base/middleware.py

"""
middleware.py
"""

from django.apps import apps
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import logout
from django.core.cache import cache
from django.db.models import Q
from django.shortcuts import redirect
from django.utils.translation import gettext_lazy as _

from base.backends import ConfiguredEmailBackend
from base.context_processors import AllCompany
from base.horilla_company_manager import HorillaCompanyManager
from base.models import Company, ShiftRequest, WorkTypeRequest
from employee.models import (
    DisciplinaryAction,
    Employee,
    EmployeeBankDetails,
    EmployeeWorkInformation,
)
from horilla.methods import get_horilla_model_class
from horilla_documents.models import DocumentRequest

CACHE_KEY = "horilla_company_models_cache_key"


class CompanyMiddleware:
    """
    Middleware to handle company-specific filtering for models.
    """

    def __init__(self, get_response):
        self.get_response = get_response

    def _get_company_id(self, request):
        """
        Retrieve the company ID from the request or session.
        """
        if getattr(request, "user", False) and not request.user.is_anonymous:
            try:
                if com_id := request.session.get("selected_company", None):
                    return (
                        Company.objects.filter(id=com_id).first()
                        if com_id != "all"
                        else None
                    )
                else:
                    return getattr(
                        request.user.employee_get.employee_work_info, "company_id", None
                    )
            except AttributeError:
                pass
        return None

    def _set_company_session(self, request, company_id):
        """
        Set the company session data based on the company ID.
        """
        try:
            user = request.user.employee_get
        except Exception:
            logout(request)
            messages.error(
                request,
                _("An employee related to this user's credentials does not exist."),
            )
            return redirect("login")
        user_company_id = getattr(
            getattr(user, "employee_work_info", None), "company_id", None
        )
        if company_id and request.session.get("selected_company") != "all":
            if company_id == "all":
                text = "All companies"
            elif company_id == user_company_id:
                text = "My Company"
            else:
                text = "Other Company"

            request.selected_company_instance = company_id
            request.session["selected_company"] = str(company_id.id)
            request.session["selected_company_instance"] = {
                "company": company_id.company,
                "icon": company_id.icon.url,
                "text": text,
                "id": company_id.id,
            }
        else:
            request.selected_company_instance = (
                user_company_id
                if not user_company_id
                else Company.objects.filter(hq=True).first()
            )
            request.session["selected_company"] = "all"
            all_company = AllCompany()
            request.session["selected_company_instance"] = {
                "company": all_company.company,
                "icon": all_company.icon.url,
                "text": all_company.text,
                "id": all_company.id,
            }

    def _add_company_filter(self, model, company_id):
        """
        Add company filter to the model if applicable.
        """
        is_company_model = model in self._get_company_models()
        company_field = getattr(model, "company_id", None)
        is_horilla_manager = isinstance(model.objects, HorillaCompanyManager)
        related_company_field = getattr(model.objects, "related_company_field", None)

        if is_company_model:
            if company_field:
                model.add_to_class("company_filter", Q(company_id=company_id))
            elif is_horilla_manager and related_company_field:
                model.add_to_class(
                    "company_filter", Q(**{related_company_field: company_id})
                )
        else:
            if company_field:
                model.add_to_class(
                    "company_filter",
                    Q(company_id=company_id) | Q(company_id__isnull=True),
                )
            elif is_horilla_manager and related_company_field:
                model.add_to_class(
                    "company_filter",
                    Q(**{related_company_field: company_id})
                    | Q(**{f"{related_company_field}__isnull": True}),
                )

    def _get_company_models(self):
        """
        Retrieve the list of models that are company-specific.
        """
        company_models = cache.get(CACHE_KEY)

        if company_models is None:
            company_models = [
                Employee,
                ShiftRequest,
                WorkTypeRequest,
                DocumentRequest,
                DisciplinaryAction,
                EmployeeBankDetails,
                EmployeeWorkInformation,
            ]

            app_model_mappings = {
                "recruitment": ["recruitment", "candidate"],
                "leave": [
                    "leaverequest",
                    "restrictleave",
                    "availableleave",
                    "leaveallocationrequest",
                    "compensatoryleaverequest",
                ],
                "asset": ["assetassignment", "assetrequest"],
                "attendance": [
                    "attendance",
                    "attendanceactivity",
                    "attendanceovertime",
                    "workrecords",
                ],
                "payroll": [
                    "contract",
                    "loanaccount",
                    "payslip",
                    "reimbursement",
                ],
                "helpdesk": ["ticket"],
                "offboarding": ["offboarding"],
                "pms": ["employeeobjective"],
            }

            for app_label, models in app_model_mappings.items():
                if apps.is_installed(app_label):
                    company_models.extend(
                        [get_horilla_model_class(app_label, model) for model in models]
                    )

            cache.set(CACHE_KEY, company_models)

        return company_models

    def __call__(self, request):
        if getattr(request, "user", False) and not request.user.is_anonymous:
            company_id = self._get_company_id(request)
            self._set_company_session(request, company_id)

            app_models = [
                model
                for model in apps.get_models()
                if model._meta.app_label in settings.APPS
            ]
            for model in app_models:
                self._add_company_filter(model, company_id)

        response = self.get_response(request)
        return response


class ForcePasswordChangeMiddleware:
    """
    Middleware to force password change for new employees.
    """

