Add User Permission Level Code

Author: hackstarsj

Backend/EcommerceInventory/EcommerceInventory/Helpers.py

@@ -6,8 +6,11 @@
 from django.forms.models import model_to_dict
 from functools import wraps
 from django.db.models import Q
-from django.db import models
+from django.db import connection, models
 from rest_framework import serializers
+from django.urls.resolvers import URLPattern,get_resolver,URLResolver
+from django.core.serializers import serialize
+import json
 
 def getDynamicFormModels():
     return {
@@ -249,4 +252,29 @@ def to_representation(self,obj):
         return representation
 
     cls.to_representation=to_representation
-    return cls
+    return cls
+
+def list_project_urls(patterns,parent_pattern=''):
+    url_list=[]
+    for pattern in patterns:
+        if isinstance(pattern,URLPattern):
+            url_list.append("/"+parent_pattern+str(pattern.pattern))
+        elif isinstance(pattern,URLResolver):
+            url_list.extend(list_project_urls(pattern.url_patterns,parent_pattern+str(pattern.pattern)))
+    return url_list
+
+def convertModeltoJSON(model):
+    serialized_model=serialize('json',model)
+    serializers_data=json.loads(serialized_model)
+    modelItems=[]
+    for data in serializers_data:
+        data['fields']['id']=data['pk']
+        modelItems.append(data['fields'])
+    return modelItems
+
+
+def executeQuery(query,params):
+    with connection.cursor() as cursor:
+        cursor.execute(query,params)
+        columns=[col[0] for col in cursor.description]
+        return [dict(zip(columns,row)) for row in cursor.fetchall()]

Backend/EcommerceInventory/EcommerceInventory/__pycache__/Helpers.cpython-311.pyc

@@ -0,0 +1,52 @@
+from django.http import JsonResponse
+from UserServices.models import ModuleUrls, UserPermissions
+from rest_framework_simplejwt.authentication import JWTAuthentication
+import re
+from django.db.models import Q
+
+class PermissionMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+        
+        current_url = request.path
+        if current_url in urlToSkip():
+            return response
+        
+        jwt_auth=JWTAuthentication()
+        try:
+            user,token=jwt_auth.authenticate(request)
+            if not user:
+                return JsonResponse({'message':'Unauthorized'},status=401)
+        except:
+            return JsonResponse({'message':'Unauthorized'},status=401)
+        
+        # Skip Permission Logic for Super Admin and Top Domain Level User
+        if user.role=='Super Admin' or user.domain_user_id.id==user.id:
+            return response
+
+        module=find_matching_module(current_url)
+        
+        if not module:
+            return JsonResponse({'message':'Module not Exist'},status=400)
+        
+
+        permission=UserPermissions.objects.filter(user=user.id,module=module.module).first()
+        if not permission or permission.is_permission==False:
+            return JsonResponse({'message':'Permission Denied'},status=403)
+        
+
+        return response
+    
+
+def urlToSkip():
+    modules=ModuleUrls.objects.filter(module__isnull=True).values_list('url',flat=True)
+    return modules
+
+def find_matching_module(url):
+    regex_pattern=re.sub(r'\d+','[^\/]+',url.replace('/','\/'))
+
+    match_patter=ModuleUrls.objects.filter(Q(url__iregex=f'^{regex_pattern}$')).first()
+    return match_patter

Backend/EcommerceInventory/EcommerceInventory/__pycache__/settings.cpython-311.pyc

@@ -59,6 +59,7 @@
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'corsheaders.middleware.CorsMiddleware',
+    'EcommerceInventory.middleware.PermissionMiddleware.PermissionMiddleware',
 ]
 
 REST_FRAMEWORK={

Backend/EcommerceInventory/EcommerceInventory/__pycache__/urls.cpython-311.pyc

@@ -21,7 +21,7 @@
 from EcommerceInventory import settings
 from UserServices.Controller.DynamicFormController import DynamicFormController
 from UserServices.Controller.SuperAdminDynamicFormController import SuperAdminDynamicFormController
-from UserServices.Controller.SidebarController import ModuleView
+from UserServices.Controller.SidebarController import ModuleUrlsListAPIView, ModuleView
 from django.conf.urls.static import static
 
