ospaz-site/users/models.py

from django.contrib.auth.models import AbstractBaseUser
from django.db import models
from django.utils import timezone
from django.core.validators import MinLengthValidator
import ospaz_site.settings as settings
from .managers import CustomUserManager


class UserAccessLevel(models.IntegerChoices):
    BASIC = 0, 'Оператор'
    ENGINEER = 10, 'Инженер'
    ADMIN = 100, 'Администратор'


class User(AbstractBaseUser):
    login = models.CharField(max_length=16, validators=[MinLengthValidator(3)], verbose_name="Логин", unique=True)
    last_login = models.DateTimeField(verbose_name="Последний вход", blank=True, null=True)
    access_level = models.IntegerField(choices=UserAccessLevel, default=UserAccessLevel.BASIC,
                                       verbose_name="Уровень доступа")
    registered = models.DateTimeField(default=timezone.now, editable=False, verbose_name="Время регистрации")

    def __init__(self, *args, **kwargs):
        super().__init__(*args, **kwargs)

    last_password_change = models.DateTimeField(default=timezone.now, verbose_name="Последняя смена пароля")

    def set_password(self, raw_password):
        super().set_password(raw_password)
        self.last_password_change = timezone.now()

    USERNAME_FIELD = "login"
    REQUIRED_FIELDS = []

    objects = CustomUserManager()

    def __str__(self):
        return self.login

    def readable_access_level(self):
        choices = UserAccessLevel.choices
        for c in choices:
            if c[0] == self.access_level:
                return c[1]
        return 'неизвестно'

    class Meta:
        default_permissions = ()

    def has_perm(self, perm, obj=None):
        # управления правами пользователя
        if not self.is_authenticated:
            return False

        permissions = {
            'users.add_user': UserAccessLevel.ADMIN,
            'users.change_user': UserAccessLevel.ADMIN,
            'users.delete_user': UserAccessLevel.ADMIN,
            'users.view_user': UserAccessLevel.ADMIN,

            'logs_service.add_mbtankrecord': UserAccessLevel.ADMIN,
            'logs_service.change_mbtankrecord': UserAccessLevel.ADMIN,
            'logs_service.delete_mbtankrecord': UserAccessLevel.ADMIN,
            'logs_service.view_mbtankrecord': UserAccessLevel.BASIC,

            'logs_service.view_pump_stats': UserAccessLevel.ENGINEER
        }
        if perm in permissions:
            if permissions[perm] <= self.access_level:
                return True
        elif settings.DEBUG:
            print(f"User.has_perm: unknown permission - '{perm}'")
        return False

    def has_perms(self, perm_list, obj=None):
        for p in perm_list:
            if not self.has_perm(p, obj):
                return False
        return True

    def has_module_perms(self, package_name):
        return self.access_level == UserAccessLevel.ADMIN