micro-users 1.3.2__tar.gz → 1.4.1__tar.gz

{micro_users-1.3.2 → micro_users-1.4.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: micro_users
-Version: 1.3.2
+Version: 1.4.1
 Summary: Arabic Django user management app with abstract user, permissions, and activity logging
 Home-page: https://github.com/debeski/micro-users
 Author: DeBeski
@@ -54,12 +54,13 @@ Requires-Dist: babel>=2.1
 - Admin interface integration
 - CRUD views and templates
 - Filtering and tabulation
+> *Future updates are planned to support dynamic language switching between RTL and LTR.*
 
 ## Installation
 
 ```bash
 pip install git+https://github.com/debeski/micro-users.git
-# OR local
+# OR
 pip install micro-users
 ```
 
@@ -275,8 +276,10 @@ users/
 | v1.1.1   | • Fixed an expolit where a staff member could disable the ADMIN user |
 | v1.2.0   | • Added User Details view with specific user activity log |
 | v1.2.1   | • Fixed a minor import bug |
-| v1.2.3   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
-| v1.2.4   | • Fixed a couple of visual inconsistencies |
+| v1.2.2   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
+| v1.2.3   | • Fixed a couple of visual inconsistencies |
 | v1.3.0   | • Patched a critical security permission issue<br> • Disabled ADMIN from being viewed/edited from all other members<br> • Fixed a crash when sorting with full_name<br> • Enabled Logging for all actions |
 | v1.3.1   | • Corrected a misplaced code that caused a crash when editing profile |
 | v1.3.2   | • Minor table modifications |
+| v1.4.0   | • Redesigned Permissions UI (Grouped by App/Action) <br> • Added Global Bulk Permission Selectors <br> • Improved Arabic Localization for Permissions <br> • Optimized printing (hidden forms/buttons) <br> • Fixed various bugs and crashes |
+| v1.4.1   | • Changed "Administrative User" translation to "Responsible User" (مستخدم مسؤول) <br> • Enforced custom sorting order for Permissions (View -> Add -> Change -> Other) |

{micro_users-1.3.2 → micro_users-1.4.1}/README.md

@@ -23,12 +23,13 @@
 - Admin interface integration
 - CRUD views and templates
 - Filtering and tabulation
+> *Future updates are planned to support dynamic language switching between RTL and LTR.*
 
 ## Installation
 
 ```bash
 pip install git+https://github.com/debeski/micro-users.git
-# OR local
+# OR
 pip install micro-users
 ```
 
@@ -244,8 +245,10 @@ users/
 | v1.1.1   | • Fixed an expolit where a staff member could disable the ADMIN user |
 | v1.2.0   | • Added User Details view with specific user activity log |
 | v1.2.1   | • Fixed a minor import bug |
-| v1.2.3   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
-| v1.2.4   | • Fixed a couple of visual inconsistencies |
+| v1.2.2   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
+| v1.2.3   | • Fixed a couple of visual inconsistencies |
 | v1.3.0   | • Patched a critical security permission issue<br> • Disabled ADMIN from being viewed/edited from all other members<br> • Fixed a crash when sorting with full_name<br> • Enabled Logging for all actions |
 | v1.3.1   | • Corrected a misplaced code that caused a crash when editing profile |
-| v1.3.2   | • Minor table modifications |
+| v1.3.2   | • Minor table modifications |
+| v1.4.0   | • Redesigned Permissions UI (Grouped by App/Action) <br> • Added Global Bulk Permission Selectors <br> • Improved Arabic Localization for Permissions <br> • Optimized printing (hidden forms/buttons) <br> • Fixed various bugs and crashes |
+| v1.4.1   | • Changed "Administrative User" translation to "Responsible User" (مستخدم مسؤول) <br> • Enforced custom sorting order for Permissions (View -> Add -> Change -> Other) |

{micro_users-1.3.2 → micro_users-1.4.1}/micro_users.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: micro-users
-Version: 1.3.2
+Version: 1.4.1
 Summary: Arabic Django user management app with abstract user, permissions, and activity logging
 Home-page: https://github.com/debeski/micro-users
 Author: DeBeski
@@ -54,12 +54,13 @@ Requires-Dist: babel>=2.1
 - Admin interface integration
 - CRUD views and templates
 - Filtering and tabulation
+> *Future updates are planned to support dynamic language switching between RTL and LTR.*
 
