сделал возможность добавлять разные уровни доступа (сейчас 3: оператор, инженер, администратор)

2024-01-25 17:51:40 +03:00 · 2024-01-25 17:51:40 +03:00 · 1c16ba2889
commit 1c16ba2889
parent e42fd37a14
5 changed files with 25 additions and 28 deletions
--- a/templates/account/list.html
+++ b/templates/account/list.html
@ -35,7 +35,7 @@
        <thead>
        <tr>
            <td>Логин</td>
-            <td>Админ</td>
+            <td>Уровень доступа</td>
            <td>Последний вход</td>
            <td>Последнее обновление пароля</td>
            <td>Зарегистрирован</td>
@ -45,7 +45,7 @@
        {% for u in users %}
        <tr>
            <td><a href="{% url 'account-view' u.login %}"> {{ u.login }} </a></td>
-            <td>{{ u.is_superuser }}</td>
+            <td>{{ u.access_level }}</td>
            <td>{{ u.last_login }}</td>
            <td>{{ u.last_password_change }}</td>
            <td>{{ u.registered }}</td>
--- a/templates/account/register.html
+++ b/templates/account/register.html
@ -28,7 +28,7 @@
        font-weight: bolder;
    }

-    .form-row input {
+    .form-row input, .form-row select {
        padding: 8px;
        width: 100%;
        box-sizing: border-box;
@ -39,7 +39,7 @@
        min-height: 2em;
    }

-    .form-row input:focus {
+    .form-row input:focus, .form-row select:focus {
        outline: none;
        border: none;
        border-bottom: var(--brand-text) 2px solid;
@ -59,11 +59,6 @@
        padding: 0.5em;
        margin: 0.2em;
    }
-
-    .errorlist {
-        padding: 0;
-    }
-
 </style>
 {% endblock %}

--- a/templates/account/view.html
+++ b/templates/account/view.html
@ -16,7 +16,7 @@
 {% block content %}
 <p><a href="{% url 'index' %}" class="value-good">Вернуться на главную</a></p>

-<p>Статус администратора: {{ view_user.is_superuser }}</p>
+<p>Уровень доступа: {{ view_user.access_level }}</p>
 <p>Последний вход: {{ view_user.last_login }}</p>
 <p>Последнее обновление пароля: {{ view_user.last_password_change }}
    {% if perms.users.change_user or view_user.login == user.login %}
--- a/users/forms.py
+++ b/users/forms.py
@ -6,4 +6,4 @@ from .models import User
 class UserRegisterForm(UserCreationForm):
    class Meta(UserCreationForm.Meta):
        model = User
-        fields = ('login', 'is_superuser')
+        fields = ('login', 'access_level')
--- a/users/models.py
+++ b/users/models.py
@ -6,15 +6,21 @@ import ospaz_site.settings as settings
 from .managers import CustomUserManager


+class UserAccessLevel(models.IntegerChoices):
+    BASIC = 0, 'Оператор'
+    ENGINEER = 10, 'Инженер'
+    ADMIN = 100, 'Администратор'
+
+
 class User(AbstractBaseUser):
    login = models.CharField(max_length=16, validators=[MinLengthValidator(3)], verbose_name="Логин", unique=True)
    last_login = models.DateTimeField(verbose_name="Последний вход", blank=True, null=True)
-    is_superuser = models.BooleanField(default=False, verbose_name="Администратор")
+    access_level = models.IntegerField(choices=UserAccessLevel, default=UserAccessLevel.BASIC,
+                                       verbose_name="Уровень доступа")
    registered = models.DateTimeField(default=timezone.now, editable=False, verbose_name="Время регистрации")

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
-        self.is_staff = self.is_superuser

    last_password_change = models.DateTimeField(default=timezone.now, verbose_name="Последняя смена пароля")

@ -38,25 +44,21 @@ class User(AbstractBaseUser):
        if not self.is_authenticated:
            return False

-        secure_level = 0
-        if self.is_superuser:
-            secure_level = 1
-
        permissions = {
-            'users.add_user': 1,
-            'users.change_user': 1,
-            'users.delete_user': 1,
-            'users.view_user': 1,
+            'users.add_user': UserAccessLevel.ADMIN,
+            'users.change_user': UserAccessLevel.ADMIN,
+            'users.delete_user': UserAccessLevel.ADMIN,
+            'users.view_user': UserAccessLevel.ADMIN,

-            'logs_service.add_mbtankrecord': 1,
-            'logs_service.change_mbtankrecord': 1,
-            'logs_service.delete_mbtankrecord': 1,
-            'logs_service.view_mbtankrecord': 0,
+            'logs_service.add_mbtankrecord': UserAccessLevel.ADMIN,
+            'logs_service.change_mbtankrecord': UserAccessLevel.ADMIN,
+            'logs_service.delete_mbtankrecord': UserAccessLevel.ADMIN,
+            'logs_service.view_mbtankrecord': UserAccessLevel.BASIC,

-            'logs_service.view_pump_stats': 1
+            'logs_service.view_pump_stats': UserAccessLevel.ENGINEER
        }
        if perm in permissions:
-            if permissions[perm] <= secure_level:
+            if permissions[perm] <= self.access_level:
                return True
        elif settings.DEBUG:
            print(f"User.has_perm: unknown permission - '{perm}'")
@ -69,4 +71,4 @@ class User(AbstractBaseUser):
        return True

    def has_module_perms(self, package_name):
-        return self.is_superuser
+        return self.access_level == UserAccessLevel.ADMIN