micro-users 1.2.4__tar.gz → 1.3.1__tar.gz

{micro_users-1.2.4 → micro_users-1.3.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: micro_users
-Version: 1.2.4
+Version: 1.3.1
 Summary: Arabic Django user management app with abstract user, permissions, and activity logging
 Home-page: https://github.com/debeski/micro-users
 Author: DeBeski
@@ -99,12 +99,19 @@ python manage.py migrate users
 ## Structure
 ```
 users/
-├── models.py      # User model, permissions, activity logs
-├── views.py       # CRUD operations
-├── urls.py        # URL routing
-├── admin.py       # Admin integration
-├── templates/     # HTML templates
-└── migrations/    # Database migrations
+├── views.py        # CRUD operations
+├── urls.py         # URL routing
+├── tables.py       # User and Activity Log tables
+├── signals.py      # Logging signals
+├── models.py       # User model, permissions, activity logs
+├── forms.py        # Creation, edit,. etc.
+├── filter.py       # Search filters
+├── apps.py         # Permissions Localization
+├── admin.py        # Admin UI integration
+├── __init__.py     # Python init
+├── templates/      # HTML templates
+├── static/         # CSS classes
+└── migrations/     # Database migrations
 ```
 
 ## Version History
@@ -122,3 +129,5 @@ users/
 | v1.2.1   | • Fixed a minor import bug |
 | v1.2.3   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
 | v1.2.4   | • Fixed a couple of visual inconsistencies |
+| v1.3.0   | • Patched a critical security permission issue<br> • Disabled ADMIN from being viewed/edited from other staff members<br> • Fixed an issue when sorting with full_name<br> • Enabled Logging for all actions |
+| v1.3.1   | • replaced a misplaced code that caused a crash when editing profile |

{micro_users-1.2.4 → micro_users-1.3.1}/README.md

@@ -68,12 +68,19 @@ python manage.py migrate users
 ## Structure
 ```
 users/
-├── models.py      # User model, permissions, activity logs
-├── views.py       # CRUD operations
-├── urls.py        # URL routing
-├── admin.py       # Admin integration
-├── templates/     # HTML templates
-└── migrations/    # Database migrations
+├── views.py        # CRUD operations
+├── urls.py         # URL routing
+├── tables.py       # User and Activity Log tables
+├── signals.py      # Logging signals
+├── models.py       # User model, permissions, activity logs
+├── forms.py        # Creation, edit,. etc.
+├── filter.py       # Search filters
+├── apps.py         # Permissions Localization
+├── admin.py        # Admin UI integration
+├── __init__.py     # Python init
+├── templates/      # HTML templates
+├── static/         # CSS classes
+└── migrations/     # Database migrations
 ```
 
 ## Version History
@@ -90,4 +97,6 @@ users/
 | v1.2.0   | • Added User Details view with specific user activity log |
 | v1.2.1   | • Fixed a minor import bug |
 | v1.2.3   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
-| v1.2.4   | • Fixed a couple of visual inconsistencies |
+| v1.2.4   | • Fixed a couple of visual inconsistencies |
+| v1.3.0   | • Patched a critical security permission issue<br> • Disabled ADMIN from being viewed/edited from other staff members<br> • Fixed an issue when sorting with full_name<br> • Enabled Logging for all actions |
+| v1.3.1   | • replaced a misplaced code that caused a crash when editing profile |

{micro_users-1.2.4 → micro_users-1.3.1}/micro_users.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: micro-users
-Version: 1.2.4
+Version: 1.3.1
 Summary: Arabic Django user management app with abstract user, permissions, and activity logging
 Home-page: https://github.com/debeski/micro-users
 Author: DeBeski
@@ -99,12 +99,19 @@ python manage.py migrate users
 ## Structure
 ```
 users/
-├── models.py      # User model, permissions, activity logs
-├── views.py       # CRUD operations
-├── urls.py        # URL routing
-├── admin.py       # Admin integration
-├── templates/     # HTML templates
-└── migrations/    # Database migrations
+├── views.py        # CRUD operations
+├── urls.py         # URL routing
+├── tables.py       # User and Activity Log tables
+├── signals.py      # Logging signals
+├── models.py       # User model, permissions, activity logs
+├── forms.py        # Creation, edit,. etc.
+├── filter.py       # Search filters
+├── apps.py         # Permissions Localization
+├── admin.py        # Admin UI integration
+├── __init__.py     # Python init
+├── templates/      # HTML templates
+├── static/         # CSS classes
+└── migrations/     # Database migrations
 ```
 
