src/backend/core/admin.py

"""Admin classes and registrations for People's core app."""

from django import forms
from django.contrib import admin
from django.contrib.auth import admin as auth_admin
from django.utils.translation import gettext_lazy as _

from . import models


class IdentityFormSet(forms.BaseInlineFormSet):
    """
    Make the "is_main" field readonly when it is True so that declaring another identity
    works in the admin.
    """

    def add_fields(self, form, index):
        """Disable the "is_main" field when it is set to True"""
        super().add_fields(form, index)
        is_main_value = form.instance.is_main if form.instance else False
        form.fields["is_main"].disabled = is_main_value


class IdentityInline(admin.TabularInline):
    """Inline admin class for user identities."""

    fields = (
        "sub",
        "email",
        "is_main",
        "created_at",
        "updated_at",
    )
    formset = IdentityFormSet
    model = models.Identity
    extra = 0
    readonly_fields = ("email", "created_at", "sub", "updated_at")

    def has_add_permission(self, request, obj):
        """
        Identities are automatically created on successful OIDC logins.
        Disable creating identities via the admin.
        """
        return False


class TeamAccessInline(admin.TabularInline):
    """Inline admin class for team accesses."""

    extra = 0
    autocomplete_fields = ["user", "team"]
    model = models.TeamAccess
    readonly_fields = ("created_at", "updated_at")


@admin.register(models.User)
class UserAdmin(auth_admin.UserAdmin):
    """Admin class for the User model"""

    fieldsets = (
        (
            None,
            {
                "fields": (
                    "id",
                    "password",
                )
            },
        ),
        (_("Personal info"), {"fields": ("admin_email", "language", "timezone")}),
        (
            _("Permissions"),
            {
                "fields": (
                    "is_active",
                    "is_device",
                    "is_staff",
                    "is_superuser",
                    "groups",
                    "user_permissions",
                ),
            },
        ),
        (_("Important dates"), {"fields": ("created_at", "updated_at")}),
    )
    add_fieldsets = (
        (
            None,
            {
                "classes": ("wide",),
                "fields": ("admin_email", "password1", "password2"),
            },
        ),
    )
    inlines = (IdentityInline, TeamAccessInline)
    list_display = (
        "admin_email",
        "created_at",
        "updated_at",
        "is_active",
        "is_device",
        "is_staff",
        "is_superuser",
    )
    list_filter = ("is_staff", "is_superuser", "is_device", "is_active")
    ordering = ("is_active", "-is_superuser", "-is_staff", "-is_device", "-updated_at")
    readonly_fields = ("id", "created_at", "updated_at")
    search_fields = ("id", "admin_email", "identities__sub", "identities__email")


@admin.register(models.Team)
class TeamAdmin(admin.ModelAdmin):
    """Team admin interface declaration."""

    inlines = (TeamAccessInline,)
    list_display = (
        "name",
        "slug",
        "created_at",
        "updated_at",
    )
    search_fields = ("name",)


@admin.register(models.Invitation)
class InvitationAdmin(admin.ModelAdmin):
    """Admin interface to handle invitations."""

    fields = (
        "email",
        "team",
        "role",
        "created_at",
        "issuer",
    )
    readonly_fields = (
        "created_at",
        "is_expired",
        "issuer",
    )
    list_display = (
        "email",
        "team",
        "created_at",
        "is_expired",
    )

    def get_readonly_fields(self, request, obj=None):
        if obj:
            # all fields read only = disable update
            return self.fields
        return self.readonly_fields

    def change_view(self, request, object_id, form_url="", extra_context=None):
        """Custom edit form. Remove 'save' buttons."""
        extra_context = extra_context or {}
        extra_context["show_save_and_continue"] = False
        extra_context["show_save"] = False
        extra_context["show_save_and_add_another"] = False
        return super().change_view(request, object_id, extra_context=extra_context)

    def save_model(self, request, obj, form, change):
        obj.issuer = request.user
        obj.save()
✨(admin) configure a minimum admin with users and teams We added identities and team accesses as inlines. 2024-01-15 09:14:49 +01:00			`"""Admin classes and registrations for People's core app."""`
🚨(backend) follow Ruff 2024.2 style introduced in v0.3.0 We recently updated Ruff from 0.2.2 to v0.3, which introduced Ruff 2024.2 style. This new style updated Ruff formatter's behavior, making our make lint command fails. Ruff 2024.2 style add a blank line after the module docstring. Please take a look at Ruff ChangeLog to get more info. 2024-03-07 10:57:05 +01:00
✨(admin) configure a minimum admin with users and teams We added identities and team accesses as inlines. 2024-01-15 09:14:49 +01:00			`from django import forms`
			`from django.contrib import admin`
			`from django.contrib.auth import admin as auth_admin`
			`from django.utils.translation import gettext_lazy as _`

