diff --git a/docs/settings.rst b/docs/settings.rst
index 6299a9b7..3d0131b3 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -39,8 +39,8 @@ If you want to override the default settings for your users, create ``HELPDESK_D
}
-Access controll & Security
----------------
+Access control & Security
+-------------------------
These settings can be used to change who can access the helpdesk.
- **HELPDESK_PUBLIC_VIEW_PROTECTOR** This is a function that takes a request and can either return `None` granting access to to a public view or a redirect denying access.
@@ -51,16 +51,30 @@ These settings can be used to change who can access the helpdesk.
**Default:** ``HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT = False``
-- **HELPDESK_VALID_EXTENSIONS** Valid extensions for file types that can be attached to tickets. Note: This used to be calle **VALID_EXTENSIONS** which is now deprecated.
-
- **Default:** ``HELPDESK_VALID_EXTENSIONS = ['.txt', '.asc', '.htm', '.html', '.pdf', '.doc', '.docx', '.odt', '.jpg', '.png', '.eml']
-
-- **HELPDESK_VALIDATE_ATTACHMENT_TYPES** If you'd like to turn of filtering of helpdesk extension types you can set this to False.
-
- **HELPDESK_ANON_ACCESS_RAISES_404** If True, redirects user to a 404 page when attempting to reach ticket pages while not logged in, rather than redirecting to a login screen.
**Default:** ``HELPDESK_ANON_ACCESS_RAISES_404 = False``
+Settings related to attachments:
+
+- **HELPDESK_ENABLE_ATTACHMENTS** If set to ``True``, files can be
+ attached to tickets and followups, and emails are searched for
+ attachments which are then attached to the ticket. Also enables the
+ ``HELPDESK_ALWAYS_SAVE_INCOMING_EMAIL_MESSAGE`` setting.
+
+ **Caution**: Set this to False, unless you have secured access to
+ the uploaded files. Otherwise anyone on the Internet will be able
+ to download your ticket attachments.
+
+ Attachments are enabled by default for backwards compatibility.
+
+- **HELPDESK_VALID_EXTENSIONS** Valid extensions for file types that can be attached to tickets. Note: This used to be called **VALID_EXTENSIONS** which is now deprecated.
+
+ **Default:** ``HELPDESK_VALID_EXTENSIONS = ['.txt', '.asc', '.htm', '.html', '.pdf', '.doc', '.docx', '.odt', '.jpg', '.png', '.eml']``
+
+- **HELPDESK_VALIDATE_ATTACHMENT_TYPES** If you'd like to turn of filtering of helpdesk extension types you can set this to False.
+
+
Generic Options
---------------
These changes are visible throughout django-helpdesk
@@ -422,4 +436,9 @@ The following settings were defined in previous versions and are no longer suppo
- **HELPDESK_FULL_FIRST_MESSAGE_FROM_EMAIL** Do not ignore fowarded and replied text from the email messages which create a new ticket; useful for cases when customer forwards some email (error from service or something) and wants support to see that
-- **HELPDESK_ALWAYS_SAVE_INCOMING_EMAIL_MESSAGE** Any incoming .eml message is saved and available, helps when customer spent some time doing fancy markup which has been corrupted during the email-to-ticket-comment translate process
+- **HELPDESK_ALWAYS_SAVE_INCOMING_EMAIL_MESSAGE** Any incoming .eml
+ message is saved and available, helps when customer spent some time
+ doing fancy markup which has been corrupted during the
+ email-to-ticket-comment translate process.
