django-bom 1.237__py3-none-any.whl → 1.238__py3-none-any.whl

bom/auth_backends.py

@@ -0,0 +1,45 @@
+from typing import Optional
+
+from . import constants
+from .models import Organization
+
+
+class OrganizationPermissionBackend:
+    """
+    Object-level permission backend for django-bom.
+
+    - Uses Django's has_perm(user, perm, obj) to evaluate permissions tied to an Organization.
+    - Superusers are granted all permissions.
+    - For `bom.manage_members`: User must be owner or admin within the organization.
+    """
+
+    def authenticate(self, request, **credentials):  # pragma: no cover - not used for auth
+        return None
+
+    def has_perm(self, user_obj, perm: str, obj: Optional[object] = None):
+        # Only handle our specific object-level permission. Let other backends process others.
+        if not user_obj or not user_obj.is_authenticated:
+            return False
+
+        if user_obj.is_superuser:
+            return True
+
+        if perm != 'bom.manage_members':
+            return None
+
+        if obj is None or not isinstance(obj, Organization):
+            return False
+
+        profile = user_obj.bom_profile()
+        if not profile or profile.organization_id != obj.id:
+            return False
+
+        if obj.subscription != constants.SUBSCRIPTION_TYPE_PRO:
+            return False
+
+        is_owner = obj.owner_id == user_obj.id
+        is_admin = getattr(profile, 'role', None) == constants.ROLE_TYPE_ADMIN
+        if not (is_owner or is_admin):
+            return False
+
+        return True

bom/models.py

@@ -1,7 +1,6 @@
 from __future__ import unicode_literals
 
 import logging
-from math import ceil
 
 from django.conf import settings
 from django.contrib.auth import get_user_model
@@ -9,45 +8,16 @@ from django.core.cache import cache
 from django.core.validators import MaxValueValidator, MinValueValidator
 from django.db import models
 from django.utils import timezone
-
 from djmoney.models.fields import CURRENCY_CHOICES, CurrencyField, MoneyField
+from math import ceil
 from social_django.models import UserSocialAuth
 
 from .base_classes import AsDictModel
-from .constants import (
-    CONFIGURATION_TYPES,
-    CURRENT_UNITS,
-    DISTANCE_UNITS,
-    FREQUENCY_UNITS,
-    INTERFACE_TYPES,
-    MEMORY_UNITS,
-    NUMBER_CLASS_CODE_LEN_DEFAULT,
-    NUMBER_CLASS_CODE_LEN_MAX,
-    NUMBER_CLASS_CODE_LEN_MIN,
-    NUMBER_ITEM_LEN_DEFAULT,
-    NUMBER_ITEM_LEN_MAX,
-    NUMBER_ITEM_LEN_MIN,
-    NUMBER_SCHEME_INTELLIGENT,
-    NUMBER_SCHEME_SEMI_INTELLIGENT,
-    NUMBER_SCHEMES,
-    NUMBER_VARIATION_LEN_DEFAULT,
-    NUMBER_VARIATION_LEN_MAX,
-    NUMBER_VARIATION_LEN_MIN,
-    PACKAGE_TYPES,
-    POWER_UNITS,
-    ROLE_TYPES,
-    SUBSCRIPTION_TYPES,
-    TEMPERATURE_UNITS,
-    VALUE_UNITS,
-    VOLTAGE_UNITS,
-    WAVELENGTH_UNITS,
-    WEIGHT_UNITS,
-)
+from .constants import *
 from .csv_headers import PartsListCSVHeaders, PartsListCSVHeadersSemiIntelligent
 from .part_bom import PartBom, PartBomItem, PartIndentedBomItem
 from .utils import increment_str, listify_string, prep_for_sorting_nicely, stringify_list, strip_trailing_zeros
-from .validators import alphanumeric, numeric, validate_pct
-
+from .validators import alphanumeric, validate_pct
 
 logger = logging.getLogger(__name__)
 User = get_user_model()
@@ -75,6 +45,11 @@ class Organization(models.Model):
     google_drive_parent = models.CharField(max_length=128, blank=True, default=None, null=True)
     currency = CurrencyField(max_length=3, choices=CURRENCY_CHOICES, default='USD')
 
