disable adding to the entity managers list

car_inventory/urls.py

@@ -21,8 +21,8 @@ urlpatterns += i18n_patterns(
     path("switch_language/", views.switch_language, name="switch_language"),
     path("accounts/", include("allauth.urls")),
     # path('prometheus/', include('django_prometheus.urls')),
-    path("", include("inventory.urls")),
     path("ledger/", include("django_ledger.urls", namespace="django_ledger")),
+    path("", include("inventory.urls")),
     path("haikalbot/", include("haikalbot.urls")),
     path("appointment/", include("appointment.urls")),
     path("plans/", include("plans.urls")),

inventory/middleware.py

@@ -126,7 +126,7 @@ class DealerSlugMiddleware:
         request.path_info.startswith('/en/login/') or \
         request.path_info.startswith('/en/logout/') or \
         request.path_info.startswith('/en/ledger/') or \
-        request.path_info.startswith('/en/ledger/') or \
+        request.path_info.startswith('/ar/ledger/') or \
         request.path_info.startswith('/en/notifications/') or \
         request.path_info.startswith('/ar/notifications/'):
             return None

inventory/mixins.py

@@ -1,7 +1,8 @@
 from django.http import Http404
-from django.shortcuts import redirect
+from django.shortcuts import get_object_or_404, redirect
 from django.utils.translation import get_language
-
+from django_ledger.models import EntityModel
+from inventory import models
 from inventory.utils import get_user_type
 
 
@@ -74,3 +75,12 @@ class DealerSlugMixin:
             elif kwargs["dealer_slug"] != request.dealer.slug:
                 raise Http404("Dealer slug mismatch")
         return super().dispatch(request, *args, **kwargs)
+
+
+class AuthorizedEntityMixin:
+    def get_authorized_entity_queryset(self):
+        dealer = get_object_or_404(models.Dealer,slug=self.kwargs["dealer_slug"])
+        return EntityModel.objects.for_user(
+            user_model=dealer.entity.admin,
+            authorized_superuser=self.get_superuser_authorization(),
+        )

inventory/models.py

@@ -34,6 +34,7 @@ from django_ledger.models import (
     EntityManagementModel,
     PurchaseOrderModel,
     ItemTransactionModel,
+    BillModel
 )
 from django.contrib.contenttypes.fields import GenericForeignKey
 from django.contrib.contenttypes.models import ContentType
@@ -1197,24 +1198,16 @@ class Staff(models.Model, LocalizedNameMixin):
         try:
             self.user.groups.add(group)
             if "accountant" in group.name.lower() or "manager" in group.name.lower():
-                self.add_as_superuser()
+                self.add_superuser_permission()
         except Exception as e:
             print(e)
 
-    def add_as_superuser(self):
-        EntityManagementModel.objects.get_or_create(
-            user=self.user, entity=self.dealer.entity
-        )
+    def add_superuser_permission(self):
+        pass
+        # self.dealer.entity.managers.add(self.user)
     def remove_superuser_permission(self):
-        EntityManagementModel.objects.filter(
-            user=self.user, entity=self.dealer.entity
-        ).delete()
-        # self.user.groups.clear()
-        # group = Group.objects.filter(
-        #     customgroup__name__iexact=self.staff_type
-        # ).first()
-        # if group:
-        #     self.add_group(group)
+        pass
+        # self.dealer.entity.managers.remove(self.user)
 
     class Meta:
         verbose_name = _("Staff")
@@ -2552,6 +2545,10 @@ class CustomGroup(models.Model):
             pass
 
     def set_default_permissions(self):
+        est = ContentType.objects.get_for_model(EstimateModel)
+        bill = ContentType.objects.get_for_model(BillModel)
+        Permission.objects.get_or_create(name="Can approve estimate",codename="can_approve_estimate",content_type=est)
+        Permission.objects.get_or_create(name="Can approve bill",codename="can_approve_bill",content_type=bill)
         self.clear_permissions()
         if self.name == "Manager":
             self.set_permissions(
@@ -2591,6 +2588,8 @@ class CustomGroup(models.Model):
                     "chartofaccountmodel",
                     "customermodel",
                     "billmodel",
+                    "can_approve_estimate"
+                    "can_approve_bill",
                 ],
             )
         elif self.name == "Inventory":