 ## Installation
 
 ```bash
 pip install git+https://github.com/debeski/micro-users.git
-# OR local
+# OR
 pip install micro-users
 ```
 
@@ -275,8 +276,10 @@ users/
 | v1.1.1   | • Fixed an expolit where a staff member could disable the ADMIN user |
 | v1.2.0   | • Added User Details view with specific user activity log |
 | v1.2.1   | • Fixed a minor import bug |
-| v1.2.3   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
-| v1.2.4   | • Fixed a couple of visual inconsistencies |
+| v1.2.2   | • Separated user detail view from table for consistency<br> • Optimized the new detail + log view for optimal compatibiliyy with users |
+| v1.2.3   | • Fixed a couple of visual inconsistencies |
 | v1.3.0   | • Patched a critical security permission issue<br> • Disabled ADMIN from being viewed/edited from all other members<br> • Fixed a crash when sorting with full_name<br> • Enabled Logging for all actions |
 | v1.3.1   | • Corrected a misplaced code that caused a crash when editing profile |
 | v1.3.2   | • Minor table modifications |
+| v1.4.0   | • Redesigned Permissions UI (Grouped by App/Action) <br> • Added Global Bulk Permission Selectors <br> • Improved Arabic Localization for Permissions <br> • Optimized printing (hidden forms/buttons) <br> • Fixed various bugs and crashes |
+| v1.4.1   | • Changed "Administrative User" translation to "Responsible User" (مستخدم مسؤول) <br> • Enforced custom sorting order for Permissions (View -> Add -> Change -> Other) |

{micro_users-1.3.2 → micro_users-1.4.1}/micro_users.egg-info/SOURCES.txt

@@ -30,4 +30,5 @@ users/templates/users/profile.html
 users/templates/users/profile_edit.html
 users/templates/users/user_actions.html
 users/templates/users/user_detail.html
-users/templates/users/user_form.html
+users/templates/users/user_form.html
+users/templates/users/widgets/grouped_permissions.html

{micro_users-1.3.2 → micro_users-1.4.1}/pyproject.toml

@@ -8,7 +8,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "micro_users"
-version = "1.3.2"
+version = "1.4.1"
 description = "Arabic Django user management app with abstract user, permissions, and activity logging"
 readme = "README.md"
 requires-python = ">=3.11"

{micro_users-1.3.2 → micro_users-1.4.1}/setup.py

@@ -5,7 +5,7 @@ with open("README.md", "r", encoding="utf-8") as fh:
 
 setup(
     name="micro_users",
-    version="1.3.2",
+    version="1.4.1",
     author="DeBeski",
     author_email="debeski1@gmail.com",
     description="Arabic django user management app with abstract user, permissions, and activity logging",

{micro_users-1.3.2 → micro_users-1.4.1}/users/forms.py

@@ -12,14 +12,115 @@ from django.core.exceptions import ValidationError
 from django.utils.translation import gettext_lazy as _
 from django.db.models import Q
 
+
+from django.forms.widgets import ChoiceWidget
+
 User = get_user_model()
 
