micro-users 1.8.4__py3-none-any.whl → 1.8.6__py3-none-any.whl

{micro_users-1.8.4.dist-info → micro_users-1.8.6.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: micro-users
-Version: 1.8.4
+Version: 1.8.6
 Summary: Arabic Django user management app with abstract user, permissions, and activity logging
 Home-page: https://github.com/debeski/micro-users
 Author: DeBeski
@@ -92,6 +92,21 @@ MIDDLEWARE = [
 ]
 ```
 
+3. Add Context Processor in `settings.py` (Optional, for `scope_enabled` variable in templates):
+```python
+TEMPLATES = [
+    {
+        # ...
+        'OPTIONS': {
+            'context_processors': [
+                # ...
+                'users.context_processors.scope_settings', # Add this line
+            ],
+        },
+    },
+]
+```
+
 3. Set custom user model in `settings.py`:
 ```python
 AUTH_USER_MODEL = 'users.CustomUser'
@@ -216,3 +231,5 @@ MICRO_USERS_THEME = {
 | v1.8.2   | • **Login UX**: Enhanced login flow with auto-focus on username and improved "Enter to Submit" handling |
 | v1.8.3   | • **CSP Compliance**: Added `nonce` attribute support to all inline and external script tags (Login, Permissions, Manage Users) for Content Security Policy compliance |
 | v1.8.4   | • **Strict CSP**: Refactored inline JS event handlers to use Event Listeners, fully resolving CSP violation errors |
+| v1.8.5   | • **Optional Scopes**: Added ability for Superusers to toggle Scope system ON/OFF via User Management interface |
+| v1.8.6   | • **Strict CSP Repair**: Fixed remaining inline event handlers in User Management pages (`manage_users`, `scope_form`) that were violating CSP directives, moving all logic to external `manage_users.js` |