+    class Meta:
+        permissions = (
+            ("manage_members", "Can manage organization members"),
+        )
+
     def number_cs(self):
         return "C" * self.number_class_code_len
 

bom/templates/bom/bom-modal-add-users.html

@@ -0,0 +1,49 @@
+{% load materializecss %}
+{% load static %}
+
+<a class="waves-effect waves-light btn btn-primary modal-trigger modal-{{ name }}"
+   href="#modal-{{ name }}">{{ modal_title }}</a>
+
+<div id="modal-{{ name }}" class="modal left-align">
+    <form name="seller" action="{{ action }}" method="post" class="col s12" enctype="multipart/form-data">
+        <div class="modal-content">
+            <div class="row">
+                {% if modal_title %}<h2 class="light" style="margin-top: 0;">{{ modal_title }}</h2>{% endif %}
+                <div class="col s12">
+                    {% if is_pro and user_can_manage_members %}
+                        {% csrf_token %}
+                        <p class="flow-text-small grey-text text-darken-2">To add a user, ensure they have already
+                            created an IndaBOM account and are not currently part of another organization.
+                            Then, enter their <b>username</b> (not email) and select their role below.</p>
+                        {{ form|materializecss:'m6 s12' }}
+                    {% elif is_pro and not user_can_manage_members %}
+                        <p class="flow-text-small red-text text-darken-1">
+                            <b>Access Restricted:</b> Please contact an organization administrator to add new members to
+                            your team.
+                        </p>
+                    {% else %}
+                        <p>Upgrade your organization subscription to professional to manage members.</p>
+                    {% endif %}
+                </div>
+            </div>
+        </div>
+        <div class="modal-footer">
+            <a href="#!" class="modal-close waves-effect waves-green btn-flat">Cancel</a>
+            {% if is_pro and user_can_manage_members %}
+                <button class="waves-effect waves-light btn btn-primary" type="submit" name="{{ name }}">Submit</button>
+            {% elif is_pro and not user_can_manage_members %}
+                <a href="#!" class="modal-close waves-effect green lighten-1 waves-green btn-flat">Ok</a>
+            {% else %}
+                <a href="#!" class="modal-close waves-effect green lighten-1 waves-green btn-flat">Ok</a>
+            {% endif %}
+        </div>
+    </form>
+</div>
+
+{% block script %}
+    <script>
+        $(document).ready(function () {
+            $('.modal').modal();
+        });
+    </script>
+{% endblock %}

bom/templates/bom/settings.html

@@ -207,7 +207,6 @@
                 <div class="row">
                     <div class="col s12">
                         <h3>Users</h3>
-                        {% if users_in_organization.count > 0 %}
                             <form name="seller" action="{% url 'bom:settings' tab_anchor=ORGANIZATION_TAB %}" method="post" class="col s12" enctype="multipart/form-data">
                                 {% csrf_token %}
                                 <table>
@@ -237,6 +236,13 @@
                                                         class="material-icons left">edit</i>Edit</a>
                                             </td>
                                         </tr>
+                                    {% empty %}
+                                        <tr>
+                                            <td colspan="5" style="font-style: italic;">There are no additional
+                                                users in this
+                                                organization.
+                                            </td>
+                                        </tr>
                                     {% endfor %}
                                     </tbody>
                                 </table>
@@ -247,26 +253,10 @@
                                         </button>
                                     </div>
                                     <div class="col s6 right-align">
-                                        {% include 'bom/bom-form-modal.html' with modal_title='Add User' form=user_add_form action=user_add_form_action name='submit-add-user' modal_description='Adding users to your organization is a paid feature, but is free for a limited time while we are still developing the tool. Contact <a href="mailto:info@indabom.com">info@indabom.com</a> if you are interested.' %}
+                                        {% include 'bom/bom-modal-add-users.html' with modal_title='Add User' form=user_add_form action=user_add_form_action name='submit-add-user' %}
                                     </div>
                                 </div>
                             </form>
-                        {% else %}
-                            <div class="row" style="padding-left: .75rem;">
-                                <div class="col s12">
-                                    <p>There are no additional users in this organization: {{ organization }}.</p>
-                                    {% if organization.subscription == 'F' %}
-                                        {% include 'bom/bom-form-modal.html' with modal_title='Add User' name='submit-add-user-free' modal_description='Adding users to your organization is a paid feature, but is free for a limited time while we are still developing the tool. Contact <a href="mailto:info@indabom.com">info@indabom.com</a> if you are interested.' %}
-                                    {% else %}
-                                        {% if organization.subscription_quantity == 0 or users_in_organization.count < organization.subscription_quantity %}
-                                            {% include 'bom/bom-form-modal.html' with modal_title='Add User' form=user_add_form action=user_add_form_action name='submit-add-user' modal_description='Add a user to your organization.' %}
-                                        {% else %}
-                                            <p>You've added the maximum number of users to this organization. Update your subscription to add more.</p>
-                                        {% endif %}
-                                    {% endif %}
-                                </div>
-                            </div>
-                        {% endif %}
                     </div>
                 </div>
                 <div class="row">

bom/views/views.py

@@ -20,7 +20,6 @@ from django.urls import reverse
 from django.utils.encoding import smart_str
 from django.utils.text import smart_split
 from django.views.generic.base import TemplateView
-
 from social_django.models import UserSocialAuth
 
 import bom.constants as constants
@@ -74,7 +73,6 @@ from bom.models import (
 )
 from bom.utils import check_references_for_duplicates, listify_string, prep_for_sorting_nicely
 
