""" Management command to create default roles and groups for PX360. """ from django.contrib.auth.models import Group, Permission from django.contrib.contenttypes.models import ContentType from django.core.management.base import BaseCommand from apps.accounts.models import Role class Command(BaseCommand): help = 'Create default roles and groups for PX360 system' def handle(self, *args, **options): """Create default roles""" roles_config = [ { 'name': 'px_admin', 'display_name': 'PX Admin', 'description': 'Full system access. Can manage all hospitals, departments, and configurations.', 'level': 100, }, { 'name': 'hospital_admin', 'display_name': 'Hospital Admin', 'description': 'Hospital-level access. Can manage their hospital and its departments.', 'level': 80, }, { 'name': 'department_manager', 'display_name': 'Department Manager', 'description': 'Department-level access. Can manage their department.', 'level': 60, }, { 'name': 'px_coordinator', 'display_name': 'PX Coordinator', 'description': 'Can manage PX actions, complaints, and surveys.', 'level': 50, }, { 'name': 'physician', 'display_name': 'Physician', 'description': 'Can view patient feedback and their own ratings.', 'level': 40, }, { 'name': 'nurse', 'display_name': 'Nurse', 'description': 'Can view department feedback.', 'level': 30, }, { 'name': 'staff', 'display_name': 'Staff', 'description': 'Basic staff access.', 'level': 20, }, { 'name': 'viewer', 'display_name': 'Viewer', 'description': 'Read-only access to reports and dashboards.', 'level': 10, }, ] created_count = 0 updated_count = 0 for role_data in roles_config: # Get or create group group, group_created = Group.objects.get_or_create( name=role_data['display_name'] ) if group_created: self.stdout.write( self.style.SUCCESS(f"Created group: {group.name}") ) # Get or create role role, role_created = Role.objects.get_or_create( name=role_data['name'], defaults={ 'display_name': role_data['display_name'], 'description': role_data['description'], 'group': group, 'level': role_data['level'], } ) if role_created: created_count += 1 self.stdout.write( self.style.SUCCESS(f"āœ“ Created role: {role.display_name} (level {role.level})") ) else: # Update existing role role.display_name = role_data['display_name'] role.description = role_data['description'] role.level = role_data['level'] role.group = group role.save() updated_count += 1 self.stdout.write( self.style.WARNING(f"ā†» Updated role: {role.display_name}") ) # Assign permissions based on role level self._assign_permissions(role, group) self.stdout.write( self.style.SUCCESS( f"\nāœ“ Roles setup complete: {created_count} created, {updated_count} updated" ) ) self.stdout.write( self.style.SUCCESS( f"Total roles: {Role.objects.count()}" ) ) def _assign_permissions(self, role, group): """ Assign permissions to group based on role level. This is a basic implementation - expand as needed. """ # Clear existing permissions group.permissions.clear() # Get all permissions all_permissions = Permission.objects.all() # PX Admin gets all permissions if role.name == 'px_admin': group.permissions.set(all_permissions) return # Hospital Admin gets most permissions except user management if role.name == 'hospital_admin': permissions = Permission.objects.exclude( content_type__app_label='auth', codename__in=['add_user', 'delete_user', 'change_user'] ) group.permissions.set(permissions) return # Department Manager gets department-level permissions if role.name == 'department_manager': # Add view permissions for most models view_permissions = Permission.objects.filter( codename__startswith='view_' ) group.permissions.set(view_permissions) return # PX Coordinator gets complaint and action permissions if role.name == 'px_coordinator': coordinator_permissions = Permission.objects.filter( content_type__app_label__in=['complaints', 'px_action_center', 'surveys'] ) group.permissions.set(coordinator_permissions) return # Others get basic view permissions view_permissions = Permission.objects.filter( codename__startswith='view_' ) group.permissions.set(view_permissions)