micro-users 1.3.2__py3-none-any.whl → 1.4.1__py3-none-any.whl

{micro_users-1.3.2.dist-info → micro_users-1.4.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: micro-users
-Version: 1.3.2
+Version: 1.4.1
 Summary: Arabic Django user management app with abstract user, permissions, and activity logging
 Home-page: https://github.com/debeski/micro-users
 Author: DeBeski
@@ -54,12 +54,13 @@ Requires-Dist: babel (>=2.1)
 - Admin interface integration
 - CRUD views and templates
 - Filtering and tabulation
+> *Future updates are planned to support dynamic language switching between RTL and LTR.*
 
 ## Installation
 
 ```bash
 pip install git+https://github.com/debeski/micro-users.git
-# OR local
+# OR
 pip install micro-users
 ```
 
@@ -275,8 +276,10 @@ users/
 | v1.1.1   | • Fixed an expolit where a staff member could disable the ADMIN user |
 | v1.2.0   | • Added User Details view with specific user activity log |
 | v1.2.1   | • Fixed a minor import bug |
-| v1.2.3   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
-| v1.2.4   | • Fixed a couple of visual inconsistencies |
+| v1.2.2   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
+| v1.2.3   | • Fixed a couple of visual inconsistencies |
 | v1.3.0   | • Patched a critical security permission issue<br> • Disabled ADMIN from being viewed/edited from all other members<br> • Fixed a crash when sorting with full_name<br> • Enabled Logging for all actions |
 | v1.3.1   | • Corrected a misplaced code that caused a crash when editing profile |
 | v1.3.2   | • Minor table modifications |
+| v1.4.0   | • Redesigned Permissions UI (Grouped by App/Action) <br> • Added Global Bulk Permission Selectors <br> • Improved Arabic Localization for Permissions <br> • Optimized printing (hidden forms/buttons) <br> • Fixed various bugs and crashes |
+| v1.4.1   | • Changed "Administrative User" translation to "Responsible User" (مستخدم مسؤول) <br> • Enforced custom sorting order for Permissions (View -> Add -> Change -> Other) |