 ## Version History
@@ -122,3 +129,5 @@ users/
 | v1.2.1   | • Fixed a minor import bug |
 | v1.2.3   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
 | v1.2.4   | • Fixed a couple of visual inconsistencies |
+| v1.3.0   | • Patched a critical security permission issue<br> • Disabled ADMIN from being viewed/edited from other staff members<br> • Fixed an issue when sorting with full_name<br> • Enabled Logging for all actions |
+| v1.3.1   | • replaced a misplaced code that caused a crash when editing profile |

{micro_users-1.2.4 → micro_users-1.3.1}/micro_users.egg-info/SOURCES.txt

@@ -19,6 +19,7 @@ users/tables.py
 users/urls.py
 users/views.py
 users/migrations/0001_initial.py
+users/migrations/0002_alter_useractivitylog_action.py
 users/migrations/__init__.py
 users/static/css/login.css
 users/static/img/default_profile.webp

{micro_users-1.2.4 → micro_users-1.3.1}/pyproject.toml

@@ -8,7 +8,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "micro_users"
-version = "1.2.4"
+version = "1.3.1"
 description = "Arabic Django user management app with abstract user, permissions, and activity logging"
 readme = "README.md"
 requires-python = ">=3.11"

{micro_users-1.2.4 → micro_users-1.3.1}/setup.py

@@ -5,7 +5,7 @@ with open("README.md", "r", encoding="utf-8") as fh:
 
 setup(
     name="micro_users",
-    version="1.2.4",
+    version="1.3.1",
     author="DeBeski",
     author_email="debeski1@gmail.com",
     description="Arabic django user management app with abstract user, permissions, and activity logging",

{micro_users-1.2.4 → micro_users-1.3.1}/users/filters.py

@@ -14,11 +14,9 @@ class UserFilter(django_filters.FilterSet):
         method='filter_keyword',
         label='',
     )
-
     class Meta:
         model = User
         fields = []
-
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         self.form.helper = FormHelper()
@@ -33,7 +31,6 @@ class UserFilter(django_filters.FilterSet):
                 css_class='form-row'
             ),
         )
-
     def filter_keyword(self, queryset, name, value):
         """
         Filter the queryset by matching the keyword in username, email, phone, and occupation.
@@ -48,37 +45,31 @@ class UserFilter(django_filters.FilterSet):
         )
 
 
-
 class UserActivityLogFilter(django_filters.FilterSet):
     keyword = django_filters.CharFilter(
         method='filter_keyword',
         label='',
     )
-
     year = django_filters.ChoiceFilter(
         field_name="timestamp__year",
         lookup_expr="exact",
         choices=[],
         empty_label="السنة",
     )
-
     class Meta:
         model = UserActivityLog
         fields = {
             'timestamp': ['gte', 'lte'],
         }
-
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         
         # Fetch distinct years dynamically
         years = UserActivityLog.objects.dates('timestamp', 'year').distinct()
         self.filters['year'].extra['choices'] = [(year.year, year.year) for year in years]
-
         self.filters['year'].field.widget.attrs.update({
             'onchange': 'this.form.submit();'
         })
-
         self.form.helper = FormHelper()
         self.form.helper.form_method = 'GET'
         self.form.helper.form_class = 'form-inline'
@@ -100,7 +91,6 @@ class UserActivityLogFilter(django_filters.FilterSet):
                 css_class='form-row'
             ),
         )
-
     def filter_keyword(self, queryset, name, value):
         """
         Filter the queryset by matching the keyword in username, email, phone, and occupation.
@@ -116,5 +106,3 @@ class UserActivityLogFilter(django_filters.FilterSet):
             Q(ip_address__icontains=value)
         )
 
-
-

micro_users-1.3.1/users/migrations/0002_alter_useractivitylog_action.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.2.8 on 2025-12-08 14:58
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='useractivitylog',
+            name='action',
+            field=models.CharField(choices=[('LOGIN', 'تسجيل دخـول'), ('LOGOUT', 'تسجيل خـروج'), ('CREATE', 'انشـاء'), ('UPDATE', 'تعديـل'), ('DELETE', 'حــذف'), ('VIEW', 'عـرض'), ('DOWNLOAD', 'تحميل'), ('CONFIRM', 'تأكيـد'), ('REJECT', 'رفــض'), ('RESET', 'اعادة ضبط')], max_length=10, verbose_name='العملية'),
+        ),
+    ]

