312 lines
10 KiB
Python
312 lines
10 KiB
Python
"""
|
|
Services for Staff management
|
|
"""
|
|
import secrets
|
|
import string
|
|
from django.contrib.auth import get_user_model
|
|
from django.core.mail import send_mail
|
|
from django.template.loader import render_to_string
|
|
from django.conf import settings
|
|
from django.urls import reverse
|
|
from django.utils import timezone
|
|
|
|
from apps.core.services import AuditService
|
|
|
|
User = get_user_model()
|
|
|
|
|
|
class StaffService:
|
|
"""Service for managing staff user accounts"""
|
|
|
|
@staticmethod
|
|
def generate_username(staff):
|
|
"""
|
|
Generate a unique username from staff name.
|
|
Format: first.last (lowercase)
|
|
If duplicate exists, append number.
|
|
"""
|
|
base_username = f"{staff.first_name.lower()}.{staff.last_name.lower()}"
|
|
username = base_username
|
|
counter = 1
|
|
|
|
# Ensure uniqueness
|
|
while User.objects.filter(username=username).exists():
|
|
username = f"{base_username}{counter}"
|
|
counter += 1
|
|
|
|
return username
|
|
|
|
@staticmethod
|
|
def generate_password(length=12):
|
|
"""
|
|
Generate a secure random password.
|
|
"""
|
|
alphabet = string.ascii_letters + string.digits + string.punctuation
|
|
password = ''.join(secrets.choice(alphabet) for _ in range(length))
|
|
return password
|
|
|
|
@staticmethod
|
|
def create_user_for_staff(staff, role='staff', request=None):
|
|
"""
|
|
Create a User account for a Staff member.
|
|
If a user with the same email already exists, link it to the staff member instead.
|
|
|
|
Args:
|
|
staff: Staff instance
|
|
role: Role name to assign (default: 'staff')
|
|
request: HTTP request for audit logging
|
|
|
|
Returns:
|
|
tuple: (User instance, was_created: bool, password: str or None)
|
|
- was_created is True if a new user was created
|
|
- was_created is False if an existing user was linked
|
|
- password is the generated password for new users, None for linked users
|
|
|
|
Raises:
|
|
ValueError: If staff already has a user account or has no email
|
|
"""
|
|
if staff.user:
|
|
raise ValueError("Staff member already has a user account")
|
|
|
|
# Generate email (required for authentication)
|
|
if not staff.email:
|
|
raise ValueError("Staff member must have an email address")
|
|
|
|
# Check if user with this email already exists
|
|
existing_user = User.objects.filter(email=staff.email).first()
|
|
|
|
if existing_user:
|
|
# Link existing user to staff
|
|
staff.user = existing_user
|
|
staff.save(update_fields=['user'])
|
|
|
|
# Update user's organization data if not set
|
|
if not existing_user.hospital:
|
|
existing_user.hospital = staff.hospital
|
|
if not existing_user.department:
|
|
existing_user.department = staff.department
|
|
if not existing_user.employee_id:
|
|
existing_user.employee_id = staff.employee_id
|
|
existing_user.save(update_fields=['hospital', 'department', 'employee_id'])
|
|
|
|
# Assign role if not already assigned
|
|
from apps.accounts.models import Role as RoleModel
|
|
try:
|
|
role_obj = RoleModel.objects.get(name=role)
|
|
if not existing_user.groups.filter(id=role_obj.group.id).exists():
|
|
existing_user.groups.add(role_obj.group)
|
|
except RoleModel.DoesNotExist:
|
|
pass
|
|
|
|
# Log the action
|
|
if request:
|
|
AuditService.log_from_request(
|
|
event_type='other',
|
|
description=f"Existing user account linked to staff member {staff.get_full_name()}",
|
|
request=request,
|
|
content_object=existing_user,
|
|
metadata={
|
|
'staff_id': str(staff.id),
|
|
'staff_name': staff.get_full_name(),
|
|
'user_id': str(existing_user.id),
|
|
'action': 'linked_existing_user'
|
|
}
|
|
)
|
|
|
|
return existing_user, False, None # Existing user was linked, no password
|
|
|
|
# Create new user account
|
|
# Generate username (optional, for backward compatibility)
|
|
username = StaffService.generate_username(staff)
|
|
password = StaffService.generate_password()
|
|
|
|
# Create user - email is now the username field
|
|
# Note: create_user() already hashes the password, so no need to call set_password() separately
|
|
user = User.objects.create_user(
|
|
email=staff.email,
|
|
password=password,
|
|
first_name=staff.first_name,
|
|
last_name=staff.last_name,
|
|
username=username, # Optional field
|
|
employee_id=staff.employee_id,
|
|
hospital=staff.hospital,
|
|
department=staff.department,
|
|
is_active=True,
|
|
is_provisional=False
|
|
)
|
|
|
|
# Assign role
|
|
from apps.accounts.models import Role as RoleModel
|
|
try:
|
|
role_obj = RoleModel.objects.get(name=role)
|
|
user.groups.add(role_obj.group)
|
|
except RoleModel.DoesNotExist:
|
|
pass
|
|
|
|
# Link to staff
|
|
staff.user = user
|
|
staff.save(update_fields=['user'])
|
|
|
|
# Log the action
|
|
if request:
|
|
AuditService.log_from_request(
|
|
event_type='user_creation',
|
|
description=f"User account created for staff member {staff.get_full_name()}",
|
|
request=request,
|
|
content_object=user,
|
|
metadata={
|
|
'staff_id': str(staff.id),
|
|
'staff_name': staff.get_full_name(),
|
|
'role': role,
|
|
'action': 'created_new_user'
|
|
}
|
|
)
|
|
|
|
return user, True, password # New user was created with password
|
|
|
|
@staticmethod
|
|
def link_user_to_staff(staff, user_id, request=None):
|
|
"""
|
|
Link an existing User account to a Staff member.
