From 1d4162582a2f8e30f6324eb4770b3b332e69ba08 Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 10:51:56 +0100
Subject: [PATCH 01/12] Add auto-active links to sidebar

---
 .../frontend/templates/includes/sidebar.html  |  3 ++-
 src/servala/static/js/sidebar.js              | 22 +++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 src/servala/static/js/sidebar.js

diff --git a/src/servala/frontend/templates/includes/sidebar.html b/src/servala/frontend/templates/includes/sidebar.html
index ae08b51..4b7bc77 100644
--- a/src/servala/frontend/templates/includes/sidebar.html
+++ b/src/servala/frontend/templates/includes/sidebar.html
@@ -1,4 +1,4 @@
-{% load i18n %}
+{% load i18n static %}
 <div id="sidebar">
     <div id="sidebar">
         <div class="sidebar-wrapper active">
@@ -132,3 +132,4 @@
             </div>
         </div>
     </div>
+    <script src="{% static 'js/sidebar.js' %}" defer></script>
diff --git a/src/servala/static/js/sidebar.js b/src/servala/static/js/sidebar.js
new file mode 100644
index 0000000..1f79795
--- /dev/null
+++ b/src/servala/static/js/sidebar.js
@@ -0,0 +1,22 @@
+/**
+ * This script marks the current path as active in the sidebar.
+ */
+
+document.addEventListener('DOMContentLoaded', () => {
+    const currentPath = window.location.pathname;
+    const sidebarLinks = document.querySelectorAll('.sidebar-link');
+
+    sidebarLinks.forEach(link => {
+        // Skip links that are inside buttons (like logout)
+        if (link.tagName === 'BUTTON') return;
+
+        if (link.getAttribute('href') === currentPath) {
+            const parentItem = link.closest('.sidebar-item');
+            if (parentItem) {
+                parentItem.classList.add('active');
+            } else {
+                link.classList.add('active');
+            }
+        }
+    })
+})

From 8be1c86deb52e56cb02a1a5d632f75516e775850 Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 10:57:17 +0100
Subject: [PATCH 02/12] Move org account switcher to sidebar header

---
 .../frontend/templates/includes/sidebar.html  | 74 +++++++++----------
 1 file changed, 37 insertions(+), 37 deletions(-)

diff --git a/src/servala/frontend/templates/includes/sidebar.html b/src/servala/frontend/templates/includes/sidebar.html
index 4b7bc77..45da541 100644
--- a/src/servala/frontend/templates/includes/sidebar.html
+++ b/src/servala/frontend/templates/includes/sidebar.html
@@ -53,6 +53,43 @@
                         <a href="#" class="sidebar-hide d-xl-none d-block"><i class="bi bi-x bi-middle"></i></a>
                     </div>
                 </div>
+                {% if request.user.is_authenticated %}
+                    {# request.user.is_authenticated #}
+                    {% if user_organizations.count %}
+                        <button class="btn btn-outline-primary dropdown-toggle w-100"
+                                type="button"
+                                id="organizationDropdown"
+                                data-bs-toggle="dropdown"
+                                aria-haspopup="true"
+                                aria-expanded="false">
+                            {% if request.organization %}
+                                {{ request.organization.name }}
+                            {% else %}
+                                {% translate "Organizations" %}
+                            {% endif %}
+                        </button>
+                        <div class="dropdown-menu shadow"
+                             aria-labelledby="organizationDropdown"
+                             id="organization-dropdown">
+                            {% for organization in user_organizations %}
+                                <a class="dropdown-item{% if organization == request.organization %} active{% endif %}"
+                                   href="{{ organization.get_absolute_url }}">
+                                    <i class="bi bi-building-fill me-1"></i>
+                                    {{ organization.name }}
+                                </a>
+                            {% endfor %}
+                            <a href="{% url 'frontend:organization.create' %}" class="dropdown-item">
+                                <i class="bi bi-building-add me-1"></i>
+                                <span>{% translate "Create organization" %}</span>
+                            </a>
+                        </div>
+                    {% else %}
+                        <a href="{% url 'frontend:organization.create' %}" class="sidebar-link">
+                            <i class="bi bi-plus-square"></i>
+                            <span>{% translate "Create organization" %}</span>
+                        </a>
+                    {% endif %}
+                {% endif %}
             </div>
             <div class="sidebar-menu">
                 <ul class="menu">
@@ -64,43 +101,6 @@
                             </a>
                         </li>
                     {% else %}
-                        {# request.user.is_authenticated #}
-                        <li class="sidebar-item">
-                            {% if user_organizations.count %}
-                                <button class="btn btn-outline-primary dropdown-toggle w-100"
-                                        type="button"
-                                        id="organizationDropdown"
-                                        data-bs-toggle="dropdown"
-                                        aria-haspopup="true"
-                                        aria-expanded="false">
-                                    {% if request.organization %}
-                                        {{ request.organization.name }}
-                                    {% else %}
-                                        {% translate "Organizations" %}
-                                    {% endif %}
-                                </button>
-                                <div class="dropdown-menu shadow"
-                                     aria-labelledby="organizationDropdown"
-                                     id="organization-dropdown">
-                                    {% for organization in user_organizations %}
-                                        <a class="dropdown-item{% if organization == request.organization %} active{% endif %}"
-                                           href="{{ organization.get_absolute_url }}">
-                                            <i class="bi bi-building-fill me-1"></i>
-                                            {{ organization.name }}
-                                        </a>
-                                    {% endfor %}
-                                    <a href="{% url 'frontend:organization.create' %}" class="dropdown-item">
-                                        <i class="bi bi-building-add me-1"></i>
-                                        <span>{% translate "Create organization" %}</span>
-                                    </a>
-                                </div>
-                            {% else %}
-                                <a href="{% url 'frontend:organization.create' %}" class="sidebar-link">
-                                    <i class="bi bi-plus-square"></i>
-                                    <span>{% translate "Create organization" %}</span>
-                                </a>
-                            {% endif %}
-                        </li>
                         {% if request.organization %}
                             <li class="sidebar-item">
                                 <a href="{{ request.organization.get_absolute_url }}"