{micro_users-1.2.4 → micro_users-1.3.1}/users/models.py

@@ -25,6 +25,7 @@ class UserActivityLog(models.Model):
         ('DOWNLOAD', 'تحميل'),
         ('CONFIRM', 'تأكيـد'),
         ('REJECT', 'رفــض'),
+        ('RESET', 'اعادة ضبط'),
     ]
 
     user = models.ForeignKey(settings.AUTH_USER_MODEL, on_delete=models.SET_NULL, verbose_name="اسم المستخدم", null=True, blank=True)

{micro_users-1.2.4 → micro_users-1.3.1}/users/tables.py

@@ -10,6 +10,8 @@ class UserTable(tables.Table):
     username = tables.Column(verbose_name="اسم المستخدم")
     email = tables.Column(verbose_name="البريد الالكتروني")
     full_name = tables.Column(verbose_name="الاسم بالكامل", orderable=False,)
+    is_staff = tables.BooleanColumn(verbose_name="مسؤول")
+    is_active = tables.BooleanColumn(verbose_name="نشط")
     last_login = tables.DateColumn(
         format="H:i Y-m-d ",  # This is the format you want for the timestamp
         verbose_name="اخر دخول"
@@ -33,10 +35,15 @@ class UserActivityLogTable(tables.Table):
         format="H:i Y-m-d ",  # This is the format you want for the timestamp
         verbose_name="وقت العملية"
     )
+    full_name = tables.Column(
+        verbose_name="الاسم بالكامل",
+        accessor='user.full_name',
+        order_by='user__first_name'
+    )
     class Meta:
         model = UserActivityLog
         template_name = "django_tables2/bootstrap5.html"
-        fields = ("timestamp", "user", "user.full_name", "action", "model_name", "object_id", "number")
+        fields = ("timestamp", "user", "full_name", "action", "model_name", "object_id", "number")
         attrs = {'class': 'table table-hover align-middle'}
 
 class UserActivityLogTableNoUser(UserActivityLogTable):

{micro_users-1.2.4 → micro_users-1.3.1}/users/templates/users/user_actions.html

@@ -1,23 +1,21 @@
 <div class="d-flex gap-2 align-items-center justify-content-end no-print">
+    {% if user.is_superuser or user.is_staff and not record.is_superuser %}
     <div class="dropdown-center">
         <a href="#" class="action-icon" id="actionDropdown{{ record.id }}" data-bs-toggle="dropdown" aria-expanded="false">
             <i class="bi bi-three-dots-vertical text-dark"></i>
         </a>
         <ul class="dropdown-menu" aria-labelledby="actionDropdown{{ record.id }}">
-            {% comment %} <li>
-                <a class="dropdown-item" href="#" title="عرض">
-                    <i class="bi bi-person-lines-fill text-dark me-1 h5"> </i> عرض
-                </a>
-            </li> {% endcomment %}
+            
             <li>
                 <a class="dropdown-item" href="{% url 'user_detail' record.pk %}" title="عرض">
-                    <i class="bi bi-person-dash-fill text-dark me-1 h5"> </i> عرض
+                    <i class="bi bi-person-lines-fill text-dark me-1 h5"> </i> عرض
                 </a>
             </li>
-            {% if not record.is_superuser %}
+            
+            {% if user.is_superuser or user.is_staff and not record.is_superuser %}
             <li>
                 <a class="dropdown-item" href="{% url 'edit_user' record.pk %}" title="تعديل">
-                    <i class="bi bi-person-dash-fill text-dark me-1 h5"> </i> تعديل
+                    <i class="bi bi-person-dash-fill text-dark me-1 h5"></i> تعديل
                 </a>
             </li>
             {% endif %}
@@ -31,4 +29,5 @@
             {% endif %}
         </ul>
     </div>
+    {% endif %}
 </div>

{micro_users-1.2.4 → micro_users-1.3.1}/users/views.py

@@ -10,6 +10,7 @@ from django.shortcuts import render, redirect, get_object_or_404
 from django_tables2 import RequestConfig, SingleTableView
 from django_filters.views import FilterView
 from django.views.generic.detail import DetailView
+from django.apps import apps
 
 # Project imports
 #################
@@ -22,6 +23,19 @@ from .models import UserActivityLog
 
 User = get_user_model() # Use custom user model
 
+# Helper Function to log actions
+def log_user_action(request, instance, action, model_name):
+    UserActivityLog.objects.create(
+        user=request.user,
+        action=action,
+        model_name=model_name,
+        object_id=instance.pk,
+        number=instance.number if hasattr(instance, 'number') else '',
+        timestamp=timezone.now(),
+        ip_address=get_client_ip(request),
+        user_agent=request.META.get("HTTP_USER_AGENT", ""),
+    )
+
 #####################################################################
 