|
|
|
|
Args:
|
|
staff: Staff instance
|
|
user_id: UUID of the user to link
|
|
request: HTTP request for audit logging
|
|
|
|
Returns:
|
|
Staff: Updated staff instance
|
|
|
|
Raises:
|
|
ValueError: If staff already has a user account or user not found
|
|
"""
|
|
if staff.user:
|
|
raise ValueError("Staff member already has a user account")
|
|
|
|
try:
|
|
user = User.objects.get(id=user_id)
|
|
except User.DoesNotExist:
|
|
raise ValueError("User not found")
|
|
|
|
# Link to staff
|
|
staff.user = user
|
|
staff.save(update_fields=['user'])
|
|
|
|
# Update user's organization data
|
|
if not user.hospital:
|
|
user.hospital = staff.hospital
|
|
if not user.department:
|
|
user.department = staff.department
|
|
if not user.employee_id:
|
|
user.employee_id = staff.employee_id
|
|
user.save(update_fields=['hospital', 'department', 'employee_id'])
|
|
|
|
# Log the action
|
|
if request:
|
|
AuditService.log_from_request(
|
|
event_type='other',
|
|
description=f"User {user.email} linked to staff member {staff.get_full_name()}",
|
|
request=request,
|
|
content_object=staff,
|
|
metadata={'user_id': str(user.id)}
|
|
)
|
|
|
|
return staff
|
|
|
|
@staticmethod
|
|
def unlink_user_from_staff(staff, request=None):
|
|
"""
|
|
Remove User account association from a Staff member.
|
|
|
|
Args:
|
|
staff: Staff instance
|
|
request: HTTP request for audit logging
|
|
|
|
Returns:
|
|
Staff: Updated staff instance
|
|
|
|
Raises:
|
|
ValueError: If staff has no user account
|
|
"""
|
|
if not staff.user:
|
|
raise ValueError("Staff member has no user account")
|
|
|
|
user = staff.user
|
|
staff.user = None
|
|
staff.save(update_fields=['user'])
|
|
|
|
# Log the action
|
|
if request:
|
|
AuditService.log_from_request(
|
|
event_type='other',
|
|
description=f"User {user.email} unlinked from staff member {staff.get_full_name()}",
|
|
request=request,
|
|
content_object=staff,
|
|
metadata={'user_id': str(user.id)}
|
|
)
|
|
|
|
return staff
|
|
|
|
@staticmethod
|
|
def send_credentials_email(staff, password, request):
|
|
"""
|
|
Send login credentials email to staff member.
|
|
|
|
Args:
|
|
staff: Staff instance
|
|
password: Generated password
|
|
request: HTTP request for building absolute URLs
|
|
"""
|
|
if not staff.email:
|
|
raise ValueError("Staff member has no email address")
|
|
|
|
user = staff.user
|
|
if not user:
|
|
raise ValueError("Staff member has no user account")
|
|
|
|
# Build login URL
|
|
login_url = request.build_absolute_uri(reverse('accounts:login'))
|
|
|
|
# Render email content
|
|
context = {
|
|
'staff': staff,
|
|
'user': user,
|
|
'password': password,
|
|
'login_url': login_url,
|
|
}
|
|
|
|
subject = "Your PX360 Account Credentials"
|
|
message = render_to_string('organizations/emails/staff_credentials.html', context)
|
|
|
|
# Send email
|
|
send_mail(
|
|
subject,
|
|
'',
|
|
settings.DEFAULT_FROM_EMAIL,
|
|
[staff.email],
|
|
html_message=message,
|
|
fail_silently=False
|
|
)
|
|
|
|
# Log the action
|
|
AuditService.log_from_request(
|
|
event_type='other',
|
|
description=f"Credentials email sent to {staff.email} for staff member {staff.get_full_name()}",
|
|
request=request,
|
|
content_object=staff
|
|
)
|
|
|
|
@staticmethod
|
|
def get_staff_type_role(staff_type):
|
|
"""
|
|
Map staff_type to role name.
|
|
Currently all staff get the 'staff' role.
|
|
"""
|
|
role_mapping = {
|
|
'physician': 'staff',
|
|
'nurse': 'staff',
|
|
'admin': 'staff',
|
|
'other': 'staff'
|
|
}
|
|
return role_mapping.get(staff_type, 'staff')
|