From 7b022fa1e09f483a42277157fca7910ef5cfd770 Mon Sep 17 00:00:00 2001 From: msaelices Date: Wed, 4 Oct 2017 03:42:26 +0200 Subject: [PATCH] If HELPDESK_ANON_ACCESS_RAISES_404 is True, it raises a 404 to anon users. It's like the helpdesk was invisible --- helpdesk/decorators.py | 23 +++++++++++++++++++++++ helpdesk/settings.py | 5 +++++ helpdesk/views/public.py | 6 +++--- helpdesk/views/staff.py | 2 -- 4 files changed, 31 insertions(+), 5 deletions(-) create mode 100644 helpdesk/decorators.py diff --git a/helpdesk/decorators.py b/helpdesk/decorators.py new file mode 100644 index 00000000..341c65e0 --- /dev/null +++ b/helpdesk/decorators.py @@ -0,0 +1,23 @@ +from functools import wraps + +from django.core.urlresolvers import reverse +from django.http import HttpResponseRedirect, Http404 +from django.utils.decorators import available_attrs + +from helpdesk import settings as helpdesk_settings + + +def protect_view(view_func): + """ + Decorator for protecting the views checking user, redirecting + to the log-in page if necessary or returning 404 status code + """ + @wraps(view_func, assigned=available_attrs(view_func)) + def _wrapped_view(request, *args, **kwargs): + if not request.user.is_authenticated() and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT: + return HttpResponseRedirect(reverse('helpdesk:login')) + elif not request.user.is_authenticated() and helpdesk_settings.HELPDESK_ANON_ACCESS_RAISES_404: + raise Http404 + return view_func(request, *args, **kwargs) + + return _wrapped_view diff --git a/helpdesk/settings.py b/helpdesk/settings.py index 1714fba1..d9f0f866 100644 --- a/helpdesk/settings.py +++ b/helpdesk/settings.py @@ -32,6 +32,11 @@ HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT = getattr(settings, 'HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT', False) +# raises a 404 to anon users. It's like it was invisible +HELPDESK_ANON_ACCESS_RAISES_404 = getattr(settings, + 'HELPDESK_ANON_ACCESS_RAISES_404', + False) + # show knowledgebase links? HELPDESK_KB_ENABLED = getattr(settings, 'HELPDESK_KB_ENABLED', True) diff --git a/helpdesk/views/public.py b/helpdesk/views/public.py index 0b9dd95f..23b3ff85 100644 --- a/helpdesk/views/public.py +++ b/helpdesk/views/public.py @@ -14,15 +14,14 @@ from django.utils.http import urlquote from django.utils.translation import ugettext as _ from helpdesk import settings as helpdesk_settings +from helpdesk.decorators import protect_view from helpdesk.forms import PublicTicketForm from helpdesk.lib import text_is_spam from helpdesk.models import Ticket, Queue, UserSettings, KBCategory +@protect_view def homepage(request): - if not request.user.is_authenticated() and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT: - return HttpResponseRedirect(reverse('helpdesk:login')) - if request.user.is_staff or \ (request.user.is_authenticated() and helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE): @@ -74,6 +73,7 @@ def homepage(request): }) +@protect_view def view_ticket(request): ticket_req = request.GET.get('ticket', None) email = request.GET.get('email', None) diff --git a/helpdesk/views/staff.py b/helpdesk/views/staff.py index f01dd6f8..679ba8c1 100644 --- a/helpdesk/views/staff.py +++ b/helpdesk/views/staff.py @@ -14,7 +14,6 @@ from django.contrib.auth import get_user_model from django.contrib.auth.decorators import user_passes_test from django.core.urlresolvers import reverse from django.core.exceptions import ValidationError, PermissionDenied -from django.core import paginator from django.db import connection from django.db.models import Q from django.http import HttpResponseRedirect, Http404, HttpResponse @@ -91,7 +90,6 @@ def dashboard(request): showing ticket counts by queue/status, and a list of unassigned tickets with options for them to 'Take' ownership of said tickets. """ - # open & reopened tickets, assigned to current user tickets = Ticket.objects.select_related('queue').filter( assigned_to=request.user,