inventory/urls.py

@@ -994,12 +994,12 @@ urlpatterns = [
     # CASH FLOW STATEMENTS...
     # Entities...
     path(
-        "entity/<slug:entity_slug>/cash-flow-statement/",
+        "<slug:dealer_slug>/entity/<slug:entity_slug>/cash-flow-statement/",
         views.BaseCashFlowStatementRedirectViewBase.as_view(),
         name="entity-cf",
     ),
     path(
-        "entity/<slug:entity_slug>/cash-flow-statement/year/<int:year>/",
+        "<slug:dealer_slug>/entity/<slug:entity_slug>/cash-flow-statement/year/<int:year>/",
         views.FiscalYearCashFlowStatementViewBase.as_view(),
         name="entity-cf-year",
     ),

inventory/views.py

@@ -19,7 +19,7 @@ from pyzbar.pyzbar import decode
 from urllib.parse import urlparse, urlunparse
 
 #####################################################################
-from inventory.mixins import DealerSlugMixin
+from inventory.mixins import AuthorizedEntityMixin, DealerSlugMixin
 from inventory.models import Status as LeadStatus
 from django.db import IntegrityError
 from django.views.generic import FormView
@@ -2685,7 +2685,7 @@ class GroupCreateView(
             group_manager, _ = models.CustomGroup.objects.get_or_create(
                 name=instance.name, dealer=dealer, group=group
             )
-            group_manager.set_default_permissions()
+            # group_manager.set_default_permissions()
             dealer.user.groups.add(group)
         return super().form_valid(form)
 
@@ -7452,7 +7452,7 @@ class BaseBalanceSheetRedirectView(RedirectView):
 
 
 class FiscalYearBalanceSheetViewBase(
-    FiscalYearBalanceSheetView, DjangoLedgerSecurityMixIn
+    FiscalYearBalanceSheetView
 ):
     """
     Defines a base view for the fiscal year balance sheet.
@@ -7479,7 +7479,7 @@ class FiscalYearBalanceSheetViewBase(
 
 
 class QuarterlyBalanceSheetView(
-    FiscalYearBalanceSheetViewBase, QuarterlyReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearBalanceSheetViewBase, QuarterlyReportMixIn
 ):
     """
     Represents a quarterly balance sheet view.
@@ -7502,7 +7502,7 @@ class QuarterlyBalanceSheetView(
 
 
 class MonthlyBalanceSheetView(
-    FiscalYearBalanceSheetViewBase, MonthlyReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearBalanceSheetViewBase, MonthlyReportMixIn,
 ):
     """
     Represents the view for the monthly balance sheet.
@@ -7525,7 +7525,7 @@ class MonthlyBalanceSheetView(
 
 
 class DateBalanceSheetView(
-    FiscalYearBalanceSheetViewBase, DateReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearBalanceSheetViewBase, DateReportMixIn,
 ):
     """
     Represents a balance sheet view for a specific date.
@@ -7555,7 +7555,7 @@ class DateBalanceSheetView(
 
 
 class BaseIncomeStatementRedirectViewBase(
-    BaseIncomeStatementRedirectView, DjangoLedgerSecurityMixIn
+    BaseIncomeStatementRedirectView
 ):
     """
     The BaseIncomeStatementRedirectViewBase class provides functionality for handling
@@ -7584,7 +7584,7 @@ class BaseIncomeStatementRedirectViewBase(
 
 
 class FiscalYearIncomeStatementViewBase(
-    FiscalYearIncomeStatementView, DjangoLedgerSecurityMixIn
+    FiscalYearIncomeStatementView
 ):
     """
     Represents a base view for fiscal year income statement.
@@ -7609,7 +7609,7 @@ class FiscalYearIncomeStatementViewBase(
 
 
 class QuarterlyIncomeStatementView(
-    FiscalYearIncomeStatementViewBase, QuarterlyReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearIncomeStatementViewBase, QuarterlyReportMixIn
 ):
     """
     Represents a detailed view for a quarterly income statement.
@@ -7638,7 +7638,7 @@ class QuarterlyIncomeStatementView(
 