From 8a98f1ac33688eae8549e548c7acda789e8779ab Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 11:32:46 +0100
Subject: [PATCH 03/12] Add urlman for easier url access

With a variable slug, reverse()/{% url %} is rough to use.
---
 pyproject.toml                                       |  1 +
 src/servala/core/models/organization.py              | 10 ++++++----
 src/servala/frontend/templates/includes/sidebar.html |  4 ++--
 src/servala/frontend/urls.py                         |  2 +-
 src/servala/frontend/views/organization.py           |  2 +-
 uv.lock                                              | 11 +++++++++++
 6 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/pyproject.toml b/pyproject.toml
index dc46064..88fa67e 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -15,6 +15,7 @@ dependencies = [
     "psycopg2-binary>=2.9.10",
     "pyjwt>=2.10.1",
     "requests>=2.32.3",
+    "urlman>=2.0.2",
 ]
 
 [dependency-groups]
diff --git a/src/servala/core/models/organization.py b/src/servala/core/models/organization.py
index 4c0cdac..bcba9a2 100644
--- a/src/servala/core/models/organization.py
+++ b/src/servala/core/models/organization.py
@@ -1,6 +1,6 @@
+import urlman
 from django.conf import settings
 from django.db import models
-from django.urls import reverse
 from django.utils.functional import cached_property
 from django.utils.text import slugify
 from django.utils.translation import gettext_lazy as _
@@ -33,14 +33,16 @@ class Organization(ServalaModelMixin, models.Model):
         verbose_name=_("Members"),
     )
 
+    class urls(urlman.Urls):
+        base = "/org/{self.slug}/"
+        details = "{base}details/"
+
     @cached_property
     def slug(self):
         return f"{slugify(self.name)}-{self.id}"
 
     def get_absolute_url(self):
-        return reverse(
-            "frontend:organization.dashboard", kwargs={"organization": self.slug}
-        )
+        return self.urls.base
 
     def set_owner(self, user):
         OrganizationMembership.objects.filter(user=user, organization=self).delete()
diff --git a/src/servala/frontend/templates/includes/sidebar.html b/src/servala/frontend/templates/includes/sidebar.html
index 45da541..1078d4b 100644
--- a/src/servala/frontend/templates/includes/sidebar.html
+++ b/src/servala/frontend/templates/includes/sidebar.html
@@ -5,7 +5,7 @@
             <div class="sidebar-header position-relative">
                 <div class="d-flex justify-content-between align-items-center">
                     <div class="logo">
-                        <a href="{% if request.organization %}{{ request.organization.get_absolute_url }}{% else %}/{% endif %}">
+                        <a href="{% if request.organization %}{{ request.organization.urls.base }}{% else %}/{% endif %}">
                             <img src="" alt="{% translate 'Logo' %}" srcset="">
                         </a>
                     </div>
@@ -73,7 +73,7 @@
                              id="organization-dropdown">
                             {% for organization in user_organizations %}
                                 <a class="dropdown-item{% if organization == request.organization %} active{% endif %}"
-                                   href="{{ organization.get_absolute_url }}">
+                                   href="{{ organization.urls.base }}">
                                     <i class="bi bi-building-fill me-1"></i>
                                     {{ organization.name }}
                                 </a>
diff --git a/src/servala/frontend/urls.py b/src/servala/frontend/urls.py
index e947a7b..f247f17 100644
--- a/src/servala/frontend/urls.py
+++ b/src/servala/frontend/urls.py
@@ -12,7 +12,7 @@ urlpatterns = [
         name="organization.create",
     ),
     path(
-        "<slug:organization>/",
+        "org/<slug:organization>/",
         include(
             [
                 path(
diff --git a/src/servala/frontend/views/organization.py b/src/servala/frontend/views/organization.py
index 9ef4e37..dc0f1fd 100644
--- a/src/servala/frontend/views/organization.py
+++ b/src/servala/frontend/views/organization.py
@@ -12,7 +12,7 @@ class OrganizationCreateView(FormView):
         instance = form.instance.create_organization(
             form.instance, owner=self.request.user
         )
-        return redirect(instance.get_absolute_url())
+        return redirect(instance.urls.base)
 
 
 class OrganizationDashboardView(TemplateView):
diff --git a/uv.lock b/uv.lock
index 7231712..0563552 100644
--- a/uv.lock
+++ b/uv.lock
@@ -676,6 +676,7 @@ dependencies = [
     { name = "psycopg2-binary" },
     { name = "pyjwt" },
     { name = "requests" },
+    { name = "urlman" },
 ]
 
 [package.dev-dependencies]
@@ -702,6 +703,7 @@ requires-dist = [
     { name = "psycopg2-binary", specifier = ">=2.9.10" },
     { name = "pyjwt", specifier = ">=2.10.1" },
     { name = "requests", specifier = ">=2.32.3" },
+    { name = "urlman", specifier = ">=2.0.2" },
 ]
 