    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        excluded_paths = ["/change-password", "/login", "/logout"]
        if request.path.rstrip("/") in excluded_paths:
            return self.get_response(request)

        if hasattr(request, "user") and request.user.is_authenticated:
            if getattr(request.user, "is_new_employee", True):
                return redirect("change-password")

        return self.get_response(request)


class TwoFactorAuthMiddleware:
    """
    Middleware to enforce two-factor authentication for specific users.
    """

    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        excluded_paths = [
            "/change-password",
            "/login",
            "/logout",
            "/two-factor",
            "/send-otp",
        ]

        if request.path.rstrip("/") in excluded_paths:
            return self.get_response(request)

        if settings.TWO_FACTORS_AUTHENTICATION:
            try:
                if ConfiguredEmailBackend().configuration is not None:
                    if hasattr(request, "user") and request.user.is_authenticated:
                        if not request.session.get("otp_code_verified", False):
                            return redirect("/two-factor")
                else:
                    return self.get_response(request)
            except Exception as e:
                return self.get_response(request)

        return self.get_response(request)
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30			`"""`
			`middleware.py`
			`"""`
Formatting and Cleaning code base (#110) 2024-03-10 19:37:46 +05:30
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30			`from django.apps import apps`
[IMP] HORILLA: Updated horilla user model by introduce new app horilla_auth 2025-11-11 13:01:04 +05:30			`from django.conf import settings`
[ADD] BASE: 2 Factor Authentication via email (beta) 2025-05-21 11:19:12 +05:30			`from django.contrib import messages`
[UPDT] BASE: Handle missing employee_get in middleware by logging out and redirecting to login 2025-06-03 10:46:37 +05:30			`from django.contrib.auth import logout`
[FIX] BASE: Fixed middleware load issue 2025-02-05 11:19:31 +05:30			`from django.core.cache import cache`
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30			`from django.db.models import Q`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`from django.shortcuts import redirect`
[UPDT] BASE: Handle missing employee_get in middleware by logging out and redirecting to login 2025-06-03 10:46:37 +05:30			`from django.utils.translation import gettext_lazy as _`
Refactoring of merged code 2024-12-17 16:26:43 +05:30
[ADD] BASE: 2 Factor Authentication via email (beta) 2025-05-21 11:19:12 +05:30			`from base.backends import ConfiguredEmailBackend`
Added Pre-Commit Hooks (#175) * Added pre commit hook * Run pre commit hook on all files --------- Co-authored-by: Horilla <131998600+horilla-opensource@users.noreply.github.com> 2024-05-07 12:23:36 +05:30			`from base.context_processors import AllCompany`
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30			`from base.horilla_company_manager import HorillaCompanyManager`
[FIX] BASE: Company not changing issue 2025-02-06 14:13:09 +05:30			`from base.models import Company, ShiftRequest, WorkTypeRequest`
[UPDT] BASE: Company filteration while changing company 2024-11-15 10:58:14 +05:30			`from employee.models import (`
			`DisciplinaryAction,`
			`Employee,`
			`EmployeeBankDetails,`
			`EmployeeWorkInformation,`
			`)`
[UPDT] BASE: Update middleware dependency with other apps 2025-01-31 16:04:32 +05:30			`from horilla.methods import get_horilla_model_class`
[UPDT] BASE: Company filteration while changing company 2024-11-15 10:58:14 +05:30			`from horilla_documents.models import DocumentRequest`
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30
[FIX] BASE: Fixed middleware load issue 2025-02-05 11:19:31 +05:30			`CACHE_KEY = "horilla_company_models_cache_key"`

[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30
			`class CompanyMiddleware:`
			`"""`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`Middleware to handle company-specific filtering for models.`
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30			`"""`

			`def __init__(self, get_response):`
			`self.get_response = get_response`

[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`def _get_company_id(self, request):`
			`"""`
			`Retrieve the company ID from the request or session.`
			`"""`
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30			`if getattr(request, "user", False) and not request.user.is_anonymous:`
			`try:`
[FIX] BASE: Fixed KeyError at 'selected_company' in fresh installation 2025-02-07 01:00:45 +05:30			`if com_id := request.session.get("selected_company", None):`
[FIX] BASE: Company not changing issue 2025-02-06 14:13:09 +05:30			`return (`
			`Company.objects.filter(id=com_id).first()`
			`if com_id != "all"`
			`else None`
			`)`
			`else:`
			`return getattr(`
			`request.user.employee_get.employee_work_info, "company_id", None`
			`)`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`except AttributeError:`
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30			`pass`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`return None`