{micro_users-1.3.2.dist-info → micro_users-1.4.1.dist-info}/RECORD

@@ -2,7 +2,7 @@ users/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 users/admin.py,sha256=VF0V6hQ9Obcdinnjb8nBHaknas2p3O5w-6yAJ-DeARQ,636
 users/apps.py,sha256=Xb1nGvCl08KaUVqcUG82-jYdG6-KTVjaw_lgr5GIuYY,1133
 users/filters.py,sha256=neOdbyOSYVQXAQ2vKAW-0bcj7KIh9xc8UboHTlaZU4Q,4785
-users/forms.py,sha256=GHC8pFm2i9PD3MVaakrgMXEszsBrXieHq7DYiAfo8Fw,14977
+users/forms.py,sha256=xWMSGNcsHj7eTj8o1IkOAC5jshaOrMHDXTn7l9P88Ho,15703
 users/models.py,sha256=V_SIyGGq2w_bww7YufMjqXMSKN1u9CkSMPuOLiwPjtc,2100
 users/signals.py,sha256=5Kd3KyfPT6740rvwZj4vy1yXsmjVhmaQ__RB8p5R5aE,1336
 users/tables.py,sha256=2HiDXa_4Hq1at86vfbhg1U3NobMjMWXTVQIJz3AizmQ,2088
@@ -13,16 +13,17 @@ users/migrations/0002_alter_useractivitylog_action.py,sha256=I7NLxgcPTslCMuADcr1
 users/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 users/static/css/login.css,sha256=SiJ6jBbWQAP2Nxt7DOTZbTcFYP9JEp557AuQZ9Eirb0,2120
 users/static/img/default_profile.webp,sha256=BKUoQHo4z_fZnmc6z6I-KFvLEHahDr98U9LnDQKHLAM,3018
-users/templates/user_activity_log.html,sha256=S_FDN6vVLz_mB826yjeU9vtVGtzk7E_LKBmQIeYtdkQ,611
+users/templates/user_activity_log.html,sha256=41G7Wjv8ehBTSALwLLVzzoIBIo5hSM3FOw36olDINF8,481
 users/templates/registration/login.html,sha256=owbzO_XjqMeSncwWxkTzsvbkhjEZd7LdbblC3HBnld0,4091
-users/templates/users/manage_users.html,sha256=71SIAF6xyyKa863yLmqCHaqbGwATmpVmXRVtpy_330M,2942
+users/templates/users/manage_users.html,sha256=qWmlIHeuxEldI2sc_ERedbxq5BtUyxtBbNt3MZ0qLyc,2801
 users/templates/users/profile.html,sha256=Ir8zvYUgDm89BlwVuuCsPJIVvTPa_2wH3HAaitPc4s8,2911
 users/templates/users/profile_edit.html,sha256=L9DUHlQHG-PmxwxBbSjgPk1dEmy0spPi6wXzT4hQe-U,4218
 users/templates/users/user_actions.html,sha256=J44-sn0fMbLUWjdtlcf5YhgT5OYRykr1mFkeVXoI1ew,1543
-users/templates/users/user_detail.html,sha256=QkJ-6jdtUdi8mM-V_MzqYcdoEkzXEsIeFMliNjgIOsc,2053
+users/templates/users/user_detail.html,sha256=yPiuOGF96rV8t2H1Fl2hhIq78N1588ZFbh5gbAezaxw,2053
 users/templates/users/user_form.html,sha256=jcyI7OQZOY4ue4DajPtfjAt2SmAYO5ZgHNOqTp2-FO0,1352
-micro_users-1.3.2.dist-info/LICENSE,sha256=Fco89ULLSSxKkC2KKnx57SaT0R7WOkZfuk8IYcGiN50,1063
-micro_users-1.3.2.dist-info/METADATA,sha256=ov27iIs5nPtYsDN6RZVro1vm3SRGwSn0qaaXufBKrdA,9713
-micro_users-1.3.2.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-micro_users-1.3.2.dist-info/top_level.txt,sha256=tWT24ZcWau2wrlbpU_h3mP2jRukyLaVYiyHBuOezpLQ,6
-micro_users-1.3.2.dist-info/RECORD,,
+users/templates/users/widgets/grouped_permissions.html,sha256=q51WO-xMvg0aAqn6Ey8pMINDbFOHap_BgHcMxOvfLBw,9878
+micro_users-1.4.1.dist-info/LICENSE,sha256=Fco89ULLSSxKkC2KKnx57SaT0R7WOkZfuk8IYcGiN50,1063
+micro_users-1.4.1.dist-info/METADATA,sha256=cdGwqpDvTHTkM9JuionfJZPG9bJ80ds2VdWaLEfQ2Nw,10256
+micro_users-1.4.1.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+micro_users-1.4.1.dist-info/top_level.txt,sha256=tWT24ZcWau2wrlbpU_h3mP2jRukyLaVYiyHBuOezpLQ,6
+micro_users-1.4.1.dist-info/RECORD,,

users/forms.py

@@ -12,14 +12,115 @@ from django.core.exceptions import ValidationError
 from django.utils.translation import gettext_lazy as _
 from django.db.models import Q
 
+
+from django.forms.widgets import ChoiceWidget
+
 User = get_user_model()
 