 [package.metadata.requires-dev]
@@ -763,3 +765,12 @@ sdist = { url = "https://files.pythonhosted.org/packages/aa/63/e53da845320b757bf
 wheels = [
     { url = "https://files.pythonhosted.org/packages/c8/19/4ec628951a74043532ca2cf5d97b7b14863931476d117c471e8e2b1eb39f/urllib3-2.3.0-py3-none-any.whl", hash = "sha256:1cee9ad369867bfdbbb48b7dd50374c0967a0bb7710050facf0dd6911440e3df", size = 128369 },
 ]
+
+[[package]]
+name = "urlman"
+version = "2.0.2"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/65/c3/cc163cadf40a03d23d522d050ffa147c0589ccd7992a2cc4dd2b02aa9886/urlman-2.0.2.tar.gz", hash = "sha256:231afe89d0d0db358fe7a2626eb39310e5bf5911f3796318955cbe77e1b39601", size = 7684 }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/f4/0c/e8a418c9bc9349e7869e88a5b439cf39c4f6f8942da858000944c94a8f01/urlman-2.0.2-py2.py3-none-any.whl", hash = "sha256:2505bf310be424ffa6f4965a6f643ce32dc6194f61a3c5989f2f56453c614814", size = 8028 },
+]

From 7f3bd159cb60e0f77a5d5a51209472296f3e4d01 Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 12:05:22 +0100
Subject: [PATCH 04/12] Make HTMX integration more flexible

---
 src/servala/frontend/forms/mixins.py                 | 9 +++++++--
 src/servala/frontend/templates/frontend/profile.html | 4 ++--
 src/servala/frontend/views/mixins.py                 | 7 +++++--
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/servala/frontend/forms/mixins.py b/src/servala/frontend/forms/mixins.py
index 4ca1796..7fe6663 100644
--- a/src/servala/frontend/forms/mixins.py
+++ b/src/servala/frontend/forms/mixins.py
@@ -1,3 +1,5 @@
+from django.utils.functional import cached_property
+
 from servala.frontend.forms.renderers import InlineFormRenderer
 
 
@@ -7,8 +9,6 @@ class HtmxMixin:
     Useful when sending single fields with htmx.
     """
 
-    default_renderer = InlineFormRenderer
-
     def __init__(self, *args, **kwargs):
         self.single_field = kwargs.pop("single_field", None)
 
@@ -18,3 +18,8 @@ class HtmxMixin:
             field = self.fields[self.single_field]
             self.fields.clear()
             self.fields[self.single_field] = field
+
+    @cached_property
+    def default_renderer(self):
+        if self.single_field:
+            return InlineFormRenderer
diff --git a/src/servala/frontend/templates/frontend/profile.html b/src/servala/frontend/templates/frontend/profile.html
index cfad0e9..2d6433a 100644
--- a/src/servala/frontend/templates/frontend/profile.html
+++ b/src/servala/frontend/templates/frontend/profile.html
@@ -15,7 +15,7 @@
 <td>
     {{ request.user.email }}
     <button class="btn btn-primary"
-            hx-get="{% url 'frontend:profile' %}?fragment=user-email-edit"
+            hx-get="{% url 'frontend:profile' %}?fragment=user-email-edit&hx-single-field=email"
             hx-target="closest td"
             hx-swap="outerHTML">{% translate "Edit" %}</button>
 </td>
@@ -24,7 +24,7 @@
 <td>
     {{ request.user.company|default:"–" }}
     <button class="btn btn-primary"
-            hx-get="{% url 'frontend:profile' %}?fragment=user-company-edit"
+            hx-get="{% url 'frontend:profile' %}?fragment=user-company-edit&hx-single-field=company"
             hx-target="closest td"
             hx-swap="outerHTML">{% translate "Edit" %}</button>
 </td>
diff --git a/src/servala/frontend/views/mixins.py b/src/servala/frontend/views/mixins.py
index 3184e86..6ab8f0f 100644
--- a/src/servala/frontend/views/mixins.py
+++ b/src/servala/frontend/views/mixins.py
@@ -25,8 +25,11 @@ class HtmxMixin(TemplateView):
 
     def get_form_kwargs(self):
         result = super().get_form_kwargs()
-        if self.is_htmx and (field_name := self.request.POST.get("hx-single-field")):
-            result["single_field"] = field_name
+        if self.is_htmx:
+            data = (
+                self.request.POST if self.request.method == "POST" else self.request.GET
+            )
+            result["single_field"] = data.get("hx-single-field")
         return result
 
     def form_valid(self, form):

From b6571ede2c086cbf86d5bcaf489096ec1d45177c Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 14:31:33 +0100
Subject: [PATCH 05/12] Add organization edit view

---
 src/servala/frontend/forms/__init__.py        |  4 +-
 src/servala/frontend/forms/organization.py    |  3 +-
 .../frontend/organizations/update.html        | 50 +++++++++++++++++++
 .../frontend/templates/includes/sidebar.html  | 10 +++-
 src/servala/frontend/urls.py                  |  5 ++
 src/servala/frontend/views/__init__.py        |  7 ++-
 src/servala/frontend/views/organization.py    | 31 ++++++++++--
 7 files changed, 101 insertions(+), 9 deletions(-)
 create mode 100644 src/servala/frontend/templates/frontend/organizations/update.html

diff --git a/src/servala/frontend/forms/__init__.py b/src/servala/frontend/forms/__init__.py
index fe0ffc1..01447a1 100644
--- a/src/servala/frontend/forms/__init__.py
+++ b/src/servala/frontend/forms/__init__.py
@@ -1,4 +1,4 @@
-from .organization import OrganizationCreateForm
+from .organization import OrganizationForm
 from .profile import UserProfileForm
 
