Merge branch 'feature/admin2'

-from django.contrib import admin
+from django.conf import settings
+from django.contrib import admin, messages
+from django.contrib.admin.options import IS_POPUP_VAR
+from django.contrib.admin.utils import unquote
+from django.contrib.auth import update_session_auth_hash
+from django.contrib.auth.forms import (
+    AdminPasswordChangeForm, UserChangeForm, UserCreationForm,
+)
+from django.contrib.auth.models import Group, User
+from django.core.exceptions import PermissionDenied
+from django.db import router, transaction
+from django.http import Http404, HttpResponseRedirect
+from django.template.response import TemplateResponse
+from django.urls import path, reverse
+from django.utils.decorators import method_decorator
+from django.utils.html import escape
+from django.utils.translation import gettext, gettext_lazy as _
+from django.views.decorators.csrf import csrf_protect
+from django.views.decorators.debug import sensitive_post_parameters
+from apps.myadmin.admin import admin_site
 
 
-# Register your models here.
+csrf_protect_m = method_decorator(csrf_protect)
+sensitive_post_parameters_m = method_decorator(sensitive_post_parameters())
+
+
+class GroupAdmin(admin.ModelAdmin):
+    search_fields = ('name',)
+    ordering = ('name',)
+    filter_horizontal = ('permissions',)
+
+    def formfield_for_manytomany(self, db_field, request=None, **kwargs):
+        if db_field.name == 'permissions':
+            qs = kwargs.get('queryset', db_field.remote_field.model.objects)
+            # Avoid a major performance hit resolving permission names which
+            # triggers a content_type load:
+            kwargs['queryset'] = qs.select_related('content_type')
+        return super().formfield_for_manytomany(db_field, request=request, **kwargs)
+
+
+class UserAdmin(admin.ModelAdmin):
+    add_form_template = 'admin/auth/user/add_form.html'
+    change_user_password_template = None
+    fieldsets = (
+        (None, {'fields': ('username', 'password')}),
+        (_('Personal info'), {'fields': ('first_name', 'last_name', 'email')}),
+        (_('Permissions'), {
+            'fields': ('is_active', 'is_staff', 'is_superuser', 'groups', 'user_permissions'),
+        }),
+        (_('Important dates'), {'fields': ('last_login', 'date_joined')}),
+    )
+    add_fieldsets = (
+        (None, {
+            'classes': ('wide',),
+            'fields': ('username', 'password1', 'password2'),
+        }),
+    )
+    form = UserChangeForm
+    add_form = UserCreationForm
+    change_password_form = AdminPasswordChangeForm
+    list_display = ('username', 'email', 'first_name', 'last_name', 'is_staff')
+    list_filter = ('is_staff', 'is_superuser', 'is_active', 'groups')
+    search_fields = ('username', 'first_name', 'last_name', 'email')
+    ordering = ('username',)
+    filter_horizontal = ('groups', 'user_permissions',)
+
+    def get_fieldsets(self, request, obj=None):
+        if not obj:
+            return self.add_fieldsets
+        return super().get_fieldsets(request, obj)
+
+    def get_form(self, request, obj=None, **kwargs):
+        """
+        Use special form during user creation
+        """
+        defaults = {}
+        if obj is None:
+            defaults['form'] = self.add_form
+        defaults.update(kwargs)
+        return super().get_form(request, obj, **defaults)
+
+    def get_urls(self):
+        return [
+            path(
+                '<id>/password/',
+                self.admin_site.admin_view(self.user_change_password),
+                name='auth_user_password_change',
+            ),
+        ] + super().get_urls()
+
+    def lookup_allowed(self, lookup, value):
+        # Don't allow lookups involving passwords.
+        return not lookup.startswith('password') and super().lookup_allowed(lookup, value)
+
+    @sensitive_post_parameters_m
+    @csrf_protect_m
+    def add_view(self, request, form_url='', extra_context=None):
+        with transaction.atomic(using=router.db_for_write(self.model)):
+            return self._add_view(request, form_url, extra_context)
+
+    def _add_view(self, request, form_url='', extra_context=None):
+        # It's an error for a user to have add permission but NOT change
+        # permission for users. If we allowed such users to add users, they
+        # could create superusers, which would mean they would essentially have
+        # the permission to change users. To avoid the problem entirely, we
+        # disallow users from adding users if they don't have change
+        # permission.
+        if not self.has_change_permission(request):
+            if self.has_add_permission(request) and settings.DEBUG:
+                # Raise Http404 in debug mode so that the user gets a helpful
+                # error message.
+                raise Http404(
+                    'Your user does not have the "Change user" permission. In '
+                    'order to add users, Django requires that your user '
+                    'account have both the "Add user" and "Change user" '
+                    'permissions set.')
+            raise PermissionDenied
+        if extra_context is None:
+            extra_context = {}
+        username_field = self.model._meta.get_field(self.model.USERNAME_FIELD)
+        defaults = {
+            'auto_populated_fields': (),
+            'username_help_text': username_field.help_text,
+        }
+        extra_context.update(defaults)
+        return super().add_view(request, form_url, extra_context)
+
+    @sensitive_post_parameters_m
+    def user_change_password(self, request, id, form_url=''):
+        user = self.get_object(request, unquote(id))
+        if not self.has_change_permission(request, user):
+            raise PermissionDenied
+        if user is None:
+            raise Http404(_('%(name)s object with primary key %(key)r does not exist.') % {
+                'name': self.model._meta.verbose_name,
+                'key': escape(id),
+            })
+        if request.method == 'POST':
+            form = self.change_password_form(user, request.POST)
+            if form.is_valid():
+                form.save()
+                change_message = self.construct_change_message(request, form, None)
+                self.log_change(request, user, change_message)
+                msg = gettext('Password changed successfully.')
+                messages.success(request, msg)
+                update_session_auth_hash(request, form.user)
+                return HttpResponseRedirect(
+                    reverse(
+                        '%s:%s_%s_change' % (
+                            self.admin_site.name,
+                            user._meta.app_label,
+                            user._meta.model_name,
+                        ),
+                        args=(user.pk,),
+                    )
+                )
+        else:
+            form = self.change_password_form(user)
+
+        fieldsets = [(None, {'fields': list(form.base_fields)})]
+        adminForm = admin.helpers.AdminForm(form, fieldsets, {})
+
+        context = {
+            'title': _('Change password: %s') % escape(user.get_username()),
+            'adminForm': adminForm,
+            'form_url': form_url,
+            'form': form,
+            'is_popup': (IS_POPUP_VAR in request.POST or
+                         IS_POPUP_VAR in request.GET),
+            'add': True,
+            'change': False,
+            'has_delete_permission': False,
+            'has_change_permission': True,
+            'has_absolute_url': False,
+            'opts': self.model._meta,
+            'original': user,
+            'save_as': False,
+            'show_save': True,
+            **self.admin_site.each_context(request),
+        }
+
+        request.current_app = self.admin_site.name
+
+        return TemplateResponse(
+            request,
+            self.change_user_password_template or
+            'admin/auth/user/change_password.html',
+            context,
+        )
+
+    def response_add(self, request, obj, post_url_continue=None):
+        """
+        Determine the HttpResponse for the add_view stage. It mostly defers to
+        its superclass implementation but is customized because the User model
+        has a slightly different workflow.
+        """
+        # We should allow further modification of the user just added i.e. the
+        # 'Save' button should behave like the 'Save and continue editing'
+        # button except in two scenarios:
+        # * The user has pressed the 'Save and add another' button
+        # * We are adding a user in a popup
+        if '_addanother' not in request.POST and IS_POPUP_VAR not in request.POST:
+            request.POST = request.POST.copy()
+            request.POST['_continue'] = 1
+        return super().response_add(request, obj, post_url_continue)
+
+
+admin_site.register(Group, GroupAdmin)
+admin_site.register(User, UserAdmin)