 
 class MonthlyIncomeStatementView(
-    FiscalYearIncomeStatementViewBase, MonthlyReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearIncomeStatementViewBase, MonthlyReportMixIn,
 ):
     """
     Represents the view for a monthly income statement in the financial
@@ -7664,7 +7664,7 @@ class MonthlyIncomeStatementView(
 
 
 class DateModelIncomeStatementView(
-    FiscalYearIncomeStatementViewBase, DateReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearIncomeStatementViewBase, DateReportMixIn,
 ):
     """
     Represents a detailed view of an income statement for a fiscal year with additional
@@ -7689,7 +7689,7 @@ class DateModelIncomeStatementView(
 
 
 class BaseCashFlowStatementRedirectViewBase(
-    BaseCashFlowStatementRedirectView, DjangoLedgerSecurityMixIn
+    AuthorizedEntityMixin,BaseCashFlowStatementRedirectView
 ):
     """
     Base class for handling cash flow statement redirection views.
@@ -7704,10 +7704,10 @@ class BaseCashFlowStatementRedirectViewBase(
     """
 
     def get_redirect_url(self, *args, **kwargs):
+        dealer = get_object_or_404(models.Dealer, slug=self.kwargs["dealer_slug"])
         year = get_localdate().year
-        dealer = get_user_type(self.request)
         return reverse(
-            "entity-cf-year", kwargs={"entity_slug": dealer.entity.slug, "year": year}
+            "entity-cf-year", kwargs={"dealer_slug": dealer.slug,"entity_slug": dealer.entity.slug, "year": year}
         )
 
     def get_login_url(self):
@@ -7715,7 +7715,7 @@ class BaseCashFlowStatementRedirectViewBase(
 
 
 class FiscalYearCashFlowStatementViewBase(
-    FiscalYearCashFlowStatementView, DjangoLedgerSecurityMixIn
+    AuthorizedEntityMixin,FiscalYearCashFlowStatementView
 ):
     """
     Represents a base view for fiscal year cash flow statements.
@@ -7740,8 +7740,11 @@ class FiscalYearCashFlowStatementViewBase(
         return reverse("account_login")
 
 
+
+
+
 class QuarterlyCashFlowStatementView(
-    FiscalYearCashFlowStatementViewBase, QuarterlyReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearCashFlowStatementViewBase, QuarterlyReportMixIn,
 ):
     """
     Represents a view model for quarterly cash flow statements.
@@ -7769,7 +7772,7 @@ class QuarterlyCashFlowStatementView(
 
 
 class MonthlyCashFlowStatementView(
-    FiscalYearCashFlowStatementViewBase, MonthlyReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearCashFlowStatementViewBase, MonthlyReportMixIn,
 ):
     """
     Represents a view for monthly cash flow statements.
@@ -7788,7 +7791,7 @@ class MonthlyCashFlowStatementView(
 
 
 class DateCashFlowStatementView(
-    FiscalYearCashFlowStatementViewBase, DateReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearCashFlowStatementViewBase, DateReportMixIn,
 ):
     """
     Representation of a detailed view for a cash flow statement associated with a specific fiscal year,
@@ -7807,7 +7810,7 @@ class DateCashFlowStatementView(
 
 
 class EntityModelDetailHandlerViewBase(
-    EntityModelDetailHandlerView, DjangoLedgerSecurityMixIn
+    EntityModelDetailHandlerView,
 ):
     """
     Handles detailed views for Entity Models along with redirection logic
@@ -7849,7 +7852,7 @@ class EntityModelDetailHandlerViewBase(
 
 
 class EntityModelDetailBaseViewBase(
-    EntityModelDetailBaseView, DjangoLedgerSecurityMixIn
+    EntityModelDetailBaseView,
 ):
     """
     Represents a base view that extends functionality for displaying detailed
@@ -7906,7 +7909,7 @@ class EntityModelDetailBaseViewBase(
 
 
 class FiscalYearEntityModelDashboardView(
-    EntityModelDetailBaseViewBase, DjangoLedgerSecurityMixIn
+    EntityModelDetailBaseViewBase,
 ):
     """
     Represents a dashboard view for fiscal year entity models.
@@ -7927,7 +7930,7 @@ class FiscalYearEntityModelDashboardView(
 
