HH/apps/accounts/models.py

"""
Accounts models - Custom User model and roles
"""
import uuid

from django.contrib.auth.models import AbstractUser, Group, Permission
from django.db import models

from apps.core.models import TimeStampedModel, UUIDModel


class User(AbstractUser, TimeStampedModel):
    """
    Custom User model extending Django's AbstractUser.
    Uses UUID as primary key and adds additional fields for PX360.
    """
    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
    
    # Override email to make it unique and required
    email = models.EmailField(unique=True, db_index=True)
    
    # Additional fields
    phone = models.CharField(max_length=20, blank=True)
    employee_id = models.CharField(max_length=50, blank=True, db_index=True)
    
    # Organization relationships
    hospital = models.ForeignKey(
        'organizations.Hospital',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='users'
    )
    department = models.ForeignKey(
        'organizations.Department',
        on_delete=models.SET_NULL,
        null=True,
        blank=True,
        related_name='users'
    )
    
    # Role - using Django's built-in Group for RBAC
    # Groups will represent roles: PX Admin, Hospital Admin, Department Manager, etc.
    
    # Profile
    avatar = models.ImageField(upload_to='avatars/', null=True, blank=True)
    bio = models.TextField(blank=True)
    
    # Preferences
    language = models.CharField(
        max_length=5,
        choices=[('en', 'English'), ('ar', 'Arabic')],
        default='en'
    )
    
    # Status
    is_active = models.BooleanField(default=True)
    
    class Meta:
        ordering = ['-date_joined']
        indexes = [
            models.Index(fields=['email']),
            models.Index(fields=['employee_id']),
            models.Index(fields=['is_active', '-date_joined']),
        ]
    
    def __str__(self):
        return f"{self.get_full_name()} ({self.email})"
    
    def get_role_names(self):
        """Get list of role names for this user"""
        return list(self.groups.values_list('name', flat=True))
    
    def has_role(self, role_name):
        """Check if user has a specific role"""
        return self.groups.filter(name=role_name).exists()
    
    def is_px_admin(self):
        """Check if user is PX Admin"""
        return self.has_role('PX Admin')
    
    def is_hospital_admin(self):
        """Check if user is Hospital Admin"""
        return self.has_role('Hospital Admin')
    
    def is_department_manager(self):
        """Check if user is Department Manager"""
        return self.has_role('Department Manager')


class Role(models.Model):
    """
    Role model for managing predefined roles and their permissions.
    This is a helper model - actual role assignment uses Django Groups.
    """
    ROLE_CHOICES = [
        ('px_admin', 'PX Admin'),
        ('hospital_admin', 'Hospital Admin'),
        ('department_manager', 'Department Manager'),
        ('px_coordinator', 'PX Coordinator'),
        ('physician', 'Physician'),
        ('nurse', 'Nurse'),
        ('staff', 'Staff'),
        ('viewer', 'Viewer'),
    ]
    
    name = models.CharField(max_length=50, unique=True, choices=ROLE_CHOICES)
    display_name = models.CharField(max_length=100)
    description = models.TextField(blank=True)
    
    # Link to Django Group
    group = models.OneToOneField(Group, on_delete=models.CASCADE, related_name='role_config')
    
    # Permissions
    permissions = models.ManyToManyField(Permission, blank=True)
    
    # Hierarchy level (for escalation logic)
    level = models.IntegerField(default=0, help_text="Higher number = higher authority")
    
    created_at = models.DateTimeField(auto_now_add=True)
    updated_at = models.DateTimeField(auto_now=True)
    
    class Meta:
        ordering = ['-level', 'name']
    
    def __str__(self):
        return self.display_name