@@ -9,7 +9,7 @@ from settings import conf
 
 
 # Create your views here.
 # Create your views here.
 
 
-# https://auth-i.bmwgroup.net/auth/oauth2/intranetb2x/
+# https://auth-i.bmwgroup.net/auth/oauth2/
 iwa_url_params = {
 iwa_url_params = {
     'scope': 'openid',
     'scope': 'openid',
     'response_type': 'code',
     'response_type': 'code',
@@ -17,7 +17,7 @@ iwa_url_params = {
     'client_id': conf.IWA_CLIENT_ID
     'client_id': conf.IWA_CLIENT_ID
 }
 }
 iwa_url_params_str = '&'.join(['{0}={1}'.format(k, v) for k, v in iwa_url_params.items()])
 iwa_url_params_str = '&'.join(['{0}={1}'.format(k, v) for k, v in iwa_url_params.items()])
-iwa_url = '{0}authorize?{1}'.format(conf.IWA_URL, iwa_url_params_str)
+iwa_url = '{0}intranetb2x/authorize?{1}'.format(conf.IWA_URL, iwa_url_params_str)
 client_id_base64 = base64.b64encode('{0}:{1}'.format(
 client_id_base64 = base64.b64encode('{0}:{1}'.format(
     conf.IWA_CLIENT_ID, conf.IWA_CLIENT_SECRET).encode('utf-8')).decode('utf-8')
     conf.IWA_CLIENT_ID, conf.IWA_CLIENT_SECRET).encode('utf-8')).decode('utf-8')
 
 
@@ -54,7 +54,9 @@ class IWALoginView(IWABaseView, GenericView):
     def post(self, request, *args, **kwargs):
     def post(self, request, *args, **kwargs):
         code = request.data.get('code', '')
         code = request.data.get('code', '')
         # redirect_uri = request.data.get('redirect_uri', '')
         # redirect_uri = request.data.get('redirect_uri', '')
-        q_number = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
+        iwa_res = self.get_q_number(conf.IWA_URL, code, conf.IWA_REDIRECT_URI, client_id_base64)
+        q_number = iwa_res.get('sub', '')
+        self.running_log.info('iwa_res: {0}'.format(iwa_res))
 
 
         is_valid, data = self.validate(q_number)
         is_valid, data = self.validate(q_number)
 
 

 from django.contrib import admin
 from django.contrib import admin
 from .models import Keywords, Configs
 from .models import Keywords, Configs
 from .named_enum import KeywordsType
 from .named_enum import KeywordsType
+from apps.myadmin.admin import admin_site
 
 
 
 
 # Register your models here.
 # Register your models here.
@@ -19,7 +20,7 @@ class ConfigsAdmin(admin.ModelAdmin):
     list_display = ('id', 'value', 'comment')
     list_display = ('id', 'value', 'comment')
 
 
 
 
-admin.site.register(Keywords, KeywordsAdmin)
-admin.site.register(Configs, ConfigsAdmin)
-admin.site.site_header = '宝马OCR'
-admin.site.site_title = '宝马OCR'
+admin_site.register(Keywords, KeywordsAdmin)
+admin_site.register(Configs, ConfigsAdmin)
+# admin.site.site_header = '宝马OCR'
+# admin.site.site_title = '宝马OCR'

+from django.contrib import admin
+from django.views.decorators.cache import never_cache
+from django.http import HttpResponseRedirect
+from settings import conf
+
+
+iwa_admin_url_params = {
+    'scope': 'openid',
+    'response_type': 'code',
+    'redirect_uri': conf.IWA_REDIRECT_URI,
+    'client_id': conf.IWA_CLIENT_ID,
+    'acr_values': 'strongAuth4000Service'
+}
+iwa_admin_url_params_str = '&'.join(['{0}={1}'.format(k, v) for k, v in iwa_admin_url_params.items()])
+iwa_admin_url = '{0}realms/root/realms/intranetb2x/authorize?{1}'.format(conf.IWA_URL, iwa_admin_url_params_str)
+
+
+class MyAdminSite(admin.AdminSite):
+    site_header = 'BMW OCR'
+    site_title = 'BMW OCR'
+
+    @never_cache
+    def login(self, request, extra_context=None):
+        return HttpResponseRedirect(iwa_admin_url)
+
+
+admin_site = MyAdminSite()

+from django.contrib.admin.apps import AdminConfig
+
+
+class MyAdminConfig(AdminConfig):
+    default_site = 'apps.myadmin.admin.MyAdminSite'

+from django.db import models
+
+# Create your models here.

+from django.shortcuts import render
+
+# Create your views here.

@@ -13,11 +13,13 @@ Including another URLconf
     1. Import the include() function: from django.urls import include, path
     1. Import the include() function: from django.urls import include, path
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
     2. Add a URL to urlpatterns:  path('blog/', include('blog.urls'))
 """
 """
-from django.contrib import admin
+# from django.contrib import admin
 from django.urls import path, include
 from django.urls import path, include
+from apps.myadmin.admin import admin_site
 
 
 urlpatterns = [
 urlpatterns = [
-    path('admin/', admin.site.urls),
+    # path('admin/', admin.site.urls),
+    path('admin/', admin_site.urls),
     path(r'api/user/', include('apps.account.urls')),
     path(r'api/user/', include('apps.account.urls')),
     path(r'api/create/', include('apps.doc.create_urls')),
     path(r'api/create/', include('apps.doc.create_urls')),
     path(r'api/priority/', include('apps.doc.priority_urls')),
     path(r'api/priority/', include('apps.doc.priority_urls')),

@@ -135,7 +135,7 @@ class IWABaseView:
         iwa_user_url = '{0}userinfo'.format(iwa_url_base)
         iwa_user_url = '{0}userinfo'.format(iwa_url_base)
         res = requests.get(iwa_user_url, headers=headers)
         res = requests.get(iwa_user_url, headers=headers)
 
 
-        return res.json().get('sub', '')
+        return res.json()
 
 
     @staticmethod
     @staticmethod
     def validate(q_number):
     def validate(q_number):

@@ -35,7 +35,8 @@ ALLOWED_HOSTS = conf.ALLOWED_HOSTS
 # Application definition
 # Application definition
 
 
 INSTALLED_APPS = [
 INSTALLED_APPS = [
-    'django.contrib.admin',
+    # 'django.contrib.admin',
+    'apps.myadmin.apps.MyAdminConfig',
     'django.contrib.auth',
     'django.contrib.auth',
     'django.contrib.contenttypes',
     'django.contrib.contenttypes',
     'django.contrib.sessions',
     'django.contrib.sessions',