feat(admin): Build real-time user session and status dashboard

Author: cp099

inventory/middleware.py

@@ -0,0 +1,20 @@
+# sherlock-python/inventory/middleware.py
+
+from django.utils import timezone
+from .models import UserProfile
+
+class UpdateLastSeenMiddleware:
+    """
+    Custom middleware to update the 'last_seen' timestamp for an
+    authenticated user with every request they make.
+    """
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        response = self.get_response(request)
+
+        if request.user.is_authenticated:
+            UserProfile.objects.filter(user=request.user).update(last_seen=timezone.now())
+        
+        return response

inventory/migrations/0015_userprofile_last_seen.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.2.7 on 2025-10-26 09:47
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('inventory', '0014_checkinlog_condition'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='userprofile',
+            name='last_seen',
+            field=models.DateTimeField(blank=True, help_text='The last time the user made a request.', null=True),
+        ),
+    ]

inventory/models.py

@@ -218,17 +218,28 @@ def save(self, *args, **kwargs):
         super().save(*args, **kwargs)
 
 class UserProfile(models.Model):
-    """Extends the default Django User model to include a role."""
+    """Extends the default Django User model to include a role and activity tracking."""
     class Role(models.TextChoices):
         ADMIN = 'ADMIN', 'Admin'
         MEMBER = 'MEMBER', 'Member'
 
     user = models.OneToOneField(settings.AUTH_USER_MODEL, on_delete=models.CASCADE, related_name='profile')
     role = models.CharField(max_length=10, choices=Role.choices, default=Role.MEMBER)
+    last_seen = models.DateTimeField(null=True, blank=True, help_text="The last time the user made a request.")
 
     def __str__(self):
         return f"{self.user.username} - {self.get_role_display()}"
 
+    @property
+    def is_online(self):
+        """
+        Determines if the user is 'online' based on their last seen time.
+        A user is considered online if they were active in the last 5 minutes.
+        """
+        if not self.last_seen:
+            return False
+        return timezone.now() < self.last_seen + timedelta(minutes=5)
+
 def create_user_profile(sender, instance, created, **kwargs):
     if created:
         UserProfile.objects.create(user=instance)

inventory/templates/inventory/team_management.html

@@ -1,31 +1,95 @@
 {% extends "inventory/base.html" %}
+
 {% block content %}
-    <div style="display: flex; justify-content: space-between; align-items: center;">
+    <div style="display: flex; justify-content: space-between; align-items: center; margin-bottom: 1rem;">
         <h1>Team Management</h1>
-        <a href="{% url 'inventory:create_user' %}" class="link-button">Add New User</a>
+        <a href="{% url 'inventory:create_user' %}" class="btn btn-primary">
+            <i class="fas fa-user-plus"></i> Add New User
+        </a>
     </div>
-    <p>As an Admin, you can manage the roles of other users in the system.</p>
+    <p>As an Admin, you can manage user roles, view their activity status, and control their access to the system.</p>
 
     <table class="open-table">
         <thead>
-            <tr><th>Username</th><th>Email</th><th>Current Role</th><th>Change Role</th></tr>
+            <tr>
+                <th>Username</th>
+                <th>Email</th>
+                <th>Role</th>
+                <th>Account Status</th>
+                <th>Activity Status</th>
+                <th style="text-align: center;">Actions</th>
+            </tr>
         </thead>
         <tbody>
             {% for profile in users %}
             <tr>
+                <!-- Username -->
                 <td>{{ profile.user.username }}</td>
-                <td>{{ profile.user.email }}</td>
-                <td>{{ profile.get_role_display }}</td>
+
+                <!-- Email -->
+                <td>{{ profile.user.email|default:"Not set" }}</td>
+
+                <!-- Role -->
                 <td>
-                    <form action="{% url 'inventory:update_user_role' profile.id %}" method="post">
+                    <form action="{% url 'inventory:update_user_role' profile.id %}" method="post" style="margin:0;">
                         {% csrf_token %}
-                        <select name="role" onchange="this.form.submit()">
-                            {% for value, name in form.fields.role.choices %}
+                        <select name="role" onchange="this.form.submit()" class="form-control form-control-sm">
+                            {% for value, name in profile.Role.choices %}
                                 <option value="{{ value }}" {% if profile.role == value %}selected{% endif %}>{{ name }}</option>
                             {% endfor %}
                         </select>
                     </form>
                 </td>
+                
+                <!-- Account Status (Active/Suspended) -->
+                <td>
+                    {% if profile.user.is_active %}
+                        <span class="badge bg-success">Active</span>
+                    {% else %}
+                        <span class="badge bg-secondary">Suspended</span>
+                    {% endif %}
+                </td>
+
+                <!-- Activity Status (Online/Offline) -->
+                <td>
+                    {% if profile.is_online %}
+                        <span class="badge bg-primary">Online</span>
+                    {% else %}
+                        <span class="badge bg-light text-dark">Offline</span>
+                    {% endif %}
+                </td>
+
+                <!-- Actions -->
+                <td style="text-align: center; white-space: nowrap;">
+                    <!-- Suspend/Reactivate Button -->
+                    <form action="{% url 'inventory:toggle_user_active' profile.user.id %}" method="post" style="display: inline-block; margin: 0;">
+                        {% csrf_token %}
+                        {% if profile.user.is_active %}
+                            <button type="submit" class="btn btn-warning btn-sm" title="Suspend this user's account">
+                                <i class="fas fa-user-slash"></i> Suspend
+                            </button>
+                        {% else %}
+                            <button type="submit" class="btn btn-success btn-sm" title="Reactivate this user's account">
+                                <i class="fas fa-user-check"></i> Reactivate
+                            </button>
+                        {% endif %}
+                    </form>
+                    
+                    <!-- Force Logout Button -->
+                    {% if profile.is_online and profile.user.is_active %}
+                    <form action="{% url 'inventory:force_logout_user' profile.user.id %}" method="post" style="display: inline-block; margin: 0 0 0 5px;">
+                        {% csrf_token %}
+                        <button type="submit" class="btn btn-danger btn-sm" title="Forcibly end all active sessions for this user"
+                                onclick="return confirm('Are you sure you want to force logout {{ profile.user.username }}? They will be immediately signed out of all devices.');">
+                            <i class="fas fa-sign-out-alt"></i> Force Logout
+                        </button>
+                    </form>
+                    {% endif %}
+                </td>
+            </tr>
+            {% empty %}
+            <tr>
+                <td colspan="6" style="text-align: center;">There are no other users in the system.</td>
             </tr>
             {% endfor %}
         </tbody>