-__all__ = ["OrganizationCreateForm", "UserProfileForm"]
+__all__ = ["OrganizationForm", "UserProfileForm"]
diff --git a/src/servala/frontend/forms/organization.py b/src/servala/frontend/forms/organization.py
index b6a3391..41cc26c 100644
--- a/src/servala/frontend/forms/organization.py
+++ b/src/servala/frontend/forms/organization.py
@@ -1,9 +1,10 @@
 from django.forms import ModelForm
 
 from servala.core.models import Organization
+from servala.frontend.forms.mixins import HtmxMixin
 
 
-class OrganizationCreateForm(ModelForm):
+class OrganizationForm(HtmxMixin, ModelForm):
     class Meta:
         model = Organization
         fields = ("name",)
diff --git a/src/servala/frontend/templates/frontend/organizations/update.html b/src/servala/frontend/templates/frontend/organizations/update.html
new file mode 100644
index 0000000..234622a
--- /dev/null
+++ b/src/servala/frontend/templates/frontend/organizations/update.html
@@ -0,0 +1,50 @@
+{% extends "frontend/base.html" %}
+{% load i18n static %}
+{% load partials %}
+{% block html_title %}
+    {% block page_title %}
+        {% translate "Organization Details" %}
+    {% endblock page_title %}
+{% endblock html_title %}
+{% partialdef org-name %}
+<td>
+    {{ form.instance.name }}
+    <button class="btn btn-primary"
+            hx-get="{{ request.path }}?fragment=org-name-edit&hx-single-field=name"
+            hx-target="closest td"
+            hx-swap="outerHTML">{% translate "Edit" %}</button>
+</td>
+{% endpartialdef org-name %}
+{% partialdef org-name-edit %}
+<td>
+    <form hx-target="closest td"
+          hx-swap="outerHTML"
+          hx-post="{{ request.url }}">
+        <div class="d-flex align-items-baseline">
+            {{ form.name.as_field_group }}
+            <input type="hidden" name="hx-single-field" value="name">
+            <input type="hidden" name="fragment" value="org-name">
+            <button type="submit" class="btn btn-primary mx-1">{% translate "Save" %}</button>
+            <button type="button"
+                    class="btn btn-secondary"
+                    hx-get="{{ request.path }}?fragment=org-name"
+                    hx-target="closest td"
+                    hx-swap="outerHTML">{% translate "Cancel" %}</button>
+        </div>
+    </form>
+</td>
+{% endpartialdef org-name-edit %}
+{% block card_content %}
+    <div class="table-responsive">
+        <table class="table table-lg">
+            <tbody>
+                <tr>
+                    <th class="w-25">
+                        <span class="d-flex mt-2">{% translate "Name" %}</span>
+                    </th>
+                    {% partial org-name %}
+                </tr>
+            </tbody>
+        </table>
+    </div>
+{% endblock card_content %}
diff --git a/src/servala/frontend/templates/includes/sidebar.html b/src/servala/frontend/templates/includes/sidebar.html
index 1078d4b..a04bc5d 100644
--- a/src/servala/frontend/templates/includes/sidebar.html
+++ b/src/servala/frontend/templates/includes/sidebar.html
@@ -103,12 +103,18 @@
                     {% else %}
                         {% if request.organization %}
                             <li class="sidebar-item">
-                                <a href="{{ request.organization.get_absolute_url }}"
-                                   class='sidebar-link'>
+                                <a href="{{ request.organization.urls.base }}" class='sidebar-link'>
                                     <i class="bi bi-grid-fill"></i>
                                     <span>{% translate 'Dashboard' %}</span>
                                 </a>
                             </li>
+                            <li class="sidebar-title">{% translate 'Organization' %}</li>
+                            <li class="sidebar-item">
+                                <a href="{{ request.organization.urls.details }}" class='sidebar-link'>
+                                    <i class="bi bi-grid-fill"></i>
+                                    <span>{% translate 'Details' %}</span>
+                                </a>
+                            </li>
                         {% endif %}
                         <li class="sidebar-title">{% translate 'Account' %}</li>
                         <li class="sidebar-item">
diff --git a/src/servala/frontend/urls.py b/src/servala/frontend/urls.py
index f247f17..59a7ccc 100644
--- a/src/servala/frontend/urls.py
+++ b/src/servala/frontend/urls.py
@@ -15,6 +15,11 @@ urlpatterns = [
         "org/<slug:organization>/",
         include(
             [
+                path(
+                    "details/",
+                    views.OrganizationUpdateView.as_view(),
+                    name="organization.details",
+                ),
                 path(
                     "",
                     views.OrganizationDashboardView.as_view(),
diff --git a/src/servala/frontend/views/__init__.py b/src/servala/frontend/views/__init__.py
index 8dc1ee8..4ff574a 100644
--- a/src/servala/frontend/views/__init__.py
+++ b/src/servala/frontend/views/__init__.py
@@ -1,11 +1,16 @@
 from .auth import LogoutView
 from .generic import IndexView, ProfileView
-from .organization import OrganizationCreateView, OrganizationDashboardView
+from .organization import (
+    OrganizationCreateView,
+    OrganizationDashboardView,
+    OrganizationUpdateView,
+)
 