			`def _set_company_session(self, request, company_id):`
			`"""`
			`Set the company session data based on the company ID.`
			`"""`
[UPDT] BASE: Handle missing employee_get in middleware by logging out and redirecting to login 2025-06-03 10:46:37 +05:30			`try:`
			`user = request.user.employee_get`
			`except Exception:`
			`logout(request)`
			`messages.error(`
			`request,`
			`_("An employee related to this user's credentials does not exist."),`
			`)`
			`return redirect("login")`
[ADD] BASE: 2 Factor Authentication via email (beta) 2025-05-21 11:19:12 +05:30			`user_company_id = getattr(`
			`getattr(user, "employee_work_info", None), "company_id", None`
			`)`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`if company_id and request.session.get("selected_company") != "all":`
[ADD] BASE: 2 Factor Authentication via email (beta) 2025-05-21 11:19:12 +05:30			`if company_id == "all":`
			`text = "All companies"`
			`elif company_id == user_company_id:`
			`text = "My Company"`
			`else:`
			`text = "Other Company"`

[UPDT] BASE: Selected company inside request 2025-10-16 19:06:47 +05:30			`request.selected_company_instance = company_id`
[FIX] BASE: Company not changing issue 2025-02-06 14:13:09 +05:30			`request.session["selected_company"] = str(company_id.id)`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`request.session["selected_company_instance"] = {`
			`"company": company_id.company,`
			`"icon": company_id.icon.url,`
[ADD] BASE: 2 Factor Authentication via email (beta) 2025-05-21 11:19:12 +05:30			`"text": text,`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`"id": company_id.id,`
			`}`
			`else:`
[UPDT] BASE: Selected company inside request 2025-10-16 19:06:47 +05:30			`request.selected_company_instance = (`
			`user_company_id`
			`if not user_company_id`
			`else Company.objects.filter(hq=True).first()`
			`)`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`request.session["selected_company"] = "all"`
			`all_company = AllCompany()`
			`request.session["selected_company_instance"] = {`
			`"company": all_company.company,`
			`"icon": all_company.icon.url,`
			`"text": all_company.text,`
			`"id": all_company.id,`
			`}`
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`def _add_company_filter(self, model, company_id):`
			`"""`
			`Add company filter to the model if applicable.`
			`"""`
			`is_company_model = model in self._get_company_models()`
			`company_field = getattr(model, "company_id", None)`
			`is_horilla_manager = isinstance(model.objects, HorillaCompanyManager)`
			`related_company_field = getattr(model.objects, "related_company_field", None)`

			`if is_company_model:`
			`if company_field:`
			`model.add_to_class("company_filter", Q(company_id=company_id))`
			`elif is_horilla_manager and related_company_field:`
			`model.add_to_class(`
			`"company_filter", Q(**{related_company_field: company_id})`
			`)`
			`else:`
			`if company_field:`
			`model.add_to_class(`
			`"company_filter",`
			`Q(company_id=company_id) \| Q(company_id__isnull=True),`
			`)`
			`elif is_horilla_manager and related_company_field:`
			`model.add_to_class(`
			`"company_filter",`
			`Q(**{related_company_field: company_id})`
			`\| Q(**{f"{related_company_field}__isnull": True}),`
			`)`
[UPDT] BASE: Company filteration while changing company 2024-11-15 10:58:14 +05:30
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`def _get_company_models(self):`
			`"""`
			`Retrieve the list of models that are company-specific.`
			`"""`
[FIX] BASE: Fixed middleware load issue 2025-02-05 11:19:31 +05:30			`company_models = cache.get(CACHE_KEY)`

			`if company_models is None:`
			`company_models = [`
			`Employee,`
			`ShiftRequest,`
			`WorkTypeRequest,`
			`DocumentRequest,`
			`DisciplinaryAction,`
			`EmployeeBankDetails,`
			`EmployeeWorkInformation,`
			`]`

			`app_model_mappings = {`
			`"recruitment": ["recruitment", "candidate"],`
			`"leave": [`
			`"leaverequest",`
			`"restrictleave",`
			`"availableleave",`
			`"leaveallocationrequest",`
			`"compensatoryleaverequest",`
			`],`
			`"asset": ["assetassignment", "assetrequest"],`
			`"attendance": [`
			`"attendance",`
			`"attendanceactivity",`
			`"attendanceovertime",`
			`"workrecords",`
			`],`
			`"payroll": [`
			`"contract",`
			`"loanaccount",`
			`"payslip",`
			`"reimbursement",`
			`],`
			`"helpdesk": ["ticket"],`
			`"offboarding": ["offboarding"],`
			`"pms": ["employeeobjective"],`
			`}`