 # Function to recognize staff
@@ -48,7 +62,9 @@ class UserListView(LoginRequiredMixin, UserPassesTestMixin, FilterView, SingleTa
     def get_queryset(self):
         # Apply the filter and order by any logic you need
         qs = super().get_queryset().order_by('date_joined')
-        # Apply ordering here if needed, for example:
+        # Hide superuser entries from non-superusers
+        if not self.request.user.is_superuser:
+            qs = qs.exclude(is_superuser=True)
         return qs
 
     def get_context_data(self, **kwargs):
@@ -66,11 +82,11 @@ class UserListView(LoginRequiredMixin, UserPassesTestMixin, FilterView, SingleTa
 # Function for creating a new User
 @user_passes_test(is_staff)
 def create_user(request):
-    
     if request.method == "POST":
         form = CustomUserCreationForm(request.POST or None)
         if form.is_valid():
-            form.save()
+            user = form.save()
+            log_user_action(request, user, "CREATE", "مستخدم")
             return redirect("manage_users")
         else:
             return render(request, "users/user_form.html", {"form": form})
@@ -84,12 +100,19 @@ def create_user(request):
 @user_passes_test(is_staff)
 def edit_user(request, pk):
     user = get_object_or_404(User, pk=pk)
+    
+    # 🚫 Block staff users from editing superuser accounts
+    if user.is_superuser and not request.user.is_superuser:
+        messages.error(request, "لا يمكن تعديل هذا الحساب!")
+        return redirect('manage_users')
+
     form_reset = ResetPasswordForm(user, data=request.POST or None)
 
     if request.method == "POST":
         form = CustomUserChangeForm(request.POST, instance=user)
         if form.is_valid():
-            form.save()
+            user = form.save()
+            log_user_action(request, user, "UPDATE", "مستخدم")
             return redirect("manage_users")
         else:
             # Validation errors will be automatically handled by the form object
@@ -106,17 +129,8 @@ def edit_user(request, pk):
 def delete_user(request, pk):
     user = get_object_or_404(User, pk=pk)
     if request.method == "POST":
+        log_user_action(request, user, "DELETE", "مستخدم")
         user.delete()
-        UserActivityLog.objects.create(
-            user=request.user,
-            action="DELETE",
-            model_name='مستخدم',
-            object_id=user.pk,
-            number=user.username,  # Save the relevant number
-            timestamp=timezone.now(),
-            ip_address=get_client_ip(request),  # Assuming you have this function
-            user_agent=request.META.get("HTTP_USER_AGENT", ""),
-        )
         return redirect("manage_users")
     return redirect("manage_users")  # Redirect instead of rendering a separate page
 
@@ -172,10 +186,11 @@ def reset_password(request, pk):
         form = ResetPasswordForm(user=user, data=request.POST)  # ✅ Correct usage with SetPasswordForm
         if form.is_valid():
             form.save()
-            return redirect("manage_users")  # Redirect after successful reset
+            log_user_action(request, user, "RESET", "رمز سري")
+            return redirect("manage_users")
         else:
-            print("Form errors:", form.errors)  # Debugging
-            return redirect("edit_user", pk=pk)  # Redirect to edit user on failure
+            print("Form errors:", form.errors)
+            return redirect("edit_user", pk=pk)
     
     return redirect("manage_users")  # Fallback redirect
 
@@ -189,6 +204,7 @@ def user_profile(request):
         password_form = ArabicPasswordChangeForm(user, request.POST)
         if password_form.is_valid():
             password_form.save()
+            log_user_action(request, user, "UPDATE", "رمز سري")
             update_session_auth_hash(request, password_form.user)  # Prevent user from being logged out
             messages.success(request, 'تم تغيير كلمة المرور بنجاح!')
             return redirect('user_profile')
@@ -209,14 +225,12 @@ def edit_profile(request):
     if request.method == 'POST':
         form = UserProfileEditForm(request.POST, request.FILES, instance=request.user)
         if form.is_valid():
-            form.save()
+            user = form.save()
+            log_user_action(request, user, "UPDATE", "بيانات شخصية")
             messages.success(request, 'تم حفظ التغييرات بنجاح')
             return redirect('user_profile')
         else:
             messages.error(request, 'حدث خطأ أثناء حفظ التغييرات')
-
     else:
         form = UserProfileEditForm(instance=request.user)
-
     return render(request, 'users/profile_edit.html', {'form': form})
-