reenabled admin area; outfitted apps.lyric.models w. AbstractBaseUser instead of custom user class; many other fns & several models updated to accomodate, such as set_unusable_password() method to base user model; reset staging db to prepare for refreshed lyric migrations to accomodate for retrofitted pw field

src/apps/lyric/admin.py

@@ -1,3 +1,6 @@
 from django.contrib import admin
+from .models import Token, User
 
-# Register your models here.
+
+admin.site.register(User)
+admin.site.register(Token)

src/apps/lyric/authentication.py

@@ -13,7 +13,7 @@ class PasswordlessAuthenticationBackend:
         try:
             return User.objects.get(email=token.email)
         except User.DoesNotExist:
-            return User.objects.create(email=token.email)
+            return User.objects.create_user(email=token.email)
 
     def get_user(self, user_id):
         try:

src/apps/lyric/migrations/0001_initial.py

@@ -1,4 +1,4 @@
-# Generated by Django 6.0 on 2026-02-08 01:19
+# Generated by Django 6.0 on 2026-02-20 00:48
 
 import uuid
 from django.db import migrations, models
@@ -15,9 +15,16 @@ class Migration(migrations.Migration):
         migrations.CreateModel(
             name='User',
             fields=[
+                ('password', models.CharField(max_length=128, verbose_name='password')),
+                ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')),
                 ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
                 ('email', models.EmailField(max_length=254, unique=True)),
+                ('is_staff', models.BooleanField(default=False)),
+                ('is_superuser', models.BooleanField(default=False)),
             ],
+            options={
+                'abstract': False,
+            },
         ),
         migrations.CreateModel(
             name='Token',

src/apps/lyric/models.py

@@ -1,16 +1,38 @@
 import uuid
+
+from django.contrib.auth.base_user import AbstractBaseUser, BaseUserManager
 from django.db import models
 
+
+class UserManager(BaseUserManager):
+    def create_user(self, email):
+        user = self.model(email=email)
+        user.set_unusable_password()
+        user.save(using=self._db)
+        return user
+
+    def create_superuser(self, email, password):
+        user = self.model(email=email, is_staff=True, is_superuser=True)
+        user.set_password(password)
+        user.save(using=self._db)
+        return user
+
 class Token(models.Model):
     email = models.EmailField()
     uid = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
 
-class User(models.Model):
+class User(AbstractBaseUser):
     id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
     email = models.EmailField(unique=True)
+    is_staff = models.BooleanField(default=False)
+    is_superuser = models.BooleanField(default=False)
 
+    objects = UserManager()
     REQUIRED_FIELDS = []
     USERNAME_FIELD = "email"
+
+    def has_perm(self, perm, obj=None):
+        return self.is_superuser
     
-    is_authenticated = True
-    is_anonymous =False
+    def has_module_perms(self, app_label):
+        return self.is_superuser

src/apps/lyric/tests/integrated/test_models.py

@@ -11,6 +11,7 @@ class UserModelTest(TestCase):
     
     def test_user_is_valid_with_email_only(self):
         user = User(email="a@b.cde")
+        user.set_unusable_password()
         user.full_clean() # should not raise
 
     def test_id_is_primary_key(self):
@@ -23,3 +24,19 @@ class TokenModelTest(TestCase):
         token2 = Token.objects.create(email="v@w.xyz")
         self.assertNotEqual(token1.pk, token2.pk)
         self.assertIsInstance(token1.pk, uuid.UUID)
+
+class UserManagerTest(TestCase):
+    def test_create_superuser_sets_is_staff_and_is_superuser(self):
+        user = User.objects.create_superuser(
+            email="admin@example.com",
+            password="correct-password",
+        )
+        self.assertTrue(user.is_staff)
+        self.assertTrue(user.is_superuser)
+
+    def test_create_superuser_sets_usable_password(self):
+        user = User.objects.create_superuser(
+            email="admin@example.com",
+            password="correct-password",
+        )
+        self.assertTrue(user.check_password("correct-password"))

src/apps/lyric/tests/unit/test_authentication.py

@@ -2,6 +2,7 @@ from django.http import HttpRequest
 from django.test import SimpleTestCase
 
 from apps.lyric.authentication import PasswordlessAuthenticationBackend
+from apps.lyric.models import User
 
 
 class SimpleAuthenticateTest(SimpleTestCase):
@@ -15,3 +16,16 @@ class SimpleAuthenticateTest(SimpleTestCase):
         result = PasswordlessAuthenticationBackend().authenticate(HttpRequest())
         self.assertIsNone(result)
 
+class UserPermissionsTest(SimpleTestCase):
+    def test_superuser_has_perm(self):
+        user = User(is_superuser=True)
+        self.assertTrue(user.has_perm("any.permission"))
+
+    def test_superuser_has_module_perms(self):
+        user = User(is_superuser=True)
+        self.assertTrue(user.has_module_perms("any_app"))
+
+    def test_non_superuser_has_no_perm(self):
+        user = User(is_superuser=False)
+        self.assertFalse(user.has_perm("any.permission"))
+