{micro_users-1.8.4.dist-info → micro_users-1.8.6.dist-info}/RECORD

@@ -1,41 +1,45 @@
 users/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 users/admin.py,sha256=CRS5muWUSXUC2pQteSCgUgpFjPtGnx1b5z1daODjUMM,1359
 users/apps.py,sha256=elucgGYMWg-ASRP-x495pn5mmj6XqyCbIIMFse8bSiQ,1471
+users/context_processors.py,sha256=sDM2Vpc3ax8zfH4ftxZgK9VfsLN4uFoob7Q0os__z5A,207
 users/filters.py,sha256=_uvi1qLEE7aLqKLwjIpv6dflKlyFd0t0Muv6IXBfIxw,6094
-users/forms.py,sha256=OU0Llhphn8euUZiNAk53rqGiIshX6m-IAAxcCsX1Vig,21494
+users/forms.py,sha256=STDZ8ZeFNGG-zWx2mLamGjJSscNER1abx56AovvQax0,22485
 users/middleware.py,sha256=CgzmKb6_4TUkwMZ0h7UgQd80DKUXsmzKvsc3V2JIujY,976
-users/models.py,sha256=GnKNG8H2Ug2ammGTHUCa4G8Pj4tVp3FOOXZciBrfBns,2781
+users/models.py,sha256=85xeKo1wVBAcE0a5eJIPDcYpFyVUIHAKSls6nTuPs1Y,3337
 users/signals.py,sha256=blAx8nHsfmn89hMyRBR0Jf706Z07N81ObQMY_MHaBv8,4543
 users/tables.py,sha256=VTsp6BvhvjGqmDMzZK5J60SEFYNpeCrBRfpkazmlC-8,3030
-users/urls.py,sha256=hg4fiVkWcQlbZ82SZ_HjeFPQUkmK1Y7c1ho_lWBFDRg,1491
-users/views.py,sha256=vfEF5fhJv1t6iojHU3bKyWZYEKxSJqn8-KbJuoNGMkA,14566
+users/urls.py,sha256=Fn5V41ZLPef6KESUm87c0SpSMqP6R6heokIVOtJcJ6I,1562
+users/utils.py,sha256=J2fyVZfH2dmBO-bfqzQefK5D8bRTlO7gArVVH4OL4Iw,417
+users/views.py,sha256=1dLYmaBdrqK38bFmRvvPrz6Drg6k7VGvrYaqBgip2gA,16368
 users/migrations/0001_initial.py,sha256=lx9sSKS-lxHhI6gelVH52NOkwqEMJ32TvOJUn9zaOXM,4709
 users/migrations/0002_alter_useractivitylog_action.py,sha256=I7NLxgcPTslCMuADcr1srXS_C_0y_LcZiAFFHBG5NsE,715
 users/migrations/0003_scope_alter_customuser_options_and_more.py,sha256=yBtDJ2T0_4c1Q2yedUNeLoDu61vfJmll7MnqRIDG2Rc,1745
+users/migrations/0004_scopesettings.py,sha256=xb76R_3KXbSMfCA4oThM5cWZhAlm4W1cpBhRvtMcmvA,765
 users/migrations/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 users/static/img/default_profile.webp,sha256=BKUoQHo4z_fZnmc6z6I-KFvLEHahDr98U9LnDQKHLAM,3018
 users/static/img/login_logo.webp,sha256=LdLMqrBlBczctcJVfLk-oxasjqcOgYnvHZ17ZMusVNE,27570
 users/static/users/css/detail.css,sha256=YB1XMBmEQluk0WcM3AZ3XKNK4z6f2tFXurz-2igQH7c,1102
-users/static/users/css/login.css,sha256=9TdAt3Cfro4GCWrYK8W9-c-6zr3DbuwsbiFwZ4uBtZM,4171
+users/static/users/css/login.css,sha256=wi5FcvuECm7G00fW61Yt9T7TTEFQe-SGywZbZ5eid9k,10592
 users/static/users/css/permissions.css,sha256=b5XwKZKqJvU8iTlSC8P2EIDflSUb-0PP-OzYzwqLdh0,2230
 users/static/users/css/profile.css,sha256=AZVDK0gFwGo0vgPrmZ0BJVAxax8Icf2h8WFVNbt1UeU,2908
 users/static/users/css/style.css,sha256=rlLk1P4uxw9TKwsFTmXR77gYy0bVptwjzO_m3VGlYDo,1789
 users/static/users/js/login.js,sha256=PmUXzsb1OYKne6XPZwolbTLWEZsl77J0pgRYakam1Wg,883
+users/static/users/js/manage_users.js,sha256=3Pr3DUNmb-ZE1pHTGcrZRPSgXrXaPcRdSTEyq4fFb5w,6021
 users/static/users/js/permissions.js,sha256=ILGKe8sNYS4p-dW-hAzhZ29UKSJwntw3B2NLciwR_Uk,3884
 users/templates/registration/login.html,sha256=P-oUVjO6dd9AYJ_fAkGuJQm6JflqrAoVz7oAzvJYLbY,2958
-users/templates/users/manage_users.html,sha256=wsvij8DzgP3NHD-dkibKUwg3Uj0lWMaAAapqpT4CHBk,6673
+users/templates/users/manage_users.html,sha256=yKqQGOZAcTUctdxwuhTiREtJetXe6kaV3YGAenueCVs,6042
 users/templates/users/user_activity_log.html,sha256=nKVOvmkbVjGWZZyYNJahs7drWQFh_hvyUDWuauwJV6U,571
 users/templates/users/user_detail.html,sha256=FAPQYXr5qNgzaZ-mAnaNoCb8dVsUHtj_hY87ZYO9_d0,5302
 users/templates/users/user_form.html,sha256=jcyI7OQZOY4ue4DajPtfjAt2SmAYO5ZgHNOqTp2-FO0,1352
-users/templates/users/partials/scope_actions.html,sha256=pAcxNMmUHgeZ6baR9pHhy8HUU35emFEb8PDBPnqBSNo,273
-users/templates/users/partials/scope_form.html,sha256=XSUeEoRM-wzDZNFv7AJQBH5TFgaPF1FmwfrKRZ8fpdI,741
-users/templates/users/partials/scope_manager.html,sha256=mqhSg2NA2U_Dc5bIf3OUasTdPqdEfxvxGh5tOjBJ59Y,393
-users/templates/users/partials/user_actions.html,sha256=J44-sn0fMbLUWjdtlcf5YhgT5OYRykr1mFkeVXoI1ew,1543
-users/templates/users/profile/profile.html,sha256=HXxOWsGEAZb731iF-nY00dzbFcgVh60oF0C1X8AySb4,5377
+users/templates/users/partials/scope_actions.html,sha256=seGpp59rnVk523pA3lpNyKGgDfZzsgO1sw4Umdr-86I,276
+users/templates/users/partials/scope_form.html,sha256=ZQZB3XLLGeHHT82uhm0XxqLk5nYiP59X01W3MivtgLo,718
+users/templates/users/partials/scope_manager.html,sha256=xROVmBHn5l4HmZiRdPL7toa6BHAi-ChsSEZnVyfc9aA,396
+users/templates/users/partials/user_actions.html,sha256=c1VzRy0xogAwDdMG2pBdkzJ9O9pe-YQwtBq2IEUdqkg,1611
+users/templates/users/profile/profile.html,sha256=qeJwePWaTc9zGiaXoxId8DqLIQsTc4vuDCNxL50eyz0,5374
 users/templates/users/profile/profile_edit.html,sha256=hhltTIdl62NNX290nFNZcQwbW1idXEU_DYlrAp07MWk,5242
 users/templates/users/widgets/grouped_permissions.html,sha256=4xhrCnp7UxkZetTU9sezVRZaSn61-Ar9iCbdtufGSis,4100
-micro_users-1.8.4.dist-info/LICENSE,sha256=Fco89ULLSSxKkC2KKnx57SaT0R7WOkZfuk8IYcGiN50,1063
-micro_users-1.8.4.dist-info/METADATA,sha256=yQDP4uZAybtCQWkpps9MsZr8D2wXyUTDrY59q1rsHeg,11433
-micro_users-1.8.4.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
-micro_users-1.8.4.dist-info/top_level.txt,sha256=tWT24ZcWau2wrlbpU_h3mP2jRukyLaVYiyHBuOezpLQ,6
-micro_users-1.8.4.dist-info/RECORD,,
+micro_users-1.8.6.dist-info/LICENSE,sha256=Fco89ULLSSxKkC2KKnx57SaT0R7WOkZfuk8IYcGiN50,1063
+micro_users-1.8.6.dist-info/METADATA,sha256=SOC2z6mtd2tEg06z6i4bunLhhQTiyj_swH_6JfMhwWg,12116
+micro_users-1.8.6.dist-info/WHEEL,sha256=pkctZYzUS4AYVn6dJ-7367OJZivF2e8RA9b_ZBjif18,92
+micro_users-1.8.6.dist-info/top_level.txt,sha256=tWT24ZcWau2wrlbpU_h3mP2jRukyLaVYiyHBuOezpLQ,6
+micro_users-1.8.6.dist-info/RECORD,,

users/context_processors.py

@@ -0,0 +1,9 @@
+from .utils import is_scope_enabled
+
+def scope_settings(request):
+    """
+    Context processor to add scope settings to all templates.
+    """
+    return {
+        'scope_enabled': is_scope_enabled()
+    }

users/forms.py

@@ -5,7 +5,7 @@ from django.contrib.auth.models import Permission as Permissions
 from django.contrib.auth.forms import UserCreationForm, UserChangeForm, PasswordChangeForm, SetPasswordForm
 from django.contrib.auth import get_user_model
 from crispy_forms.helper import FormHelper
-from crispy_forms.layout import Layout, Field, Div, HTML, Submit
+from crispy_forms.layout import Layout, Field, Div, HTML, Submit, Row
 from crispy_forms.bootstrap import FormActions
 from PIL import Image
 from django.core.exceptions import ValidationError
@@ -165,6 +165,12 @@ class CustomUserCreationForm(UserCreationForm):
             user_perms = self.user.user_permissions.all() | Permissions.objects.filter(group__user=self.user)
             self.fields['permissions'].queryset = self.fields['permissions'].queryset.filter(id__in=user_perms.values_list('id', flat=True))
         
