def test_custom_staff_fail(self):
from helpdesk.decorators import is_helpdesk_staff
user = User.objects.create_user(username='******', password='******', email='*****@*****.**')
self.assertFalse(is_helpdesk_staff(user))
self.client.login(username=user.username, password='******')
response = self.client.get(reverse('helpdesk:dashboard'), follow=True)
self.assertTemplateUsed(response, 'helpdesk/registration/login.html')
def view_ticket(request):
ticket_req = request.GET.get('ticket', None)
email = request.GET.get('email', None)
key = request.GET.get('key', '')
if not (ticket_req and email):
if ticket_req is None and email is None:
return search_for_ticket(request)
else:
return search_for_ticket(request, _('Missing ticket ID or e-mail address. Please try again.'))
queue, ticket_id = Ticket.queue_and_id_from_query(ticket_req)
try:
if hasattr(settings, 'HELPDESK_VIEW_A_TICKET_PUBLIC') and settings.HELPDESK_VIEW_A_TICKET_PUBLIC:
ticket = Ticket.objects.get(id=ticket_id, submitter_email__iexact=email)
else:
ticket = Ticket.objects.get(id=ticket_id, submitter_email__iexact=email, secret_key__iexact=key)
except (ObjectDoesNotExist, ValueError):
return search_for_ticket(request, _('Invalid ticket ID or e-mail address. Please try again.'))
if is_helpdesk_staff(request.user):
redirect_url = reverse('helpdesk:view', args=[ticket_id])
if 'close' in request.GET:
redirect_url += '?close'
return HttpResponseRedirect(redirect_url)
if 'close' in request.GET and ticket.status == Ticket.RESOLVED_STATUS:
from helpdesk.views.staff import update_ticket
# Trick the update_ticket() view into thinking it's being called with
# a valid POST.
request.POST = {
'new_status': Ticket.CLOSED_STATUS,
'public': 1,
'title': ticket.title,
'comment': _('Submitter accepted resolution and closed ticket'),
}
if ticket.assigned_to:
request.POST['owner'] = ticket.assigned_to.id
request.GET = {}
return update_ticket(request, ticket_id, public=True)
# redirect user back to this ticket if possible.
redirect_url = ''
if helpdesk_settings.HELPDESK_NAVIGATION_ENABLED:
redirect_url = reverse('helpdesk:view', args=[ticket_id])
return render(request, 'helpdesk/public_view_ticket.html', {
'key': key,
'mail': email,
'ticket': ticket,
'helpdesk_settings': helpdesk_settings,
'next': redirect_url,
})
def test_custom_staff_pass(self):
"""If HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is callable,
a custom access rule is applied.
"""
from helpdesk.decorators import is_helpdesk_staff
user = User.objects.create_user(username='******', password='******', email='*****@*****.**')
self.assertTrue(is_helpdesk_staff(user))
self.client.login(username=user.username, password='******')
response = self.client.get(reverse('helpdesk:dashboard'), follow=True)
self.assertTemplateUsed(response, 'helpdesk/dashboard.html')
def test_non_staff_allowed(self):
"""If HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE is True,
authenticated, non-staff users should be able to access
the dashboard.
"""
from helpdesk.decorators import is_helpdesk_staff
user = User.objects.create_user(username='******', password='******', email='*****@*****.**')
self.assertTrue(is_helpdesk_staff(user))
self.client.login(username=user.username, password='******')
response = self.client.get(reverse('helpdesk:dashboard'), follow=True)
self.assertTemplateUsed(response, 'helpdesk/dashboard.html')
def dispatch(self, *args, **kwargs):
request = self.request
if not request.user.is_authenticated and helpdesk_settings.HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT:
return HttpResponseRedirect(reverse('login'))
if is_helpdesk_staff(request.user) or \
(request.user.is_authenticated and
helpdesk_settings.HELPDESK_ALLOW_NON_STAFF_TICKET_UPDATE):
try:
if request.user.usersettings_helpdesk.login_view_ticketlist:
return HttpResponseRedirect(reverse('helpdesk:list'))
else:
return HttpResponseRedirect(reverse('helpdesk:dashboard'))
except UserSettings.DoesNotExist:
return HttpResponseRedirect(reverse('helpdesk:dashboard'))
return super().dispatch(*args, **kwargs)
def create_ticket(request, *args, **kwargs):
if is_helpdesk_staff(request.user):
return staff.CreateTicketView.as_view()(request, *args, **kwargs)
else:
return CreateTicketView.as_view()(request, *args, **kwargs)
def test_staff_user_detection(self):
"""Staff and non-staff users are correctly identified"""
from helpdesk.decorators import is_helpdesk_staff
self.assertFalse(is_helpdesk_staff(self.non_staff_user))
self.assertTrue(is_helpdesk_staff(get_staff_user()))
def helpdesk_staff(user):
try:
return is_helpdesk_staff(user)
except Exception as e:
logger.exception(
"'helpdesk_staff' template tag (django-helpdesk) crashed")