 __all__ = [
     "IndexView",
     "LogoutView",
     "OrganizationCreateView",
     "OrganizationDashboardView",
+    "OrganizationUpdateView",
     "ProfileView",
 ]
diff --git a/src/servala/frontend/views/organization.py b/src/servala/frontend/views/organization.py
index dc0f1fd..91fcb2a 100644
--- a/src/servala/frontend/views/organization.py
+++ b/src/servala/frontend/views/organization.py
@@ -1,11 +1,14 @@
 from django.shortcuts import redirect
-from django.views.generic import FormView, TemplateView
+from django.utils.functional import cached_property
+from django.views.generic import FormView, TemplateView, UpdateView
 
-from servala.frontend.forms import OrganizationCreateForm
+from servala.core.models import Organization
+from servala.frontend.forms import OrganizationForm
+from servala.frontend.views.mixins import HtmxMixin
 
 
 class OrganizationCreateView(FormView):
-    form_class = OrganizationCreateForm
+    form_class = OrganizationForm
     template_name = "frontend/organizations/create.html"
 
     def form_valid(self, form):
@@ -17,3 +20,25 @@ class OrganizationCreateView(FormView):
 
 class OrganizationDashboardView(TemplateView):
     template_name = "frontend/organizations/dashboard.html"
+
+
+class OrganizationUpdateView(HtmxMixin, UpdateView):
+    template_name = "frontend/organizations/update.html"
+    form_class = OrganizationForm
+    fragments = ("org-name", "org-name-edit")
+    model = Organization
+    context_object_name = "organization"
+
+    def get_success_url(self):
+        return self.request.path
+
+    def get_object(self):
+        return self.request.organization
+
+    @cached_property
+    def object(self):
+        return self.get_object()
+
+    def form_valid(self, form):
+        form.save()
+        return super().form_valid(form)

From 34df06939a2175d460a1f2d82b42c57b563d565b Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 15:36:40 +0100
Subject: [PATCH 06/12] Add django-rules

---
 pyproject.toml          |  1 +
 src/servala/settings.py |  2 ++
 uv.lock                 | 11 +++++++++++
 3 files changed, 14 insertions(+)

diff --git a/pyproject.toml b/pyproject.toml
index 88fa67e..aa12d13 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -15,6 +15,7 @@ dependencies = [
     "psycopg2-binary>=2.9.10",
     "pyjwt>=2.10.1",
     "requests>=2.32.3",
+    "rules>=3.5",
     "urlman>=2.0.2",
 ]
 
diff --git a/src/servala/settings.py b/src/servala/settings.py
index 7bc2f9f..c1682a7 100644
--- a/src/servala/settings.py
+++ b/src/servala/settings.py
@@ -97,6 +97,7 @@ INSTALLED_APPS = [
     "django.contrib.staticfiles",
     "django.forms",
     "template_partials",
+    "rules",
     # The frontend app is loaded early in order to supersede some allauth views/behaviour
     "servala.frontend",
     "allauth",
@@ -170,6 +171,7 @@ ACCOUNT_SIGNUP_FIELDS = ["email*", "password1*", "password2*"]
 ACCOUNT_SIGNUP_FORM_CLASS = "servala.frontend.forms.auth.ServalaSignupForm"
 
 AUTHENTICATION_BACKENDS = [
+    "rules.permissions.ObjectPermissionBackend",
     # Needed to login by username in Django admin, regardless of `allauth`
     "django.contrib.auth.backends.ModelBackend",
     "allauth.account.auth_backends.AuthenticationBackend",
diff --git a/uv.lock b/uv.lock
index 0563552..6d6a585 100644
--- a/uv.lock
+++ b/uv.lock
@@ -661,6 +661,15 @@ wheels = [
     { url = "https://files.pythonhosted.org/packages/f9/9b/335f9764261e915ed497fcdeb11df5dfd6f7bf257d4a6a2a686d80da4d54/requests-2.32.3-py3-none-any.whl", hash = "sha256:70761cfe03c773ceb22aa2f671b4757976145175cdfca038c02654d061d6dcc6", size = 64928 },
 ]
 
+[[package]]
+name = "rules"
+version = "3.5"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/f7/36/918cf4cc9fd0e38bb9310b2d1a13ae6ebb2b5732d56e7de6feb4a992a6ed/rules-3.5.tar.gz", hash = "sha256:f01336218f4561bab95f53672d22418b4168baea271423d50d9e8490d64cb27a", size = 55504 }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/ea/33/16213dd62ca8ce8749985318a966ac1300ab55c977b2d66632a45b405c99/rules-3.5-py2.py3-none-any.whl", hash = "sha256:0f00fc9ee448b3f82e9aff9334ab0c56c76dce4dfa14f1598f57969f1022acc0", size = 25658 },
+]
+
 [[package]]
 name = "servala"
 version = "0.0.0"
@@ -676,6 +685,7 @@ dependencies = [
     { name = "psycopg2-binary" },
     { name = "pyjwt" },
     { name = "requests" },
+    { name = "rules" },
     { name = "urlman" },
 ]
 
@@ -703,6 +713,7 @@ requires-dist = [
     { name = "psycopg2-binary", specifier = ">=2.9.10" },
     { name = "pyjwt", specifier = ">=2.10.1" },
     { name = "requests", specifier = ">=2.32.3" },
+    { name = "rules", specifier = ">=3.5" },
     { name = "urlman", specifier = ">=2.0.2" },
 ]
 

