from django.core.management.base import BaseCommand from role.models import Role, Permission from django.contrib.auth.models import Permission as DjangoPermission from django.contrib.contenttypes.models import ContentType class Command(BaseCommand): help = 'Setup admin permissions for different roles' def handle(self, *args, **options): self.stdout.write('Setting up admin permissions...') # Create Django permissions for different models self.create_django_permissions() # Setup role-specific permissions self.setup_super_admin_permissions() self.setup_ketua_permissions() self.setup_sekretaris_permissions() self.setup_bendahara_permissions() self.setup_web_admin_permissions() self.stdout.write( self.style.SUCCESS('Admin permissions setup completed!') ) def create_django_permissions(self): """Create Django permissions for models""" # Get content types for different apps try: from anggota.models import User, Absensi, Iuran from core.models import Notification from event.models import Event from blog.models import Post from keuangan.models import Transaksi # Create permissions for User model user_ct = ContentType.objects.get_for_model(User) self.create_permission_if_not_exists(user_ct, 'approve_user', 'Can approve user registration') self.create_permission_if_not_exists(user_ct, 'reject_user', 'Can reject user registration') self.create_permission_if_not_exists(user_ct, 'export_user', 'Can export user data') # Create permissions for Absensi model absensi_ct = ContentType.objects.get_for_model(Absensi) self.create_permission_if_not_exists(absensi_ct, 'export_absensi', 'Can export absensi data') # Create permissions for Iuran model iuran_ct = ContentType.objects.get_for_model(Iuran) self.create_permission_if_not_exists(iuran_ct, 'export_iuran', 'Can export iuran data') # Kegiatan permissions removed - use event app instead # Create permissions for Event model event_ct = ContentType.objects.get_for_model(Event) self.create_permission_if_not_exists(event_ct, 'approve_event', 'Can approve event') self.create_permission_if_not_exists(event_ct, 'export_event', 'Can export event data') # Create permissions for Post model post_ct = ContentType.objects.get_for_model(Post) self.create_permission_if_not_exists(post_ct, 'approve_post', 'Can approve post') self.create_permission_if_not_exists(post_ct, 'export_post', 'Can export post data') # Create permissions for Transaksi model transaksi_ct = ContentType.objects.get_for_model(Transaksi) self.create_permission_if_not_exists(transaksi_ct, 'export_transaksi', 'Can export transaksi data') self.create_permission_if_not_exists(transaksi_ct, 'view_laporan', 'Can view laporan keuangan') self.create_permission_if_not_exists(transaksi_ct, 'export_laporan', 'Can export laporan keuangan') except ImportError as e: self.stdout.write( self.style.WARNING(f'Could not import models: {e}') ) def create_permission_if_not_exists(self, content_type, codename, name): """Create permission if it doesn't exist""" permission, created = DjangoPermission.objects.get_or_create( codename=codename, content_type=content_type, defaults={'name': name} ) if created: self.stdout.write(f'Created permission: {name}') def setup_super_admin_permissions(self): """Setup permissions for Super Admin role""" try: role = Role.objects.get(name='Super Admin') # Super Admin gets all permissions all_permissions = [ 'anggota.view_user', 'anggota.add_user', 'anggota.change_user', 'anggota.delete_user', 'anggota.approve_user', 'anggota.reject_user', 'anggota.export_user', 'anggota.view_absensi', 'anggota.add_absensi', 'anggota.change_absensi', 'anggota.delete_absensi', 'anggota.export_absensi', 'anggota.view_iuran', 'anggota.add_iuran', 'anggota.change_iuran', 'anggota.delete_iuran', 'anggota.export_iuran', 'core.view_kegiatan', 'core.add_kegiatan', 'core.change_kegiatan', 'core.delete_kegiatan', 'core.view_notification', 'core.add_notification', 'core.change_notification', 'core.delete_notification', 'core.view_website_settings', 'core.change_website_settings', 'event.view_event', 'event.add_event', 'event.change_event', 'event.delete_event', 'event.approve_event', 'event.export_event', 'blog.view_post', 'blog.add_post', 'blog.change_post', 'blog.delete_post', 'blog.approve_post', 'blog.export_post', 'keuangan.view_transaksi', 'keuangan.add_transaksi', 'keuangan.change_transaksi', 'keuangan.delete_transaksi', 'keuangan.export_transaksi', 'keuangan.view_laporan', 