+        ScopeSettings = apps.get_model('users', 'ScopeSettings')
+        if not ScopeSettings.load().is_enabled:
+            self.fields['scope'].disabled = True
+            self.fields['scope'].widget = forms.HiddenInput()
+            self.fields['scope'].required = False
+        
         if self.user and not self.user.is_superuser and self.user.scope:
             self.fields['scope'].initial = self.user.scope
             self.fields['scope'].disabled = True
@@ -187,14 +193,15 @@ class CustomUserCreationForm(UserCreationForm):
         self.fields["email"].label = "البريد الإلكتروني"
         self.fields["first_name"].label = "الاسم"
         self.fields["last_name"].label = "اللقب"
-        self.fields["is_staff"].label = "صلاحيات انشاء و تعديل المستخدمين"
+        self.fields["is_staff"].label = "صلاحيات انشاء و تعديل المستخدمين (مسؤول)"
         self.fields["password1"].label = "كلمة المرور"
         self.fields["password2"].label = "تأكيد كلمة المرور"
         self.fields["is_active"].label = "تفعيل الحساب"
 
         # Help Texts
-        self.fields["username"].help_text = "اسم المستخدم يجب أن يكون فريدًا، 50 حرفًا أو أقل. فقط حروف، أرقام و @ . + - _"
+        self.fields["username"].help_text = "اسم المستخدم يجب أن يكون فريدًا، 20 حرفًا أو أقل. فقط حروف، أرقام و @ . + - _"
         self.fields["email"].help_text = "أدخل عنوان البريد الإلكتروني الصحيح"
+        self.fields["phone"].help_text = "أدخل رقم الهاتف الصحيح بالصيغة الاتية 09XXXXXXXX"
         self.fields["is_staff"].help_text = "يحدد ما إذا كان بإمكان المستخدم الوصول إلى قسم ادارة المستخدمين."
         self.fields["is_active"].help_text = "يحدد ما إذا كان يجب اعتبار هذا الحساب نشطًا."
         self.fields["password1"].help_text = "كلمة المرور يجب ألا تكون مشابهة لمعلوماتك الشخصية، وأن تحتوي على 8 أحرف على الأقل، وألا تكون شائعة أو رقمية بالكامل.."
@@ -203,21 +210,21 @@ class CustomUserCreationForm(UserCreationForm):
         # Use Crispy Forms Layout helper
         self.helper = FormHelper()
         self.helper.layout = Layout(
-            "username",
-            "phone",
-            "password1",
-            "password2",
+            Row(Field("username", css_class="form-control")),            
+            Row(Field("password1", css_class="form-control")),
+            Row(Field("password2", css_class="form-control")),
             HTML("<hr>"),
-            Div(
-                Div(Field("first_name", css_class="col-md-6"), css_class="col-md-6"),
-                Div(Field("last_name", css_class="col-md-6"), css_class="col-md-6"),
+            Row(
+                Div(Field("first_name", css_class="form-control"), css_class="col-md-6"),
+                Div(Field("last_name", css_class="form-control"), css_class="col-md-6"),
                 css_class="row"
             ),
-            Div(
-                Div(Field("email", css_class="col-md-6"), css_class="col-md-6"),
-                Div(Field("scope", css_class="col-md-6"), css_class="col-md-6"),
+            Row(
+                Div(Field("phone", css_class="form-control"), css_class="col-md-6"),
+                Div(Field("email", css_class="form-control"), css_class="col-md-6"),
                 css_class="row"
             ),
+            Row(Field("scope", css_class="form-control")),
             HTML("<hr>"),
             Field("permissions", css_class="col-12"),
             "is_staff",
@@ -233,7 +240,7 @@ class CustomUserCreationForm(UserCreationForm):
                 ),
                 HTML(
                     """
-                    <a href="{% url 'manage_users' %}" class="btn btn-secondary">
+                    <a href="{% url 'manage_users' %}" class="btn btn-danger">
                         <i class="bi bi-arrow-return-left text-light me-1 h4"></i> إلغـــاء
                     </a>
                     """
@@ -288,11 +295,11 @@ class CustomUserChangeForm(UserChangeForm):
         self.fields["email"].label = "البريد الإلكتروني"
         self.fields["first_name"].label = "الاسم الاول"
         self.fields["last_name"].label = "اللقب"
-        self.fields["is_staff"].label = "صلاحيات انشاء و تعديل المستخدمين"
+        self.fields["is_staff"].label = "صلاحيات انشاء و تعديل المستخدمين (مسؤول)"
         self.fields["is_active"].label = "الحساب مفعل"
         
         # Help Texts
-        self.fields["username"].help_text = "اسم المستخدم يجب أن يكون فريدًا، 50 حرفًا أو أقل. فقط حروف، أرقام و @ . + - _"
+        self.fields["username"].help_text = "اسم المستخدم يجب أن يكون فريدًا، 20 حرفًا أو أقل. فقط حروف، أرقام و @ . + - _"
         self.fields["email"].help_text = "أدخل عنوان البريد الإلكتروني الصحيح"
         self.fields["is_staff"].help_text = "يحدد ما إذا كان بإمكان المستخدم الوصول إلى قسم ادارة المستخدمين."
         self.fields["is_active"].help_text = "يحدد ما إذا كان يجب اعتبار هذا الحساب نشطًا. قم بإلغاء تحديد هذا الخيار بدلاً من الحذف."
@@ -300,6 +307,12 @@ class CustomUserChangeForm(UserChangeForm):
         if user_instance:
             self.fields["permissions"].initial = user_instance.user_permissions.all()
 