			`for app_label, models in app_model_mappings.items():`
			`if apps.is_installed(app_label):`
			`company_models.extend(`
			`[get_horilla_model_class(app_label, model) for model in models]`
			`)`

			`cache.set(CACHE_KEY, company_models)`
[UPDT] BASE: Company filteration while changing company 2024-11-15 10:58:14 +05:30
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`return company_models`
[UPDT] BASE: Update middleware dependency with other apps 2025-01-31 16:04:32 +05:30
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`def __call__(self, request):`
			`if getattr(request, "user", False) and not request.user.is_anonymous:`
			`company_id = self._get_company_id(request)`
			`self._set_company_session(request, company_id)`

			`app_models = [`
[IMP] HORILLA: Updated horilla user model by introduce new app horilla_auth 2025-11-11 13:01:04 +05:30			`model`
			`for model in apps.get_models()`
			`if model._meta.app_label in settings.APPS`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`]`
			`for model in app_models:`
			`self._add_company_filter(model, company_id)`
[IMP] Multi Company in Horilla 2023-12-01 15:36:51 +05:30
			`response = self.get_response(request)`
			`return response`
added forced password change and added checkboc to assign leave to all employees when creating leave types (#412) (#431) * removed_env_added_forced_password_change_added_selection of all employees * appended Co-authored-by: TalibY22 <106147952+TalibY22@users.noreply.github.com> 2024-12-17 15:02:26 +05:30

			`class ForcePasswordChangeMiddleware:`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`"""`
			`Middleware to force password change for new employees.`
			`"""`

added forced password change and added checkboc to assign leave to all employees when creating leave types (#412) (#431) * removed_env_added_forced_password_change_added_selection of all employees * appended Co-authored-by: TalibY22 <106147952+TalibY22@users.noreply.github.com> 2024-12-17 15:02:26 +05:30			`def __init__(self, get_response):`
			`self.get_response = get_response`

			`def __call__(self, request):`
Refactoring of merged code 2024-12-17 16:26:43 +05:30			`excluded_paths = ["/change-password", "/login", "/logout"]`
			`if request.path.rstrip("/") in excluded_paths:`
added forced password change and added checkboc to assign leave to all employees when creating leave types (#412) (#431) * removed_env_added_forced_password_change_added_selection of all employees * appended Co-authored-by: TalibY22 <106147952+TalibY22@users.noreply.github.com> 2024-12-17 15:02:26 +05:30			`return self.get_response(request)`

Refactoring of merged code 2024-12-17 16:26:43 +05:30			`if hasattr(request, "user") and request.user.is_authenticated:`
			`if getattr(request.user, "is_new_employee", True):`
[UPDT] BASE: Generic pylint fixes and removal of unwanted statements 2025-02-03 14:47:32 +05:30			`return redirect("change-password")`
added forced password change and added checkboc to assign leave to all employees when creating leave types (#412) (#431) * removed_env_added_forced_password_change_added_selection of all employees * appended Co-authored-by: TalibY22 <106147952+TalibY22@users.noreply.github.com> 2024-12-17 15:02:26 +05:30
Refactoring of merged code 2024-12-17 16:26:43 +05:30			`return self.get_response(request)`
[ADD] BASE: 2 Factor Authentication via email (beta) 2025-05-21 11:19:12 +05:30

			`class TwoFactorAuthMiddleware:`
			`"""`
			`Middleware to enforce two-factor authentication for specific users.`
			`"""`

			`def __init__(self, get_response):`
			`self.get_response = get_response`

			`def __call__(self, request):`
			`excluded_paths = [`
			`"/change-password",`
			`"/login",`
			`"/logout",`
			`"/two-factor",`
			`"/send-otp",`
			`]`

			`if request.path.rstrip("/") in excluded_paths:`
			`return self.get_response(request)`

[IMP] HORILLA: Updated horilla user model by introduce new app horilla_auth 2025-11-11 13:01:04 +05:30			`if settings.TWO_FACTORS_AUTHENTICATION:`
[ADD] BASE: 2 Factor Authentication via email (beta) 2025-05-21 11:19:12 +05:30			`try:`
			`if ConfiguredEmailBackend().configuration is not None:`
			`if hasattr(request, "user") and request.user.is_authenticated:`
			`if not request.session.get("otp_code_verified", False):`
			`return redirect("/two-factor")`
			`else:`
			`return self.get_response(request)`
			`except Exception as e:`
			`return self.get_response(request)`

			`return self.get_response(request)`