+class GroupedPermissionWidget(ChoiceWidget):
+    template_name = 'users/widgets/grouped_permissions.html'
+    allow_multiple_selected = True
+
+    def value_from_datadict(self, data, files, name):
+        if hasattr(data, 'getlist'):
+            return data.getlist(name)
+        return data.get(name)
+
+    def get_context(self, name, value, attrs):
+        from django.apps import apps
+        context = super().get_context(name, value, attrs)
+        
+        # Get current selected values (as strings/ints)
+        if value is None:
+            value = []
+        str_values = set(str(v) for v in value)
+        
+        # Access the queryset directly
+        qs = None
+        if hasattr(self.choices, 'queryset'):
+            qs = self.choices.queryset.select_related('content_type').order_by('content_type__app_label', 'codename')
+        else:
+             choices = list(self.choices)
+             choice_ids = [c[0] for c in choices if c[0]]
+             qs = Permissions.objects.filter(id__in=choice_ids).select_related('content_type').order_by('content_type__app_label', 'codename')
+
+        grouped_perms = {}
+        
+        for perm in qs:
+            app_label = perm.content_type.app_label
+            
+            # Fetch verbose app name
+            try:
+                app_config = apps.get_app_config(app_label)
+                app_verbose_name = app_config.verbose_name
+            except LookupError:
+                app_verbose_name = app_label.title()
+
+            # Determine action
+            action = 'other'
+            codename = perm.codename
+            if codename.startswith('view_'): action = 'view'
+            elif codename.startswith('add_'): action = 'add'
+            elif codename.startswith('change_'): action = 'change'
+            elif codename.startswith('delete_'): action = 'delete'
+            
+            # Build option dict
+            current_id = attrs.get('id', 'id_permissions') if attrs else 'id_permissions'
+
+            option = {
+                'name': name,
+                'value': perm.pk,
+                'label': str(perm), # Force string conversion to use custom __str__ method
+                'selected': str(perm.pk) in str_values,
+                'attrs': {
+                    'id': f"{current_id}_{perm.pk}",
+                    'data_action': action  # Critical for JS global select
+                }
+            }
+            
+            if app_label not in grouped_perms:
+                grouped_perms[app_label] = {
+                    'name': app_verbose_name,
+                    'actions': {}
+                }
+            
+            grouped_perms[app_label]['actions'].setdefault(action, []).append(option)
+        
+        # Sort actions within each app: View -> Add -> Change -> Delete -> Other
+        action_order = {'view': 1, 'add': 2, 'change': 3, 'delete': 4, 'other': 5}
+        for app_label, app_data in grouped_perms.items():
+            app_data['actions'] = dict(sorted(
+                app_data['actions'].items(),
+                key=lambda item: action_order.get(item[0], 99)
+            ))
+            
+        context['widget']['grouped_perms'] = grouped_perms
+        return context
+
+    def render(self, name, value, attrs=None, renderer=None):
+        from django.template.loader import render_to_string
+        from django.utils.safestring import mark_safe
+        
+        context = self.get_context(name, value, attrs)
+        return mark_safe(render_to_string(self.template_name, context))
+
+
 # Custom User Creation form layout
 class CustomUserCreationForm(UserCreationForm):
     permissions = forms.ModelMultipleChoiceField(
-        queryset=Permissions.objects.all(),
+        queryset=Permissions.objects.exclude(
+            Q(codename__regex=r'^(delete_)') |
+            Q(content_type__app_label__in=[
+                'admin',
+                'auth',
+                'contenttypes',
+                'sessions',
+                'django_celery_beat',
+                'users'
+            ])
+        ),
         required=False,
-        widget=forms.CheckboxSelectMultiple,
+        widget=GroupedPermissionWidget,
         label="الصلاحيات"
     )
 
@@ -47,36 +148,6 @@ class CustomUserCreationForm(UserCreationForm):
         self.fields["password1"].help_text = "كلمة المرور يجب ألا تكون مشابهة لمعلوماتك الشخصية، وأن تحتوي على 8 أحرف على الأقل، وألا تكون شائعة أو رقمية بالكامل.."
         self.fields["password2"].help_text = "أدخل نفس كلمة المرور السابقة للتحقق."
 