 
@@ -31,6 +31,7 @@
     path('api/getForm/<str:modelName>/',DynamicFormController.as_view(),name='dynamicForm'),
     path('api/getForm/<str:modelName>/<str:id>/',DynamicFormController.as_view(),name='dynamicForm'),
     path('api/superAdminForm/<str:modelName>/',SuperAdminDynamicFormController.as_view(),name='superadmindynamicForm'),
+    path('api/moduleUrls/',ModuleUrlsListAPIView.as_view(),name='moduleUrls_superadmin'),
     path('api/getMenus/',ModuleView.as_view(),name='sidebarmenu'),
     path('api/products/',include('ProductServices.urls')),
     path('api/inventory/',include('InventoryServices.urls')),

Backend/EcommerceInventory/EcommerceInventory/__pycache__/views.cpython-311.pyc

@@ -1,22 +1,75 @@
 import json
-from EcommerceInventory.Helpers import renderResponse
-from UserServices.models import Modules
+
+from django.urls import get_resolver
+from EcommerceInventory.Helpers import convertModeltoJSON, list_project_urls, renderResponse
+from UserServices.models import ModuleUrls, Modules, UserPermissions
 from rest_framework import generics
 from django.core.serializers import serialize
+from rest_framework.views import APIView
+from rest_framework_simplejwt.authentication import JWTAuthentication
+from rest_framework.permissions import IsAuthenticated
+from EcommerceInventory.permission import IsSuperAdmin
+
 
 class ModuleView(generics.CreateAPIView):
+    authentication_classes = [JWTAuthentication]
+    permission_classes = [IsAuthenticated]
 
     def get(self,request):
-        menus=Modules.objects.filter(is_menu=True,parent_id=None,is_active=True).order_by('display_order')
+        permission_module_ids=[]
+        #Return all Modules for Super Admin and Top Domain Level User
+        if request.user.role=='Super Admin' or request.user.domain_user_id.id==request.user.id:
+            menus=Modules.objects.filter(is_menu=True,parent_id=None,is_active=True).order_by('display_order')
+        else:
+            permission_module_ids=UserPermissions.objects.filter(user=request.user.id,is_permission=True).values_list('module_id',flat=True)
+            menus=Modules.objects.filter(is_menu=True,parent_id=None,is_active=True).filter(id__in=permission_module_ids).order_by('display_order')
 
         serialized_menus=serialize('json',menus)
         serialized_menus=json.loads(serialized_menus)
 
         cleaned_menus=[]
         for menu in serialized_menus:
             menu['fields']['id']=menu['pk']
-            menu['fields']['submenus']=Modules.objects.filter(parent_id=menu['pk'],is_active=True,is_menu=True).order_by('display_order').values('id','module_name','module_icon','is_menu','is_active','parent_id','display_order','module_url','module_description')
+            if request.user.role=='Super Admin' or request.user.domain_user_id.id==request.user.id:
+                menu['fields']['submenus']=Modules.objects.filter(parent_id=menu['pk'],is_active=True,is_menu=True).order_by('display_order').values('id','module_name','module_icon','is_menu','is_active','parent_id','display_order','module_url','module_description')
+            else:
+                menu['fields']['submenus']=Modules.objects.filter(parent_id=menu['pk'],is_active=True,is_menu=True).filter(id__in=permission_module_ids).order_by('display_order').values('id','module_name','module_icon','is_menu','is_active','parent_id','display_order','module_url','module_description')
             cleaned_menus.append(menu['fields'])
 
+        if request.user.role=='Super Admin':
+            cleaned_menus.append({'id':0,'module_name':'Manage Module Urls','module_icon':'','is_menu':True,'is_active':True,'parent_id':None,'display_order':0,'module_url':'/manage/moduleUrls','module_description':'Module Urls','submenus':[]})
+
         return renderResponse(data=cleaned_menus,message='All Modules',status=200)
-    
+    
+
+class ModuleUrlsListAPIView(APIView):
+    authentication_classes = [JWTAuthentication]
+    permission_classes = [IsAuthenticated,IsSuperAdmin]
+
+    def get(self,request):
+        urls=ModuleUrls.objects.all()
+        urlJson=convertModeltoJSON(urls)
+
+        urlconf=get_resolver()
+        urlsProject=list_project_urls(urlconf.url_patterns)
+
+        modules=Modules.objects.all()
+        modulesJson=convertModeltoJSON(modules)
+        modulesJson.insert(0,{'id':0,'module_name':'Skip Permission'})
+
+        return renderResponse(data={'moduleUrls':urlJson,'project_urls':urlsProject,'modules':modulesJson},message='All Module Urls',status=200)
+
+    def post(self,request):
+        data=request.data
+        for item in data:
+            if item['url']!=None:
+                if 'id' in item and item['id'] and item['id']!=0:
+                    moduleUrls=ModuleUrls.objects.get(id=item['id'])
+                    moduleUrls.url=item['url']
+                else:
+                    moduleUrls=ModuleUrls(url=item['url'])
+                    
+                if item['module']!=0 and item['module']!=None:
+                    moduleUrls.module=Modules.objects.get(id=item['module'])
+                moduleUrls.save()
+        return renderResponse(data={},message='Module Urls Updated',status=200)