			`from . import models`


			`class IdentityFormSet(forms.BaseInlineFormSet):`
			`"""`
			`Make the "is_main" field readonly when it is True so that declaring another identity`
			`works in the admin.`
			`"""`

			`def add_fields(self, form, index):`
			`"""Disable the "is_main" field when it is set to True"""`
			`super().add_fields(form, index)`
			`is_main_value = form.instance.is_main if form.instance else False`
			`form.fields["is_main"].disabled = is_main_value`


			`class IdentityInline(admin.TabularInline):`
			`"""Inline admin class for user identities."""`

			`fields = (`
			`"sub",`
			`"email",`
			`"is_main",`
			`"created_at",`
			`"updated_at",`
			`)`
			`formset = IdentityFormSet`
			`model = models.Identity`
			`extra = 0`
			`readonly_fields = ("email", "created_at", "sub", "updated_at")`

			`def has_add_permission(self, request, obj):`
			`"""`
			`Identities are automatically created on successful OIDC logins.`
			`Disable creating identities via the admin.`
			`"""`
			`return False`


			`class TeamAccessInline(admin.TabularInline):`
			`"""Inline admin class for team accesses."""`

			`extra = 0`
			`autocomplete_fields = ["user", "team"]`
			`model = models.TeamAccess`
			`readonly_fields = ("created_at", "updated_at")`


			`@admin.register(models.User)`
			`class UserAdmin(auth_admin.UserAdmin):`
			`"""Admin class for the User model"""`

			`fieldsets = (`
			`(`
			`None,`
			`{`
			`"fields": (`
			`"id",`
			`"password",`
			`)`
			`},`
			`),`
♻️(models) refactor user email fields The email field on the user is renamed to "admin_email" for clarity. The "email" and "name" fields of user's main identity are made available on the user model so it is easier to access it. 2024-03-25 23:56:32 +01:00			`(_("Personal info"), {"fields": ("admin_email", "language", "timezone")}),`
✨(admin) configure a minimum admin with users and teams We added identities and team accesses as inlines. 2024-01-15 09:14:49 +01:00			`(`
			`_("Permissions"),`
			`{`
			`"fields": (`
			`"is_active",`
			`"is_device",`
			`"is_staff",`
			`"is_superuser",`
			`"groups",`
			`"user_permissions",`
			`),`
			`},`
			`),`
			`(_("Important dates"), {"fields": ("created_at", "updated_at")}),`
			`)`
🩹(backend) fix Django Admin UserAdmin page Broken Identity string representation Resolving a format error in the Identity string representation caused by potential None values in the email field. This issue was discovered when attempting to access the User details page in the Django Admin Broken User creation form The replacement of the User's username with an email led to errors in the UserAdmin class. The base class used the 'username' field in the 'add_fieldsets' attribute. This problem was discovered while attempting to create a new user in the Django Admin. 2024-02-14 22:22:36 +01:00			`add_fieldsets = (`
			`(`
			`None,`
			`{`
			`"classes": ("wide",),`
♻️(models) refactor user email fields The email field on the user is renamed to "admin_email" for clarity. The "email" and "name" fields of user's main identity are made available on the user model so it is easier to access it. 2024-03-25 23:56:32 +01:00			`"fields": ("admin_email", "password1", "password2"),`
🩹(backend) fix Django Admin UserAdmin page Broken Identity string representation Resolving a format error in the Identity string representation caused by potential None values in the email field. This issue was discovered when attempting to access the User details page in the Django Admin Broken User creation form The replacement of the User's username with an email led to errors in the UserAdmin class. The base class used the 'username' field in the 'add_fieldsets' attribute. This problem was discovered while attempting to create a new user in the Django Admin. 2024-02-14 22:22:36 +01:00			`},`
			`),`
			`)`
✨(admin) configure a minimum admin with users and teams We added identities and team accesses as inlines. 2024-01-15 09:14:49 +01:00			`inlines = (IdentityInline, TeamAccessInline)`
			`list_display = (`
♻️(models) refactor user email fields The email field on the user is renamed to "admin_email" for clarity. The "email" and "name" fields of user's main identity are made available on the user model so it is easier to access it. 2024-03-25 23:56:32 +01:00			`"admin_email",`
✨(admin) configure a minimum admin with users and teams We added identities and team accesses as inlines. 2024-01-15 09:14:49 +01:00			`"created_at",`
			`"updated_at",`
			`"is_active",`
			`"is_device",`
			`"is_staff",`
			`"is_superuser",`
			`)`
			`list_filter = ("is_staff", "is_superuser", "is_device", "is_active")`
			`ordering = ("is_active", "-is_superuser", "-is_staff", "-is_device", "-updated_at")`
			`readonly_fields = ("id", "created_at", "updated_at")`
♻️(models) refactor user email fields The email field on the user is renamed to "admin_email" for clarity. The "email" and "name" fields of user's main identity are made available on the user model so it is easier to access it. 2024-03-25 23:56:32 +01:00			`search_fields = ("id", "admin_email", "identities__sub", "identities__email")`
✨(admin) configure a minimum admin with users and teams We added identities and team accesses as inlines. 2024-01-15 09:14:49 +01:00

