Add HELPDESK_ENABLE_ATTACHMENTS setting and make it show/hide attachment related UI

Default setting is false. This is not backward compatible.
The rationale is: attachments contain most likely sensitive information.
By default they are served without access control.  Currently there is
no simple feature to configure access control.  To avoid unintentional
disclosure attachments should be an opt in: you have been warned.
This commit is contained in:
Georg Lehner 2024-06-06 15:47:50 +02:00
parent c77bb30035
commit dd4c04945a
5 changed files with 37 additions and 24 deletions

View File

@ -239,6 +239,7 @@ class AbstractTicketForm(CustomFieldMixin, forms.Form):
label=_('Due on'), label=_('Due on'),
) )
if helpdesk_settings.HELPDESK_ENABLE_ATTACHMENTS:
attachment = forms.FileField( attachment = forms.FileField(
widget=forms.FileInput(attrs={'class': 'form-control-file'}), widget=forms.FileInput(attrs={'class': 'form-control-file'}),
required=False, required=False,

View File

@ -56,6 +56,11 @@ HELPDESK_STAFF_VIEW_PROTECTOR = getattr(settings,
'HELPDESK_STAFF_VIEW_PROTECTOR', 'HELPDESK_STAFF_VIEW_PROTECTOR',
lambda _: None) lambda _: None)
# Enable ticket and Email attachments
HELPDESK_ENABLE_ATTACHMENTS = getattr(settings,
'HELPDESK_ENABLE_ATTACHMENTS',
False)
# Enable the Dependencies field on ticket view # Enable the Dependencies field on ticket view
HELPDESK_ENABLE_DEPENDENCIES_ON_TICKET = getattr(settings, HELPDESK_ENABLE_DEPENDENCIES_ON_TICKET = getattr(settings,
'HELPDESK_ENABLE_DEPENDENCIES_ON_TICKET', 'HELPDESK_ENABLE_DEPENDENCIES_ON_TICKET',

View File

@ -123,6 +123,7 @@
</dl> </dl>
{% if helpdesk_settings.HELPDESK_ENABLE_ATTACHMENTS %}
<p id='ShowFileUploadPara'><button class="btn btn-warning btn-sm" <p id='ShowFileUploadPara'><button class="btn btn-warning btn-sm"
id='ShowFileUpload' onclick="$('#FileUpload')[0].style.display='block';return false;" >{% trans "Attach File(s) &raquo;" %}</button></p> id='ShowFileUpload' onclick="$('#FileUpload')[0].style.display='block';return false;" >{% trans "Attach File(s) &raquo;" %}</button></p>
@ -140,7 +141,7 @@
</dl> </dl>
</div> </div>
{% endif %}
</fieldset> </fieldset>
<button class="btn btn-primary btn-lg" style="margin-bottom:10px" type='submit'>{% trans "Update This Ticket" %}</button> <button class="btn btn-primary btn-lg" style="margin-bottom:10px" type='submit'>{% trans "Update This Ticket" %}</button>

View File

@ -54,6 +54,7 @@
<li>{% blocktrans with change.field as field and change.old_value as old_value and change.new_value as new_value %}Changed {{ field }} from {{ old_value }} to {{ new_value }}.{% endblocktrans %}</li> <li>{% blocktrans with change.field as field and change.old_value as old_value and change.new_value as new_value %}Changed {{ field }} from {{ old_value }} to {{ new_value }}.{% endblocktrans %}</li>
{% if forloop.last %}</ul></div>{% endif %} {% if forloop.last %}</ul></div>{% endif %}
{% endfor %} {% endfor %}
{% if helpdesk_settings.HELPDESK_ENABLE_ATTACHMENTS %}
{% for attachment in followup.followupattachment_set.all %}{% if forloop.first %}{% trans "Attachments" %}:<div class='attachments'><ul>{% endif %} {% for attachment in followup.followupattachment_set.all %}{% if forloop.first %}{% trans "Attachments" %}:<div class='attachments'><ul>{% endif %}
<li><a href='{{ attachment.file.url }}'>{{ attachment.filename }}</a> ({{ attachment.mime_type }}, {{ attachment.size|filesizeformat }}) <li><a href='{{ attachment.file.url }}'>{{ attachment.filename }}</a> ({{ attachment.mime_type }}, {{ attachment.size|filesizeformat }})
{% if followup.user and request.user == followup.user %} {% if followup.user and request.user == followup.user %}
@ -62,6 +63,7 @@
</li> </li>
{% if forloop.last %}</ul></div>{% endif %} {% if forloop.last %}</ul></div>{% endif %}
{% endfor %} {% endfor %}
{% endif %}
</p> </p>
<!--- ugly long test to suppress the following if it will be empty, to save vertical space --> <!--- ugly long test to suppress the following if it will be empty, to save vertical space -->
{% with possible=helpdesk_settings.HELPDESK_SHOW_EDIT_BUTTON_FOLLOW_UP %} {% with possible=helpdesk_settings.HELPDESK_SHOW_EDIT_BUTTON_FOLLOW_UP %}
@ -197,7 +199,9 @@
</div> </div>
{% endif %} {% endif %}
{% if helpdesk_settings.HELPDESK_ENABLE_ATTACHMENTS %}
<p id='ShowFileUploadPara'><button type="button" class="btn btn-warning btn-sm" id='ShowFileUpload'>{% trans "Attach File(s) &raquo;" %}</button></p> <p id='ShowFileUploadPara'><button type="button" class="btn btn-warning btn-sm" id='ShowFileUpload'>{% trans "Attach File(s) &raquo;" %}</button></p>
{% endif %}
<div id='FileUpload' style='display: none;'> <div id='FileUpload' style='display: none;'>

View File

@ -150,6 +150,7 @@
<td> <a href ="{{ticket.kbitem.query_url}}"> {{ticket.kbitem}} </a> </td> <td> <a href ="{{ticket.kbitem.query_url}}"> {{ticket.kbitem}} </a> </td>
</tr> </tr>
{% endif %} {% endif %}
{% if helpdesk_settings.HELPDESK_ENABLE_ATTACHMENTS %}
<tr> <tr>
<th class="table-active">{% trans "Attachments" %}</th> <th class="table-active">{% trans "Attachments" %}</th>
<td colspan="3"> <td colspan="3">
@ -171,6 +172,7 @@
</ul> </ul>
</td> </td>
</tr> </tr>
{% endif %}
<tr> <tr>
<th class="table-active">{% trans "Checklists" %}</th> <th class="table-active">{% trans "Checklists" %}</th>
<td colspan="3"> <td colspan="3">