forked from extern/django-helpdesk
57 lines
2.1 KiB
Python
57 lines
2.1 KiB
Python
from functools import wraps
|
|
|
|
from django.urls import reverse
|
|
from django.http import HttpResponseRedirect, Http404
|
|
from django.utils.decorators import available_attrs
|
|
from django.contrib.auth.decorators import user_passes_test
|
|
|
|
from helpdesk import settings as helpdesk_settings
|
|
|
|
|
|
def check_staff_status(check_staff=False):
|
|
"""
|
|
Somewhat ridiculous currying to check user permissions without using lambdas.
|
|
The function most only take one User parameter at the end for use with
|
|
the Django function user_passes_test.
|
|
"""
|
|
def check_superuser_status(check_superuser):
|
|
def check_user_status(u):
|
|
is_ok = u.is_authenticated and u.is_active
|
|
if check_staff:
|
|
return is_ok and u.is_staff
|
|
elif check_superuser:
|
|
return is_ok and u.is_superuser
|
|
else:
|
|
return is_ok
|
|
return check_user_status
|
|
return check_superuser_status
|
|
|
|
|
|
if callable(helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE):
|
|
# apply a custom user validation condition
|
|
is_helpdesk_staff = helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE
|
|
elif helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE:
|
|
# treat 'normal' users like 'staff'
|
|
is_helpdesk_staff = check_staff_status(False)(False)
|
|
else:
|
|
is_helpdesk_staff = check_staff_status(True)(False)
|
|
|
|
helpdesk_staff_member_required = user_passes_test(is_helpdesk_staff)
|
|
helpdesk_superuser_required = user_passes_test(check_staff_status(False)(True))
|
|
|
|
|
|
def protect_view(view_func):
|
|
"""
|
|
Decorator for protecting the views checking user, redirecting
|
|
to the log-in page if necessary or returning 404 status code
|
|
"""
|
|
@wraps(view_func, assigned=available_attrs(view_func))
|
|
def _wrapped_view(request, *args, **kwargs):
|
|
if not request.user.is_authenticated and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT:
|
|
return HttpResponseRedirect(reverse('helpdesk:login'))
|
|
elif not request.user.is_authenticated and helpdesk_settings.HELPDESK_ANON_ACCESS_RAISES_404:
|
|
raise Http404
|
|
return view_func(request, *args, **kwargs)
|
|
|
|
return _wrapped_view
|