-        # Split permissions queryset into two parts for 2 columns
-        permissions_list = list(Permissions.objects.exclude(
-            Q(codename__regex=r'^(delete_)') |
-            Q(content_type__app_label__in=[
-                'admin',
-                'auth',
-                'contenttypes',
-                'sessions',
-                'django_celery_beat',
-                'users'
-            ])
-        ))
-        mid_point = len(permissions_list) // 2
-        permissions_right = permissions_list[:mid_point]
-        permissions_left = permissions_list[mid_point:]
-
-        # Create two fields with only one column of permissions each
-        self.fields["permissions_right"] = forms.ModelMultipleChoiceField(
-            queryset=Permissions.objects.filter(id__in=[p.id for p in permissions_right]),
-            required=False,
-            widget=forms.CheckboxSelectMultiple,
-            label="الصلاحيـــات"
-        )
-        self.fields["permissions_left"] = forms.ModelMultipleChoiceField(
-            queryset=Permissions.objects.filter(id__in=[p.id for p in permissions_left]),
-            required=False,
-            widget=forms.CheckboxSelectMultiple,
-            label=""
-        )
-
         # Use Crispy Forms Layout helper
         self.helper = FormHelper()
         self.helper.layout = Layout(
@@ -96,11 +167,7 @@ class CustomUserCreationForm(UserCreationForm):
                 css_class="row"
             ),
             HTML("<hr>"),
-            Div(
-                Div(Field("permissions_right", css_class="col-md-6"), css_class="col-md-6"),
-                Div(Field("permissions_left", css_class="col-md-6"), css_class="col-md-6"),
-                css_class="row"
-            ),
+            Field("permissions", css_class="col-12"),
             "is_staff",
             "is_active",
             FormActions(
@@ -126,17 +193,27 @@ class CustomUserCreationForm(UserCreationForm):
         user = super().save(commit=False)
         if commit:
             user.save()
-        # Manually set permissions from both fields
-        user.user_permissions.set(self.cleaned_data["permissions_left"] | self.cleaned_data["permissions_right"])
+        # Manually set permissions
+        user.user_permissions.set(self.cleaned_data["permissions"])
         return user
 
 
 # Custom User Editing form layout
 class CustomUserChangeForm(UserChangeForm):
     permissions = forms.ModelMultipleChoiceField(
-        queryset=Permissions.objects.all(),
+        queryset=Permissions.objects.exclude(
+            Q(codename__regex=r'^(delete_)') |
+            Q(content_type__app_label__in=[
+                'admin',
+                'auth',
+                'contenttypes',
+                'sessions',
+                'django_celery_beat',
+                'users'
+            ])
+        ),
         required=False,
-        widget=forms.CheckboxSelectMultiple,
+        widget=GroupedPermissionWidget,
         label="الصلاحيات"
     )
 
@@ -162,48 +239,8 @@ class CustomUserChangeForm(UserChangeForm):
         self.fields["is_staff"].help_text = "يحدد ما إذا كان بإمكان المستخدم الوصول إلى قسم ادارة المستخدمين."
         self.fields["is_active"].help_text = "يحدد ما إذا كان يجب اعتبار هذا الحساب نشطًا. قم بإلغاء تحديد هذا الخيار بدلاً من الحذف."
         
-        # Split permissions queryset into two parts for 2 columns
-        permissions_list = list(Permissions.objects.exclude(
-            Q(codename__regex=r'^(delete_)') |
-            Q(content_type__app_label__in=[
-                'admin',
-                'auth',
-                'contenttypes',
-                'sessions',
-                'django_celery_beat',
-                'users'
-            ])
-        ))
-        mid_point = len(permissions_list) // 2
-        self.permissions_right = permissions_list[:mid_point]
-        self.permissions_left = permissions_list[mid_point:]
-
-        # Get user's current permissions
         if user:
-            user_permissions = set(user.user_permissions.all())
-
-            # Set initial values based on user's existing permissions
-            initial_right = [p.id for p in self.permissions_right if p in user_permissions]
-            initial_left = [p.id for p in self.permissions_left if p in user_permissions]
-        else:
-            initial_right = []
-            initial_left = []
-
-        # Create two fields with only one column of permissions each
-        self.fields["permissions_right"] = forms.ModelMultipleChoiceField(
-            queryset=Permissions.objects.filter(id__in=[p.id for p in self.permissions_right]),
-            required=False,
-            widget=forms.CheckboxSelectMultiple,
-            label="الصلاحيـــات",
-            initial=initial_right
-        )
-        self.fields["permissions_left"] = forms.ModelMultipleChoiceField(
-            queryset=Permissions.objects.filter(id__in=[p.id for p in self.permissions_left]),
-            required=False,
-            widget=forms.CheckboxSelectMultiple,
-            label="",
-            initial=initial_left
-        )
+            self.fields["permissions"].initial = user.user_permissions.all()
 
         # Use Crispy Forms Layout helper
         self.helper = FormHelper()
@@ -223,11 +260,7 @@ class CustomUserChangeForm(UserChangeForm):
                 css_class="row"
             ),
             HTML("<hr>"),
-            Div(
-                Div(Field("permissions_right", css_class="col-md-6"), css_class="col-md-6"),
-                Div(Field("permissions_left", css_class="col-md-6"), css_class="col-md-6"),
-                css_class="row"
-            ),
+            Field("permissions", css_class="col-12"),
             "is_staff",
             "is_active",
             FormActions(
@@ -261,8 +294,8 @@ class CustomUserChangeForm(UserChangeForm):
         user = super().save(commit=False)
         if commit:
             user.save()
-        # Manually set permissions from both fields
-        user.user_permissions.set(self.cleaned_data["permissions_left"] | self.cleaned_data["permissions_right"])
+        # Manually set permissions
+        user.user_permissions.set(self.cleaned_data["permissions"])
         return user
 
 

{micro_users-1.3.2 → micro_users-1.4.1}/users/templates/user_activity_log.html

@@ -1,19 +1,17 @@
 {% extends "base.html" %}
 {% load django_tables2 %}
 {% load crispy_forms_tags %}
+
 {% block title %}الاعدادت - السجل{% endblock %}
 
 {% block content %}
 
-<form method="get" class="py-3 row g-2 no-print m-0">
-    {% crispy filter.form %}
-</form>
+    <form method="get" class="py-3 g-2 no-print m-0">
+        {% crispy filter.form %}
+    </form>
 
     <div class="card border-light shadow">
-        <!-- <div class="card-header text-center pe-5 text-bg-warning">
-            <h3 class="card-title">السجل</h3>
-        </div> -->
-        <div class="card-body p-0 table-responsive">
+        <div class="card-body p-0 table-responsive-lg">
             <!-- Render the table -->
             {% render_table table %}
         </div>

{micro_users-1.3.2 → micro_users-1.4.1}/users/templates/users/manage_users.html

@@ -6,14 +6,11 @@
 
 {% block content %}
 
-    <form method="get" class="mb-3">
+    <form method="get" class="py-3 g-2 no-print">
         {% crispy filter.form %}
     </form>
 
     <div class="card border-light shadow">
-        <!-- <div class="card-header text-center pe-5 text-bg-warning">
-            <h3 class="card-title">إدارة المستخدمين</h3>
-        </div> -->
         <div class="card-body p-0 table-responsive-lg">
             <!-- Render the table -->
             {% render_table table %}
@@ -21,7 +18,7 @@
     </div>
 
     <div class="mt-3">
-        <a href="{% url 'create_user' %}" class="btn btn-secondary" title="إضافة مستخدم جديد">
+        <a href="{% url 'create_user' %}" class="btn btn-secondary no-print" title="إضافة مستخدم جديد">
             <i class="bi bi-person-plus-fill text-light me-1 h4"></i> إضافة مستخدم جديد
         </a>
     </div>

{micro_users-1.3.2 → micro_users-1.4.1}/users/templates/users/user_detail.html

@@ -21,7 +21,7 @@
                     {% if object.is_superuser %}
                         مدير النظام
                     {% elif object.is_staff %}
-                        مستخدم اداري
+                        مستخدم مسؤول
                     {% else %}
                         مستخدم عادي
                     {% endif %}

