Merge pull request #558 from msaelices/feat-raise-404-if-anon

Feat raise 404 if anon
This commit is contained in:
Garret Wassermann 2017-10-24 00:58:12 -04:00 committed by GitHub
commit 004478f6e4
5 changed files with 32 additions and 6 deletions

23
helpdesk/decorators.py Normal file
View File

@ -0,0 +1,23 @@
from functools import wraps
from django.core.urlresolvers import reverse
from django.http import HttpResponseRedirect, Http404
from django.utils.decorators import available_attrs
from helpdesk import settings as helpdesk_settings
def protect_view(view_func):
"""
Decorator for protecting the views checking user, redirecting
to the log-in page if necessary or returning 404 status code
"""
@wraps(view_func, assigned=available_attrs(view_func))
def _wrapped_view(request, *args, **kwargs):
if not request.user.is_authenticated() and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT:
return HttpResponseRedirect(reverse('helpdesk:login'))
elif not request.user.is_authenticated() and helpdesk_settings.HELPDESK_ANON_ACCESS_RAISES_404:
raise Http404
return view_func(request, *args, **kwargs)
return _wrapped_view

View File

@ -32,6 +32,11 @@ HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT = getattr(settings,
'HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT',
False)
# raises a 404 to anon users. It's like it was invisible
HELPDESK_ANON_ACCESS_RAISES_404 = getattr(settings,
'HELPDESK_ANON_ACCESS_RAISES_404',
False)
# show knowledgebase links?
HELPDESK_KB_ENABLED = getattr(settings, 'HELPDESK_KB_ENABLED', True)

View File

@ -14,15 +14,14 @@ from django.utils.http import urlquote
from django.utils.translation import ugettext as _
from helpdesk import settings as helpdesk_settings
from helpdesk.decorators import protect_view
from helpdesk.forms import PublicTicketForm
from helpdesk.lib import text_is_spam
from helpdesk.models import Ticket, Queue, UserSettings, KBCategory
@protect_view
def homepage(request):
if not request.user.is_authenticated() and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT:
return HttpResponseRedirect(reverse('helpdesk:login'))
if request.user.is_staff or \
(request.user.is_authenticated() and
helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE):
@ -74,6 +73,7 @@ def homepage(request):
})
@protect_view
def view_ticket(request):
ticket_req = request.GET.get('ticket', None)
email = request.GET.get('email', None)

View File

@ -14,7 +14,6 @@ from django.contrib.auth import get_user_model
from django.contrib.auth.decorators import user_passes_test
from django.core.urlresolvers import reverse
from django.core.exceptions import ValidationError, PermissionDenied
from django.core import paginator
from django.db import connection
from django.db.models import Q
from django.http import HttpResponseRedirect, Http404, HttpResponse
@ -93,7 +92,6 @@ def dashboard(request):
showing ticket counts by queue/status, and a list of unassigned tickets
with options for them to 'Take' ownership of said tickets.
"""
# open & reopened tickets, assigned to current user
tickets = Ticket.objects.select_related('queue').filter(
assigned_to=request.user,

View File

@ -6,7 +6,7 @@ from distutils.util import convert_path
from fnmatch import fnmatchcase
from setuptools import setup, find_packages
version = '0.3.0'
version = '0.3.0.1'
# Provided as an attribute, so you can append to these instead
# of replicating them: