PyPI - maquinaweb-shared-auth - Versions diffs - 0.2.60__py3-none-any.whl → 0.2.75__py3-none-any.whl - Mend

maquinaweb-shared-auth 0.2.60py3-none-any.whl → 0.2.75py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

{maquinaweb_shared_auth-0.2.60.dist-info → maquinaweb_shared_auth-0.2.75.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: maquinaweb-shared-auth
-Version: 0.2.60
+Version: 0.2.75
 Summary: Models read-only para autenticação compartilhada entre projetos Django.
 Author-email: Seu Nome <seuemail@dominio.com>
 License: MIT

{maquinaweb_shared_auth-0.2.60.dist-info → maquinaweb_shared_auth-0.2.75.dist-info}/RECORD RENAMED Viewed

@@ -1,5 +1,5 @@
 shared_auth/__init__.py,sha256=RJOSbto1ZoCaopx79LjH3ckBDNdbdNKYUZ7qnE-qfuo,153
-shared_auth/abstract_models.py,sha256=FnzcJmWrjgrM6GRmjl9GWmYgBdWCnymwl3HuADWvw_A,28280
+shared_auth/abstract_models.py,sha256=DNQIZdyGmDIz_906Ksy6E_gINwq28RCflNBzW66hDLQ,31540
 shared_auth/app.py,sha256=t99j-DvWLpkN_mAgpXGa1aChE3h6zxa62nhNeTkOHuA,222
 shared_auth/authentication.py,sha256=fwqhGUAslRFXVLBxuxrzB3q8eAWlAyRIuaZ3BL_s-zA,1653
 shared_auth/conf.py,sha256=p-P2TY6dR37kJZGoYuxYAk-LZP8_PUjj9skSIfIr32o,1972
@@ -7,22 +7,22 @@ shared_auth/decorators.py,sha256=-2RHRzvPJzN0c8Q-cB1_hf5tk386jcHZ9-GixKSe0ds,334
 shared_auth/exceptions.py,sha256=VKamHjBl2yjXG2RsMrLrXru1_Q9IJXmy4xmDcXlpWsU,627
 shared_auth/fields.py,sha256=9xTA2tPiN6o85R9C3N1oi3uxV2NyTXOa1Zrtvl3no1M,1274
 shared_auth/managers.py,sha256=01LVctm151DXj4QJ59KkwjmTCOkiEM1V2wrK6o5_tho,10674
-shared_auth/middleware.py,sha256=6wnwcrLqDHm-pIv37QGSTrwmN-pzvl-SvDIjBI3X940,8073
+shared_auth/middleware.py,sha256=vIThJ1avKRekJmZAWOXJAtzyQO7qtYjSVjpLZbUl92k,10999
 shared_auth/mixins.py,sha256=BGIIF0lu1YsBvZBAwrq2-iO17TDZQxlMytqd0A46_Xs,14346
 shared_auth/models.py,sha256=vfJHridujufqBql0ka-1j5aFy-GhM8AHqcGqEDDs54E,5202
 shared_auth/permissions.py,sha256=1X-xkd5RcllrQn1dedjqlBFze7bSHgZSF2yvwhFP3KY,8367
 shared_auth/permissions_cache.py,sha256=a9eeKWHydU8FUz4-f55-Nmr5s3MyXjXcWgyZL_qHpr0,7088
 shared_auth/permissions_helpers.py,sha256=xvdvi3pPmRvFn4DXlBcAaRv_HbRx_jGNnZG7-zv3QDk,7897
 shared_auth/router.py,sha256=JhlDjosViMBmuvYm08vJzKyvrg5P5ECtrU4tKAGsuoU,684
-shared_auth/serializers.py,sha256=V-FqMMZCj71gIXw292230Ax-eXqz4EQ4esPmo-NhQz8,14322
+shared_auth/serializers.py,sha256=sUmYFcGoejcPRFaRxa5axoQP85xTslEMDwBseofGjUQ,14878
 shared_auth/storage_backend.py,sha256=Eqkjz8aF5UrOpRwYl-J0Td95IObfxnJ8eLQDJVFM3Io,184
 shared_auth/urls.py,sha256=591wWEWJPaHEGkcOZ8yvfgxddRyOcZLgOc0vNtF7XRI,289
 shared_auth/utils.py,sha256=hz5ENhcxLvrgQB6TT6S33PGYcDVrrElxxIjiBqp69Mc,11492
-shared_auth/views.py,sha256=2hyLnYSWUscfq-jVcskt-ukzDt4vg6IXeKjRDRu9RXk,1519
+shared_auth/views.py,sha256=Xmd8_t_HOt8ALE0jj4KvF2BwsgcJpKLhnL6Y8m46JPk,2201
 shared_auth/management/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 shared_auth/management/commands/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-shared_auth/management/commands/generate_permissions.py,sha256=FTDerY7R7uWekuc5314sN3lz3CpSNuSJqp0D24-XOXI,4884
-maquinaweb_shared_auth-0.2.60.dist-info/METADATA,sha256=o06EJmDYll9djhVqGPtFLUcWAe10NOZFUkEv4-8O7n4,26354
-maquinaweb_shared_auth-0.2.60.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-maquinaweb_shared_auth-0.2.60.dist-info/top_level.txt,sha256=msyYRy02ZV7zz7GR1raUI5LXGFIFn2TIkgkeKZqKufE,12
-maquinaweb_shared_auth-0.2.60.dist-info/RECORD,,
+shared_auth/management/commands/generate_permissions.py,sha256=kSPTOmA91rdSkOO3iS5aQdkbgeUfwVL6HR0F8tStgtE,5809
+maquinaweb_shared_auth-0.2.75.dist-info/METADATA,sha256=gRe1TxbxFHW7vx9QOucZ9YJ6q8_9E4VSRet9h0T77pE,26354
+maquinaweb_shared_auth-0.2.75.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+maquinaweb_shared_auth-0.2.75.dist-info/top_level.txt,sha256=msyYRy02ZV7zz7GR1raUI5LXGFIFn2TIkgkeKZqKufE,12
+maquinaweb_shared_auth-0.2.75.dist-info/RECORD,,

shared_auth/abstract_models.py CHANGED Viewed

@@ -3,19 +3,23 @@ Models abstratos para customização
 Estes models podem ser herdados nos apps clientes para adicionar campos e métodos customizados
 """
-from shared_auth.conf import GROUP_ORG_PERMISSIONS_PERMISSIONS_TABLE
-from shared_auth.conf import GROUP_PERMISSIONS_PERMISSIONS_TABLE
-from shared_auth.conf import PLAN_GROUP_PERMISSIONS_TABLE
-from shared_auth.conf import GROUP_ORG_PERMISSIONS_TABLE
-from shared_auth.conf import SUBSCRIPTION_TABLE
-from shared_auth.conf import PLAN_TABLE
-from shared_auth.conf import GROUP_PERMISSIONS_TABLE
-from shared_auth.conf import PERMISSION_TABLE
-from shared_auth.conf import SYSTEM_TABLE
 import os
-from django.utils import timezone
 from django.contrib.auth.models import AbstractUser
 from django.db import models
+from django.utils import timezone
+from shared_auth.conf import (
+    GROUP_ORG_PERMISSIONS_PERMISSIONS_TABLE,
+    GROUP_ORG_PERMISSIONS_TABLE,
+    GROUP_PERMISSIONS_PERMISSIONS_TABLE,
+    GROUP_PERMISSIONS_TABLE,
+    PERMISSION_TABLE,
+    PLAN_GROUP_PERMISSIONS_TABLE,
+    PLAN_TABLE,
+    SUBSCRIPTION_TABLE,
+    SYSTEM_TABLE,
+)
 from .conf import MEMBER_TABLE, ORGANIZATION_TABLE, TOKEN_TABLE, USER_TABLE
 from .exceptions import OrganizationNotFoundError
@@ -220,55 +224,54 @@ class AbstractSharedOrganization(models.Model):
         """
         Retorna permissões do sistema baseado na assinatura do grupo de organizações.
         Se a organização não pertence a um grupo, retorna vazio.
         Args:
             system: Instance do System model ou system_id (int)
         Returns:
             QuerySet de Permission objects
         Usage:
             from shared_auth.utils import get_system_model
             System = get_system_model()
             system = System.objects.get(name='MeuSistema')
             permissions = organization.get_permissions_for_system(system)
         """
-        from .utils import get_subscription_model, get_permission_model
+        from .utils import get_permission_model, get_subscription_model
         # Se não pertence a um grupo, sem permissões
         if not self.organization_group_id:
             Permission = get_permission_model()
             return Permission.objects.none()
         # Extrai system_id se foi passado um objeto
-        system_id = system.id if hasattr(system, 'id') else system
+        system_id = system.id if hasattr(system, "id") else system
         Subscription = get_subscription_model()
         Permission = get_permission_model()
         # Busca assinatura ativa do grupo
         subscription = (
-            Subscription.objects
-            .filter(
+            Subscription.objects.filter(
                 organization_group_id=self.organization_group_id,
                 plan__system_id=system_id,
                 active=True,
-                paid=True
+                paid=True,
             )
-            .select_related('plan')
-            .order_by('-started_at')
+            .select_related("plan")
+            .order_by("-started_at")
             .first()
         )
         if not subscription:
             return Permission.objects.none()
         # Coleta todas as permissões dos grupos de permissões do plano
         permission_ids = set()
         for group in subscription.plan.group_permissions.all():
-            permission_ids.update(group.permissions.values_list('id', flat=True))
+            permission_ids.update(group.permissions.values_list("id", flat=True))
         return Permission.objects.filter(id__in=permission_ids, system_id=system_id)
@@ -411,6 +414,7 @@ class AbstractSharedMember(models.Model):
         Organization = get_organization_model()
         return Organization.objects.get_or_fail(self.organization_id)
 class GroupPermissionsPermission(models.Model):
     grouppermissions_id = models.BigIntegerField()
     permissions_id = models.BigIntegerField()
@@ -418,8 +422,8 @@ class GroupPermissionsPermission(models.Model):
     class Meta:
         db_table = GROUP_PERMISSIONS_PERMISSIONS_TABLE
         managed = False
-        unique_together = ('grouppermissions_id', 'permissions_id')
-        app_label = 'shared_auth'
+        unique_together = ("grouppermissions_id", "permissions_id")
+        app_label = "shared_auth"
     def __str__(self):
         return f"GroupPerm {self.grouppermissions_id} → Perm {self.permissions_id}"
@@ -432,12 +436,13 @@ class PlanGroupPermission(models.Model):
     class Meta:
         db_table = PLAN_GROUP_PERMISSIONS_TABLE
         managed = False
-        unique_together = ('plan_id', 'grouppermissions_id')
-        app_label = 'shared_auth'
+        unique_together = ("plan_id", "grouppermissions_id")
+        app_label = "shared_auth"
     def __str__(self):
         return f"Plan {self.plan_id} → GroupPerm {self.grouppermissions_id}"
 class GroupOrgPermissionsPermission(models.Model):
     grouporganizationpermissions_id = models.BigIntegerField()
     permissions_id = models.BigIntegerField()
@@ -445,8 +450,8 @@ class GroupOrgPermissionsPermission(models.Model):
     class Meta:
         db_table = GROUP_ORG_PERMISSIONS_PERMISSIONS_TABLE
         managed = False
-        unique_together = ('grouporganizationpermissions_id', 'permissions_id')
-        app_label = 'shared_auth'
+        unique_together = ("grouporganizationpermissions_id", "permissions_id")
+        app_label = "shared_auth"
     def __str__(self):
         return f"OrgGroup {self.grouporganizationpermissions_id} → Perm {self.permissions_id}"
@@ -456,34 +461,34 @@ class AbstractSystem(models.Model):
     """
     Model abstrato READ-ONLY da tabela plans_system
     Representa um sistema externo que usa este serviço de autenticação
     Para customizar, crie um model no seu app:
     from shared_auth.abstract_models import AbstractSystem
     class CustomSystem(AbstractSystem):
         custom_field = models.CharField(max_length=100)
         class Meta(AbstractSystem.Meta):
             pass
     E configure no settings.py:
     SHARED_AUTH_SYSTEM_MODEL = 'seu_app.CustomSystem'
     """
     name = models.CharField(max_length=100)
     description = models.TextField(blank=True)
     active = models.BooleanField(default=True)
     created_at = models.DateTimeField()
     updated_at = models.DateTimeField()
     objects = models.Manager()  # Will be replaced by SystemManager in concrete model
     class Meta:
         abstract = True
         managed = False
         db_table = SYSTEM_TABLE
     def __str__(self):
         return self.name
@@ -492,37 +497,35 @@ class AbstractPermission(models.Model):
     """
     Model abstrato READ-ONLY da tabela organization_permissions
     Define permissões específicas de cada sistema
     Para customizar, crie um model no seu app e configure:
     SHARED_AUTH_PERMISSION_MODEL = 'seu_app.CustomPermission'
     """
     codename = models.CharField(max_length=100)
     name = models.CharField(max_length=100)
     description = models.TextField()
-    scope = models.CharField(
-        max_length=100,
-        help_text="Agrupamento da permissão (ex: 'Recebimentos', 'Pagamentos', 'Relatórios')",
-        blank=True,
-        default=""
-    )
+    scope = models.CharField(max_length=100, blank=True, default="")
+    scope_label = models.CharField(max_length=100, blank=True, default="")
+    model = models.CharField(max_length=100, blank=True, default="")
+    model_label = models.CharField(max_length=100, blank=True, default="")
     system_id = models.IntegerField()
     objects = models.Manager()
     class Meta:
         abstract = True
         managed = False
         db_table = PERMISSION_TABLE
     def __str__(self):
         return f"{self.codename} ({self.name})"
     @property
     def system(self):
         """Acessa sistema (lazy loading)"""
         from .utils import get_system_model
         if not hasattr(self, "_cached_system"):
             System = get_system_model()
             self._cached_system = System.objects.get_or_fail(self.system_id)
@@ -533,57 +536,59 @@ class AbstractGroupPermissions(models.Model):
     """
     Model abstrato READ-ONLY da tabela organization_grouppermissions
     Grupos base de permissões (usados nos planos)
     Para customizar, configure:
     SHARED_AUTH_GROUP_PERMISSIONS_MODEL = 'seu_app.CustomGroupPermissions'
     """
     name = models.CharField(max_length=100)
     description = models.TextField(blank=True)
     system_id = models.IntegerField()
     objects = models.Manager()
     class Meta:
         abstract = True
         managed = False
         db_table = GROUP_PERMISSIONS_TABLE
     def __str__(self):
         return self.name
     @property
     def system(self):
         """Acessa sistema (lazy loading)"""
         from .utils import get_system_model
         if not hasattr(self, "_cached_system"):
             System = get_system_model()
             self._cached_system = System.objects.get_or_fail(self.system_id)
         return self._cached_system
     @property
     def permissions(self):
         from .utils import get_permission_model
         Permission = get_permission_model()
-        perm_ids = GroupPermissionsPermission.objects.using('auth_db') \
-            .filter(grouppermissions_id=self.pk) \
-            .values_list('permissions_id', flat=True)
+        perm_ids = (
+            GroupPermissionsPermission.objects.using("auth_db")
+            .filter(grouppermissions_id=self.pk)
+            .values_list("permissions_id", flat=True)
+        )
-        return Permission.objects.using('auth_db').filter(id__in=perm_ids)
+        return Permission.objects.using("auth_db").filter(id__in=perm_ids)
 class AbstractPlan(models.Model):
     """
     Model abstrato READ-ONLY da tabela plans_plan
     Planos oferecidos por cada sistema, com conjunto de permissões
     Para customizar, configure:
     SHARED_AUTH_PLAN_MODEL = 'seu_app.CustomPlan'
     """
     name = models.CharField(max_length=100)
     slug = models.SlugField()
     system_id = models.IntegerField()
@@ -591,75 +596,117 @@ class AbstractPlan(models.Model):
     price = models.DecimalField(max_digits=10, decimal_places=2)
     active = models.BooleanField(default=True)
     recurrence = models.CharField(max_length=10)
+    # Campos de desconto - aplicados nas primeiras recorrências
+    discount_amount = models.DecimalField(
+        max_digits=10,
+        decimal_places=2,
+        null=True,
+        blank=True,
+        help_text="Valor de desconto aplicado nas primeiras recorrências",
+    )
+    discount_duration = models.PositiveIntegerField(
+        null=True, blank=True, help_text="Número de recorrências com desconto"
+    )
     created_at = models.DateTimeField()
     updated_at = models.DateTimeField()
     objects = models.Manager()
     class Meta:
         abstract = True
         managed = False
         db_table = PLAN_TABLE
     def __str__(self):
         return f"{self.name} - {self.system.name if hasattr(self, 'system') else self.system_id}"
     @property
     def system(self):
         """Acessa sistema (lazy loading)"""
         from .utils import get_system_model
         if not hasattr(self, "_cached_system"):
             System = get_system_model()
             self._cached_system = System.objects.get_or_fail(self.system_id)
         return self._cached_system
     @property
     def group_permissions(self):
         from .utils import get_group_permissions_model
         GroupPermissions = get_group_permissions_model()
-        group_ids = PlanGroupPermission.objects.using('auth_db') \
-            .filter(plan_id=self.pk) \
-            .values_list('grouppermissions_id', flat=True)
+        group_ids = (
+            PlanGroupPermission.objects.using("auth_db")
+            .filter(plan_id=self.pk)
+            .values_list("grouppermissions_id", flat=True)
+        )
+        return GroupPermissions.objects.using("auth_db").filter(id__in=group_ids)
+    def get_price_for_subscription(self, payment_count=0):
+        """
+        Calcula o preço considerando desconto aplicado.
+        Args:
+            payment_count: Número de pagamentos já realizados para esta subscription.
+                          Se for o primeiro pagamento (count=0), aplica desconto se houver.
-        return GroupPermissions.objects.using('auth_db').filter(id__in=group_ids)
+        Returns:
+            Decimal: Preço do plano, com desconto se aplicável.
+        """
+        if self.discount_amount and self.discount_duration:
+            if payment_count < self.discount_duration:
+                return self.price - self.discount_amount
+        return self.price
 class AbstractOrganizationGroup(models.Model):
     """
     Model abstrato READ-ONLY da tabela organization_organizationgroup
     Representa um grupo de organizações com assinatura compartilhada
     Para customizar, crie um model no seu app:
     from shared_auth.abstract_models import AbstractOrganizationGroup
     class CustomOrganizationGroup(AbstractOrganizationGroup):
         custom_field = models.CharField(max_length=100)
         class Meta(AbstractOrganizationGroup.Meta):
             pass
     E configure no settings.py:
     SHARED_AUTH_ORGANIZATION_GROUP_MODEL = 'seu_app.CustomOrganizationGroup'
     """
     owner_id = models.IntegerField()
     name = models.CharField(
-        max_length=255,
-        help_text="Nome do grupo (ex: 'Empresas do João', 'Grupo Acme')"
+        max_length=255, help_text="Nome do grupo (ex: 'Empresas do João', 'Grupo Acme')"
     )
+    # Campos de billing (usados para pagamentos)
+    document = models.CharField(
+        max_length=20, blank=True, null=True, help_text="CPF/CNPJ"
+    )
+    email = models.EmailField(blank=True, null=True)
+    telephone = models.CharField(max_length=20, blank=True, null=True)
+    # Organização padrão do grupo
+    default_organization_id = models.IntegerField(null=True, blank=True)
     created_at = models.DateTimeField()
     updated_at = models.DateTimeField()
     objects = models.Manager()
     class Meta:
         abstract = True
         managed = False
         db_table = "organization_organizationgroup"  # Will be imported from conf in concrete model
     def __str__(self):
         return f"{self.name} (Owner: {self.owner_id})"
@@ -667,12 +714,30 @@ class AbstractOrganizationGroup(models.Model):
     def owner(self):
         """Acessa usuário (lazy loading)"""
         from .utils import get_user_model
         if not hasattr(self, "_cached_owner"):
             User = get_user_model()
             self._cached_owner = User.objects.get_or_fail(self.owner_id)
         return self._cached_owner
+    @property
+    def default_organization(self):
+        """Acessa organização padrão (lazy loading)"""
+        from .utils import get_organization_model
+        if not self.default_organization_id:
+            return None
+        if not hasattr(self, "_cached_default_organization"):
+            Organization = get_organization_model()
+            try:
+                self._cached_default_organization = Organization.objects.get(
+                    pk=self.default_organization_id
+                )
+            except Organization.DoesNotExist:
+                self._cached_default_organization = None
+        return self._cached_default_organization
     @property
     def organizations(self):