From da82b459bdc2716f38ee31dfdceddc8e527472ee Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 15:51:04 +0100
Subject: [PATCH 07/12] Disable django_scopes in admin namespace

---
 src/servala/core/middleware.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/servala/core/middleware.py b/src/servala/core/middleware.py
index 3046ff0..dd8f54c 100644
--- a/src/servala/core/middleware.py
+++ b/src/servala/core/middleware.py
@@ -1,6 +1,6 @@
 from django.shortcuts import get_object_or_404
 from django.urls import resolve
-from django_scopes import scope
+from django_scopes import scope, scopes_disabled
 
 from servala.core.models import Organization
 
@@ -13,6 +13,10 @@ class OrganizationMiddleware:
     def __call__(self, request):
         url = resolve(request.path_info)
 
+        if "admin" in url.namespaces:
+            with scopes_disabled():
+                return self.get_response(request)
+
         organization_slug = url.kwargs.get("organization")
         if organization_slug:
             pk = organization_slug.rsplit("-", maxsplit=1)[-1]

From f11c1ca5bc65793fb4cfd4c1540702c76e1590a2 Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 16:03:01 +0100
Subject: [PATCH 08/12] Improve look of org create button with no existing orgs

---
 src/servala/frontend/templates/includes/sidebar.html | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/servala/frontend/templates/includes/sidebar.html b/src/servala/frontend/templates/includes/sidebar.html
index a04bc5d..924c464 100644
--- a/src/servala/frontend/templates/includes/sidebar.html
+++ b/src/servala/frontend/templates/includes/sidebar.html
@@ -84,7 +84,8 @@
                             </a>
                         </div>
                     {% else %}
-                        <a href="{% url 'frontend:organization.create' %}" class="sidebar-link">
+                        <a href="{% url 'frontend:organization.create' %}"
+                           class="btn btn-outline-primary w-100">
                             <i class="bi bi-plus-square"></i>
                             <span>{% translate "Create organization" %}</span>
                         </a>

From 21ff6fe7d05821b71373ce5eaca77602262a9cd1 Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 16:50:56 +0100
Subject: [PATCH 09/12] Implement organization rules

---
 src/servala/core/models/mixins.py       |  3 ++-
 src/servala/core/models/organization.py | 10 ++++++-
 src/servala/core/models/user.py         | 36 +++++--------------------
 src/servala/core/rules.py               | 23 ++++++++++++++++
 src/servala/settings.py                 |  2 +-
 5 files changed, 41 insertions(+), 33 deletions(-)
 create mode 100644 src/servala/core/rules.py

diff --git a/src/servala/core/models/mixins.py b/src/servala/core/models/mixins.py
index ac8c3b0..5a2ed94 100644
--- a/src/servala/core/models/mixins.py
+++ b/src/servala/core/models/mixins.py
@@ -1,8 +1,9 @@
 from django.db import models
 from django.utils.translation import gettext_lazy as _
+from rules.contrib.models import RulesModelBase, RulesModelMixin
 
 
-class ServalaModelMixin(models.Model):
+class ServalaModelMixin(RulesModelMixin, models.Model, metaclass=RulesModelBase):
     created_at = models.DateTimeField(
         auto_now_add=True, editable=False, verbose_name=_("Created")
     )
diff --git a/src/servala/core/models/organization.py b/src/servala/core/models/organization.py
index bcba9a2..d59057b 100644
--- a/src/servala/core/models/organization.py
+++ b/src/servala/core/models/organization.py
@@ -1,3 +1,4 @@
+import rules
 import urlman
 from django.conf import settings
 from django.db import models
@@ -6,7 +7,8 @@ from django.utils.text import slugify
 from django.utils.translation import gettext_lazy as _
 from django_scopes import ScopedManager
 
-from .mixins import ServalaModelMixin
+from servala.core import rules as perms
+from servala.core.models.mixins import ServalaModelMixin
 
 
 class Organization(ServalaModelMixin, models.Model):
@@ -65,6 +67,12 @@ class Organization(ServalaModelMixin, models.Model):
     class Meta:
         verbose_name = _("Organization")
         verbose_name_plural = _("Organizations")
+        rules_permissions = {
+            "view": rules.is_staff | perms.is_organization_member,
+            "change": rules.is_staff | perms.is_organization_admin,
+            "delete": rules.is_staff | perms.is_organization_owner,
+            "add": rules.is_authenticated,
+        }
 
     def __str__(self):
         return self.name
diff --git a/src/servala/core/models/user.py b/src/servala/core/models/user.py
index 12545a8..8fa3b88 100644
--- a/src/servala/core/models/user.py
+++ b/src/servala/core/models/user.py
@@ -1,4 +1,8 @@
-from django.contrib.auth.models import AbstractBaseUser, BaseUserManager
+from django.contrib.auth.models import (
+    AbstractBaseUser,
+    BaseUserManager,
+    PermissionsMixin,
+)
 from django.db import models
 from django.utils.translation import gettext_lazy as _
 
@@ -32,7 +36,7 @@ class UserManager(BaseUserManager):
         return self.create_user(email, password, **extra_fields)
 
 
-class User(ServalaModelMixin, AbstractBaseUser):
+class User(ServalaModelMixin, PermissionsMixin, AbstractBaseUser):
     """The Django model provides a password and last_login field."""
 