			`@admin.register(models.Team)`
			`class TeamAdmin(admin.ModelAdmin):`
			`"""Team admin interface declaration."""`

			`inlines = (TeamAccessInline,)`
			`list_display = (`
			`"name",`
🩹(backend) enhance Django Admin for Team Slug Make Team's Slug field non-editable in the Django admin. It avoid UX issues by preventing accidental slug overwrites during updates. The Slug is now displayed in the teams list view. 2024-02-12 10:35:29 +01:00			`"slug",`
✨(admin) configure a minimum admin with users and teams We added identities and team accesses as inlines. 2024-01-15 09:14:49 +01:00			`"created_at",`
			`"updated_at",`
			`)`
			`search_fields = ("name",)`
🗃️(database) create invitation model Create invitation model, factory and related tests to prepare back-end for invitation endpoints. We chose to use a separate dedicated model for separation of concerns, see https://github.com/numerique-gouv/people/issues/25 2024-02-07 18:03:12 +01:00

			`@admin.register(models.Invitation)`
			`class InvitationAdmin(admin.ModelAdmin):`
			`"""Admin interface to handle invitations."""`

			`fields = (`
			`"email",`
			`"team",`
			`"role",`
			`"created_at",`
			`"issuer",`
			`)`
			`readonly_fields = (`
			`"created_at",`
			`"is_expired",`
			`"issuer",`
			`)`
			`list_display = (`
			`"email",`
			`"team",`
			`"created_at",`
			`"is_expired",`
			`)`

🐛(admin) prevent updating of invitations Invitations cannot be updated for now. To reflect api behaviour, we disable update in django admin as well. 2024-03-06 16:24:28 +01:00			`def get_readonly_fields(self, request, obj=None):`
			`if obj:`
			`# all fields read only = disable update`
			`return self.fields`
			`return self.readonly_fields`

			`def change_view(self, request, object_id, form_url="", extra_context=None):`
			`"""Custom edit form. Remove 'save' buttons."""`
			`extra_context = extra_context or {}`
			`extra_context["show_save_and_continue"] = False`
			`extra_context["show_save"] = False`
			`extra_context["show_save_and_add_another"] = False`
			`return super().change_view(request, object_id, extra_context=extra_context)`

🗃️(database) create invitation model Create invitation model, factory and related tests to prepare back-end for invitation endpoints. We chose to use a separate dedicated model for separation of concerns, see https://github.com/numerique-gouv/people/issues/25 2024-02-07 18:03:12 +01:00			`def save_model(self, request, obj, form, change):`
			`obj.issuer = request.user`
			`obj.save()`