+
+ Requires ``HELPDESK_ENABLE_ATTACHMENTS`` to be set to `True`
diff --git a/helpdesk/email.py b/helpdesk/email.py
index f0d3a70f..3bb9463c 100644
--- a/helpdesk/email.py
+++ b/helpdesk/email.py
@@ -595,16 +595,17 @@ def create_object_from_email_message(message, ticket_id, payload, files, logger)
logger.info("[%s-%s] %s" % (ticket.queue.slug, ticket.id, ticket.title,))
- try:
- attached = process_attachments(f, files)
- except ValidationError as e:
- logger.error(str(e))
- else:
- for att_file in attached:
- logger.info(
- "Attachment '%s' (with size %s) successfully added to ticket from email.",
- att_file[0], att_file[1].size
- )
+ if settings.HELPDESK_ENABLE_ATTACHMENTS:
+ try:
+ attached = process_attachments(f, files)
+ except ValidationError as e:
+ logger.error(str(e))
+ else:
+ for att_file in attached:
+ logger.info(
+ "Attachment '%s' (with size %s) successfully added to ticket from email.",
+ att_file[0], att_file[1].size
+ )
context = safe_template_context(ticket)
@@ -984,7 +985,7 @@ def extract_email_metadata(message: str,
filtered_body, full_body = extract_email_message_content(message_obj, files, include_chained_msgs)
# If the base part is not a multipart then it will have already been processed as the vbody content so
# no need to process attachments
- if "multipart" == message_obj.get_content_maintype():
+ if "multipart" == message_obj.get_content_maintype() and settings.HELPDESK_ENABLE_ATTACHMENTS:
# Find and attach all other parts or part contents as attachments
counter, content_parts_excluded = extract_attachments(message_obj, files, logger)
if not content_parts_excluded:
@@ -994,7 +995,8 @@ def extract_email_metadata(message: str,
Verify that there were no text/* parts containing message content.")
if logger.isEnabledFor(logging.DEBUG):
logger.debug("Email parsed and %s attachments were found and attached.", counter)
- add_file_if_always_save_incoming_email_message(files, message)
+ if settings.HELPDESK_ENABLE_ATTACHMENTS:
+ add_file_if_always_save_incoming_email_message(files, message)
smtp_priority = message_obj.get('priority', '')
smtp_importance = message_obj.get('importance', '')
diff --git a/helpdesk/forms.py b/helpdesk/forms.py
index 81e9dcbe..83a3de45 100644
--- a/helpdesk/forms.py
+++ b/helpdesk/forms.py
@@ -239,17 +239,18 @@ class AbstractTicketForm(CustomFieldMixin, forms.Form):
label=_('Due on'),
)
- attachment = forms.FileField(
- widget=forms.FileInput(attrs={'class': 'form-control-file'}),
- required=False,
- label=_('Attach File'),
- help_text=_('You can attach a file to this ticket. '
- 'Only file types such as plain text (.txt), '
- 'a document (.pdf, .docx, or .odt), '
- 'or screenshot (.png or .jpg) may be uploaded.'),
- validators=[validate_file_extension]
- )
-
+ if helpdesk_settings.HELPDESK_ENABLE_ATTACHMENTS:
+ attachment = forms.FileField(
+ widget=forms.FileInput(attrs={'class': 'form-control-file'}),
+ required=False,
+ label=_('Attach File'),
+ help_text=_('You can attach a file to this ticket. '
+ 'Only file types such as plain text (.txt), '
+ 'a document (.pdf, .docx, or .odt), '
+ 'or screenshot (.png or .jpg) may be uploaded.'),
+ validators=[validate_file_extension]
+ )
+
class Media:
js = ('helpdesk/js/init_due_date.js',
'helpdesk/js/init_datetime_classes.js')
@@ -326,7 +327,7 @@ class AbstractTicketForm(CustomFieldMixin, forms.Form):
return followup
def _attach_files_to_follow_up(self, followup):
- files = self.cleaned_data['attachment']
+ files = self.cleaned_data.get('attachment')
if files:
files = process_attachments(followup, [files])
return files
@@ -418,7 +419,10 @@ class TicketForm(AbstractTicketForm):
followup = self._create_follow_up(ticket, title=title, user=user)
followup.save()
- files = self._attach_files_to_follow_up(followup)
+ if helpdesk_settings.HELPDESK_ENABLE_ATTACHMENTS:
+ files = self._attach_files_to_follow_up(followup)
+ else:
+ files = None
# emit signal when the TicketForm.save is done
new_ticket_done.send(sender="TicketForm", ticket=ticket)
diff --git a/helpdesk/settings.py b/helpdesk/settings.py
index 2235e7d5..d6d1acbb 100644
--- a/helpdesk/settings.py
+++ b/helpdesk/settings.py
@@ -56,6 +56,15 @@ HELPDESK_STAFF_VIEW_PROTECTOR = getattr(settings,
'HELPDESK_STAFF_VIEW_PROTECTOR',
lambda _: None)
+# Enable ticket and Email attachments
+#
+# Caution! Set this to False, unless you have secured access to
+# the uploaded files. Otherwise anyone on the Internet will be
+# able to download your ticket attachments.