     objects = UserManager()
@@ -71,31 +75,3 @@ class User(ServalaModelMixin, AbstractBaseUser):
 
     def normalize_username(self, username):
         return super().normalize_username(username).strip().lower()
-
-    def has_perm(self, perm, obj=None):
-        """
-        Return True if the user has the specified permission.
-        Superusers automatically have all permissions.
-        """
-        return self.is_superuser
-
-    def has_module_perms(self, app_label):
-        """
-        Return True if the user has any permissions in the given app label.
-        Superusers automatically have all permissions.
-        """
-        return self.is_superuser
-
-    def get_all_permissions(self, obj=None):
-        """
-        Return a set of permission strings that the user has.
-        Superusers have all permissions.
-        """
-        if self.is_superuser:
-            from django.contrib.auth.models import Permission
-
-            return {
-                f"{perm.content_type.app_label}.{perm.codename}"
-                for perm in Permission.objects.all()
-            }
-        return set()
diff --git a/src/servala/core/rules.py b/src/servala/core/rules.py
new file mode 100644
index 0000000..2d51145
--- /dev/null
+++ b/src/servala/core/rules.py
@@ -0,0 +1,23 @@
+import rules
+
+
+def has_organization_role(user, org, roles):
+    memberships = org.memberships.all().filter(user=user)
+    if roles:
+        memberships = memberships.filter(role__in=roles)
+    return memberships.exists()
+
+
+@rules.predicate
+def is_organization_owner(user, org):
+    return has_organization_role(user, org, ["owner"])
+
+
+@rules.predicate
+def is_organization_admin(user, org):
+    return has_organization_role(user, org, ["owner", "admin"])
+
+
+@rules.predicate
+def is_organization_member(user, org):
+    return has_organization_role(user, org, None)
diff --git a/src/servala/settings.py b/src/servala/settings.py
index c1682a7..ef9932d 100644
--- a/src/servala/settings.py
+++ b/src/servala/settings.py
@@ -97,7 +97,7 @@ INSTALLED_APPS = [
     "django.contrib.staticfiles",
     "django.forms",
     "template_partials",
-    "rules",
+    "rules.apps.AutodiscoverRulesConfig",
     # The frontend app is loaded early in order to supersede some allauth views/behaviour
     "servala.frontend",
     "allauth",

From 31003c5c76967efd90c76dc56968a47ba253cd65 Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 16:57:15 +0100
Subject: [PATCH 10/12] Use rules permissions in views and HTMX forms

---
 .../frontend/organizations/update.html        |  2 +
 src/servala/frontend/views/generic.py         |  6 +--
 src/servala/frontend/views/mixins.py          | 24 ++++++++++-
 src/servala/frontend/views/organization.py    | 41 +++++++++++--------
 4 files changed, 51 insertions(+), 22 deletions(-)

diff --git a/src/servala/frontend/templates/frontend/organizations/update.html b/src/servala/frontend/templates/frontend/organizations/update.html
index 234622a..0a0fb8b 100644
--- a/src/servala/frontend/templates/frontend/organizations/update.html
+++ b/src/servala/frontend/templates/frontend/organizations/update.html
@@ -9,10 +9,12 @@
 {% partialdef org-name %}
 <td>
     {{ form.instance.name }}
+    {% if has_change_permission %}
     <button class="btn btn-primary"
             hx-get="{{ request.path }}?fragment=org-name-edit&hx-single-field=name"
             hx-target="closest td"
             hx-swap="outerHTML">{% translate "Edit" %}</button>
+    {% endif %}
 </td>
 {% endpartialdef org-name %}
 {% partialdef org-name-edit %}
diff --git a/src/servala/frontend/views/generic.py b/src/servala/frontend/views/generic.py
index 12300fd..a6846e7 100644
--- a/src/servala/frontend/views/generic.py
+++ b/src/servala/frontend/views/generic.py
@@ -1,18 +1,18 @@
 from django.conf import settings
 from django.urls import reverse_lazy
 from django.utils.functional import cached_property
-from django.views.generic import TemplateView, UpdateView
+from django.views.generic import TemplateView
 
 from servala.core.models import User
 from servala.frontend.forms.profile import UserProfileForm
-from servala.frontend.views.mixins import HtmxMixin
+from servala.frontend.views.mixins import HtmxUpdateView
 
 
 class IndexView(TemplateView):
     template_name = "frontend/index.html"
 
 
-class ProfileView(HtmxMixin, UpdateView):
+class ProfileView(HtmxUpdateView):
     template_name = "frontend/profile.html"
     form_class = UserProfileForm
     success_url = reverse_lazy("frontend:profile")
diff --git a/src/servala/frontend/views/mixins.py b/src/servala/frontend/views/mixins.py
index 6ab8f0f..055366f 100644
--- a/src/servala/frontend/views/mixins.py
+++ b/src/servala/frontend/views/mixins.py
@@ -1,14 +1,34 @@
 from django.utils.functional import cached_property
-from django.views.generic import TemplateView
+from django.views.generic import UpdateView
+from rules.contrib.views import AutoPermissionRequiredMixin
 
 
-class HtmxMixin(TemplateView):
+class HtmxUpdateView(AutoPermissionRequiredMixin, UpdateView):
     fragments = []
 
     @cached_property
     def is_htmx(self):
         return self.request.headers.get("HX-Request")
 