         """Retorna organizações pertencentes a este grupo"""
@@ -680,67 +745,92 @@ class AbstractOrganizationGroup(models.Model):
         Organization = get_organization_model()
         return Organization.objects.filter(organization_group_id=self.pk)
     @property
     def subscriptions(self):
         """Retorna assinaturas ativas deste grupo"""
         from .utils import get_subscription_model
         Subscription = get_subscription_model()
         return Subscription.objects.filter(organization_group_id=self.pk)
+    def has_active_subscription(self, system_id=None):
+        """
+        Verifica se o grupo tem assinatura ativa.
+        Args:
+            system_id: Opcional. ID do sistema para verificar assinatura específica.
+        """
+        from .utils import get_subscription_model
+        Subscription = get_subscription_model()
+        qs = Subscription.objects.filter(
+            organization_group_id=self.pk, active=True, paid=True
+        )
+        if system_id:
+            qs = qs.filter(plan__system_id=system_id)
+        return qs.exists()
 class AbstractSubscription(models.Model):
     """
     Model abstrato READ-ONLY da tabela plans_subscription
     Assinatura de plano por grupo de organizações.
     Uma assinatura cobre TODAS as organizações do grupo.
+    Modelo simplificado: 1 subscription por plano que renova continuamente.
+    Histórico de pagamentos é mantido no model Payment.
     Para customizar, configure:
     SHARED_AUTH_SUBSCRIPTION_MODEL = 'seu_app.CustomSubscription'
     """
     organization_group_id = models.IntegerField(
         help_text="Grupo de organizações cobertas por esta assinatura"
     )
     plan_id = models.IntegerField()
-    period = models.CharField(max_length=20, help_text="Período da assinatura (ex: '2025-01', 'Q1-2025')")
     payment_date = models.DateTimeField(null=True, blank=True)
     paid = models.BooleanField(default=False)
     active = models.BooleanField(default=True)
-    started_at = models.DateTimeField()
+    auto_renew = models.BooleanField(default=True)
+    started_at = models.DateTimeField(null=True, blank=True)
     expires_at = models.DateTimeField(null=True, blank=True)
+    canceled_at = models.DateTimeField(null=True, blank=True)
     created_at = models.DateTimeField()
     updated_at = models.DateTimeField()
     objects = models.Manager()  # Will be replaced by SubscriptionManager
     class Meta:
         abstract = True
         managed = False
         db_table = SUBSCRIPTION_TABLE
     def __str__(self):
         return f"Subscription {self.pk} - Group {self.organization_group_id}"
     @property
     def organization_group(self):
         """Acessa grupo de organizações (lazy loading)"""
         from .utils import get_organization_group_model
         if not hasattr(self, "_cached_organization_group"):
             OrganizationGroup = get_organization_group_model()
             try:
-                self._cached_organization_group = OrganizationGroup.objects.get(pk=self.organization_group_id)
+                self._cached_organization_group = OrganizationGroup.objects.get(
+                    pk=self.organization_group_id
+                )
             except OrganizationGroup.DoesNotExist:
                 self._cached_organization_group = None
         return self._cached_organization_group
     @property
     def plan(self):
         """Acessa plano (lazy loading)"""
         from .utils import get_plan_model
         if not hasattr(self, "_cached_plan"):
             Plan = get_plan_model()
             try:
@@ -748,122 +838,152 @@ class AbstractSubscription(models.Model):
             except Plan.DoesNotExist:
                 self._cached_plan = None
         return self._cached_plan
     def is_valid(self):
-        """Verifica se assinatura está ativa, paga e não expirada"""
+        """Verifica se assinatura está ativa, paga e não expirada (DEPRECATED: use is_active_and_valid)"""
+        return self.is_active_and_valid()
+    def is_active_and_valid(self):
+        """
+        Verifica se subscription está ativa, paga e dentro do prazo.
+        Considera também se foi cancelada.
+        """
         if not self.active or not self.paid:
             return False
+        if self.canceled_at:
+            # Se cancelada, ainda é válida até expirar
+            if self.expires_at and self.expires_at < timezone.now():
+                return False
+            return True
         if self.expires_at and self.expires_at < timezone.now():
             return False
         return True
     def is_expired(self):
         """Verifica se a assinatura está expirada"""
         if not self.expires_at:
             return False
         return timezone.now() > self.expires_at
+    def needs_renewal(self):
+        """
+        Verifica se a subscription precisa de renovação.
+        Retorna True se auto_renew ativo e expiração atingida/próxima.
+        """
+        if not self.auto_renew:
+            return False
+        if not self.expires_at:
+            return False
+        return timezone.now() >= self.expires_at
