first commit

core/apps/management/views/common/__init__.py

@@ -0,0 +1,5 @@
+from .create import *
+from .list import *
+from .edit import *
+from .confirm_expense import *
+from .decline_expense import *

core/apps/management/views/common/confirm_expense.py

@@ -0,0 +1,17 @@
+from django.contrib.auth.decorators import login_required
+from django.shortcuts import get_object_or_404, redirect
+from ...models import Expense
+from core.apps.management.decorators import role_required
+
+
+@login_required
+@role_required(["manager", "businessman"])
+def confirm_expense(request, pk):
+    expense = get_object_or_404(Expense, pk=pk)
+
+    if not expense.is_confirmed:
+        expense.is_confirmed = True
+        expense.confirmed_by = request.user
+        expense.save(update_fields=["is_confirmed", "confirmed_by"])
+
+    return redirect(request.META.get("HTTP_REFERER", "/"))

core/apps/management/views/common/create.py

@@ -0,0 +1,220 @@
+from core.apps.management.forms import DeviceForm, IncomeForm, WarehouseForm, UserCreateForm, ExpenseFormEmployee, \
+    ExpenseFormManager, ExpenseFormBusinessman
+from django.db import transaction
+from django.shortcuts import render, redirect
+from core.apps.management.forms import ToyMovementForm, ToyMovementFormEmployee
+from django.contrib.auth.decorators import login_required
+from core.apps.management.decorators import role_required
+from core.apps.management.forms import UserCreateFormManagerToEmployee, UserCreateFormBusinessman
+from core.apps.management.models import ToyMovement
+
+@login_required
+@role_required(["manager", "businessman"])
+def create_device(request):
+    form = DeviceForm(request.POST or None, user=request.user)
+    if form.is_valid():
+        form.save()
+        return redirect("dashboard")
+    return render(request, "common/create/device_create.html", {
+        "form": form,
+        "title": "Aparat Yaratish"
+    })
+
+
+@login_required
+def create_income(request):
+    if request.method == "POST":
+        form = IncomeForm(request.POST, user=request.user)
+        if form.is_valid():
+            income = form.save(commit=False)
+            if request.user.role == "employee":
+                income.amount = None
+            income.save()
+            return redirect("income_list")
+    else:
+        form = IncomeForm(user=request.user)
+    return render(request, "common/create/income_create.html", {"form": form})
+
+
+@login_required
+def create_expense(request):
+    user = request.user
+
+    # select form based on role
+    if user.role == "employee":
+        form_class = ExpenseFormEmployee
+    elif user.role == "manager":
+        form_class = ExpenseFormManager
+    else:  # businessman or superuser
+        form_class = ExpenseFormBusinessman
+
+    if request.method == "POST":
+        form = form_class(request.POST)
+        if form.is_valid():
+            with transaction.atomic():
+                expense = form.save(commit=False)
+                expense.created_by = user
+
+                # AUTO CONFIRM for manager & businessman
+                if user.role in ["manager", "businessman"]:
+                    expense.is_confirmed = True
+                    expense.confirmed_by = user
+
+                expense.save()
+
+            return redirect("dashboard")
+    else:
+        form = form_class()
+
+    return render(request, "common/create/expense_create.html", {
+        "form": form,
+        "title": "Xarajat qoʻshish",
+        "user_role": user.role
+    })
+
+
+@login_required
+@role_required(["businessman"])
+def create_warehouse(request):
+    form = WarehouseForm(request.POST or None)
+    if form.is_valid():
+        form.save()
+        return redirect("businessman_dashboard")
+
+    return render(request, "common/create/warehouse_create.html", {
+        "form": form,
+        "title": "Sklad Yaratish"
+    })
+
+
+@login_required
+@role_required(["manager", "businessman"])
+def create_user(request):
+    if request.user.role == "businessman":
+        form_class = UserCreateFormBusinessman
+        form_kwargs = {}
+        redirect_to = "businessman_dashboard"
