""" Verify permissions are correctly assigned. Usage: python manage.py verify_permissions python manage.py verify_permissions --user-id= python manage.py verify_permissions --business-id= """ from django.core.management.base import BaseCommand from apps.authentication.models import User, Role, RolePermission, Permission from apps.business.models import Business, BusinessMembership class Command(BaseCommand): help = 'Verify permissions are correctly assigned' def add_arguments(self, parser): parser.add_argument( '--user-id', type=str, help='Check permissions for specific user', ) parser.add_argument( '--business-id', type=str, help='Check permissions for specific business', ) def handle(self, *args, **options): user_id = options.get('user_id') business_id = options.get('business_id') self.stdout.write(self.style.SUCCESS('=== Permission Verification ===\n')) # Check total permissions in system total_permissions = Permission.objects.count() self.stdout.write(f'Total permissions in system: {total_permissions}') if user_id: self._verify_user_permissions(user_id) elif business_id: self._verify_business_permissions(business_id) else: self._verify_all_businesses() def _verify_user_permissions(self, user_id): """Verify permissions for a specific user""" try: user = User.objects.get(id=user_id) self.stdout.write(f'\nUser: {user.email}') # Get primary membership membership = BusinessMembership.objects.filter( user=user, is_primary=True, status='ACTIVE' ).select_related('business', 'role').first() if not membership: self.stdout.write(self.style.WARNING('No active membership found')) return self.stdout.write(f'Business: {membership.business.name}') self.stdout.write(f'Role: {membership.role.name}') # Get permissions role_perms = RolePermission.objects.filter( role=membership.role ).select_related('permission') perm_list = [ f"{rp.permission.resource}.{rp.permission.action}" for rp in role_perms ] self.stdout.write(f'\nPermissions ({len(perm_list)}):') for perm in sorted(perm_list): self.stdout.write(f' ✓ {perm}') except User.DoesNotExist: self.stdout.write(self.style.ERROR(f'User {user_id} not found')) def _verify_business_permissions(self, business_id): """Verify permissions for a specific business""" try: business = Business.objects.get(id=business_id) self.stdout.write(f'\nBusiness: {business.name}') # Check OWNER role self._check_role_permissions(business, 'OWNER') # Check ADMIN role self._check_role_permissions(business, 'ADMIN') except Business.DoesNotExist: self.stdout.write(self.style.ERROR(f'Business {business_id} not found')) def _verify_all_businesses(self): """Verify permissions for all businesses""" businesses = Business.objects.all() self.stdout.write(f'\nChecking {businesses.count()} businesses...\n') for business in businesses: self.stdout.write(f'\n{business.name}:') self._check_role_permissions(business, 'OWNER', verbose=False) self._check_role_permissions(business, 'ADMIN', verbose=False) def _check_role_permissions(self, business, role_name, verbose=True): """Check permissions for a specific role""" try: role = Role.objects.get(name=role_name, business=business) perm_count = RolePermission.objects.filter(role=role).count() if perm_count > 0: self.stdout.write(self.style.SUCCESS( f' ✓ {role_name}: {perm_count} permissions' )) if verbose: role_perms = RolePermission.objects.filter( role=role ).select_related('permission') for rp in role_perms: self.stdout.write( f' - {rp.permission.resource}.{rp.permission.action}' ) else: self.stdout.write(self.style.ERROR( f' ✗ {role_name}: NO PERMISSIONS ASSIGNED' )) except Role.DoesNotExist: self.stdout.write(self.style.WARNING( f' ⚠ {role_name}: Role not found' ))