     def set_paid(self):
         """Marca assinatura como paga (apenas para referência, não salva)"""
         self.paid = True
         self.payment_date = timezone.now()
-    def cancel(self):
-        """Cancela assinatura (apenas para referência, não salva)"""
-        self.active = False
+    def cancel(self):
+        """Cancela assinatura - mantém ativa até expirar (apenas para referência, não salva)"""
+        self.auto_renew = False
+        self.canceled_at = timezone.now()
 class AbstractGroupOrganizationPermissions(models.Model):
     """
     Model abstrato READ-ONLY da tabela organization_grouporganizationpermissions
     Grupos de permissões criados pela organização para distribuir aos usuários
     Para customizar, configure:
     SHARED_AUTH_GROUP_ORG_PERMISSIONS_MODEL = 'seu_app.CustomGroupOrgPermissions'
     """
     organization_id = models.IntegerField()
     system_id = models.IntegerField()
     name = models.CharField(max_length=100)
     description = models.TextField(blank=True)
-    objects = models.Manager()  # Will be replaced by GroupOrganizationPermissionsManager
+    objects = (
+        models.Manager()
+    )  # Will be replaced by GroupOrganizationPermissionsManager
     class Meta:
         abstract = True
         managed = False
         db_table = GROUP_ORG_PERMISSIONS_TABLE
     def __str__(self):
         return f"{self.name} (Org {self.organization_id})"
     @property
     def organization(self):
         """Acessa organização (lazy loading)"""
         from .utils import get_organization_model
         if not hasattr(self, "_cached_organization"):
             Organization = get_organization_model()
-            self._cached_organization = Organization.objects.get_or_fail(self.organization_id)
+            self._cached_organization = Organization.objects.get_or_fail(
+                self.organization_id
+            )
         return self._cached_organization
     @property
     def system(self):
         """Acessa sistema (lazy loading)"""
         from .utils import get_system_model
         if not hasattr(self, "_cached_system"):
             System = get_system_model()
             self._cached_system = System.objects.get_or_fail(self.system_id)
         return self._cached_system
     @property
     def permissions(self):
         from .utils import get_permission_model
         Permission = get_permission_model()
-        perm_ids = GroupOrgPermissionsPermission.objects.using('auth_db') \
-            .filter(grouporganizationpermissions_id=self.pk) \
-            .values_list('permissions_id', flat=True)
+        perm_ids = (
+            GroupOrgPermissionsPermission.objects.using("auth_db")
+            .filter(grouporganizationpermissions_id=self.pk)
+            .values_list("permissions_id", flat=True)
+        )
-        return Permission.objects.using('auth_db').filter(id__in=perm_ids)
+        return Permission.objects.using("auth_db").filter(id__in=perm_ids)
 class AbstractMemberSystemGroup(models.Model):
     """
     Model abstrato READ-ONLY da tabela organization_membersystemgroup
     Relaciona um membro a um grupo de permissões em um sistema específico
     Para customizar, configure:
     SHARED_AUTH_MEMBER_SYSTEM_GROUP_MODEL = 'seu_app.CustomMemberSystemGroup'
     """
     member_id = models.IntegerField()
     group_id = models.IntegerField()
     system_id = models.IntegerField()
     created_at = models.DateTimeField()
     objects = models.Manager()  # Will be replaced by MemberSystemGroupManager
     class Meta:
         abstract = True
         managed = False
         db_table = GROUP_ORG_PERMISSIONS_TABLE
     def __str__(self):
-        return f"Member {self.member_id} - Group {self.group_id} - System {self.system_id}"
+        return (
+            f"Member {self.member_id} - Group {self.group_id} - System {self.system_id}"
+        )
     @property
     def member(self):
         """Acessa membro (lazy loading)"""
         from .utils import get_member_model
         if not hasattr(self, "_cached_member"):
             Member = get_member_model()
             try:
@@ -871,12 +991,12 @@ class AbstractMemberSystemGroup(models.Model):
             except Member.DoesNotExist:
                 self._cached_member = None
         return self._cached_member
     @property
     def group(self):
         """Acessa grupo (lazy loading)"""
         from .utils import get_group_organization_permissions_model
         if not hasattr(self, "_cached_group"):
             GroupOrgPermissions = get_group_organization_permissions_model()
             try:
@@ -884,14 +1004,13 @@ class AbstractMemberSystemGroup(models.Model):
             except GroupOrgPermissions.DoesNotExist:
                 self._cached_group = None
         return self._cached_group
     @property
     def system(self):
         """Acessa sistema (lazy loading)"""
         from .utils import get_system_model
         if not hasattr(self, "_cached_system"):
             System = get_system_model()
             self._cached_system = System.objects.get_or_fail(self.system_id)
         return self._cached_system