+
+    else:  # manager
+        form_class = UserCreateFormManagerToEmployee
+        form_kwargs = {"manager": request.user}
+        redirect_to = "manager_dashboard"
+
+    form = form_class(request.POST or None, **form_kwargs)
+
+    if form.is_valid():
+        form.save()
+        return redirect(redirect_to)
+
+    return render(request, "common/create/user_create.html", {
+        "form": form,
+        "title": "Foydalanuvchi yaratish",
+    })
+
+
+@login_required
+def create_toy_movement(request):
+    user = request.user
+
+    # Choose form based on role
+    form_class = ToyMovementFormEmployee if user.role == "employee" else ToyMovementForm
+
+    if request.method == "POST":
+        form = form_class(request.POST, user=user)
+        if form.is_valid():
+            with transaction.atomic():
+                movement = form.save(commit=False)
+
+                # Stock validation
+                from_wh = movement.from_warehouse
+                if from_wh.toys_count < movement.quantity:
+                    form.add_error("quantity", "Not enough toys in warehouse.")
+                    return render(
+                        request,
+                        "common/create/toy_movement_create.html",
+                        {"form": form, "user_role": user.role}
+                    )
+
+                # Deduct from source warehouse
+                from_wh.toys_count -= movement.quantity
+                from_wh.save()
+
+                # Add to destination warehouse if moving between warehouses
+                if movement.movement_type == "between_warehouses" and movement.to_warehouse:
+                    to_wh = movement.to_warehouse
+                    to_wh.toys_count += movement.quantity
+                    to_wh.save()
+
+                # Set creator
+                movement.created_by = user
+                movement.save()
+
+            return redirect("dashboard")
+    else:
+        form = form_class(user=user)
+
+    return render(
+        request,
+        "common/create/toy_movement_create.html",
+        {"form": form, "user_role": user.role}
+    )
+
+
+
+
+@login_required
+@role_required(["manager", "businessman"])
+def create_toy_movement_auto(request):
+    user = request.user
+
+    # Only employees can use this auto-creation
+
+    if request.method == "POST":
+        # We force movement_type to "between_warehouses"
+        movement = ToyMovement(
+            movement_type="between_warehouses",
+            from_warehouse=user.warehouse,
+            to_warehouse_id=request.POST.get("to_warehouse"),
+            device=None,  # not used for between_warehouses
+            quantity=int(request.POST.get("quantity", 0)),
+            created_by=user
+        )
+
+        # Stock validation
+        from_wh = movement.from_warehouse
+        if from_wh.toys_count < movement.quantity:
+            form = ToyMovementForm(user=user)  # just render empty form with message
+            return render(
+                request,
+                "common/create/toy_movement_create.html",
+                {
+                    "form": form,
+                    "user_role": user.role,
+                    "error": "Not enough toys in warehouse."
+                }
+            )
+
+        with transaction.atomic():
+            # Update warehouse stock
+            from_wh.toys_count -= movement.quantity
+            from_wh.save()
+
+            # Save movement
+            movement.save()
+
+        return redirect("dashboard")
+
+    # GET request → render the create form
+    form = ToyMovementForm(user=user)
+    # Pre-fill movement_type and from_warehouse
+    form.fields["movement_type"].initial = "between_warehouses"
+    form.fields["from_warehouse"].initial = user.warehouse
+    # Optionally, disable editing these fields
+    form.fields["movement_type"].widget.attrs["readonly"] = True
+    form.fields["from_warehouse"].widget.attrs["readonly"] = True
+
+    return render(
+        request,
+        "common/create/toy_movement_create.html",
+        {"form": form, "user_role": user.role}
+    )