+        ScopeSettings = apps.get_model('users', 'ScopeSettings')
+        if not ScopeSettings.load().is_enabled:
+            self.fields['scope'].disabled = True
+            self.fields['scope'].widget = forms.HiddenInput()
+            self.fields['scope'].required = False
+
         # --- Foolproofing & Role-based logic ---
         if self.user and not self.user.is_superuser:
             # 1. Self-Editing Protection (Prevents accidental demotion)
@@ -335,19 +348,19 @@ class CustomUserChangeForm(UserChangeForm):
         self.helper = FormHelper()
         self.helper.form_tag = False
         self.helper.layout = Layout(
-            "username",
-            "phone",
+            Row(Field("username", css_class="form-control")),            
             HTML("<hr>"),
-            Div(
-                Div(Field("first_name", css_class="col-md-6"), css_class="col-md-6"),
-                Div(Field("last_name", css_class="col-md-6"), css_class="col-md-6"),
+            Row(
+                Div(Field("first_name", css_class="form-control"), css_class="col-md-6"),
+                Div(Field("last_name", css_class="form-control"), css_class="col-md-6"),
                 css_class="row"
             ),
-            Div(
-                Div(Field("email", css_class="col-md-6"), css_class="col-md-6"),
-                Div(Field("scope", css_class="col-md-6"), css_class="col-md-6"),
+            Row(
+                Div(Field("phone", css_class="form-control"), css_class="col-md-6"),
+                Div(Field("email", css_class="form-control"), css_class="col-md-6"),
                 css_class="row"
             ),
+            Row(Field("scope", css_class="form-control")),
             HTML("<hr>"),
             Field("permissions", css_class="col-12"),
             "is_staff",
@@ -363,14 +376,14 @@ class CustomUserChangeForm(UserChangeForm):
                 ),
                 HTML(
                     """
-                    <a href="{% url 'manage_users' %}" class="btn btn-secondary">
+                    <a href="{% url 'manage_users' %}" class="btn btn-danger">
                         <i class="bi bi-arrow-return-left text-light me-1 h4"></i> إلغـــاء
                     </a>
                     """
                 ),
                 HTML(
                     """
-                    <button type="button" class="btn btn-primary" data-bs-toggle="modal" data-bs-target="#resetPasswordModal">
+                    <button type="button" class="btn btn-warning" data-bs-toggle="modal" data-bs-target="#resetPasswordModal">
                         <i class="bi bi-key-fill text-light me-1 h4"></i> إعادة تعيين كلمة المرور
                     </button>
                     """

users/migrations/0004_scopesettings.py

@@ -0,0 +1,24 @@
+# Generated by Django 5.2.8 on 2026-01-30 21:52
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('users', '0003_scope_alter_customuser_options_and_more'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='ScopeSettings',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('is_enabled', models.BooleanField(default=False, verbose_name='تفعيل النطاقات')),
+            ],
+            options={
+                'verbose_name': 'إعدادات النطاق',
+                'verbose_name_plural': 'إعدادات النطاق',
+            },
+        ),
+    ]

users/models.py

@@ -14,6 +14,24 @@ class Scope(models.Model):
     class Meta:
         verbose_name = "نطاق"
         verbose_name_plural = "النطاقات"
+class ScopeSettings(models.Model):
+    is_enabled = models.BooleanField(default=False, verbose_name="تفعيل النطاقات")
+
+    class Meta:
+        verbose_name = "إعدادات النطاق"
+        verbose_name_plural = "إعدادات النطاق"
+
+    def save(self, *args, **kwargs):
+        self.pk = 1
+        super(ScopeSettings, self).save(*args, **kwargs)
+
+    @classmethod
+    def load(cls):
+        obj, created = cls.objects.get_or_create(pk=1)
+        return obj
+
+    def __str__(self):
+        return "إعدادات النطاق"
 
 class CustomUser(AbstractUser):
     phone = models.CharField(max_length=15, blank=True, null=True, verbose_name="رقم الهاتف")

users/static/users/css/login.css

@@ -155,16 +155,16 @@ input::-moz-focus-inner { border: 0; }
   color: white;
   margin-top: 30px;
   transition: all 0.3s;
-  background-color: var(--primary-color);
+  background-color: var(--submit-color);
   border: none;
   cursor: pointer;
   font-weight: 700;
   letter-spacing: 0.5px;
-  box-shadow: 0 4px 15px rgba(35, 99, 195, 0.3);
+  box-shadow: 0 4px 15px rgba(0, 0, 0, 0.2);
 }
 
 #submit:hover { 
-  background-color: #1e4f99; 
+  background-color: var(--submit-focus); 
   transform: translateY(-2px);
 }
 