Backend/EcommerceInventory/EcommerceInventory/middleware/PermissionMiddleware.py

@@ -1,5 +1,5 @@
-from EcommerceInventory.Helpers import CommonListAPIMixin, CommonListAPIMixinWithFilter, CustomPageNumberPagination, createParsedCreatedAtUpdatedAt, renderResponse
-from UserServices.models import Users
+from EcommerceInventory.Helpers import CommonListAPIMixin, CommonListAPIMixinWithFilter, CustomPageNumberPagination, createParsedCreatedAtUpdatedAt, executeQuery, renderResponse
+from UserServices.models import Modules, UserPermissions, Users
 from rest_framework.views import APIView
 from rest_framework.permissions import IsAuthenticated
 from rest_framework_simplejwt.authentication import JWTAuthentication
@@ -60,3 +60,64 @@ def get_queryset(self):
 
     def perform_update(self,serializer):
         serializer.save()
+
+
+class UserPermissionsView(APIView):
+    permission_classes = [IsAuthenticated]
+    authentication_classes = [JWTAuthentication]
+    def get(self,request,pk):
+        query='''
+            SELECT 
+                userservices_modules.module_name, 
+                userservices_modules.id as module_id, 
+                userservices_modules.parent_id_id, 
+                COALESCE(userservices_userpermissions.is_permission,0) as is_permission,
+                userservices_userpermissions.user_id, 
+                userservices_userpermissions.domain_user_id_id 
+                FROM
+                    `userservices_modules` 
+                    left join 
+                        userservices_userpermissions
+                    on 
+                    userservices_userpermissions.module_id=userservices_modules.id and 
+            userservices_userpermissions.user_id=%s;
+        '''
+
+        permissions=executeQuery(query,[pk])
+
+        permissionList={}
+        for permission in permissions:
+            if permission['parent_id_id']==None:
+                permission['children']=[]
+                permissionList[permission['module_id']]=permission
+            
+        for permission in permissions:
+            if permission['parent_id_id']!=None:
+                permissionList[permission['parent_id_id']]['children'].append(permission)
+
+        permissionList=permissionList.values()
+        return renderResponse(data=permissionList,message="User Permissions",status=200)
+
+    def post(self,request,pk):
+        data=request.data
+        for item in data:
+            if 'id' in item and item['id']!=None:
+                permission=UserPermissions.objects.get(id=item['id'])
+                permission.is_permission=item['is_permission']
+            else:
+                module=Modules.objects.get(id=item['module_id'])
+                permission=UserPermissions(module=module,user_id=pk,is_permission=item['is_permission'])
+
+            permission.save()
+
+            if 'children' in item:
+                for child in item['children']:
+                    if 'id' in child and child['id']!=None:
+                        permission=UserPermissions.objects.get(id=child['id'])
+                        permission.is_permission=child['is_permission']
+                    else:
+                        module=Modules.objects.get(id=child['module_id'])
+                        permission=UserPermissions(module=module,user_id=pk,is_permission=child['is_permission'])
+
+                        permission.save()
+        return renderResponse(data=[],message="Permissions Updated",status=200)

Backend/EcommerceInventory/EcommerceInventory/middleware/__pycache__/PermissionMiddleware.cpython-311.pyc

