aottr.dev / paw
Free and open source ticket system written in python
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

๐Ÿ‘Œ IMPROVE: Add Superuser (Admin) privileges and extend view changes for new permissions

Dustin Kroeger 31047a4f fa7326a1

+20 -10
+3 -1
paw/templates/ticketing/ticket_detail.html
··· 62 62 </div> 63 63 <div class="mb-10"> 64 64 {% if ticket.status != 'closed' %} 65 + {% if can_edit or ticker.user == request.user %} 65 66 {% if can_edit %} 66 67 <form action="" method="post"> 67 68 {% csrf_token %} ··· 94 95 </div> 95 96 96 97 <div class="flex justify-end"> 97 - {% if request.user.is_staff %} 98 + {% if can_edit %} 98 99 <div class="form-control mt-2"> 99 100 <label for="{{ form.hidden_from_client.id_for_label }}" class="cursor-pointer label"> 100 101 {{ form.hidden_from_client }} ··· 104 105 {% endif %} 105 106 </div> 106 107 </form> 108 + {% endif %} {% comment %} can_edit or ticket.user == request.user {% endcomment %} 107 109 {% else %} 108 110 <div class="divider">{% trans 'Ticket has been closed' %}</div> 109 111 {% if can_edit and ticket.status == 'closed' %}
+1 -1
ticketing/forms.py
··· 96 96 97 97 98 98 class TeamAssignmentForm(forms.Form): 99 - team_select = forms.ModelChoiceField(queryset=Team.objects.all(), empty_label=_('No Team'), required=False, widget=forms.Select( 99 + team_select = forms.ModelChoiceField(queryset=Team.objects.filter(readonly_access=False), empty_label=_('No Team'), required=False, widget=forms.Select( 100 100 attrs={'class': 'select select-bordered select-sm w-full'})) 101 101 102 102
+8 -1
ticketing/models.py
··· 74 74 """ 75 75 For regular users with no team: return all open tickets that are created by the user 76 76 """ 77 + if user.is_superuser: 78 + return cls.objects.all() 79 + 77 80 user_teams = user.team_set.all() 78 81 if not user_teams: 79 82 return cls.objects.filter(user=user) ··· 103 106 return cls._get_tickets(user).filter(status=cls.Status.CLOSED) 104 107 105 108 def can_open(self, user): 109 + if user.is_superuser: 110 + return True 106 111 return self.user == user or self.assigned_to == user or self.assigned_team in user.team_set.all() or self.assigned_team is None and user.team_set.filter(access_non_category_tickets=True).exists() 107 112 108 113 def can_edit(self, user): 109 - assigned_and_write_access = self.assigned_team in user.team_set.filter(readonly_access=False) 114 + if user.is_superuser: 115 + return True 116 + assigned_and_write_access = self.assigned_team in user.team_set.filter(readonly_access=False) or self.assigned_to == user 110 117 unassigned_and_write_access = self.assigned_team is None and user.team_set.filter(access_non_category_tickets=True, readonly_access=False).exists() 111 118 print(assigned_and_write_access, unassigned_and_write_access) 112 119 return self.can_open(user) and (assigned_and_write_access or unassigned_and_write_access)
+8 -7
ticketing/views.py
··· 27 27 @login_required 28 28 def show_ticket(request, ticket_id): 29 29 ticket = get_object_or_404(Ticket, pk=ticket_id) 30 + can_edit = ticket.can_edit(request.user) 30 31 # comment_templates = Template.objects.filter(category=ticket.category) 31 32 32 33 if not ticket.can_open(request.user): ··· 36 37 ), TemplateForm(), TeamAssignmentForm(), CategoryAssignmentForm() 37 38 38 39 if request.method == "POST": 39 - if 'apply_template' in request.POST and request.user.is_staff: 40 + if 'apply_template' in request.POST and can_edit: 40 41 template_form = TemplateForm(request.POST) 41 42 if template_form.is_valid(): 42 43 template = template_form.cleaned_data["template_select"] 43 44 form = CommentForm(initial={"text": template.content}) 44 - elif 'assign_to_team' in request.POST and request.user.is_staff: 45 + elif 'assign_to_team' in request.POST and can_edit: 45 46 team_assignment_form = TeamAssignmentForm(request.POST) 46 47 if team_assignment_form.is_valid(): 47 48 ticket.assign_to_team( 48 49 team_assignment_form.cleaned_data["team_select"]) 49 - elif 'assign_to_category' in request.POST and request.user.is_staff: 50 + elif 'assign_to_category' in request.POST and can_edit: 50 51 category_assignment_form = CategoryAssignmentForm(request.POST) 51 52 if category_assignment_form.is_valid(): 52 53 ticket.category = category_assignment_form.cleaned_data["category_select"] 53 54 ticket.save() 54 - elif 'assign_self' in request.POST and request.user.is_staff: 55 + elif 'assign_self' in request.POST and can_edit: 55 56 ticket.assigned_to = request.user 56 57 ticket.save() 57 - elif 'reopen_ticket' in request.POST and request.user.is_staff: 58 + elif 'reopen_ticket' in request.POST and can_edit: 58 59 ticket.status = Ticket.Status.IN_PROGRESS 59 60 ticket.save() 60 61 else: ··· 69 70 for file in form.cleaned_data["attachments"]: 70 71 ticket.fileattachment_set.create(file=file) 71 72 72 - if 'close' in request.POST and request.user.is_staff: 73 + if 'close' in request.POST and can_edit: 73 74 ticket.close_ticket() 74 75 75 76 comments = ticket.comment_set.all() ··· 77 78 "ticket": ticket, "comments": comments, "attachments": [attachment.file for attachment in ticket.fileattachment_set.all()], 78 79 "form": form, "template_form": template_form, 79 80 "team_assignment_form": team_assignment_form, "category_assignment_form": category_assignment_form, 80 - "can_edit": ticket.can_edit(request.user) 81 + "can_edit": can_edit 81 82 } 82 83 return render(request, "ticketing/ticket_detail.html", context) 83 84