Merge pull request #183 from AAdewunmi/feat/add-role-aware-app-navigation

Feat/add role aware app navigation

Author: AAdewunmi

accounts/templatetags/__init__.py

@@ -0,0 +1 @@
+"""Custom template tags for the accounts app."""

accounts/templatetags/surface_access.py

@@ -0,0 +1,42 @@
+"""Template tags for surface-aware navigation and access checks."""
+
+from django import template
+
+from accounts.constants import (
+    GROUP_NAMES,
+    ROLE_ADMIN,
+    ROLE_CUSTOMER,
+    ROLE_MERCHANT,
+    ROLE_OPS,
+)
+from accounts.mixins import (
+    is_admin_user,
+    user_has_surface_access,
+    user_in_group,
+)
+
+register = template.Library()
+
+
+@register.filter
+def has_group(user, role):
+    """Return True when the user belongs to the requested role group."""
+
+    if role not in GROUP_NAMES:
+        return False
+    return user_in_group(user, GROUP_NAMES[role])
+
+
+@register.filter
+def can_access_surface(user, role):
+    """Return True when the user may access the requested surface."""
+
+    if role not in {ROLE_ADMIN, ROLE_OPS, ROLE_CUSTOMER, ROLE_MERCHANT}:
+        return False
+    return user_has_surface_access(user, role)
+
+
+@register.simple_tag
+def is_admin_surface_user(user):
+    """Return True when the current user is an admin."""
+    return is_admin_user(user)

config/settings/base.py

@@ -58,6 +58,9 @@
                 "django.contrib.messages.context_processors.messages",
                 "common.context_processors.app_shell",
             ],
+            "libraries": {
+                "surface_access": "accounts.templatetags.surface_access",
+            },
         },
     }
 ]

templates/partials/_app_nav.html

@@ -1,18 +1,48 @@
-<!-- path: templates/partials/_app_nav.html -->
-<nav class="navbar navbar-expand-lg rh-topbar">
+{% load surface_access %}
+
+<nav class="rh-topbar" aria-label="Primary">
   <div class="container rh-topbar-inner">
     <a class="rh-brand" href="{% url 'landing' %}">
       <span class="rh-brand-mark" aria-hidden="true">R</span>
-      <span>{{ brand_name }}</span>
+      <span>{{ brand_name|default:"ReturnHub" }}</span>
     </a>
-    <div class="rh-topbar-links" aria-label="Primary">
+
+    <div class="rh-topbar-links">
       <a href="{% url 'landing' %}#how-it-works">How it works</a>
       <a href="{% url 'landing' %}#workflow">Workflow</a>
-      <a href="{% url 'admin-login' %}">Admin</a>
-      <a href="{% url 'ops-login' %}">Ops</a>
-      <a href="{% url 'customer-login' %}">Customer</a>
-      <a href="{% url 'merchant-login' %}">Merchant</a>
+
+      {% if request.user.is_authenticated %}
+        {% if request.user|can_access_surface:"admin" %}
+          <a href="{% url 'accounts:console_admin' %}">Admin</a>
+        {% endif %}
+        {% if request.user|can_access_surface:"ops" %}
+          <a href="{% url 'ops:queue' %}">Ops</a>
+        {% endif %}
+        {% if request.user|can_access_surface:"customer" %}
+          <a href="{% url 'customer_portal:case_list' %}">Customer</a>
+        {% endif %}
+        {% if request.user|can_access_surface:"merchant" %}
+          <a href="{% url 'merchant_portal:case_list' %}">Merchant</a>
+        {% endif %}
+      {% else %}
+        <a href="{% url 'accounts:login_admin' %}">Admin</a>
+        <a href="{% url 'accounts:login_ops' %}">Ops</a>
+        <a href="{% url 'accounts:login_customer' %}">Customer</a>
+        <a href="{% url 'accounts:login_merchant' %}">Merchant</a>
+      {% endif %}
+
       <a href="{% url 'landing' %}#support">Support</a>
     </div>
+
+    <div class="rh-topbar-actions">
+      {% if request.user.is_authenticated %}
+        <div class="rh-topbar-meta" aria-label="Signed-in user">
+          <span class="rh-header-note">{{ request.user.get_username }}</span>
+        </div>
+        <a class="btn btn-outline-secondary btn-sm rh-topbar-secondary" href="{% url 'accounts:logout' %}">
+          Sign out
+        </a>
+      {% endif %}
+    </div>
   </div>
 </nav>

tests/test_surface_access_templatetags.py

@@ -0,0 +1,70 @@
+"""Tests for surface access template tags."""
+
+from __future__ import annotations
+
+import pytest
+from django.contrib.auth.models import AnonymousUser, Group
+
+from accounts.templatetags.surface_access import (
+    can_access_surface,
+    has_group,
+    is_admin_surface_user,
+)
+from tests.factories import UserFactory
+
+pytestmark = pytest.mark.django_db
+
+
+def add_group(user, group_name: str) -> None:
+    """Attach a Django group to a user for test setup."""
+
+    group, _ = Group.objects.get_or_create(name=group_name)
+    user.groups.add(group)
+
+
+def test_has_group_returns_true_for_matching_role_group() -> None:
+    """The template filter should confirm membership for valid mapped roles."""
+
+    merchant_user = UserFactory()
+    add_group(merchant_user, "merchant")
+
+    assert has_group(merchant_user, "merchant") is True
+
+
+def test_has_group_returns_false_for_unknown_role() -> None:
+    """The template filter should reject unknown role keys."""
+
+    user = UserFactory()
+
+    assert has_group(user, "unknown") is False
+
+
+def test_can_access_surface_returns_true_for_allowed_surface() -> None:
+    """The template filter should mirror the shared surface access helper."""
+
+    customer_user = UserFactory()
+    add_group(customer_user, "customer")
+
+    assert can_access_surface(customer_user, "customer") is True
+
+
+def test_can_access_surface_returns_false_for_unknown_surface() -> None:
+    """Unknown surface names should be rejected by the template filter."""
+
+    user = UserFactory()
+
+    assert can_access_surface(user, "unknown") is False
+
+
+def test_is_admin_surface_user_returns_true_for_superuser() -> None:
+    """The simple tag should identify admin-capable users."""
+
+    admin_user = UserFactory(is_superuser=True, is_staff=True)
+
+    assert is_admin_surface_user(admin_user) is True
+
+
+def test_is_admin_surface_user_returns_false_for_anonymous_user() -> None:
+    """Anonymous users should never be treated as admin-capable."""
+
+    assert is_admin_surface_user(AnonymousUser()) is False