сделал возможность добавлять разные уровни доступа (сейчас 3: оператор, инженер, администратор)

2024-01-25 17:51:40 +03:00
parent e42fd37a14
commit 1c16ba2889
5 changed files with 25 additions and 28 deletions
--- a/users/forms.py
+++ b/users/forms.py
@@ -6,4 +6,4 @@ from .models import User
 class UserRegisterForm(UserCreationForm):
    class Meta(UserCreationForm.Meta):
        model = User
-        fields = ('login', 'is_superuser')
+        fields = ('login', 'access_level')
--- a/users/models.py
+++ b/users/models.py
@@ -6,15 +6,21 @@ import ospaz_site.settings as settings
 from .managers import CustomUserManager


+class UserAccessLevel(models.IntegerChoices):
+    BASIC = 0, 'Оператор'
+    ENGINEER = 10, 'Инженер'
+    ADMIN = 100, 'Администратор'
+
+
 class User(AbstractBaseUser):
    login = models.CharField(max_length=16, validators=[MinLengthValidator(3)], verbose_name="Логин", unique=True)
    last_login = models.DateTimeField(verbose_name="Последний вход", blank=True, null=True)
-    is_superuser = models.BooleanField(default=False, verbose_name="Администратор")
+    access_level = models.IntegerField(choices=UserAccessLevel, default=UserAccessLevel.BASIC,
+                                       verbose_name="Уровень доступа")
    registered = models.DateTimeField(default=timezone.now, editable=False, verbose_name="Время регистрации")

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)
-        self.is_staff = self.is_superuser

    last_password_change = models.DateTimeField(default=timezone.now, verbose_name="Последняя смена пароля")

@@ -38,25 +44,21 @@ class User(AbstractBaseUser):
        if not self.is_authenticated:
            return False

-        secure_level = 0
-        if self.is_superuser:
-            secure_level = 1
-
        permissions = {
-            'users.add_user': 1,
-            'users.change_user': 1,
-            'users.delete_user': 1,
-            'users.view_user': 1,
+            'users.add_user': UserAccessLevel.ADMIN,
+            'users.change_user': UserAccessLevel.ADMIN,
+            'users.delete_user': UserAccessLevel.ADMIN,
+            'users.view_user': UserAccessLevel.ADMIN,

-            'logs_service.add_mbtankrecord': 1,
-            'logs_service.change_mbtankrecord': 1,
-            'logs_service.delete_mbtankrecord': 1,
-            'logs_service.view_mbtankrecord': 0,
+            'logs_service.add_mbtankrecord': UserAccessLevel.ADMIN,
+            'logs_service.change_mbtankrecord': UserAccessLevel.ADMIN,
+            'logs_service.delete_mbtankrecord': UserAccessLevel.ADMIN,
+            'logs_service.view_mbtankrecord': UserAccessLevel.BASIC,

-            'logs_service.view_pump_stats': 1
+            'logs_service.view_pump_stats': UserAccessLevel.ENGINEER
        }
        if perm in permissions:
-            if permissions[perm] <= secure_level:
+            if permissions[perm] <= self.access_level:
                return True
        elif settings.DEBUG:
            print(f"User.has_perm: unknown permission - '{perm}'")
@@ -69,4 +71,4 @@ class User(AbstractBaseUser):
        return True

    def has_module_perms(self, package_name):
-        return self.is_superuser
+        return self.access_level == UserAccessLevel.ADMIN