@@ -182,3 +182,92 @@ input::-moz-focus-inner { border: 0; }
   max-width: 200px;
   opacity: 0.9;
 }
+
+@media (max-width: 767px) {
+  .logo-img {
+    /* Mask the image to color it with the theme color */
+    -webkit-mask-image: url("/static/img/login_logo.webp");
+    mask-image: url("/static/img/login_logo.webp");
+    -webkit-mask-size: contain;
+    mask-size: contain;
+    -webkit-mask-repeat: no-repeat;
+    mask-repeat: no-repeat;
+    -webkit-mask-position: center;
+    mask-position: center;
+    background-color: var(--primal, var(--primary-color));
+    /* Hide the original image content so background color shows through mask */
+    object-position: -9999px -9999px; /* Fallback to hide original if mask fails or ensuring background color dominates? 
+                                          Actually, on an IMG tag, background-color renders BEHIND the content. 
+                                          To make this work on an IMG tag, we interpret the img content as the mask 
+                                          and the background-color as the fill. 
+                                          BUT standard behavior: mask cuts out the element. 
+                                          To color it, we need the element to be a block of color. 
+                                          So we set background-color and move the object content away? 
+                                          No, 'content: ""' is invalid on img. 
+                                          The accepted way to recolor an img via CSS only is using mask on a wrapper OR 
+                                          using a filter. 
+                                          Since I can't easily add a wrapper without editing HTML (templates), 
+                                          I will use the mask property directly on the img tag but I need to ensure 
+                                          the image content itself doesn't show?
+                                          Wait, 'mask' creates transparency. It doesn't fill with color.
+                                          A BETTER approach for a single IMG tag:
+                                          Use the mask on a pseudo element? No, img tags don't support pseudo elements.
+                                          
+                                          CORRECT APPROACH: 
+                                          Use `content: url(...)`? No.
+                                          Use `filter: drop-shadow(0 0 0 var(--primal))`? No (adds shadow).
+                                          
+                                          The "Mask" trick for coloring an icon usually requires the element to differ.
+                                          
+                                          However, since I can edit `login.html`?
+                                          Wait, user said "this element... should change color". 
+                                          If I can edit `login.html`, I can add a wrapper.
+                                          But user specified `login.css` context implicitly.
+                                          
+                                          Let's try the `mask` approach on the img tag ITSELF:
+                                          If you set `mask-image` on an element, the element is clipped.
+                                          The visible part is the element's own content (the image) where the mask is opaque.
+                                          So `mask-image: url(self)` just shows the original image.
+                                          
+                                          To RECOLOR it, we need a block of color `background-color: var(--primal)` 
+                                          and mask *that* block with the image shape.
+                                          We can turn the `img` into a block of color by:
+                                          1. Setting `padding` equal to size? No.
+                                          2. Hiding the `src`? 
+                                          
+                                          Alternative: `filter: sepia(1) saturate(10000%) hue-rotate(...)`
+                                          This is hard to match exact theme color.
+                                          
+                                          Let's look at `login.html` to see if I can add a class or wrapper.
+                                          Actually, I'll use the `mask` trick by making the img transparent? 
+                                          No.
+                                          
+                                          Okay, I will replace the img with a div in `login.html`? 
+                                          That might break things.
+                                          
+                                          Let's stick to CSS if possible.
+                                          Ah! `mask-image` works on the *box* of the element.
+                                          If we can make the element's content invisible (e.g. `object-position` off screen) 
+                                          but keep the box size, then `background-color` fills the box.
+                                          Then `mask-image` cuts the background.
+                                          
+                                          Let's try:
+                                          height: (keep same); width: (keep same);
+                                          object-position: -99999px; (moves the image content away)
+                                          background-color: var(--primal);
+                                          mask-image: url(...);
+                                          mask-size: contain;
+                                          mask-repeat: no-repeat;
+                                          mask-position: center;
+                                          
+                                          This works on Chrome/Firefox for `img` tags.
+                                          */
+    
+    height: 100px; /* Need explicit height if object-position moves content? */
+                   /* Actually .logo-img has width 80%, max-width 200px. */
+                   /* WebP aspect ratio might define height. */
+                   /* If I move content, does intrinsic size remain? Usually yes. */
+    object-position: -99999px 0; 
+    background-color: var(--primal, var(--primary-color));
+  }
+}

users/static/users/js/manage_users.js

@@ -0,0 +1,189 @@
+document.addEventListener('DOMContentLoaded', function() {
+    // 1. Manage Scopes Button (Main page)
+    const btnManageScopes = document.getElementById('btn-manage-scopes');
+    if (btnManageScopes) {
+        btnManageScopes.addEventListener('click', loadScopeManager);
+    }
+
+    // 2. Toggle Scopes Switch (Main page)
+    const toggleScopes = document.getElementById('toggleScopes');
+    if (toggleScopes) {
+        toggleScopes.addEventListener('change', handleToggleScopes);
+    }
+
+    // 3. Delete User Modal (Main page)
+    const deleteModal = document.getElementById("deleteModal");
+    if (deleteModal) {
+        deleteModal.addEventListener("show.bs.modal", handleDeleteModalShow);
+    }
+
+    // Event Delegation for Scope Modal content (loaded via AJAX)
+    const scopeModalBody = document.getElementById('scopeModalBody');
+    if (scopeModalBody) {
+        scopeModalBody.addEventListener('click', function(e) {
+            // Load Scope Form Buttons (including Back, Add, Edit)
+            const loadBtn = e.target.closest('.js-load-scope-form');
+            if (loadBtn) {
+                e.preventDefault();
+                const url = loadBtn.dataset.url;
+                if (url) loadScopeForm(url);
+                return;
+            }
+
+            // Delete Scope Buttons (if any)
+            const deleteBtn = e.target.closest('.js-delete-scope');
+            if (deleteBtn) {
+                e.preventDefault();
+                const url = deleteBtn.dataset.url;
+                if (url) deleteScope(url);
+                return;
+            }
+        });
+    }
+});
+
+// Handle Scope Form Submission (delegated to document for dynamic forms)
+document.addEventListener('submit', function(e) {
+    if (e.target.matches('#scopeForm')) {
+        e.preventDefault();
+        const url = e.target.dataset.url;
+        if (url) submitScopeForm(e.target, url);
+    }
+});
+
+function loadScopeManager() {
+    const modalEl = document.getElementById('scopeModal');
+    if (modalEl) {
+        const modal = new bootstrap.Modal(modalEl);
+        modal.show();
+        
+        const btn = document.getElementById('btn-manage-scopes');
+        const url = btn.dataset.url; // URL provided in data-url attribute
+        if (url) loadScopeForm(url);
+    }
+}
+
+function loadScopeForm(url) {
+    if (!url) return;
+    
+    fetch(url, {
+        headers: { 'X-Requested-With': 'XMLHttpRequest' }
+    })
+    .then(response => response.json())
+    .then(data => {
+        const body = document.getElementById('scopeModalBody');
+        if (body) {
+            body.innerHTML = data.html;
+        }
+    })
+    .catch(err => console.error('Error loading content:', err));
+}
+
+function submitScopeForm(form, url) {
+    const formData = new FormData(form);
+
+    fetch(url, {
+        method: 'POST',
+        body: formData,
+        headers: {
+            'X-Requested-With': 'XMLHttpRequest',
+        }
+    })
+    .then(response => response.json())
+    .then(data => {
+        const body = document.getElementById('scopeModalBody');
+        if (body) {
+            body.innerHTML = data.html;
+        }
+    })
+    .catch(err => console.error('Error submitting form:', err));
+}
+
+function deleteScope(url) {
+    if (!confirm('هل أنت متأكد من الحذف؟')) return; // Basic confirmation
+
+    fetch(url, {
+        headers: { 'X-Requested-With': 'XMLHttpRequest' }
+    })
+    .then(response => response.json())
+    .then(data => {
+        if (data.success) {
+            const body = document.getElementById('scopeModalBody');
+            if (body) {
+                body.innerHTML = data.html;
+            }
+        }
+    })
+    .catch(err => console.error('Error deleting scope:', err));
+}
+
+function handleToggleScopes(e) {
+    const checkbox = e.target;
+    const url = checkbox.dataset.url; 
+    const csrfToken = checkbox.dataset.csrf; 
+
+    if (!url || !csrfToken) {
+        console.error('Missing URL or CSRF token for toggle scopes');
+        return;
+    }
+
+    // If Activating (checking the box)
+    if (checkbox.checked) {
+        e.preventDefault(); // Stop immediate change
+        checkbox.checked = false; // Revert visually
+        
+        const warningModal = new bootstrap.Modal(document.getElementById('scopeWarningModal'));
+        warningModal.show();
+
+        // Handle Confirmation
+        const confirmBtn = document.getElementById('confirmScopeActivation');
+        // Remove previous listeners to avoid duplicates if opened multiple times
+        const newConfirmBtn = confirmBtn.cloneNode(true);
+        confirmBtn.parentNode.replaceChild(newConfirmBtn, confirmBtn);
+        
+        newConfirmBtn.addEventListener('click', function() {
+            warningModal.hide();
+            performScopeToggle(url, csrfToken, checkbox, true);
+        });
+
+    } else {
+        // Deactivating - proceed normally (or add another warning if needed, but per request only activation)
+        performScopeToggle(url, csrfToken, checkbox, false);
+    }
+}
+
+function performScopeToggle(url, csrfToken, checkbox, targetState) {
+    fetch(url, {
+        method: 'POST',
+        headers: {
+            'X-CSRFToken': csrfToken,
+            'Content-Type': 'application/json'
+        }
+    })
+    .then(response => response.json())
+    .then(data => {
+        if (data.success) {
+            location.reload(); 
+        } else {
+            alert(data.error || 'Failed to toggle scopes.');
+            checkbox.checked = !targetState; // Revert to original state on failure
+        }
+    })
+    .catch(err => {
+        console.error('Error:', err);
+        checkbox.checked = !targetState; // Revert
+    });
+}
+
+function handleDeleteModalShow(event) {
+    const button = event.relatedTarget;
+    const userName = button.getAttribute("data-user-name");
+    const deleteUrl = button.getAttribute("data-delete-url");
+    
+    document.getElementById("userName").textContent = userName;
+    
+    const form = document.getElementById("deleteForm");
+    if (form && deleteUrl) {
+        form.action = deleteUrl;
+    }
+}