+class GroupedPermissionWidget(ChoiceWidget):
+    template_name = 'users/widgets/grouped_permissions.html'
+    allow_multiple_selected = True
+
+    def value_from_datadict(self, data, files, name):
+        if hasattr(data, 'getlist'):
+            return data.getlist(name)
+        return data.get(name)
+
+    def get_context(self, name, value, attrs):
+        from django.apps import apps
+        context = super().get_context(name, value, attrs)
+        
+        # Get current selected values (as strings/ints)
+        if value is None:
+            value = []
+        str_values = set(str(v) for v in value)
+        
+        # Access the queryset directly
+        qs = None
+        if hasattr(self.choices, 'queryset'):
+            qs = self.choices.queryset.select_related('content_type').order_by('content_type__app_label', 'codename')
+        else:
+             choices = list(self.choices)
+             choice_ids = [c[0] for c in choices if c[0]]
+             qs = Permissions.objects.filter(id__in=choice_ids).select_related('content_type').order_by('content_type__app_label', 'codename')
+
+        grouped_perms = {}
+        
+        for perm in qs:
+            app_label = perm.content_type.app_label
+            
+            # Fetch verbose app name
+            try:
+                app_config = apps.get_app_config(app_label)
+                app_verbose_name = app_config.verbose_name
+            except LookupError:
+                app_verbose_name = app_label.title()
+
+            # Determine action
+            action = 'other'
+            codename = perm.codename
+            if codename.startswith('view_'): action = 'view'
+            elif codename.startswith('add_'): action = 'add'
+            elif codename.startswith('change_'): action = 'change'
+            elif codename.startswith('delete_'): action = 'delete'
+            
+            # Build option dict
+            current_id = attrs.get('id', 'id_permissions') if attrs else 'id_permissions'
+
+            option = {
+                'name': name,
+                'value': perm.pk,
+                'label': str(perm), # Force string conversion to use custom __str__ method
+                'selected': str(perm.pk) in str_values,
+                'attrs': {
+                    'id': f"{current_id}_{perm.pk}",
+                    'data_action': action  # Critical for JS global select
+                }
+            }
+            
+            if app_label not in grouped_perms:
+                grouped_perms[app_label] = {
+                    'name': app_verbose_name,
+                    'actions': {}
+                }
+            
+            grouped_perms[app_label]['actions'].setdefault(action, []).append(option)
+        
+        # Sort actions within each app: View -> Add -> Change -> Delete -> Other
+        action_order = {'view': 1, 'add': 2, 'change': 3, 'delete': 4, 'other': 5}
+        for app_label, app_data in grouped_perms.items():
+            app_data['actions'] = dict(sorted(
+                app_data['actions'].items(),
+                key=lambda item: action_order.get(item[0], 99)
+            ))
+            
+        context['widget']['grouped_perms'] = grouped_perms
+        return context
+
+    def render(self, name, value, attrs=None, renderer=None):
+        from django.template.loader import render_to_string
+        from django.utils.safestring import mark_safe
+        
+        context = self.get_context(name, value, attrs)
+        return mark_safe(render_to_string(self.template_name, context))
+
+
 # Custom User Creation form layout
 class CustomUserCreationForm(UserCreationForm):
     permissions = forms.ModelMultipleChoiceField(
-        queryset=Permissions.objects.all(),
+        queryset=Permissions.objects.exclude(
+            Q(codename__regex=r'^(delete_)') |
+            Q(content_type__app_label__in=[
+                'admin',
+                'auth',
+                'contenttypes',
+                'sessions',
+                'django_celery_beat',
+                'users'
+            ])
+        ),
         required=False,
-        widget=forms.CheckboxSelectMultiple,
+        widget=GroupedPermissionWidget,
         label="الصلاحيات"
     )
 
@@ -47,36 +148,6 @@ class CustomUserCreationForm(UserCreationForm):
         self.fields["password1"].help_text = "كلمة المرور يجب ألا تكون مشابهة لمعلوماتك الشخصية، وأن تحتوي على 8 أحرف على الأقل، وألا تكون شائعة أو رقمية بالكامل.."
         self.fields["password2"].help_text = "أدخل نفس كلمة المرور السابقة للتحقق."
 