@@ -0,0 +1,41 @@
+# Generated by Django 5.0.6 on 2024-08-11 07:16
+
+import django.db.models.deletion
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('UserServices', '0006_alter_users_profile_pic'),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name='userpermissions',
+            old_name='is_add',
+            new_name='is_permission',
+        ),
+        migrations.RemoveField(
+            model_name='userpermissions',
+            name='is_delete',
+        ),
+        migrations.RemoveField(
+            model_name='userpermissions',
+            name='is_edit',
+        ),
+        migrations.RemoveField(
+            model_name='userpermissions',
+            name='is_view',
+        ),
+        migrations.CreateModel(
+            name='ModuleUrls',
+            fields=[
+                ('id', models.AutoField(primary_key=True, serialize=False)),
+                ('url', models.CharField(max_length=255)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('module', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.CASCADE, to='UserServices.modules')),
+            ],
+        ),
+    ]

Backend/EcommerceInventory/EcommerceInventory/settings.py

@@ -75,14 +75,18 @@ class UserPermissions(models.Model):
     id=models.AutoField(primary_key=True)
     user=models.ForeignKey(Users,on_delete=models.CASCADE,related_name='user_permissions_1')
     module=models.ForeignKey(Modules,on_delete=models.CASCADE)
-    is_view=models.BooleanField(default=False)
-    is_add=models.BooleanField(default=False)
-    is_edit=models.BooleanField(default=False)
-    is_delete=models.BooleanField(default=False)
+    is_permission=models.BooleanField(default=False)
     domain_user_id=models.ForeignKey(Users,on_delete=models.CASCADE,blank=True,null=True,related_name='domain_user_id_user_permissions')
     created_at=models.DateTimeField(auto_now_add=True)
     updated_at=models.DateTimeField(auto_now=True)
 
+class ModuleUrls(models.Model):
+    id=models.AutoField(primary_key=True)
+    module=models.ForeignKey(Modules,on_delete=models.CASCADE,blank=True,null=True)
+    url=models.CharField(max_length=255)
+    created_at=models.DateTimeField(auto_now_add=True)
+    updated_at=models.DateTimeField(auto_now=True)
+
 class ActivityLog(models.Model):
     id=models.AutoField(primary_key=True)
     user=models.ForeignKey(Users,on_delete=models.CASCADE,related_name='user_activity_log')

Backend/EcommerceInventory/EcommerceInventory/urls.py

@@ -10,4 +10,5 @@
     path('users/',UserController.UserListView.as_view(),name='user_list'),
     path('userlist/',UserController.UserWithFilterListView.as_view(),name='user_list_filter'),
     path('updateuser/<pk>/',UserController.UpdateUsers.as_view(),name='update_user'),
+    path('userpermission/<pk>/',UserController.UserPermissionsView.as_view(),name='user_permission'),
 ]

Backend/EcommerceInventory/UserServices/Controller/SidebarController.py

@@ -18,9 +18,11 @@ import ManageProducts from './pages/products/ManageProducts';
 import Error404Page from './pages/Error404Page';
 import ManageWarhouse from './pages/warehouse/ManageWarehouse';
 import ManageUsers from './pages/users/ManageUsers';
+import ManageModuleUrls from './pages/module/ManageModuleUrls';
 
 function App() {
   const {status,error,items}=useSelector(state=>state.sidebardata);
+  const {isLoggedIn}=useSelector(state=>state.isLoggedInReducer);
   const dispatch=useDispatch();
 
   useEffect(()=>{
@@ -29,6 +31,11 @@ function App() {
     }
   },[status,dispatch])
 
+  useEffect(()=>{
+    if(isLoggedIn){
+      dispatch(fetchSidebar());
+    }
+  },[isLoggedIn])
   const router=createBrowserRouter(
     [
       {path:"/auth",element:<Auth/>},
@@ -43,7 +50,8 @@ function App() {
           {path:"/manage/category",element:<ProtectedRoute element={<ManageCategories/>}/>},
           {path:"/manage/product",element:<ProtectedRoute element={<ManageProducts/>}/>},
           {path:"/manage/warehouse",element:<ProtectedRoute element={<ManageWarhouse/>}/>},
-          {path:"/manage/users",element:<ProtectedRoute element={<ManageUsers/>}/>}
+          {path:"/manage/users",element:<ProtectedRoute element={<ManageUsers/>}/>},
+          {path:"/manage/moduleurls",element:<ProtectedRoute element={<ManageModuleUrls/>}/>}
         ]},
     ]
   )