 
 class QuarterlyEntityDashboardView(
-    FiscalYearEntityModelDashboardView, QuarterlyReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearEntityModelDashboardView, QuarterlyReportMixIn,
 ):
     """
     Represents a dashboard view for quarterly entities.
@@ -7951,7 +7954,7 @@ class QuarterlyEntityDashboardView(
 
 
 class MonthlyEntityDashboardView(
-    FiscalYearEntityModelDashboardView, MonthlyReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearEntityModelDashboardView, MonthlyReportMixIn,
 ):
     """
     Represents a dashboard view for a specific entity's monthly report.
@@ -7980,7 +7983,7 @@ class MonthlyEntityDashboardView(
 
 
 class DateEntityDashboardView(
-    FiscalYearEntityModelDashboardView, DateReportMixIn, DjangoLedgerSecurityMixIn
+    FiscalYearEntityModelDashboardView, DateReportMixIn,
 ):
     """
     Represents a dashboard view for date-based entity data visualization.
@@ -8000,7 +8003,7 @@ class DateEntityDashboardView(
     """
 
 
-class PayableNetAPIView(DjangoLedgerSecurityMixIn, EntityUnitMixIn, View):
+class PayableNetAPIView(EntityUnitMixIn, View):
     """
     Handles the retrieval of net payable data for authenticated users.
 
@@ -8885,22 +8888,23 @@ def sse_stream(request):
         last_id = request.GET.get("last_id", 0)
         while True:
             # Check for new notifications
-            notifications = models.Notification.objects.filter(
-                user=request.user, id__gt=last_id, is_read=False
-            ).order_by("created")
-            for notification in notifications:
-                notification_data = {
-                    "id": notification.id,
-                    "message": notification.message,
-                    "created": notification.created.isoformat(),
-                }
+            if request.user.is_authenticated:
+                notifications = models.Notification.objects.filter(
+                    user=request.user, id__gt=last_id, is_read=False
+                ).order_by("created")
+                for notification in notifications:
+                    notification_data = {
+                        "id": notification.id,
+                        "message": notification.message,
+                        "created": notification.created.isoformat(),
+                    }
 
-                yield (
-                    f"id: {notification.id}\n"
-                    f"event: notification\n"
-                    f"data: {json.dumps(notification_data)}\n\n"
-                )
-                last_id = notification.id
+                    yield (
+                        f"id: {notification.id}\n"
+                        f"event: notification\n"
+                        f"data: {json.dumps(notification_data)}\n\n"
+                    )
+                    last_id = notification.id
 
             sleep(2)
 

templates/bill/includes/card_bill.html

@@ -219,7 +219,7 @@
                             </button>
                         {% endif %}
                         <!-- Mark as Approved -->
-                        {% if bill.can_approve %}
+                        {% if bill.can_approve and perms.django_ledger.can_approve_bill %}
                             <button class="btn btn-phoenix-success"
                                     onclick="showPOModal('Mark as Approved', '{% url 'bill-action-mark-as-approved' dealer_slug=request.dealer.slug entity_slug=entity_slug bill_pk=bill.pk %}', 'Mark as Approved')">
                                 <i class="fas fa-check-circle me-2"></i>{% trans 'Mark as Approved' %}

templates/header.html

@@ -297,10 +297,8 @@
                           {% comment %} <i class="fa-solid fa-chart-line"></i><span class="nav-link-text">{% trans 'Dashboard'|capfirst %}</span> {% endcomment %}
                         </div>
                       </a>
-                      {% if request.user.is_authenticated and request.is_dealer %}
-                        <a class="nav-link" href="{% url 'entity-cf' request.user.dealer.entity.slug %}">
-                      {% elif request.user.is_authenticated and request.is_staff %}
-                        <a class="nav-link" href="{% url 'entity-cf' request.user.staffmember.staff.dealer.entity.slug %}">
+                      {% if request.user.is_authenticated %}
+                        <a class="nav-link" href="{% url 'entity-cf' request.dealer.slug request.dealer.entity.slug %}">
                       {% else %}
                         <a class="nav-link" href="#">
                       {% endif %}