-        # Split permissions queryset into two parts for 2 columns
-        permissions_list = list(Permissions.objects.exclude(
-            Q(codename__regex=r'^(delete_)') |
-            Q(content_type__app_label__in=[
-                'admin',
-                'auth',
-                'contenttypes',
-                'sessions',
-                'django_celery_beat',
-                'users'
-            ])
-        ))
-        mid_point = len(permissions_list) // 2
-        permissions_right = permissions_list[:mid_point]
-        permissions_left = permissions_list[mid_point:]
-
-        # Create two fields with only one column of permissions each
-        self.fields["permissions_right"] = forms.ModelMultipleChoiceField(
-            queryset=Permissions.objects.filter(id__in=[p.id for p in permissions_right]),
-            required=False,
-            widget=forms.CheckboxSelectMultiple,
-            label="الصلاحيـــات"
-        )
-        self.fields["permissions_left"] = forms.ModelMultipleChoiceField(
-            queryset=Permissions.objects.filter(id__in=[p.id for p in permissions_left]),
-            required=False,
-            widget=forms.CheckboxSelectMultiple,
-            label=""
-        )
-
         # Use Crispy Forms Layout helper
         self.helper = FormHelper()
         self.helper.layout = Layout(
@@ -96,11 +167,7 @@ class CustomUserCreationForm(UserCreationForm):
                 css_class="row"
             ),
             HTML("<hr>"),
-            Div(
-                Div(Field("permissions_right", css_class="col-md-6"), css_class="col-md-6"),
-                Div(Field("permissions_left", css_class="col-md-6"), css_class="col-md-6"),
-                css_class="row"
-            ),
+            Field("permissions", css_class="col-12"),
             "is_staff",
             "is_active",
             FormActions(
@@ -126,17 +193,27 @@ class CustomUserCreationForm(UserCreationForm):
         user = super().save(commit=False)
         if commit:
             user.save()
-        # Manually set permissions from both fields
-        user.user_permissions.set(self.cleaned_data["permissions_left"] | self.cleaned_data["permissions_right"])
+        # Manually set permissions
+        user.user_permissions.set(self.cleaned_data["permissions"])
         return user
 
 
 # Custom User Editing form layout
 class CustomUserChangeForm(UserChangeForm):
     permissions = forms.ModelMultipleChoiceField(
-        queryset=Permissions.objects.all(),
+        queryset=Permissions.objects.exclude(
+            Q(codename__regex=r'^(delete_)') |
+            Q(content_type__app_label__in=[
+                'admin',
+                'auth',
+                'contenttypes',
+                'sessions',
+                'django_celery_beat',
+                'users'
+            ])
+        ),
         required=False,
-        widget=forms.CheckboxSelectMultiple,
+        widget=GroupedPermissionWidget,
         label="الصلاحيات"
     )
 
@@ -162,48 +239,8 @@ class CustomUserChangeForm(UserChangeForm):
         self.fields["is_staff"].help_text = "يحدد ما إذا كان بإمكان المستخدم الوصول إلى قسم ادارة المستخدمين."
         self.fields["is_active"].help_text = "يحدد ما إذا كان يجب اعتبار هذا الحساب نشطًا. قم بإلغاء تحديد هذا الخيار بدلاً من الحذف."
         
-        # Split permissions queryset into two parts for 2 columns
-        permissions_list = list(Permissions.objects.exclude(
-            Q(codename__regex=r'^(delete_)') |
-            Q(content_type__app_label__in=[
-                'admin',
-                'auth',
-                'contenttypes',
-                'sessions',
-                'django_celery_beat',
-                'users'
-            ])
-        ))
-        mid_point = len(permissions_list) // 2
-        self.permissions_right = permissions_list[:mid_point]
-        self.permissions_left = permissions_list[mid_point:]
-
-        # Get user's current permissions
         if user:
-            user_permissions = set(user.user_permissions.all())
-
-            # Set initial values based on user's existing permissions
-            initial_right = [p.id for p in self.permissions_right if p in user_permissions]
-            initial_left = [p.id for p in self.permissions_left if p in user_permissions]
-        else:
-            initial_right = []
-            initial_left = []
-
-        # Create two fields with only one column of permissions each
-        self.fields["permissions_right"] = forms.ModelMultipleChoiceField(
-            queryset=Permissions.objects.filter(id__in=[p.id for p in self.permissions_right]),
-            required=False,
-            widget=forms.CheckboxSelectMultiple,
-            label="الصلاحيـــات",
-            initial=initial_right
-        )
-        self.fields["permissions_left"] = forms.ModelMultipleChoiceField(
-            queryset=Permissions.objects.filter(id__in=[p.id for p in self.permissions_left]),
-            required=False,
-            widget=forms.CheckboxSelectMultiple,
-            label="",
-            initial=initial_left
-        )
+            self.fields["permissions"].initial = user.user_permissions.all()
 