core/apps/management/views/common/decline_expense.py

@@ -0,0 +1,14 @@
+from django.contrib.auth.decorators import login_required
+from django.shortcuts import get_object_or_404, redirect
+from ...models import Expense
+from core.apps.management.decorators import role_required
+
+@login_required
+@role_required(["manager", "businessman"])
+def decline_expense(request, pk):
+    expense = get_object_or_404(Expense, pk=pk)
+
+    if not expense.is_confirmed:
+        expense.delete()
+
+    return redirect(request.META.get("HTTP_REFERER", "/"))

core/apps/management/views/common/edit.py

@@ -0,0 +1,188 @@
+from django.contrib.auth.decorators import login_required
+from core.apps.accounts.models import User
+
+from core.apps.management.forms import DeviceForm, IncomeForm, ExpenseForm, WarehouseForm, UserCreateForm, \
+    ToyMovementEmployeeForm, ToyMovementForm, ExpenseFormEmployee, ExpenseFormManager, ExpenseFormBusinessman
+from django.shortcuts import render, redirect, get_object_or_404
+from core.apps.management.models import Device, Income, Expense, Warehouse, ToyMovement
+from django.db import transaction
+from django.contrib.auth import logout
+from core.apps.management.decorators import role_required
+from core.apps.management.forms import UserEditFormBusinessman, UserEditFormManagerToEmployee
+
+@login_required
+@role_required(["manager", "businessman"])
+def edit_device(request, pk):
+    device = get_object_or_404(Device, pk=pk)
+    form = DeviceForm(request.POST or None, instance=device, user=request.user)
+    if form.is_valid():
+        form.save()
+        return redirect("device_list")
+    return render(request, "common/edit/device_edit.html", {"form": form, "title": "Aparatni tahrirlash"})
+
+
+@login_required
+@role_required(["manager", "businessman"])
+def edit_income(request, pk):
+    income = get_object_or_404(Income, pk=pk)
+
+    if request.method == "POST":
+        form = IncomeForm(request.POST, instance=income)
+        if form.is_valid():
+            form.save()
+            return redirect("income_list")
+    else:
+        form = IncomeForm(instance=income)
+
+    return render(request, "common/edit/income_edit.html", {
+        "form": form,
+        "title": "Kirimni tahrirlash"
+    })
+
+@login_required
+@role_required(["businessman"])
+def edit_expense(request, pk):
+    user = request.user
+    expense = get_object_or_404(Expense, pk=pk)
+
+    # select form based on role
+    if user.role == "employee":
+        form_class = ExpenseFormEmployee
+    elif user.role == "manager":
+        form_class = ExpenseFormManager
+    else:  # businessman or superuser
+        form_class = ExpenseFormBusinessman
+
+    if request.method == "POST":
+        form = form_class(request.POST, instance=expense)
+        if form.is_valid():
+            with transaction.atomic():
+                expense = form.save(commit=False)
+                expense.save()
+
+            # redirect based on role
+            if user.role == "employee":
+                return redirect("expense_list")
+            elif user.role == "manager":
+                return redirect("expense_list")
+            else:
+                return redirect("expense_list")
+    else:
+        form = form_class(instance=expense)
+
+    return render(request, "common/edit/expense_edit.html", {
+        "form": form,
+        "title": "Xarajatni tahrirlash",
+        "user_role": user.role
+    })
+
+@login_required
+@role_required(["businessman"])
+def edit_warehouse(request, pk):
+    warehouse = get_object_or_404(Warehouse, pk=pk)
+    form = WarehouseForm(request.POST or None, instance=warehouse)
+    if form.is_valid():
+        form.save()
+        return redirect("warehouse_list")
+    return render(request, "common/edit/warehouse_edit.html", {"form": form, "title": "Omborni tahrirlash"})
+
+@login_required
+@role_required(["manager", "businessman"])
+def edit_user(request, pk):
+    user = get_object_or_404(User, pk=pk)
+
+    if request.user.role == "manager" and user.role == "manager":
+        return redirect("user_list")
+
+    if request.user.role == "businessman":
+        form_class = UserEditFormBusinessman
+        form_kwargs = {}
+        redirect_to = "user_list"
+
+    else:  # manager
+        form_class = UserEditFormManagerToEmployee
+        form_kwargs = {"manager": request.user}
+        redirect_to = "user_list"
+
+    form = form_class(
+        request.POST or None,
+        instance=user,
+        **form_kwargs
+    )
+
+    if form.is_valid():
+        form.save()
+
+        # if user edited himself → logout → normal login
+        if request.user.pk == user.pk:
+            logout(request)
+            return redirect("login")
+
+        return redirect(redirect_to)
+
+    return render(request, "common/edit/user_edit.html", {
+        "form": form,
+        "title": "Foydalanuvchini tahrirlash",
+    })
+
+# @role_required(["businessman"])
+# @login_required
+# def edit_toy_movement(request, pk):
+#     movement = get_object_or_404(ToyMovement, pk=pk)
+#     user = request.user
+#
+#     # auto-detect form based on role
+#     if user.role == "employee":
+#         form_class = ToyMovementEmployeeForm
+#     else:
+#         form_class = ToyMovementForm
+#
+#     if request.method == "POST":
+#         form = form_class(request.POST, instance=movement)
+#         if form.is_valid():
+#             with transaction.atomic():
+#                 movement = form.save(commit=False)
+#
+#                 # Employee logic
+#                 if user.role == "employee":
+#                     movement.movement_type = ToyMovement.FROM_WAREHOUSE
+#                     movement.to_warehouse = None
+#
+#                 # Stock validation
+#                 from_wh = movement.from_warehouse
+#                 if from_wh.toys_count < movement.quantity:
+#                     form.add_error("quantity", "Not enough toys in warehouse.")
+#                     return render(
+#                         request,
+#                         "common/toy_movement_edit.html",
+#                         {"form": form, "user_role": user.role, "title": "Oʻyinchoq harakatini tahrirlash"}
+#                     )
+#
+#                 # Update counts
+#                 from_wh.toys_count -= movement.quantity
+#                 from_wh.save()
+#
+#                 if movement.device:
+#                     movement.device.toys_count += movement.quantity
+#                     movement.device.save()
+#
+#                 movement.created_by = user
+#                 movement.save()
+#
+#             # role-based redirect
+#             if user.role == "employee":
+#                 return redirect("employee_dashboard")
+#             elif user.role == "manager":
+#                 return redirect("manager_dashboard")
+#             elif user.role == "businessman":
+#                 return redirect("businessman_dashboard")
+#             else:
+#                 return redirect("login")
+#     else:
+#         form = form_class(instance=movement)
+#
+#     return render(
+#         request,
+#         "common/toy_movement_edit.html",
+#         {"form": form, "user_role": user.role, "title": "Oʻyinchoq harakatini tahrirlash"}
+#     )