-
 logger = logging.getLogger(__name__)
 BOM_LOGIN_URL = getattr(settings, "BOM_LOGIN_URL", None) or settings.LOGIN_URL
 
@@ -361,6 +359,10 @@ def bom_settings(request, tab_anchor=None):
     users_in_organization = User.objects.filter(
         id__in=UserMeta.objects.filter(organization=organization).values_list('user', flat=True)).exclude(id__in=[organization.owner.id]).order_by(
         'first_name', 'last_name', 'email')
+    users_in_organization_count = users_in_organization.count()
+    has_member_capacity = users_in_organization_count < organization.subscription_quantity
+    is_pro = organization.subscription == constants.SUBSCRIPTION_TYPE_PRO
+    user_can_manage_members = request.user.has_perm('bom.manage_members', organization)
     google_authentication = UserSocialAuth.objects.filter(user=user).first()
 
     organization_parts_count = Part.objects.filter(organization=organization).count()
@@ -386,8 +388,10 @@ def bom_settings(request, tab_anchor=None):
 
         elif 'submit-add-user' in request.POST:
             tab_anchor = ORGANIZATION_TAB
-            if organization.subscription == 'F':
-                messages.error(request, "Error: You must have a paid account to add users.")
+            if not is_pro:
+                messages.error(request, "You need a Pro subscription to add users.")
+            elif not user_can_manage_members:
+                messages.error(request, "You are not allowed to manage users, contact your organization admin.")
             else:
                 user_add_form = UserAddForm(request.POST, organization=organization)
                 if user_add_form.is_valid():

{django_bom-1.237.dist-info → django_bom-1.238.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: django-bom
-Version: 1.237
+Version: 1.238
 Summary: A simple Django app to manage a bill of materials.
 Author-email: Mike Kasparian <mpkasp@gmail.com>
 License: GPL-3.0-only

