django-helpdesk/helpdesk/decorators.py

91 lines
3.4 KiB
Python

from django.contrib.auth.decorators import user_passes_test
from django.core.exceptions import PermissionDenied
from django.http import Http404
from django.shortcuts import redirect
from functools import wraps
from helpdesk import settings as helpdesk_settings
def check_staff_status(check_staff=False):
"""
Somewhat ridiculous currying to check user permissions without using lambdas.
The function most only take one User parameter at the end for use with
the Django function user_passes_test.
"""
def check_superuser_status(check_superuser):
def check_user_status(u):
is_ok = u.is_authenticated and u.is_active
if check_staff:
return is_ok and u.is_staff
elif check_superuser:
return is_ok and u.is_superuser
else:
return is_ok
return check_user_status
return check_superuser_status
if callable(helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE):
# apply a custom user validation condition
is_helpdesk_staff = helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE
elif helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE:
# treat 'normal' users like 'staff'
is_helpdesk_staff = check_staff_status(False)(False)
else:
is_helpdesk_staff = check_staff_status(True)(False)
helpdesk_staff_member_required = user_passes_test(is_helpdesk_staff)
helpdesk_superuser_required = user_passes_test(check_staff_status(False)(True))
def protect_view(view_func):
"""
Decorator for protecting the views checking user, redirecting
to the log-in page if necessary or returning 404 status code
"""
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
if not request.user.is_authenticated and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT:
return redirect('helpdesk:login')
elif not request.user.is_authenticated and helpdesk_settings.HELPDESK_ANON_ACCESS_RAISES_404:
raise Http404
if auth_redirect := helpdesk_settings.HELPDESK_PUBLIC_VIEW_PROTECTOR(request):
return auth_redirect
return view_func(request, *args, **kwargs)
return _wrapped_view
def staff_member_required(view_func):
"""
Decorator for staff member the views checking user, redirecting
to the log-in page if necessary or returning 403
"""
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
if not request.user.is_authenticated and not request.user.is_active:
return redirect('helpdesk:login')
if not helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE and not request.user.is_staff:
raise PermissionDenied()
if auth_redirect := helpdesk_settings.HELPDESK_STAFF_VIEW_PROTECTOR(request):
return auth_redirect
return view_func(request, *args, **kwargs)
return _wrapped_view
def superuser_required(view_func):
"""
Decorator for superuser member the views checking user, redirecting
to the log-in page if necessary or returning 403
"""
@wraps(view_func)
def _wrapped_view(request, *args, **kwargs):
if not request.user.is_authenticated and not request.user.is_active:
return redirect('helpdesk:login')
if not request.user.is_superuser:
raise PermissionDenied()
return view_func(request, *args, **kwargs)
return _wrapped_view