users/templates/users/manage_users.html

@@ -19,15 +19,29 @@
         </div>
     </div>
 
-    <div class="mt-3">
-        {% if not request.user.scope %}
-        <button type="button" class="btn btn-info no-print" title="إدارة النطاقات" id="btn-manage-scopes">
+    <div class="d-flex align-items-center mt-3">
+        <a href="{% url 'create_user' %}" class="btn btn-primary no-print" title="إضافة مستخدم جديد">
+            <i class="bi bi-person-plus-fill me-2 h4"></i> إضافة مستخدم جديد
+        </a>
+    
+        {% if scope_enabled and not request.user.scope %}
+        <button type="button" class="btn btn-info no-print ms-2" title="إدارة النطاقات" id="btn-manage-scopes" data-url="{% url 'manage_scopes' %}">
             <i class="bi bi-list me-1 h4"></i> إدارة النطاقات
         </button>
         {% endif %}
-        <a href="{% url 'create_user' %}" class="btn btn-secondary no-print" title="إضافة مستخدم جديد">
-            <i class="bi bi-person-plus-fill text-light me-1 h4"></i> إضافة مستخدم جديد
-        </a>
+
+        {% if request.user.is_superuser %}
+        <div class="d-inline-block ms-auto no-print">
+            <div class="form-check form-switch form-check-reverse d-inline-block align-middle">
+                <input class="form-check-input" type="checkbox" id="toggleScopes" 
+                data-url="{% url 'toggle_scopes' %}" data-csrf="{{ csrf_token }}"
+                {% if scope_enabled %}checked{% endif %}
+                {% if scope_enabled and not can_toggle_scope %}disabled title="لا يمكن التعطيل لوجود مستخدمين مرتبطين بنطاقات"{% endif %}>
+                <label class="form-check-label" for="toggleScopes">تفعيل النطاقات</label>
+            </div>
+        </div>
+        {% endif %}
+    
     </div>
 