         # Use Crispy Forms Layout helper
         self.helper = FormHelper()
@@ -223,11 +260,7 @@ class CustomUserChangeForm(UserChangeForm):
                 css_class="row"
             ),
             HTML("<hr>"),
-            Div(
-                Div(Field("permissions_right", css_class="col-md-6"), css_class="col-md-6"),
-                Div(Field("permissions_left", css_class="col-md-6"), css_class="col-md-6"),
-                css_class="row"
-            ),
+            Field("permissions", css_class="col-12"),
             "is_staff",
             "is_active",
             FormActions(
@@ -261,8 +294,8 @@ class CustomUserChangeForm(UserChangeForm):
         user = super().save(commit=False)
         if commit:
             user.save()
-        # Manually set permissions from both fields
-        user.user_permissions.set(self.cleaned_data["permissions_left"] | self.cleaned_data["permissions_right"])
+        # Manually set permissions
+        user.user_permissions.set(self.cleaned_data["permissions"])
         return user
 
 

users/templates/user_activity_log.html

@@ -1,19 +1,17 @@
 {% extends "base.html" %}
 {% load django_tables2 %}
 {% load crispy_forms_tags %}
+
 {% block title %}الاعدادت - السجل{% endblock %}
 
 {% block content %}
 
-<form method="get" class="py-3 row g-2 no-print m-0">
-    {% crispy filter.form %}
-</form>
+    <form method="get" class="py-3 g-2 no-print m-0">
+        {% crispy filter.form %}
+    </form>
 
     <div class="card border-light shadow">
-        <!-- <div class="card-header text-center pe-5 text-bg-warning">
-            <h3 class="card-title">السجل</h3>
-        </div> -->
-        <div class="card-body p-0 table-responsive">
+        <div class="card-body p-0 table-responsive-lg">
             <!-- Render the table -->
             {% render_table table %}
         </div>

users/templates/users/manage_users.html

@@ -6,14 +6,11 @@
 
 {% block content %}
 
-    <form method="get" class="mb-3">
+    <form method="get" class="py-3 g-2 no-print">
         {% crispy filter.form %}
     </form>
 
     <div class="card border-light shadow">
-        <!-- <div class="card-header text-center pe-5 text-bg-warning">
-            <h3 class="card-title">إدارة المستخدمين</h3>
-        </div> -->
         <div class="card-body p-0 table-responsive-lg">
             <!-- Render the table -->
             {% render_table table %}
@@ -21,7 +18,7 @@
     </div>
 
     <div class="mt-3">
-        <a href="{% url 'create_user' %}" class="btn btn-secondary" title="إضافة مستخدم جديد">
+        <a href="{% url 'create_user' %}" class="btn btn-secondary no-print" title="إضافة مستخدم جديد">
             <i class="bi bi-person-plus-fill text-light me-1 h4"></i> إضافة مستخدم جديد
         </a>
     </div>

users/templates/users/user_detail.html

@@ -21,7 +21,7 @@
                     {% if object.is_superuser %}
                         مدير النظام
                     {% elif object.is_staff %}
-                        مستخدم اداري
+                        مستخدم مسؤول
                     {% else %}
                         مستخدم عادي
                     {% endif %}