shared_auth/management/commands/generate_permissions.py CHANGED Viewed

@@ -79,7 +79,15 @@ class Command(BaseCommand):
                     name = f"{action_name} {model_display_name}"
                     c, u = self._create_permission(
-                        Permission, codename, name, scope_key, system_id, dry_run
+                        Permission,
+                        codename=codename,
+                        name=name,
+                        scope=scope_key,
+                        scope_label=scope_name,
+                        model=model_name,
+                        model_label=model_display_name,
+                        system_id=system_id,
+                        dry_run=dry_run,
                     )
                     created += c
                     updated += u
@@ -90,14 +98,23 @@ class Command(BaseCommand):
                     action = custom_perm.get("action")
                     perm_name = custom_perm.get("name")
-                    if not action:
+                    if not action and not custom_perm.get("codename"):
                         continue
-                    codename = f"{action}_{model_name}"
+                    codename = custom_perm.get("codename", f"{action}_{model_name}")
                     name = perm_name or f"{action} {model_display_name}"
                     c, u = self._create_permission(
-                        Permission, codename, name, scope_key, system_id, dry_run
+                        Permission,
+                        codename=codename,
+                        name=name,
+                        scope=scope_key,
+                        scope_label=scope_name,
+                        model=model_name,
+                        model_label=model_display_name,
+                        system_id=system_id,
+                        dry_run=dry_run,
                     )
                     created += c
                     updated += u
@@ -105,10 +122,25 @@ class Command(BaseCommand):
         self.stdout.write(f"\nCreated: {created} | Updated: {updated}")
     def _create_permission(
-        self, Permission, codename, name, scope, system_id, dry_run
+        self,
+        Permission,
+        codename,
+        name,
+        scope,
+        scope_label,
+        model,
+        model_label,
+        system_id,
+        dry_run,
     ) -> tuple[int, int]:
         """Create or update a permission. Returns (created_count, updated_count)."""
-        defaults = {"name": name, "scope": scope}
+        defaults = {
+            "name": name,
+            "scope": scope,
+            "scope_label": scope_label,
+            "model": model,
+            "model_label": model_label,
+        }
         if dry_run:
             exists = (

shared_auth/middleware.py CHANGED Viewed

@@ -32,8 +32,9 @@ class SharedAuthMiddleware(MiddlewareMixin):
     def process_request(self, request):
         from .permissions_cache import init_permissions_cache
         init_permissions_cache(request)
         # Caminhos que não precisam de autenticação
         exempt_paths = getattr(
             request,
@@ -176,11 +177,12 @@ class OrganizationMiddleware(MiddlewareMixin):
         request.organization_ids = organization_ids
         Organization = get_organization_model()
         request.organization = Organization.objects.filter(pk=organization_id).first()
         if user and organization_id:
             system_id = self._get_system_id(request)
             if system_id:
                 from .permissions_cache import warmup_permissions_cache
                 warmup_permissions_cache(user.id, organization_id, system_id, request)
     @staticmethod
@@ -246,30 +248,30 @@ class OrganizationMiddleware(MiddlewareMixin):
             return organization_id
         except Exception:
             return None
     @staticmethod
     def _get_system_id(request):
         """
         Obtém o system_id para warm-up de permissões.
         Busca em:
         1. Settings SYSTEM_ID
         2. Header X-System-ID
         """
         from django.conf import settings
-        system_id = getattr(settings, 'SYSTEM_ID', None)
+        system_id = getattr(settings, "SYSTEM_ID", None)
         if system_id:
             return system_id
         # Tentar pegar do header
-        header_value = request.headers.get('X-System-ID')
+        header_value = request.headers.get("X-System-ID")
         if header_value:
             try:
                 return int(header_value)
             except (ValueError, TypeError):
                 pass
         return None
@@ -279,3 +281,96 @@ def get_member(user_id, organization_id):
     return Member.objects.filter(
         user_id=user_id, organization_id=organization_id
     ).first()
+class PaymentVerificationMiddleware(MiddlewareMixin):
+    """
+    Middleware que verifica se a organização possui assinatura ativa.
+    Bloqueia acesso se:
+    - Usuário não está em OrganizationGroup
+    - OrganizationGroup não tem subscription ativa e paga
+    Usage em settings.py:
+        MIDDLEWARE = [
+            'shared_auth.middleware.SharedAuthMiddleware',
+            'shared_auth.middleware.OrganizationMiddleware',
+            'shared_auth.middleware.PaymentVerificationMiddleware',  # Adicionar por último
+        ]
+        # Caminhos permitidos sem pagamento
+        PAYMENT_EXEMPT_PATHS = [
+            '/api/auth/',
+            '/api/checkout/',
+            '/admin/',
+        ]
+    """
+    # Caminhos padrão permitidos sem verificação de pagamento
+    DEFAULT_ALLOWED_PATHS = [
+        "/api/auth/",
+        "/api/checkout/",
+        "/admin/",
+        "/health/",
+        "/docs/",
+        "/static/",
+        "/api/schema/",
+    ]
+    def process_request(self, request):
+        from django.conf import settings
+        # Ignora se não autenticado
+        if not hasattr(request, "user") or not request.user.is_authenticated:
+            return None
+        # Ignora superusers
+        if request.user.is_superuser:
+            return None
+        # Pega caminhos permitidos do settings ou usa padrão
+        allowed_paths = getattr(
+            settings, "PAYMENT_EXEMPT_PATHS", self.DEFAULT_ALLOWED_PATHS
+        )
+        # Verifica se path é permitido
+        if any(request.path.startswith(path) for path in allowed_paths):
+            return None
+        # Busca OrganizationGroup do usuário
+        from .utils import get_organization_group_model, get_subscription_model
+        OrganizationGroup = get_organization_group_model()
+        Subscription = get_subscription_model()
+        # Tenta encontrar OrganizationGroup onde usuário é owner
+        organization_group = OrganizationGroup.objects.filter(
+            owner_id=request.user.id
+        ).first()
+        if not organization_group:
+            return JsonResponse(
+                {
+                    "error": "no_organization_group",
+                    "message": "Usuário não possui grupo de organização. Complete o onboarding.",
+                    "redirect": "/onboarding/",
+                },
+                status=403,
+            )
+        # Verifica se tem subscription ativa e paga
+        has_active_subscription = Subscription.objects.filter(
+            organization_group_id=organization_group.pk, active=True, paid=True
+        ).exists()
+        if not has_active_subscription:
+            return JsonResponse(
+                {
+                    "error": "no_active_subscription",
+                    "message": "Não há assinatura ativa. Realize o pagamento para continuar.",
+                    "redirect": "/checkout/",
+                },
+                status=402,  # Payment Required
+            )
+        return None