micro_users-1.4.1/users/templates/users/widgets/grouped_permissions.html

@@ -0,0 +1,210 @@
+{% with id=widget.attrs.id %}
+<div class="grouped-permissions-widget" id="{{ id }}_container">
+    
+    <!-- Top Bar: Global Controls -->
+    <div class="card mb-3 shadow-sm">
+        <div class="card-body d-flex justify-content-between align-items-center flex-wrap gap-2">
+            <div class="form-check form-check-inline">
+                <input class="form-check-input global-select" type="checkbox" id="{{ id }}_global_view" data-action-target="view">
+                <label class="form-check-label fw-bold" for="{{ id }}_global_view">عرض الكل</label>
+            </div>
+            <div class="form-check form-check-inline">
+                <input class="form-check-input global-select" type="checkbox" id="{{ id }}_global_add" data-action-target="add">
+                <label class="form-check-label fw-bold" for="{{ id }}_global_add">إضافة الكل</label>
+            </div>
+            <div class="form-check form-check-inline">
+                <input class="form-check-input global-select" type="checkbox" id="{{ id }}_global_change" data-action-target="change">
+                <label class="form-check-label fw-bold" for="{{ id }}_global_change">تعديل الكل</label>
+            </div>
+            <div class="form-check form-check-inline">
+                <input class="form-check-input global-select" type="checkbox" id="{{ id }}_global_other" data-action-target="other">
+                <label class="form-check-label fw-bold" for="{{ id }}_global_other">الـأخرى</label>
+            </div>
+            
+            <button type="button" class="btn btn-outline-primary ms-auto" data-bs-toggle="collapse" 
+                    data-bs-target="#{{ id }}_detailed_list" aria-expanded="false" aria-controls="{{ id }}_detailed_list">
+                <i class="bi bi-list-check"></i> إظهار كل الصلاحيات
+            </button>
+        </div>
+    </div>
+
+    <!-- Collapsible Detailed List -->
+    <div class="collapse" id="{{ id }}_detailed_list">
+        {% for app_label, app_data in widget.grouped_perms.items %}
+        <div class="card mb-3">
+            <div class="card-header bg-light">
+                <h5 class="mb-0 text-capitalize">{{ app_data.name }}</h5>
+            </div>
+            <div class="card-body">
+                {% for action_name, options in app_data.actions.items %}
+                <div class="permission-group mb-2 pb-2 border-bottom">
+                    <div class="d-flex align-items-center mb-2">
+                        <div class="form-check">
+                            <input type="checkbox" class="form-check-input group-checkbox" 
+                                   id="{{ id }}_{{ app_label }}_{{ action_name }}_all"
+                                   data-group-target="{{ id }}_{{ app_label }}_{{ action_name }}_group">
+                            <label class="form-check-label fw-bold" for="{{ id }}_{{ app_label }}_{{ action_name }}_all">
+                            {% if action_name == 'view' %}
+                                عرض الكل ({{ options|length }})
+                            {% elif action_name == 'change' %}
+                                تعديل الكل ({{ options|length }})
+                            {% elif action_name == 'add' %}
+                                إضافة الكل ({{ options|length }})
+                            {% elif action_name == 'delete' %}
+                                حذف الكل ({{ options|length }})
+                            {% else %}
+                                {{ action_name|title }} الكل ({{ options|length }})
+                            {% endif %}
+                            </label>
+                        </div>
+                    </div>
+
+                    <div class="row row-cols-1 row-cols-md-2 g-2 ps-4 {{ id }}_{{ app_label }}_{{ action_name }}_group">
+                        {% for option in options %}
+                        <div class="col">
+                            <div class="form-check">
+                                <input type="checkbox" name="{{ option.name }}" value="{{ option.value }}" 
+                                       class="form-check-input permission-checkbox" 
+                                       id="{{ option.attrs.id }}"
+                                       data-action="{{ option.attrs.data_action }}"
+                                       {% if option.selected %}checked{% endif %}>
+                                <label class="form-check-label" for="{{ option.attrs.id }}">
+                                    {{ option.label }}
+                                </label>
+                            </div>
+                        </div>
+                        {% endfor %}
+                    </div>
+                </div>
+                {% endfor %}
+            </div>
+        </div>
+        {% endfor %}
+    </div>
+</div>
+
+<script>
+document.addEventListener('DOMContentLoaded', function() {