users/templates/users/widgets/grouped_permissions.html

@@ -0,0 +1,210 @@
+{% with id=widget.attrs.id %}
+<div class="grouped-permissions-widget" id="{{ id }}_container">
+    
+    <!-- Top Bar: Global Controls -->
+    <div class="card mb-3 shadow-sm">
+        <div class="card-body d-flex justify-content-between align-items-center flex-wrap gap-2">
+            <div class="form-check form-check-inline">
+                <input class="form-check-input global-select" type="checkbox" id="{{ id }}_global_view" data-action-target="view">
+                <label class="form-check-label fw-bold" for="{{ id }}_global_view">عرض الكل</label>
+            </div>
+            <div class="form-check form-check-inline">
+                <input class="form-check-input global-select" type="checkbox" id="{{ id }}_global_add" data-action-target="add">
+                <label class="form-check-label fw-bold" for="{{ id }}_global_add">إضافة الكل</label>
+            </div>
+            <div class="form-check form-check-inline">
+                <input class="form-check-input global-select" type="checkbox" id="{{ id }}_global_change" data-action-target="change">
+                <label class="form-check-label fw-bold" for="{{ id }}_global_change">تعديل الكل</label>
+            </div>
+            <div class="form-check form-check-inline">
+                <input class="form-check-input global-select" type="checkbox" id="{{ id }}_global_other" data-action-target="other">
+                <label class="form-check-label fw-bold" for="{{ id }}_global_other">الـأخرى</label>
+            </div>
+            
+            <button type="button" class="btn btn-outline-primary ms-auto" data-bs-toggle="collapse" 
+                    data-bs-target="#{{ id }}_detailed_list" aria-expanded="false" aria-controls="{{ id }}_detailed_list">
+                <i class="bi bi-list-check"></i> إظهار كل الصلاحيات
+            </button>
+        </div>
+    </div>
+
+    <!-- Collapsible Detailed List -->
+    <div class="collapse" id="{{ id }}_detailed_list">
+        {% for app_label, app_data in widget.grouped_perms.items %}
+        <div class="card mb-3">
+            <div class="card-header bg-light">
+                <h5 class="mb-0 text-capitalize">{{ app_data.name }}</h5>
+            </div>
+            <div class="card-body">
+                {% for action_name, options in app_data.actions.items %}
+                <div class="permission-group mb-2 pb-2 border-bottom">
+                    <div class="d-flex align-items-center mb-2">
+                        <div class="form-check">
+                            <input type="checkbox" class="form-check-input group-checkbox" 
+                                   id="{{ id }}_{{ app_label }}_{{ action_name }}_all"
+                                   data-group-target="{{ id }}_{{ app_label }}_{{ action_name }}_group">
+                            <label class="form-check-label fw-bold" for="{{ id }}_{{ app_label }}_{{ action_name }}_all">
+                            {% if action_name == 'view' %}
+                                عرض الكل ({{ options|length }})
+                            {% elif action_name == 'change' %}
+                                تعديل الكل ({{ options|length }})
+                            {% elif action_name == 'add' %}
+                                إضافة الكل ({{ options|length }})
+                            {% elif action_name == 'delete' %}
+                                حذف الكل ({{ options|length }})
+                            {% else %}
+                                {{ action_name|title }} الكل ({{ options|length }})
+                            {% endif %}
+                            </label>
+                        </div>
+                    </div>
+
+                    <div class="row row-cols-1 row-cols-md-2 g-2 ps-4 {{ id }}_{{ app_label }}_{{ action_name }}_group">
+                        {% for option in options %}
+                        <div class="col">
+                            <div class="form-check">
+                                <input type="checkbox" name="{{ option.name }}" value="{{ option.value }}" 
+                                       class="form-check-input permission-checkbox" 
+                                       id="{{ option.attrs.id }}"
+                                       data-action="{{ option.attrs.data_action }}"
+                                       {% if option.selected %}checked{% endif %}>
+                                <label class="form-check-label" for="{{ option.attrs.id }}">
+                                    {{ option.label }}
+                                </label>
+                            </div>
+                        </div>
+                        {% endfor %}
+                    </div>
+                </div>
+                {% endfor %}
+            </div>
+        </div>
+        {% endfor %}
+    </div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+    const container = document.getElementById('{{ id }}_container');
