django-helpdeskmig/helpdesk/decorators.py

from django.contrib.auth.decorators import user_passes_test
from django.core.exceptions import PermissionDenied
from django.http import Http404
from django.shortcuts import redirect
from functools import wraps
from helpdesk import settings as helpdesk_settings


def check_staff_status(check_staff=False):
    """
    Somewhat ridiculous currying to check user permissions without using lambdas.
    The function most only take one User parameter at the end for use with
    the Django function user_passes_test.
    """
    def check_superuser_status(check_superuser):
        def check_user_status(u):
            is_ok = u.is_authenticated and u.is_active
            if check_staff:
                return is_ok and u.is_staff
            elif check_superuser:
                return is_ok and u.is_superuser
            else:
                return is_ok
        return check_user_status
    return check_superuser_status


if callable(helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE):
    # apply a custom user validation condition
    is_helpdesk_staff = helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE
elif helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE:
    # treat 'normal' users like 'staff'
    is_helpdesk_staff = check_staff_status(False)(False)
else:
    is_helpdesk_staff = check_staff_status(True)(False)

helpdesk_staff_member_required = user_passes_test(is_helpdesk_staff)
helpdesk_superuser_required = user_passes_test(check_staff_status(False)(True))


def protect_view(view_func):
    """
    Decorator for protecting the views checking user, redirecting
    to the log-in page if necessary or returning 404 status code
    """
    @wraps(view_func)
    def _wrapped_view(request, *args, **kwargs):
        if not request.user.is_authenticated and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT:
            return redirect('helpdesk:login')
        elif not request.user.is_authenticated and helpdesk_settings.HELPDESK_ANON_ACCESS_RAISES_404:
            raise Http404
        if auth_redirect := helpdesk_settings.HELPDESK_PUBLIC_VIEW_PROTECTOR(request):
            return auth_redirect
        return view_func(request, *args, **kwargs)

    return _wrapped_view


def staff_member_required(view_func):
    """
    Decorator for staff member the views checking user, redirecting
    to the log-in page if necessary or returning 403
    """
    @wraps(view_func)
    def _wrapped_view(request, *args, **kwargs):
        if not request.user.is_authenticated and not request.user.is_active:
            return redirect('helpdesk:login')
        if not helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE and not request.user.is_staff:
            raise PermissionDenied()
        if auth_redirect := helpdesk_settings.HELPDESK_STAFF_VIEW_PROTECTOR(request):
            return auth_redirect
        return view_func(request, *args, **kwargs)

    return _wrapped_view


def superuser_required(view_func):
    """
    Decorator for superuser member the views checking user, redirecting
    to the log-in page if necessary or returning 403
    """
    @wraps(view_func)
    def _wrapped_view(request, *args, **kwargs):
        if not request.user.is_authenticated and not request.user.is_active:
            return redirect('helpdesk:login')
        if not request.user.is_superuser:
            raise PermissionDenied()
        return view_func(request, *args, **kwargs)

    return _wrapped_view
Initial isort configuration Will fail build if imports are not sorted correctly 2022-07-22 03:26:41 +02:00			`from django.contrib.auth.decorators import user_passes_test`
fix redirect loop 2019-03-20 13:47:57 +01:00			`from django.core.exceptions import PermissionDenied`
			`from django.http import Http404`
			`from django.shortcuts import redirect`
Initial isort configuration Will fail build if imports are not sorted correctly 2022-07-22 03:26:41 +02:00			`from functools import wraps`
If HELPDESK_ANON_ACCESS_RAISES_404 is True, it raises a 404 to anon users. It's like the helpdesk was invisible 2017-10-04 03:42:26 +02:00			`from helpdesk import settings as helpdesk_settings`

Fix codestyle errors, use currying instead of lambdas for determing user access 2018-07-19 06:06:57 +02:00
			`def check_staff_status(check_staff=False):`
			`"""`
			`Somewhat ridiculous currying to check user permissions without using lambdas.`
			`The function most only take one User parameter at the end for use with`
			`the Django function user_passes_test.`
			`"""`
			`def check_superuser_status(check_superuser):`
			`def check_user_status(u):`
			`is_ok = u.is_authenticated and u.is_active`
			`if check_staff:`
			`return is_ok and u.is_staff`
			`elif check_superuser:`
			`return is_ok and u.is_superuser`
			`else:`
			`return is_ok`
			`return check_user_status`
			`return check_superuser_status`