core/apps/management/views/common/list.py

@@ -0,0 +1,90 @@
+from django.shortcuts import render
+from django.contrib.auth.decorators import login_required
+from core.apps.management.models import Device, Income, Expense, Warehouse, ToyMovement
+from core.apps.accounts.models import User
+from core.apps.management.decorators import role_required
+
+@login_required
+@role_required(["manager", "businessman"])
+def user_list(request):
+    if request.user.role == "businessman":
+        users = User.objects.exclude(role__in=["superuser", "businessman"])
+    elif request.user.role == "manager":
+        users = User.objects.filter(region=request.user.region)\
+                            .exclude(role__in=["superuser", "businessman"])
+    else:
+        users = User.objects.none()
+    context = {
+        "users": users,
+        "role": request.user.role,
+    }
+    return render(request, "common/lists/user_list.html", context)
+
+
+@login_required
+@role_required(["manager", "businessman"])
+def device_list(request):
+    if request.user.role == "businessman":
+        devices = Device.objects.all()
+    elif request.user.role == "manager":
+        devices = Device.objects.select_related("district", "district__region").filter(district__region = request.user.region)
+    else:
+        devices = Device.objects.none()
+    context = {
+        "devices": devices,
+        "role": request.user.role,
+    }
+    return render(request, "common/lists/device_list.html", context)
+
+
+@login_required
+def expense_list(request):
+    expenses = Expense.objects.select_related("created_by", "confirmed_by").order_by("-created_at")
+    context = {
+        "expenses": expenses,
+        "role": request.user.role,
+    }
+    return render(request, "common/lists/expense_list.html", context)
+
+
+@login_required
+def income_list(request):
+    incomes = Income.objects.select_related("device",  "created_by", "created_by__region").order_by("-created_at")
+    if request.user.role == "employee":
+        incomes = incomes.filter(created_by=request.user)
+    elif request.user.role == "manager":
+        incomes = incomes.filter(created_by__region_id=request.user.region_id)
+
+    context = {
+        "incomes": incomes,
+        "role": request.user.role,
+    }
+    return render(request, "common/lists/income_list.html", context)
+
+@login_required
+@role_required(["manager", "businessman"])
+def warehouse_list(request):
+    warehouses = Warehouse.objects.all()
+    if request.user.role == "manager":
+        warehouses = warehouses.filter(region_id=request.user.region_id)
+    context = {
+        "warehouses": warehouses,
+        "role": request.user.role,
+    }
+    return render(request, "common/lists/warehouse_list.html", context)
+
+
+@login_required
+def toy_movement_list(request):
+    toy_movements = ToyMovement.objects.select_related(
+        "from_warehouse", "to_warehouse", "device", "created_by"
+    ).order_by("-created_at")
+    if request.user.role == "employee":
+        toy_movements = toy_movements.filter(created_by=request.user)
+    elif request.user.role == "manager":
+        toy_movements = toy_movements.filter(created_by__region_id=request.user.region_id)
+    context = {
+        "toy_movements": toy_movements,
+        "role": request.user.role,
+    }
+    return render(request, "common/lists/toy_movement_list.html", context)