Merge pull request #558 from msaelices/feat-raise-404-if-anon

Feat raise 404 if anon

helpdesk/decorators.py

@@ -0,0 +1,23 @@
+from functools import wraps
+
+from django.core.urlresolvers import reverse
+from django.http import HttpResponseRedirect, Http404
+from django.utils.decorators import available_attrs
+
+from helpdesk import settings as helpdesk_settings
+
+
+def protect_view(view_func):
+    """
+    Decorator for protecting the views checking user, redirecting
+    to the log-in page if necessary or returning 404 status code
+    """
+    @wraps(view_func, assigned=available_attrs(view_func))
+    def _wrapped_view(request, *args, **kwargs):
+        if not request.user.is_authenticated() and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT:
+            return HttpResponseRedirect(reverse('helpdesk:login'))
+        elif not request.user.is_authenticated() and helpdesk_settings.HELPDESK_ANON_ACCESS_RAISES_404:
+            raise Http404
+        return view_func(request, *args, **kwargs)
+
+    return _wrapped_view

helpdesk/settings.py

@@ -32,6 +32,11 @@ HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT = getattr(settings,
                                                 'HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT',
                                                 False)
 
+# raises a 404 to anon users. It's like it was invisible
+HELPDESK_ANON_ACCESS_RAISES_404 = getattr(settings,
+                                          'HELPDESK_ANON_ACCESS_RAISES_404',
+                                          False)
+
 # show knowledgebase links?
 HELPDESK_KB_ENABLED = getattr(settings, 'HELPDESK_KB_ENABLED', True)
 

helpdesk/views/public.py

@@ -14,15 +14,14 @@ from django.utils.http import urlquote
 from django.utils.translation import ugettext as _
 
 from helpdesk import settings as helpdesk_settings
+from helpdesk.decorators import protect_view
 from helpdesk.forms import PublicTicketForm
 from helpdesk.lib import text_is_spam
 from helpdesk.models import Ticket, Queue, UserSettings, KBCategory
 
 
+@protect_view
 def homepage(request):
-    if not request.user.is_authenticated() and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT:
-        return HttpResponseRedirect(reverse('helpdesk:login'))
-
     if request.user.is_staff or \
             (request.user.is_authenticated() and
              helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE):
@@ -74,6 +73,7 @@ def homepage(request):
     })
 
 
+@protect_view
 def view_ticket(request):
     ticket_req = request.GET.get('ticket', None)
     email = request.GET.get('email', None)

helpdesk/views/staff.py

@@ -14,7 +14,6 @@ from django.contrib.auth import get_user_model
 from django.contrib.auth.decorators import user_passes_test
 from django.core.urlresolvers import reverse
 from django.core.exceptions import ValidationError, PermissionDenied
-from django.core import paginator
 from django.db import connection
 from django.db.models import Q
 from django.http import HttpResponseRedirect, Http404, HttpResponse
@@ -93,7 +92,6 @@ def dashboard(request):
     showing ticket counts by queue/status, and a list of unassigned tickets
     with options for them to 'Take' ownership of said tickets.
     """
-
     # open & reopened tickets, assigned to current user
     tickets = Ticket.objects.select_related('queue').filter(
         assigned_to=request.user,

setup.py

@@ -6,7 +6,7 @@ from distutils.util import convert_path
 from fnmatch import fnmatchcase
 from setuptools import setup, find_packages
 
-version = '0.3.0'
+version = '0.3.0.1'
 
 # Provided as an attribute, so you can append to these instead
 # of replicating them: