From b1b89d1d6f7da958db374d88d703f368dd5b90e7 Mon Sep 17 00:00:00 2001 From: Stefano Brentegani Date: Wed, 30 Jul 2014 06:58:57 +0200 Subject: [PATCH] replace all explicit uses of HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE in helpdesk.views.staff --- docs/settings.rst | 5 ++--- helpdesk/views/staff.py | 11 +++++------ 2 files changed, 7 insertions(+), 9 deletions(-) diff --git a/docs/settings.rst b/docs/settings.rst index ea57a3ba..b5dfdaab 100644 --- a/docs/settings.rst +++ b/docs/settings.rst @@ -86,12 +86,11 @@ These options only change display of items on public-facing pages, not staff pag Options that change ticket updates ---------------------------------- -- **HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE** Allow non-staff users to interact with tickets? This will also change how 'staff_member_required' - in staff.py will be defined. +- **HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE** Allow non-staff users to interact with tickets? **Default:** ``HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE = False`` -- **HELPDESK_CUSTOM_STAFF_FILTER_CALLBACK** Apply a custom authorisation logic when defining 'staff_member_required' in staff.py. +- **HELPDESK_CUSTOM_STAFF_FILTER_CALLBACK** Apply a custom authorisation logic for identifying helpdesk staff members. If set, `HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE` will be ignored when determining staff access. The value should be a function accepting the active user as a parameter and returning True if the user is considered helpdesk staff, e.g. diff --git a/helpdesk/views/staff.py b/helpdesk/views/staff.py index 99a9a1dd..eeca737d 100644 --- a/helpdesk/views/staff.py +++ b/helpdesk/views/staff.py @@ -32,7 +32,7 @@ try: except ImportError: from datetime import datetime as timezone -from helpdesk.decorators import helpdesk_staff_member_required, helpdesk_superuser_required +from helpdesk.decorators import helpdesk_staff_member_required, helpdesk_superuser_required, is_helpdesk_staff from helpdesk.forms import TicketForm, UserSettingsForm, EmailIgnoreForm, EditTicketForm, TicketCCForm, EditFollowUpForm, TicketDependencyForm from helpdesk.lib import send_templated_mail, query_to_dict, apply_query, safe_template_context from helpdesk.models import Ticket, Queue, FollowUp, TicketChange, PreSetReply, Attachment, SavedSearch, IgnoreEmail, TicketCC, TicketDependency @@ -292,8 +292,7 @@ def subscribe_staff_member_to_ticket(ticket, user): def update_ticket(request, ticket_id, public=False): - if not (public or (request.user.is_authenticated() and request.user.is_active and ( - request.user.is_staff or helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE))): + if not (public or is_helpdesk_staff(request.user)): return HttpResponseRedirect('%s?next=%s' % (reverse('login'), request.path)) ticket = get_object_or_404(Ticket, id=ticket_id) @@ -344,7 +343,7 @@ def update_ticket(request, ticket_id, public=False): f = FollowUp(ticket=ticket, date=timezone.now(), comment=comment) - if request.user.is_staff or helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE: + if is_helpdesk_staff(request.user): f.user = request.user f.public = public @@ -535,9 +534,9 @@ def update_ticket(request, ticket_id, public=False): def return_to_ticket(user, helpdesk_settings, ticket): - ''' Helpder function for update_ticket ''' + """ Helper function for update_ticket """ - if user.is_staff or helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE: + if is_helpdesk_staff(user): return HttpResponseRedirect(ticket.get_absolute_url()) else: return HttpResponseRedirect(ticket.ticket_url)