+    const container = document.getElementById('{{ id }}_container');
+    console.log('Grouped Permissions Widget Initialized');
+    
+    // --- Helper Functions ---
+
+    // Update a specific App-level Master checkbox (e.g. Users->View All)
+    function updateAppGroupMaster(groupContainer) {
+        if (!groupContainer) return;
+        
+        const parentGroupDiv = groupContainer.closest('.permission-group');
+        if (!parentGroupDiv) return;
+
+        const masterCb = parentGroupDiv.querySelector('.group-checkbox');
+        if (masterCb) {
+            const allChildren = groupContainer.querySelectorAll('.permission-checkbox');
+            const total = allChildren.length;
+            let checkedCount = 0;
+            for (let i = 0; i < total; i++) {
+                if (allChildren[i].checked) checkedCount++;
+            }
+
+            masterCb.checked = (total > 0 && checkedCount === total);
+            masterCb.indeterminate = (checkedCount > 0 && checkedCount < total);
+        }
+    }
+
+    // Update ALL App-level Masters (useful after a global bulk change)
+    function updateAllAppMasters() {
+        const allGroupContainers = container.querySelectorAll('div[class*="_group"]');
+        allGroupContainers.forEach(groupContainer => {
+            updateAppGroupMaster(groupContainer);
+        });
+    }
+
+    // Update Global Masters (Top Bar)
+    function updateGlobalMasters() {
+        const globalSelectors = container.querySelectorAll('.global-select');
+        globalSelectors.forEach(globalCb => {
+            const actionTarget = globalCb.getAttribute('data-action-target');
+            const allTargets = container.querySelectorAll(`.permission-checkbox[data-action="${actionTarget}"]`);
+            
+            if (allTargets.length > 0) {
+                 const total = allTargets.length;
+                 let checkedCount = 0;
+                 for (let i = 0; i < total; i++) {
+                     if (allTargets[i].checked) checkedCount++;
+                 }
+
+                 globalCb.checked = (checkedCount === total);
+                 globalCb.indeterminate = (checkedCount > 0 && checkedCount < total);
+            }
+        });
+    }
+
+    // --- Global Selectors (Top Bar) Logic ---
+    const globalSelectors = container.querySelectorAll('.global-select');
+    globalSelectors.forEach(globalCb => {
+        globalCb.addEventListener('change', function() {
+            try {
+                const actionTarget = this.getAttribute('data-action-target');
+                const isChecked = this.checked;
+                console.log('Global Click:', actionTarget, isChecked);
+                
+                // 1. Bulk update all target children directly (No event dispatch)
+                const targetCheckboxes = container.querySelectorAll(`.permission-checkbox[data-action="${actionTarget}"]`);
+                targetCheckboxes.forEach(cb => {
+                    cb.checked = isChecked;
+                });
+
+                // 2. Update all App-level masters to reflect the change
+                updateAllAppMasters();
+                
+            } catch (e) {
+                console.error('Error in Global Select:', e);
+            }
+        });
+    });
+
+    // --- Sub-Group Masters (App Level) Logic ---
+    const groupCheckboxes = container.querySelectorAll('.group-checkbox');
+    groupCheckboxes.forEach(cb => {
+        cb.addEventListener('change', function() {
+            try {
+                const isChecked = this.checked;
+                const permissionGroup = this.closest('.permission-group');
+                if (!permissionGroup) return;
+
+                const targetGroup = permissionGroup.querySelector('div[class*="_group"]');
+                if (targetGroup) {
+                    // 1. Bulk update children directly
+                    const childCheckboxes = targetGroup.querySelectorAll('.permission-checkbox');
+                    childCheckboxes.forEach(child => {
+                        child.checked = isChecked;
+                    });
+                    
+                    // 2. Update Global Masters since the counts changed
+                    updateGlobalMasters();
+                }
+            } catch (e) {
+                console.error('Error in SubGroup Select:', e);
+            }
+        });
+    });
+
+    // --- Individual Permission Logic ---
+    const permissionCheckboxes = container.querySelectorAll('.permission-checkbox');
+    permissionCheckboxes.forEach(cb => {
+        cb.addEventListener('change', function() {
+            // Update the specific App Group Master this belongs to
+            const groupContainer = this.closest('div[class*="_group"]');
+            updateAppGroupMaster(groupContainer);
+            
+            // Update Global Masters
+            updateGlobalMasters();
+        });
+    });
+
+    // --- Initial State Hydration ---
+    updateAllAppMasters();
+    updateGlobalMasters();
+});
+</script>
+{% endwith %}