From 61a7ca6403cef68f07f784f3e07a5838714f98b9 Mon Sep 17 00:00:00 2001 From: Paul Date: Wed, 11 Jun 2025 21:37:52 +0200 Subject: [PATCH] fix: expanded permission logic for admins --- ticketsystem/forms.py | 32 +++++++++++++++++++++++++------- ticketsystem/views.py | 8 +++++--- 2 files changed, 30 insertions(+), 10 deletions(-) diff --git a/ticketsystem/forms.py b/ticketsystem/forms.py index d431f7f..7a90fec 100644 --- a/ticketsystem/forms.py +++ b/ticketsystem/forms.py @@ -28,6 +28,13 @@ class TicketForm(forms.ModelForm): 'in_progress': [], 'resolved': ['closed', 'new'], 'closed': [], + }, + 'superuser': { + # Superuser können alle Übergänge machen + 'new': ['in_progress', 'resolved', 'closed'], + 'in_progress': ['new', 'resolved', 'closed'], + 'resolved': ['new', 'in_progress', 'closed'], + 'closed': ['new', 'in_progress', 'resolved'], } } @@ -61,32 +68,39 @@ class TicketForm(forms.ModelForm): is_superuser = self.user.is_superuser # Status-Choices einschränken - self._limit_status_choices(is_tutor, is_creator) + self._limit_status_choices(is_tutor, is_creator, is_superuser) # Feld-Berechtigungen setzen self._set_field_permissions(is_tutor, is_creator, is_superuser) def _set_field_permissions(self, is_tutor, is_creator, is_superuser): """Setzt welche Felder bearbeitet werden dürfen""" - if self.ticket.status == 'resolved' and is_creator and not is_superuser: + # Superuser können alles bearbeiten + if is_superuser: + return + + if self.ticket.status == 'resolved' and is_creator: for field_name in self.fields: if field_name == "answer": self.fields[field_name].disabled = True - elif is_tutor and not is_superuser: + elif is_tutor: # Tutor darf ändern: readonly_fields = ['title', 'description', 'material'] for field_name in readonly_fields: if field_name in self.fields: self.fields[field_name].disabled = True - elif is_creator and not is_superuser and self.ticket.status != 'resolved': + elif is_creator and self.ticket.status != 'resolved': for field_name in self.fields: self.fields[field_name].disabled = True - def _limit_status_choices(self, is_tutor, is_creator): + def _limit_status_choices(self, is_tutor, is_creator, is_superuser): """Beschränkt verfügbare Status-Optionen basierend auf der zentralen Logik""" current_status = self.ticket.status - if is_tutor: + # Superuser bekommen alle Status-Optionen + if is_superuser: + role = 'superuser' + elif is_tutor: role = 'tutor' elif is_creator: role = 'creator' @@ -132,8 +146,12 @@ class TicketForm(forms.ModelForm): old_status = self.ticket.status is_tutor = self.user == self.ticket.assigned_to is_creator = self.user == self.ticket.created_by + is_superuser = self.user.is_superuser - if is_tutor: + # Superuser dürfen alle Übergänge + if is_superuser: + role = 'superuser' + elif is_tutor: role = 'tutor' elif is_creator: role = 'creator' diff --git a/ticketsystem/views.py b/ticketsystem/views.py index 8e78202..14f33ae 100644 --- a/ticketsystem/views.py +++ b/ticketsystem/views.py @@ -90,12 +90,14 @@ class TicketDetailUpdateView(UpdateView): is_superuser = user.is_superuser # Bearbeitungsrechte abhängig vom Status - if self.ticket.status == 'resolved' and is_creator: + if is_superuser: self.can_edit = True - elif self.ticket.status == 'closed' and not is_superuser: + elif self.ticket.status == 'resolved' and is_creator: + self.can_edit = True + elif self.ticket.status == 'closed': self.can_edit = False else: - self.can_edit = is_assigned_tutor or is_superuser + self.can_edit = is_assigned_tutor # Zusätzliche Flags für Template self.is_creator = is_creator