shared_auth/serializers.py CHANGED Viewed

@@ -11,8 +11,11 @@ Se quiser usar separadamente:
 - Ou herde ambos se precisar
 """
+from django.conf import settings
 from rest_framework import serializers
+from shared_auth.permissions_helpers import get_user_permission_codenames
 from .utils import get_organization_model, get_organization_serializer, get_user_model
@@ -93,6 +96,7 @@ class OrganizationSerializerMixin(serializers.ModelSerializer):
             "image_organization": org.image_organization.url
             if org.image_organization
             else None,
+            "logo": org.logo.url if org.logo else None,
             "cnpj": org.cnpj,
             "email": org.email,
             "telephone": org.telephone,
@@ -233,6 +237,16 @@ class UserSerializer(serializers.ModelSerializer):
     Usa get_user_model() para suportar models customizados.
     """
+    permissions = serializers.SerializerMethodField()
+    def get_permissions(self, obj):
+        system_id = getattr(settings, "SYSTEM_ID", None)
+        request = self.context.get("request")
+        organization_id = request.organization_id
+        return get_user_permission_codenames(
+            obj.id, organization_id, system_id, request=request
+        )
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.Meta.model = get_user_model()
@@ -250,6 +264,7 @@ class UserSerializer(serializers.ModelSerializer):
             "is_superuser",
             "date_joined",
             "last_login",
+            "permissions",
         ]

shared_auth/views.py CHANGED Viewed

@@ -1,15 +1,21 @@
 from rest_framework import viewsets
 from rest_framework.decorators import action
-from rest_framework.response import Response
 from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from shared_auth.mixins import LoggedOrganizationPermMixin, RequirePermissionMixin
+from shared_auth.utils import get_member_model, get_user_model
 from .middleware import get_member
 from .serializers import OrganizationSerializer, UserSerializer
 class OrganizationViewSet(viewsets.ReadOnlyModelViewSet):
     """
     ViewSet para organizações do usuário + action `me` para retornar
     a organização atual via header.
     """
     serializer_class = OrganizationSerializer
     permission_classes = [IsAuthenticated]
@@ -17,24 +23,42 @@ class OrganizationViewSet(viewsets.ReadOnlyModelViewSet):
         organizations = self.request.user.organizations
         return organizations
-    @action(detail=False, methods=['get'])
+    @action(detail=False, methods=["get"])
     def me(self, request):
         org = request.user.get_org(request.organization_id)
         if not org:
-            return Response({"detail": "Organization not specified or not found."}, status=400)
+            return Response(
+                {"detail": "Organization not specified or not found."}, status=400
+            )
         if not get_member(request.user.id, org.pk):
-            return Response({"detail": "Você não pertence a essa organização."}, status=403)
+            return Response(
+                {"detail": "Você não pertence a essa organização."}, status=403
+            )
         serializer = self.get_serializer(org)
         return Response(serializer.data)
-class UserViewSet(viewsets.ReadOnlyModelViewSet):
+class UserViewSet(
+    RequirePermissionMixin, LoggedOrganizationPermMixin, viewsets.ReadOnlyModelViewSet
+):
     serializer_class = UserSerializer
     permission_classes = [IsAuthenticated]
-    # def get_queryset(self):
-    #     return User.objects.filter(pk=self.request.user.pk)
+    def get_queryset(self):
+        members = (
+            get_member_model()
+            .objects.filter(organization_id=self.request.organization_id)
+            .values_list("user_id", flat=True)
+        )
+        return get_user_model().objects.filter(id__in=members)
     def list(self, request, *args, **kwargs):
         serializer = self.get_serializer(request.user)
-        return Response(serializer.data)
+        return Response(serializer.data)
+    @action(detail=False, methods=["get"], url_path="list")
+    def list_all(self, request):
+        users = self.get_queryset()
+        serializer = self.get_serializer(users, many=True)
+        return Response(serializer.data)

{maquinaweb_shared_auth-0.2.60.dist-info → maquinaweb_shared_auth-0.2.75.dist-info}/WHEEL RENAMED Viewed

File without changes

{maquinaweb_shared_auth-0.2.60.dist-info → maquinaweb_shared_auth-0.2.75.dist-info}/top_level.txt RENAMED Viewed

File without changes

maquinaweb-shared-auth 0.2.60__py3-none-any.whl → 0.2.75__py3-none-any.whl

maquinaweb-shared-auth 0.2.60py3-none-any.whl → 0.2.75py3-none-any.whl