     <!-- Delete Modal -->
@@ -73,93 +87,40 @@
         </div>
     </div>
 
-    <!-- Script for Scope Modal -->
-    <script nonce="{{ request.csp_nonce }}">
-        // Defined globally so they can be called from injected HTML
-        function loadScopeManager() {
-            const modal = new bootstrap.Modal(document.getElementById('scopeModal'));
-            modal.show();
-            loadScopeForm("{% url 'manage_scopes' %}");
-        }
-
-        function loadScopeForm(url) {
-            // Default to manage_scopes if no URL (e.g. back button cases)
-            // But actually we want distinct behavior:
-            // 1. Initial Load (Table)
-            // 2. Load Form (Add/Edit)
-            
-            // If url is for the form, we fetch it. If it's for the manager (table), we fetch that.
-            // The partials allow us to just dump html into the body.
-            
-            fetch(url, {
-                headers: { 'X-Requested-With': 'XMLHttpRequest' }
-            })
-            .then(response => response.json())
-            .then(data => {
-                document.getElementById('scopeModalBody').innerHTML = data.html;
-            })
-            .catch(err => console.error('Error loading content:', err));
-        }
-
-        function submitScopeForm(e, url) {
-            e.preventDefault();
-            const form = e.target;
-            const formData = new FormData(form);
-
-            fetch(url, {
-                method: 'POST',
-                body: formData,
-                headers: {
-                    'X-Requested-With': 'XMLHttpRequest',
-                }
-            })
-            .then(response => response.json())
-            .then(data => {
-                // Whether success or error, we replace the body with the returned HTML
-                // (Updated table or Form with errors)
-                document.getElementById('scopeModalBody').innerHTML = data.html;
-            })
-            .catch(err => console.error('Error submitting form:', err));
-        }
+    <!-- Scope Activation Warning Modal -->
+    <div class="modal fade" id="scopeWarningModal" tabindex="-1" aria-hidden="true">
+        <div class="modal-dialog">
+            <div class="modal-content border-danger">
+                <div class="modal-header bg-soft-danger border-bottom-0">
+                    <h5 class="modal-title text-danger">
+                        <i class="bi bi-exclamation-triangle-fill me-2"></i>تحذير هام
+                    </h5>
+                    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
+                </div>
+                <div class="modal-body">
+                    <p class="fw-bold">هل أنت متأكد من رغبتك في تفعيل نظام النطاقات؟</p>
+                    <p class="text-muted mb-0">
+                        تنبيه: بعد تفعيل النظام وتعيين المستخدمين لنطاقات محددة، لن تتمكن من تعطيله لاحقاً بسهولة دون المخاطرة بفقدان بيانات هيكلية المستخدمين أو تعطل الصلاحيات، او فقدان امكانية الوصول الى البيانات الموجودة على التطبيق.
+                    </p>
+                    <p class="text-danger fw-bold mb-0">
+                        لا يمكن تفعيل او الغاء تفعيل هذه الميزة الا بواسطة مدير النظام (Superuser).
+                    </p>
+                </div>
+                <div class="modal-footer border-top-0">
+                    <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">إلغاء</button>
+                    <button type="button" class="btn btn-danger" id="confirmScopeActivation">نعم، قم بالتفعيل</button>
+                </div>
+            </div>
+        </div>
+    </div>
 
-        function deleteScope(url) {
-            fetch(url, {
-                headers: { 'X-Requested-With': 'XMLHttpRequest' }
-            })
-            .then(response => response.json())
-            .then(data => {
-                if (data.success) {
-                    document.getElementById('scopeModalBody').innerHTML = data.html;
-                }
-            })
-            .catch(err => console.error('Error deleting scope:', err));
-        }
+    <!-- Script for Scope Modal -->
 
-        document.addEventListener('DOMContentLoaded', function() {
-            const btnManageScopes = document.getElementById('btn-manage-scopes');
-            if (btnManageScopes) {
-                btnManageScopes.addEventListener('click', loadScopeManager);
-            }
-        });
-    </script>
 {% endblock %}
 
 {% block scripts %}
 
-    <script nonce="{{ request.csp_nonce }}">
-        document.addEventListener("DOMContentLoaded", function () {
-            const deleteModal = document.getElementById("deleteModal");
-            deleteModal.addEventListener("show.bs.modal", function (event) {
-                let button = event.relatedTarget; // Button that triggered the modal
-                let userId = button.getAttribute("data-user-id");
-                let userName = button.getAttribute("data-user-name");
-                let form = document.getElementById("deleteForm");
+    <script src="{% static 'users/js/manage_users.js' %}" nonce="{{ request.csp_nonce }}"></script>
 
-                // Update the modal content
-                document.getElementById("userName").textContent = userName;
-                form.action = "{% url 'delete_user' 0 %}".replace("/0/", `/${userId}/`);
-            });
-        });
-    </script>
 
 {% endblock %}

users/templates/users/partials/scope_actions.html

@@ -1,6 +1,6 @@
 <div class="d-flex gap-2 justify-content-center">
-    <button class="btn btn-sm btn-primary" 
-            onclick="loadScopeForm('{% url 'get_scope_form' record.id %}')"
+    <button class="btn btn-sm btn-primary js-load-scope-form" 
+            data-url="{% url 'get_scope_form' record.id %}"
             title="تعديل">
         <i class="bi bi-pencil-square"></i>
     </button>

users/templates/users/partials/scope_form.html

@@ -2,12 +2,12 @@
 
 <div class="d-flex justify-content-between mb-3">
     <h5 class="modal-title">{% if scope_id %}تعديل نطاق{% else %}إضافة نطاق جديد{% endif %}</h5>
-    <button class="btn btn-secondary" onclick="loadScopeForm('{% url 'manage_scopes' %}')">
+    <button class="btn btn-secondary js-load-scope-form" data-url="{% url 'manage_scopes' %}">
         <i class="bi bi-arrow-right me-1"></i> عودة للقائمة
     </button>
 </div>
 
-<form id="scopeForm" onsubmit="submitScopeForm(event, '{% url 'save_scope' %}{% if scope_id %}/{{ scope_id }}{% endif %}')">
+<form id="scopeForm" data-url="{% url 'save_scope' %}{% if scope_id %}/{{ scope_id }}{% endif %}">
     {% csrf_token %}
     {% crispy form %}
     

users/templates/users/partials/scope_manager.html

@@ -1,8 +1,8 @@
 {% load django_tables2 %}
 <div class="d-flex justify-content-between mb-3">
     <h5 class="modal-title">إدارة النطاقات</h5>
-    <button class="btn btn-success" 
-            onclick="loadScopeForm('{% url 'get_scope_form' %}')">
+    <button class="btn btn-success js-load-scope-form" 
+            data-url="{% url 'get_scope_form' %}">
         <i class="bi bi-plus-lg me-1"></i> إضافة نطاق
     </button>
 </div>

users/templates/users/partials/user_actions.html

@@ -22,7 +22,8 @@
             {% if user.is_superuser and not record.is_staff %}
             <li>
                 <a class="dropdown-item" href="#" data-bs-toggle="modal" data-bs-target="#deleteModal"
-                data-user-id="{{ record.pk }}" data-user-name="{{ record.username }}">
+                data-user-id="{{ record.pk }}" data-user-name="{{ record.username }}"
+                data-delete-url="{% url 'delete_user' record.pk %}">
                 <i class="bi bi-x-octagon text-danger me-1 h5"> </i> حذف
                 </a>
             </li>

users/templates/users/profile/profile.html

@@ -64,18 +64,18 @@
 
                     <!-- Actions -->
                     <div class="row mt-4 pt-3 border-top border-light">
-                        <div class="col-12 d-flex flex-wrap gap-3 justify-content-end">
-                            <a class="btn btn-primary action-btn" href="{% url 'edit_profile' %}">
+                        <div class="col-12 d-flex flex-wrap gap-2 justify-content-end">
+                            <a class="btn btn-success action-btn" href="{% url 'edit_profile' %}">
                                 <i class="bi bi-pencil-square h5 m-0"></i> 
                                 <span>تحديث البيانات</span>
                             </a>
                             