'keuangan.export_laporan', 'role.view_role', 'role.add_role', 'role.change_role', 'role.delete_role', 'role.view_roleassignment', 'role.add_roleassignment', 'role.change_roleassignment', 'role.delete_roleassignment', 'role.view_permission', 'role.add_permission', 'role.change_permission', 'role.delete_permission', ] role.permissions = all_permissions role.save() self.stdout.write('Super Admin permissions configured') except Role.DoesNotExist: self.stdout.write( self.style.WARNING('Super Admin role not found') ) def setup_ketua_permissions(self): """Setup permissions for Ketua role""" try: role = Role.objects.get(name='Ketua Umum') # Ketua gets leadership permissions ketua_permissions = [ 'anggota.view_user', 'anggota.approve_user', 'anggota.reject_user', 'anggota.export_user', 'anggota.view_absensi', 'anggota.export_absensi', 'anggota.view_iuran', 'anggota.export_iuran', 'core.view_kegiatan', 'core.add_kegiatan', 'core.change_kegiatan', 'core.view_notification', 'core.add_notification', 'event.view_event', 'event.add_event', 'event.change_event', 'event.approve_event', 'blog.view_post', 'blog.add_post', 'blog.change_post', 'blog.approve_post', 'keuangan.view_transaksi', 'keuangan.view_laporan', 'keuangan.export_laporan', 'role.view_role', 'role.view_roleassignment', ] role.permissions = ketua_permissions role.save() self.stdout.write('Ketua permissions configured') except Role.DoesNotExist: self.stdout.write( self.style.WARNING('Ketua Umum role not found') ) def setup_sekretaris_permissions(self): """Setup permissions for Sekretaris role""" try: role = Role.objects.get(name='Sekretaris Umum') # Sekretaris gets administrative permissions sekretaris_permissions = [ 'anggota.view_user', 'anggota.add_user', 'anggota.change_user', 'anggota.export_user', 'anggota.view_absensi', 'anggota.add_absensi', 'anggota.change_absensi', 'anggota.export_absensi', 'anggota.view_iuran', 'anggota.add_iuran', 'anggota.change_iuran', 'anggota.export_iuran', 'core.view_kegiatan', 'core.add_kegiatan', 'core.change_kegiatan', 'core.view_notification', 'core.add_notification', 'core.change_notification', 'event.view_event', 'event.add_event', 'event.change_event', 'blog.view_post', 'blog.add_post', 'blog.change_post', 'keuangan.view_transaksi', 'keuangan.add_transaksi', 'keuangan.change_transaksi', 'role.view_role', 'role.view_roleassignment', ] role.permissions = sekretaris_permissions role.save() self.stdout.write('Sekretaris permissions configured') except Role.DoesNotExist: self.stdout.write( self.style.WARNING('Sekretaris Umum role not found') ) def setup_bendahara_permissions(self): """Setup permissions for Bendahara role""" try: role = Role.objects.get(name='Bendahara Umum') # Bendahara gets financial permissions bendahara_permissions = [ 'anggota.view_user', 'anggota.export_user', 'anggota.view_absensi', 'anggota.export_absensi', 'anggota.view_iuran', 'anggota.add_iuran', 'anggota.change_iuran', 'anggota.export_iuran', 'core.view_kegiatan', 'core.view_notification', 'event.view_event', 'blog.view_post', 'keuangan.view_transaksi', 'keuangan.add_transaksi', 'keuangan.change_transaksi', 'keuangan.delete_transaksi', 'keuangan.export_transaksi', 'keuangan.view_laporan', 'keuangan.export_laporan', ] role.permissions = bendahara_permissions role.save() self.stdout.write('Bendahara permissions configured') except Role.DoesNotExist: self.stdout.write( self.style.WARNING('Bendahara Umum role not found') ) def setup_web_admin_permissions(self): """Setup permissions for Web Admin role""" try: role = Role.objects.get(name='Web Administrator') # Web Admin gets system and content permissions web_admin_permissions = [ 'anggota.view_user', 'anggota.export_user', 'anggota.view_absensi', 'anggota.export_absensi', 'anggota.view_iuran', 'anggota.export_iuran', 'core.view_kegiatan', 'core.add_kegiatan', 'core.change_kegiatan', 'core.view_notification', 'core.add_notification', 'core.change_notification', 'core.view_website_settings', 'core.change_website_settings', 'event.view_event', 'event.add_event', 'event.change_event', 'blog.view_post', 'blog.add_post', 'blog.change_post', 'blog.delete_post', 'keuangan.view_transaksi', 'keuangan.export_transaksi', 'role.view_role', 'role.view_roleassignment', ] role.permissions = web_admin_permissions role.save() self.stdout.write('Web Admin permissions configured') except Role.DoesNotExist: self.stdout.write( self.style.WARNING('Web Administrator role not found') )