{django_bom-1.237.dist-info → django_bom-1.238.dist-info}/RECORD

@@ -1,6 +1,7 @@
 bom/__init__.py,sha256=HuvSMR9cYQcppTZGD0XjUVUBtHWwWMh1yMQzk_2wTS4,41
 bom/admin.py,sha256=4xN38uSIGo54MVoo2MXUbvcfuPSAifDc8g0arrEAW4Q,4093
 bom/apps.py,sha256=TJMUTSX1h2genPwCq6SN6g1fhrrSmjEXGg2zQFa_ryM,147
+bom/auth_backends.py,sha256=8ViZfP01fITPQnPvsTe_RuKx-ur9dhSOQE3aOp9ESV8,1429
 bom/base_classes.py,sha256=CrWD7wlIkwYb90VoGcVOcw2WoQszRrCje-Re5d_UW1Q,1183
 bom/constants.py,sha256=5CFE0uvKTL91w24rqdAB6EMgpIyw0HhfmmktxF4gCgs,4296
 bom/context_processors.py,sha256=OxMVCqxGtRoHR7aJfTs6xANpxJQzBDUIuNTG1f_Xjoo,312
@@ -10,7 +11,7 @@ bom/form_fields.py,sha256=tLqchl0j8izBCZnm82NMyHpQV6EuGgCjCl5lrnGR2V0,2816
 bom/forms.py,sha256=RUwiMKeaQkapBwz6JCi4Kkl4e5DlFAgSEMjytEDzmoE,69302
 bom/helpers.py,sha256=ONsDM0agG9sKJWMjN4IRNlWx2HNF7T0CXM-ts0GRiAY,15031
 bom/local_settings.py,sha256=yE4aupIquCWsFms44qoCrRrlIyM3sqpOkiwyj1WLxI8,820
-bom/models.py,sha256=nCh2EOJeLL9eJ8CbgfDklBwucVRRsfWDR5cHqS7ZJw4,37088
+bom/models.py,sha256=poZoct60kAULCs8RlqC3MFtOl84l2ZfZzjb_d3t9z2g,36537
 bom/part_bom.py,sha256=30HYAKAEhtadiM9tk6vgCQnn7gNJeuXbzF5gXvMvKG4,8720
 bom/settings.py,sha256=jUuy7cKuz9gbZ301L0skMFrnU6qKaBpRUf-rHsTTYJM,8387
 bom/tests.py,sha256=ZqcTUYVXeWjAqzKAV6hp6SKTU0_IOTwIEboTujl7N_M,69905
@@ -135,6 +136,7 @@ bom/templates/bom/bom-base-menu.html,sha256=PeViadG1PKyljvYfPyBFOKgqWhYHBM0tX5Te
 bom/templates/bom/bom-base.html,sha256=SvQOyg8ILULjnJKMaYv6Rf4wS8SNXXIjVY2nl5bm7B4,691
 bom/templates/bom/bom-form-modal.html,sha256=U2EWKjOA41jiScKJHXduJJw_hPNGHtYfdiT3yUuwzRY,1389
 bom/templates/bom/bom-form.html,sha256=1oJetm0fJgPAY1zJ2RNv_Pv9MAja2rjz9pO2bR_UA28,1017
+bom/templates/bom/bom-modal-add-users.html,sha256=1lLgj9acgEkYR3AH177D3xj6meWVmq5MwLDyCg5IV5s,2409
 bom/templates/bom/bom-signup.html,sha256=y0z_kQKCDb91ZdexCmUX1NRKH35l-I_N5f2SgO3G2gI,184
 bom/templates/bom/create-part.html,sha256=UjHx6rkPJl-BRt9gKs5zB3s5Y4vrImDTuD25lvABzAI,3610
 bom/templates/bom/dashboard-menu.html,sha256=4MnFSw0x4w7R0CsSwEDFP3FuZVBFxVChIHr58l3rpSk,799
@@ -157,7 +159,7 @@ bom/templates/bom/part-revision-release.html,sha256=voG7wmYc1Cm3e_H1IasvQcPuyqnn
 bom/templates/bom/search-help.html,sha256=Wh_tXBJtz0bznk0F1C7OSdRhMe2qpOs9NMCBb2i0CFI,4398
 bom/templates/bom/seller-info.html,sha256=MACsHMYQXMWfRslXuvh9hD2z28VXzVi0DSy4yg7WQMk,3595
 bom/templates/bom/sellers.html,sha256=6ut7LwRMGUKYB4BRjiSpDBP9BGgqT7nxpNQpUVWDvkw,5412
-bom/templates/bom/settings.html,sha256=atWF7AMoQaeFse3FbDPXwFRPYqZR0cYA-DciFus3ge4,26832
+bom/templates/bom/settings.html,sha256=tS5PCRQLgWASP40qYsP5D4TZBBlC62KNGmymu1iGH7M,25391
 bom/templates/bom/signup.html,sha256=tB_x7q3IufSNXsd9Dfh8fdWpkiWSGH2_Zgw749B1PaU,884
 bom/templates/bom/table_of_contents.html,sha256=7wXWOfmVkk5Itjax5x1PE-g5QjxqmYBr7RW8NgtGRng,1763
 bom/templates/bom/upload-bom.html,sha256=qGlI9HoUNe9H2m5T5TqKWGphaNupz3Y0020h_7GebsU,5230
@@ -175,9 +177,9 @@ bom/third_party_apis/mouser.py,sha256=q2-p0k2n-LNel_QRlfak0kAXT-9hh59k_Pt51PTG09
 bom/third_party_apis/test_apis.py,sha256=2W0jtTisGTmktC7l556pn9-pZYseTQmmQfo6_4uP4Dc,679
 bom/views/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bom/views/json_views.py,sha256=CaDMxHGnp2182ZV9QZfNkgM7tc_rNmokkelav9rF2dE,2462
-bom/views/views.py,sha256=Fi3shpOhGaK-RNubngqcyXGzb74x4iwqDexPxMES6tE,71666
-django_bom-1.237.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
-django_bom-1.237.dist-info/METADATA,sha256=8o4lyQfOHBCegPHAs10f49BEnW-UXiO-YDJGgVVHi2w,7558
-django_bom-1.237.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-django_bom-1.237.dist-info/top_level.txt,sha256=6zytg4lnnobI96dO-ZEadPOCslrrFmf4t2Pnv-y8x0Y,4
-django_bom-1.237.dist-info/RECORD,,
+bom/views/views.py,sha256=hqQllo34l9CHrGig-uq44F7vf-vnceqfvC7OlX8K5Og,72110
+django_bom-1.238.dist-info/licenses/LICENSE,sha256=OXLcl0T2SZ8Pmy2_dmlvKuetivmyPd5m1q-Gyd-zaYY,35149
+django_bom-1.238.dist-info/METADATA,sha256=JU7OY9kGkqHdFq0cMu-5aiht9UHwh3-NPWruRtQ8MNA,7558
+django_bom-1.238.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+django_bom-1.238.dist-info/top_level.txt,sha256=6zytg4lnnobI96dO-ZEadPOCslrrFmf4t2Pnv-y8x0Y,4
+django_bom-1.238.dist-info/RECORD,,