+    console.log('Grouped Permissions Widget Initialized');
+    
+    // --- Helper Functions ---
+
+    // Update a specific App-level Master checkbox (e.g. Users->View All)
+    function updateAppGroupMaster(groupContainer) {
+        if (!groupContainer) return;
+        
+        const parentGroupDiv = groupContainer.closest('.permission-group');
+        if (!parentGroupDiv) return;
+
+        const masterCb = parentGroupDiv.querySelector('.group-checkbox');
+        if (masterCb) {
+            const allChildren = groupContainer.querySelectorAll('.permission-checkbox');
+            const total = allChildren.length;
+            let checkedCount = 0;
+            for (let i = 0; i < total; i++) {
+                if (allChildren[i].checked) checkedCount++;
+            }
+
+            masterCb.checked = (total > 0 && checkedCount === total);
+            masterCb.indeterminate = (checkedCount > 0 && checkedCount < total);
+        }
+    }
+
+    // Update ALL App-level Masters (useful after a global bulk change)
+    function updateAllAppMasters() {
+        const allGroupContainers = container.querySelectorAll('div[class*="_group"]');
+        allGroupContainers.forEach(groupContainer => {
+            updateAppGroupMaster(groupContainer);
+        });
+    }
+
+    // Update Global Masters (Top Bar)
+    function updateGlobalMasters() {
+        const globalSelectors = container.querySelectorAll('.global-select');
+        globalSelectors.forEach(globalCb => {
+            const actionTarget = globalCb.getAttribute('data-action-target');
+            const allTargets = container.querySelectorAll(`.permission-checkbox[data-action="${actionTarget}"]`);
+            
+            if (allTargets.length > 0) {
+                 const total = allTargets.length;
+                 let checkedCount = 0;
+                 for (let i = 0; i < total; i++) {
+                     if (allTargets[i].checked) checkedCount++;
+                 }
+
+                 globalCb.checked = (checkedCount === total);
+                 globalCb.indeterminate = (checkedCount > 0 && checkedCount < total);
+            }
+        });
+    }
+
+    // --- Global Selectors (Top Bar) Logic ---
+    const globalSelectors = container.querySelectorAll('.global-select');
+    globalSelectors.forEach(globalCb => {
+        globalCb.addEventListener('change', function() {
+            try {
+                const actionTarget = this.getAttribute('data-action-target');
+                const isChecked = this.checked;
+                console.log('Global Click:', actionTarget, isChecked);
+                
+                // 1. Bulk update all target children directly (No event dispatch)
+                const targetCheckboxes = container.querySelectorAll(`.permission-checkbox[data-action="${actionTarget}"]`);
+                targetCheckboxes.forEach(cb => {
+                    cb.checked = isChecked;
+                });
+
+                // 2. Update all App-level masters to reflect the change
+                updateAllAppMasters();
+                
+            } catch (e) {
+                console.error('Error in Global Select:', e);
+            }
+        });
+    });
+
+    // --- Sub-Group Masters (App Level) Logic ---
+    const groupCheckboxes = container.querySelectorAll('.group-checkbox');
+    groupCheckboxes.forEach(cb => {
+        cb.addEventListener('change', function() {
+            try {
+                const isChecked = this.checked;
+                const permissionGroup = this.closest('.permission-group');
+                if (!permissionGroup) return;
+
+                const targetGroup = permissionGroup.querySelector('div[class*="_group"]');
+                if (targetGroup) {
+                    // 1. Bulk update children directly
+                    const childCheckboxes = targetGroup.querySelectorAll('.permission-checkbox');
+                    childCheckboxes.forEach(child => {
+                        child.checked = isChecked;
+                    });
+                    
+                    // 2. Update Global Masters since the counts changed
+                    updateGlobalMasters();
+                }
+            } catch (e) {
+                console.error('Error in SubGroup Select:', e);
+            }
+        });
+    });
+
+    // --- Individual Permission Logic ---
+    const permissionCheckboxes = container.querySelectorAll('.permission-checkbox');
+    permissionCheckboxes.forEach(cb => {
+        cb.addEventListener('change', function() {
+            // Update the specific App Group Master this belongs to
+            const groupContainer = this.closest('div[class*="_group"]');
+            updateAppGroupMaster(groupContainer);
+            
+            // Update Global Masters
+            updateGlobalMasters();
+        });
+    });
+
+    // --- Initial State Hydration ---
+    updateAllAppMasters();
+    updateGlobalMasters();
+});
+</script>
+{% endwith %}