+HELPDESK_ENABLE_ATTACHMENTS = getattr(settings,
+ 'HELPDESK_ENABLE_ATTACHMENTS',
+ True)
+
# Enable the Dependencies field on ticket view
HELPDESK_ENABLE_DEPENDENCIES_ON_TICKET = getattr(settings,
'HELPDESK_ENABLE_DEPENDENCIES_ON_TICKET',
diff --git a/helpdesk/templates/helpdesk/public_base.html b/helpdesk/templates/helpdesk/public_base.html
index ca0b74e1..22f256dc 100644
--- a/helpdesk/templates/helpdesk/public_base.html
+++ b/helpdesk/templates/helpdesk/public_base.html
@@ -9,6 +9,7 @@
{% include 'helpdesk/base-head.html' %}
{% block helpdesk_head %}{% endblock %}
+ {% include 'helpdesk/base_js.html' %}
diff --git a/helpdesk/templates/helpdesk/public_view_ticket.html b/helpdesk/templates/helpdesk/public_view_ticket.html
index 77de5af1..4c5a736e 100644
--- a/helpdesk/templates/helpdesk/public_view_ticket.html
+++ b/helpdesk/templates/helpdesk/public_view_ticket.html
@@ -75,16 +75,19 @@
{% for followup in ticket.followup_set.public_followups %}
-{{ followup.comment|force_escape|urlizetrunc:50|num_to_link|linebreaksbr }}
-{% if followup.ticketchange_set.all %}
-{% for change in followup.ticketchange_set.all %}
-
{% blocktrans with change.field as field and change.old_value as old_value and change.new_value as new_value %}Changed {{ field }} from {{ old_value }} to {{ new_value }}.{% endblocktrans %}
-{% endfor %}
-
{% endif %}
-{% for attachment in followup.followupattachment_set.all %}{% if forloop.first %}
+ {% for change in followup.ticketchange_set.all %}
+
{% blocktrans with change.field as field and change.old_value as old_value and change.new_value as new_value %}Changed {{ field }} from {{ old_value }} to {{ new_value }}.{% endblocktrans %}
+ {% endfor %}
+
{% endif %}
+
+ {% if helpdesk_settings.HELPDESK_ENABLE_ATTACHMENTS %}
+ {% for attachment in followup.followupattachment_set.all %}{% if forloop.first %}
{% blocktrans with change.field as field and change.old_value as old_value and change.new_value as new_value %}Changed {{ field }} from {{ old_value }} to {{ new_value }}.{% endblocktrans %}
{% if forloop.last %}{% endif %}
{% endfor %}
- {% for attachment in followup.followupattachment_set.all %}{% if forloop.first %}{% trans "Attachments" %}:
{% endif %}
+ {% if helpdesk_settings.HELPDESK_ENABLE_ATTACHMENTS %}
+ {% for attachment in followup.followupattachment_set.all %}{% if forloop.first %}{% trans "Attachments" %}:
{% endif %}
{{ attachment.filename }} ({{ attachment.mime_type }}, {{ attachment.size|filesizeformat }})
- {% if followup.user and request.user == followup.user %}
+ {% if followup.user and request.user == followup.user %}
- {% endif %}
+ {% endif %}