from django.contrib.auth.models import AbstractUser from django.db import models class User(AbstractUser): """Extended User model with role-based access control""" ROLE_CHOICES = [ ('admin', 'Admin'), ('stakeholder', 'Stakeholder'), ('member', 'Member'), ] role = models.CharField( max_length=20, choices=ROLE_CHOICES, default='member', help_text='User role determines access permissions' ) # Additional fields for member information phone_number = models.CharField(max_length=20, blank=True) membership_number = models.CharField(max_length=50, blank=True, null=True) organization = models.CharField(max_length=200, blank=True) # Profile fields created_at = models.DateTimeField(auto_now_add=True) updated_at = models.DateTimeField(auto_now=True) is_verified = models.BooleanField(default=False) class Meta: db_table = 'auth_user' indexes = [ models.Index(fields=['role']), models.Index(fields=['membership_number']), ] def __str__(self): return f"{self.get_full_name()} ({self.get_role_display()})" @property def is_admin(self): return self.role == 'admin' @property def is_stakeholder(self): return self.role == 'stakeholder' @property def is_member(self): return self.role == 'member' def get_full_name(self): """Return the first_name plus the last_name, with a space in between.""" full_name = f'{self.first_name} {self.last_name}' return full_name.strip() or self.username def has_perm(self, perm, obj=None): """Override to restrict admin access to only admin users""" if perm.startswith('admin.') and not self.is_admin: return False return super().has_perm(perm, obj) def has_module_perms(self, app_label): """Override to restrict admin module access to only admin users""" if app_label == 'admin' and not self.is_admin: return False return super().has_module_perms(app_label)