Merge custom staff filter, PR #239 2017-10-30 08:17:40 +01:00			`if callable(helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE):`
move decorators to their own module, rename to helpdesk_* 2014-07-28 11:46:02 +02:00			`# apply a custom user validation condition`
Merge custom staff filter, PR #239 2017-10-30 08:17:40 +01:00			`is_helpdesk_staff = helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE`
			`elif helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE:`
move decorators to their own module, rename to helpdesk_* 2014-07-28 11:46:02 +02:00			`# treat 'normal' users like 'staff'`
Fix codestyle errors, use currying instead of lambdas for determing user access 2018-07-19 06:06:57 +02:00			`is_helpdesk_staff = check_staff_status(False)(False)`
move decorators to their own module, rename to helpdesk_* 2014-07-28 11:46:02 +02:00			`else:`
Fix codestyle errors, use currying instead of lambdas for determing user access 2018-07-19 06:06:57 +02:00			`is_helpdesk_staff = check_staff_status(True)(False)`
move decorators to their own module, rename to helpdesk_* 2014-07-28 11:46:02 +02:00
separate authorisation function from decorator 2014-07-29 20:55:25 +02:00			`helpdesk_staff_member_required = user_passes_test(is_helpdesk_staff)`
Fix codestyle errors, use currying instead of lambdas for determing user access 2018-07-19 06:06:57 +02:00			`helpdesk_superuser_required = user_passes_test(check_staff_status(False)(True))`

If HELPDESK_ANON_ACCESS_RAISES_404 is True, it raises a 404 to anon users. It's like the helpdesk was invisible 2017-10-04 03:42:26 +02:00
			`def protect_view(view_func):`
			`"""`
			`Decorator for protecting the views checking user, redirecting`
			`to the log-in page if necessary or returning 404 status code`
			`"""`
available_attrs was removed from Django as it was only used as a Python 2 bug workaround 2020-10-13 00:11:07 +02:00			`@wraps(view_func)`
If HELPDESK_ANON_ACCESS_RAISES_404 is True, it raises a 404 to anon users. It's like the helpdesk was invisible 2017-10-04 03:42:26 +02:00			`def _wrapped_view(request, args, *kwargs):`
Address deprecation warnings to be compatible with Django 2.0 2017-12-28 13:23:51 +01:00			`if not request.user.is_authenticated and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT:`
fix redirect loop 2019-03-20 13:47:57 +01:00			`return redirect('helpdesk:login')`
Address deprecation warnings to be compatible with Django 2.0 2017-12-28 13:23:51 +01:00			`elif not request.user.is_authenticated and helpdesk_settings.HELPDESK_ANON_ACCESS_RAISES_404:`
If HELPDESK_ANON_ACCESS_RAISES_404 is True, it raises a 404 to anon users. It's like the helpdesk was invisible 2017-10-04 03:42:26 +02:00			`raise Http404`
Add some convenient functions for protecting views in custom installations 2024-02-18 10:04:01 +01:00			`if auth_redirect := helpdesk_settings.HELPDESK_PUBLIC_VIEW_PROTECTOR(request):`
			`return auth_redirect`
If HELPDESK_ANON_ACCESS_RAISES_404 is True, it raises a 404 to anon users. It's like the helpdesk was invisible 2017-10-04 03:42:26 +02:00			`return view_func(request, args, *kwargs)`

			`return _wrapped_view`
fix redirect loop 2019-03-20 13:47:57 +01:00

			`def staff_member_required(view_func):`
			`"""`
			`Decorator for staff member the views checking user, redirecting`
			`to the log-in page if necessary or returning 403`
			`"""`
available_attrs was removed from Django as it was only used as a Python 2 bug workaround 2020-10-13 00:11:07 +02:00			`@wraps(view_func)`
fix redirect loop 2019-03-20 13:47:57 +01:00			`def _wrapped_view(request, args, *kwargs):`
			`if not request.user.is_authenticated and not request.user.is_active:`
			`return redirect('helpdesk:login')`
			`if not helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE and not request.user.is_staff:`
			`raise PermissionDenied()`
Add some convenient functions for protecting views in custom installations 2024-02-18 10:04:01 +01:00			`if auth_redirect := helpdesk_settings.HELPDESK_STAFF_VIEW_PROTECTOR(request):`
			`return auth_redirect`
fix redirect loop 2019-03-20 13:47:57 +01:00			`return view_func(request, args, *kwargs)`

			`return _wrapped_view`


			`def superuser_required(view_func):`
			`"""`
			`Decorator for superuser member the views checking user, redirecting`
			`to the log-in page if necessary or returning 403`
			`"""`
available_attrs was removed from Django as it was only used as a Python 2 bug workaround 2020-10-13 00:11:07 +02:00			`@wraps(view_func)`
fix redirect loop 2019-03-20 13:47:57 +01:00			`def _wrapped_view(request, args, *kwargs):`
			`if not request.user.is_authenticated and not request.user.is_active:`
			`return redirect('helpdesk:login')`
			`if not request.user.is_superuser:`
			`raise PermissionDenied()`
			`return view_func(request, args, *kwargs)`

			`return _wrapped_view`