inventory/urls.py

@@ -11,8 +11,10 @@
     # ==========================================================================
     path('my-profile/', views.my_profile, name='my_profile'),
     path('team-management/', views.team_management, name='team_management'),
-    path('team-management/update-role/<int:user_id>/', views.update_user_role, name='update_user_role'),
     path('team-management/create-user/', views.create_user, name='create_user'),
+    path('team-management/update-role/<int:user_id>/', views.update_user_role, name='update_user_role'),
+    path('team-management/toggle-active/<int:user_id>/', views.toggle_user_active_status, name='toggle_user_active'),
+    path('team-management/force-logout/<int:user_id>/', views.force_logout_user, name='force_logout_user'),
 
     # ==========================================================================
     # Main Navigation & Dashboards

inventory/views.py

@@ -13,7 +13,7 @@
 from django.db.models import Q, Sum, Max, F, Count
 from django.db.models.functions import TruncDay
 from django.contrib.auth.models import User
-
+from django.contrib.sessions.models import Session
 
 from .models import Section, Space, Item, PrintQueue, PrintQueueItem, SearchEntry, Student, CheckoutLog, CheckInLog, ItemLog, UserProfile
 from .forms import SectionForm, SpaceForm, ItemForm, StudentForm, StockAdjustmentForm, UserUpdateForm, UserRoleForm
@@ -1042,6 +1042,50 @@ def create_user(request):
     context = {'form': form}
     return render(request, 'inventory/create_user.html', context)
 
+@login_required
+@admin_required
+def force_logout_user(request, user_id):
+    """
+    Finds and deletes all active sessions for a given user,
+    effectively logging them out on their next request.
+    """
+    if request.method == 'POST':
+        user_to_logout = get_object_or_404(User, id=user_id)
+        
+        # Find all session objects associated with this user
+        for session in Session.objects.all():
+            if session.get_decoded().get('_auth_user_id') == str(user_to_logout.id):
+                session.delete()
+
+        messages.success(request, f"All active sessions for {user_to_logout.username} have been terminated.")
+    return redirect('inventory:team_management')
+
+@login_required
+@admin_required
+def toggle_user_active_status(request, user_id):
+    """
+    Toggles the is_active flag for a user, effectively suspending or
+    reactivating their account.
+    """
+    if request.method == 'POST':
+        user_to_toggle = get_object_or_404(User, id=user_id)
+        
+        # Toggle the is_active status
+        user_to_toggle.is_active = not user_to_toggle.is_active
+        user_to_toggle.save()
+        
+        status = "reactivated" if user_to_toggle.is_active else "suspended"
+        messages.success(request, f"The account for {user_to_toggle.username} has been {status}.")
+
+        # If we suspend the user, also log them out for immediate effect
+        if not user_to_toggle.is_active:
+            for session in Session.objects.all():
+                if session.get_decoded().get('_auth_user_id') == str(user_to_toggle.id):
+                    session.delete()
+            messages.info(request, f"Active sessions for {user_to_toggle.username} were also terminated.")
+            
+    return redirect('inventory:team_management')
+
 def custom_page_not_found_view(request, exception):
     """
     Custom view to render the 404.html template.

sherlock/settings.py

@@ -81,12 +81,12 @@
     'django.middleware.security.SecurityMiddleware',
     'whitenoise.middleware.WhiteNoiseMiddleware',
     'django.contrib.sessions.middleware.SessionMiddleware',
+    'inventory.middleware.UpdateLastSeenMiddleware',
     'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
-
 ]
 
 ROOT_URLCONF = 'sherlock.urls'