')
|
|
search_fields = ('nombre', 'organizacion__nombre')
|
|
filter_horizontal = ('permissions',)
|
|
inlines = (UserRoleInline,)
|
|
readonly_fields = ('created_at', 'updated_at')
|
|
|
|
def permisos_count(self, obj):
|
|
return obj.permissions.count()
|
|
permisos_count.short_description = 'Permisos'
|
|
|
|
def usuarios_count(self, obj):
|
|
return obj.user_roles.count()
|
|
usuarios_count.short_description = 'Usuarios'
|
|
|
|
def has_add_permission(self, request):
|
|
return request.user.is_superuser
|
|
|
|
def has_delete_permission(self, request, obj=None):
|
|
if obj and obj.is_admin_role:
|
|
return False
|
|
return request.user.is_superuser
|
|
|
|
|
|
@admin.register(UserRole)
|
|
class UserRoleAdmin(admin.ModelAdmin):
|
|
list_display = ('user', 'role', 'organizacion', 'created_at')
|
|
list_filter = ('role__organizacion', 'role__nombre')
|
|
search_fields = ('user__username', 'user__email', 'role__nombre')
|
|
autocomplete_fields = ('user',)
|
|
readonly_fields = ('created_at',)
|
|
|
|
def organizacion(self, obj):
|
|
return obj.role.organizacion
|
|
organizacion.short_description = 'Organización'
|
|
|
|
def save_model(self, request, obj, form, change):
|
|
# Bloquear remoción del rol admin_role al owner de la org
|
|
if change and obj.role.is_admin_role:
|
|
org = obj.role.organizacion
|
|
if hasattr(org, 'owner') and org.owner == obj.user:
|
|
from django.contrib import messages
|
|
self.message_user(
|
|
request,
|
|
'No se puede remover el rol de administrador maestro al owner de la organización.',
|
|
level=messages.ERROR,
|
|
)
|
|
return
|
|
super().save_model(request, obj, form, change)
|
|
|
|
|
|
@admin.register(UserPermission)
|
|
class UserPermissionAdmin(admin.ModelAdmin):
|
|
list_display = ('user', 'permission', 'granted', 'organizacion', 'created_at')
|
|
list_filter = ('granted', 'permission__modulo')
|
|
search_fields = ('user__username', 'user__email', 'permission__codename')
|
|
autocomplete_fields = ('user',)
|
|
readonly_fields = ('created_at',)
|
|
|
|
def organizacion(self, obj):
|
|
return getattr(obj.user, 'organizacion', '—')
|
|
organizacion.short_description = 'Organización'
|