+    @property
+    def permission_type(self):
+        if self.request.method == "POST" or getattr(
+            self, "_test_write_permission", False
+        ):
+            return "change"
+        return "view"
+
+    def has_change_permission(self):
+        self._test_write_permission = True
+        permission = self.get_permission_required()[0]
+        self._test_write_permission = False
+        return self.request.user.has_perm(permission, self.get_permission_object())
+
+    def get_context_data(self, **kwargs):
+        result = super().get_context_data(**kwargs)
+        result["has_change_permission"] = self.has_change_permission()
+        return result
+
     def _get_fragment(self):
         if self.request.method == "POST":
             fragment = self.request.POST.get("fragment")
diff --git a/src/servala/frontend/views/organization.py b/src/servala/frontend/views/organization.py
index 91fcb2a..c91a251 100644
--- a/src/servala/frontend/views/organization.py
+++ b/src/servala/frontend/views/organization.py
@@ -1,14 +1,16 @@
 from django.shortcuts import redirect
 from django.utils.functional import cached_property
-from django.views.generic import FormView, TemplateView, UpdateView
+from django.views.generic import CreateView, DetailView
+from rules.contrib.views import AutoPermissionRequiredMixin
 
 from servala.core.models import Organization
 from servala.frontend.forms import OrganizationForm
-from servala.frontend.views.mixins import HtmxMixin
+from servala.frontend.views.mixins import HtmxUpdateView
 
 
-class OrganizationCreateView(FormView):
+class OrganizationCreateView(AutoPermissionRequiredMixin, CreateView):
     form_class = OrganizationForm
+    model = Organization
     template_name = "frontend/organizations/create.html"
 
     def form_valid(self, form):
@@ -18,27 +20,32 @@ class OrganizationCreateView(FormView):
         return redirect(instance.urls.base)
 
 
-class OrganizationDashboardView(TemplateView):
-    template_name = "frontend/organizations/dashboard.html"
-
-
-class OrganizationUpdateView(HtmxMixin, UpdateView):
-    template_name = "frontend/organizations/update.html"
-    form_class = OrganizationForm
-    fragments = ("org-name", "org-name-edit")
+class OrganizationViewMixin:
     model = Organization
     context_object_name = "organization"
 
-    def get_success_url(self):
-        return self.request.path
+    @cached_property
+    def organization(self):
+        return self.request.organization
 
     def get_object(self):
-        return self.request.organization
+        return self.organization
 
     @cached_property
     def object(self):
         return self.get_object()
 
-    def form_valid(self, form):
-        form.save()
-        return super().form_valid(form)
+
+class OrganizationDashboardView(
+    AutoPermissionRequiredMixin, OrganizationViewMixin, DetailView
+):
+    template_name = "frontend/organizations/dashboard.html"
+
+
+class OrganizationUpdateView(OrganizationViewMixin, HtmxUpdateView):
+    template_name = "frontend/organizations/update.html"
+    form_class = OrganizationForm
+    fragments = ("org-name", "org-name-edit")
+
+    def get_success_url(self):
+        return self.request.path

From 832d85b7fcf93e8d410828ae49937677b507d765 Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 16:57:52 +0100
Subject: [PATCH 11/12] Add sidebar icon

---
 src/servala/frontend/templates/includes/sidebar.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/servala/frontend/templates/includes/sidebar.html b/src/servala/frontend/templates/includes/sidebar.html
index 924c464..13d9d5c 100644
--- a/src/servala/frontend/templates/includes/sidebar.html
+++ b/src/servala/frontend/templates/includes/sidebar.html
@@ -112,7 +112,7 @@
                             <li class="sidebar-title">{% translate 'Organization' %}</li>
                             <li class="sidebar-item">
                                 <a href="{{ request.organization.urls.details }}" class='sidebar-link'>
-                                    <i class="bi bi-grid-fill"></i>
+                                    <i class="bi bi-building-gear"></i>
                                     <span>{% translate 'Details' %}</span>
                                 </a>
                             </li>

From d10ba90b4dea3ac8f21b0014c88b97c529bb0726 Mon Sep 17 00:00:00 2001
From: Tobias Kunze <r@rixx.de>
Date: Thu, 20 Mar 2025 17:01:47 +0100
Subject: [PATCH 12/12] Profile view permissions

---
 .../frontend/templates/frontend/organizations/update.html | 8 ++++----
 src/servala/frontend/views/generic.py                     | 3 +++
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/servala/frontend/templates/frontend/organizations/update.html b/src/servala/frontend/templates/frontend/organizations/update.html
index 0a0fb8b..01c919a 100644
--- a/src/servala/frontend/templates/frontend/organizations/update.html
+++ b/src/servala/frontend/templates/frontend/organizations/update.html
@@ -10,10 +10,10 @@
 <td>
     {{ form.instance.name }}
     {% if has_change_permission %}
-    <button class="btn btn-primary"
-            hx-get="{{ request.path }}?fragment=org-name-edit&hx-single-field=name"
-            hx-target="closest td"
-            hx-swap="outerHTML">{% translate "Edit" %}</button>
+        <button class="btn btn-primary"
+                hx-get="{{ request.path }}?fragment=org-name-edit&hx-single-field=name"
+                hx-target="closest td"
+                hx-swap="outerHTML">{% translate "Edit" %}</button>
     {% endif %}
 </td>
 {% endpartialdef org-name %}
diff --git a/src/servala/frontend/views/generic.py b/src/servala/frontend/views/generic.py
index a6846e7..a315851 100644
--- a/src/servala/frontend/views/generic.py
+++ b/src/servala/frontend/views/generic.py
@@ -19,6 +19,9 @@ class ProfileView(HtmxUpdateView):
     fragments = ("user-email", "user-email-edit", "user-company", "user-company-edit")
     model = User
 
+    def has_permission(self):
+        return True
+
     def get_object(self):
         return self.request.user