-                            <button type="button" class="btn btn-outline-danger action-btn" data-bs-toggle="modal" data-bs-target="#resetPasswordModal">
+                            <button type="button" class="btn btn-danger action-btn" data-bs-toggle="modal" data-bs-target="#resetPasswordModal">
                                 <i class="bi bi-shield-lock h5 m-0"></i>
                                 <span>تغيير كلمة المـرور</span>
                             </button>
                             
-                            <a href="{% url 'index' %}" class="btn btn-dark action">
+                            <a href="{% url 'index' %}" class="btn btn-secondary action">
                                 <i class="bi bi-house-door h5 m-0"></i>
                                 <span>الرئيسية</span>
                             </a>

users/urls.py

@@ -24,4 +24,5 @@ urlpatterns = [
     path("scopes/save/", views.save_scope, name="save_scope"),
     path("scopes/save/<int:pk>/", views.save_scope, name="save_scope"),
     path("scopes/delete/<int:pk>/", views.delete_scope, name="delete_scope"),
+    path('scopes/toggle/', views.toggle_scopes, name='toggle_scopes'),
 ]

users/utils.py

@@ -0,0 +1,14 @@
+from django.apps import apps
+
+def is_scope_enabled():
+    """
+    Checks if the Scope system is globally enabled.
+    Returns:
+        bool: True if enabled, False otherwise.
+    """
+    try:
+        ScopeSettings = apps.get_model('users', 'ScopeSettings')
+        return ScopeSettings.load().is_enabled
+    except LookupError:
+        # Fallback if model shouldn't be loaded yet (e.g. migration)
+        return True

users/views.py

@@ -22,6 +22,7 @@ from .signals import get_client_ip
 from .tables import UserTable
 from .forms import CustomUserCreationForm, CustomUserChangeForm, ArabicPasswordChangeForm, ResetPasswordForm, UserProfileEditForm
 from .filters import UserFilter
+from .utils import is_scope_enabled
 
 User = get_user_model() # Use custom user model
 
@@ -66,6 +67,7 @@ class UserListView(LoginRequiredMixin, UserPassesTestMixin, FilterView, SingleTa
     table_class = UserTable
     filterset_class = UserFilter  # Set the filter class to apply filtering
     template_name = "users/manage_users.html"
+    paginate_by = 10
     
     # Restrict access to only staff users
     def test_func(self):
@@ -86,15 +88,27 @@ class UserListView(LoginRequiredMixin, UserPassesTestMixin, FilterView, SingleTa
                 qs = qs.filter(scope=self.request.user.scope)
         return qs
 
+    def get_table(self, **kwargs):
+        table = super().get_table(**kwargs)
+        if not is_scope_enabled():
+            table.exclude = ('scope',)
+        return table
+
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         user_filter = self.get_filterset(self.filterset_class)
-
-        # Apply the pagination
-        RequestConfig(self.request, paginate={'per_page': 10}).configure(self.table_class(user_filter.qs))
+        scope_enabled = is_scope_enabled()
         
         context["filter"] = user_filter
         context["users"] = user_filter.qs
+        context["scope_enabled"] = scope_enabled
+        
+        # Check if we can disable scopes (only if no users are assigned to any scope)
+        can_toggle_scope = True
+        if scope_enabled:
+            can_toggle_scope = not User.objects.filter(scope__isnull=False).exists()
+        
+        context["can_toggle_scope"] = can_toggle_scope
         return context
 
 
@@ -196,7 +210,9 @@ class UserActivityLogView(LoginRequiredMixin, UserPassesTestMixin, SingleTableMi
 
     def get_table(self, **kwargs):
         table = super().get_table(**kwargs)
-        if self.request.user.scope:
+        if not is_scope_enabled():
+            table.exclude = ('scope',)
+        elif self.request.user.scope:
             table.exclude = ('scope',)
         return table
 
@@ -310,6 +326,9 @@ def manage_scopes(request):
     """
     Returns the initial modal content with the table.
     """
+    if not is_scope_enabled():
+         return JsonResponse({'error': 'Scope management is disabled.'}, status=403)
+
     if request.user.scope:
         return JsonResponse({'error': 'Permission denied.'}, status=403)
 
@@ -381,3 +400,23 @@ def save_scope(request, pk=None):
 @user_passes_test(is_staff)
 def delete_scope(request, pk):
     return JsonResponse({'success': False, 'error': 'تم تعطيل حذف النطاقات لأسباب أمنية.'})
+@login_required
+@user_passes_test(is_superuser)
+def toggle_scopes(request):
+    if request.method == "POST":
+        ScopeSettings = apps.get_model('users', 'ScopeSettings')
+        settings = ScopeSettings.load()
+        
+        # Safety Check: Prevent disabling if users are assigned to scopes
+        if settings.is_enabled:
+            if User.objects.filter(scope__isnull=False).exists():
+                return JsonResponse({
+                    'success': False, 
+                    'error': 'لا يمكن تعطيل النطاقات لوجود مستخدمين معينين لنطاقات حالية. يرجى إزالة النطاقات من كافة المستخدمين أولاً.'
+                }, status=200) # Use 200 to handle error in JS manually
+        
+        settings.is_enabled = not settings.is_enabled
+        settings.save()
+        log_user_action(request, request.user, "UPDATE", f"Scope Settings: {'Enabled' if settings.is_enabled else 'Disabled'}")
+        return JsonResponse({'success': True, 'is_enabled': settings.is_enabled})
+    return JsonResponse({'success': False}, status=400)