fix: expanded permission logic for admins

2025-06-11 21:37:52 +02:00
parent 35d8727348
commit 61a7ca6403
2 changed files with 30 additions and 10 deletions
--- a/ticketsystem/forms.py
+++ b/ticketsystem/forms.py
@@ -28,6 +28,13 @@ class TicketForm(forms.ModelForm):
            'in_progress': [],
            'resolved': ['closed', 'new'],
            'closed': [],
+        },
+        'superuser': {
+            # Superuser können alle Übergänge machen
+            'new': ['in_progress', 'resolved', 'closed'],
+            'in_progress': ['new', 'resolved', 'closed'],
+            'resolved': ['new', 'in_progress', 'closed'],
+            'closed': ['new', 'in_progress', 'resolved'],
        }
    }

@@ -61,32 +68,39 @@ class TicketForm(forms.ModelForm):
        is_superuser = self.user.is_superuser

        # Status-Choices einschränken
-        self._limit_status_choices(is_tutor, is_creator)
+        self._limit_status_choices(is_tutor, is_creator, is_superuser)

        # Feld-Berechtigungen setzen
        self._set_field_permissions(is_tutor, is_creator, is_superuser)

    def _set_field_permissions(self, is_tutor, is_creator, is_superuser):
        """Setzt welche Felder bearbeitet werden dürfen"""
-        if self.ticket.status == 'resolved' and is_creator and not is_superuser:
+        # Superuser können alles bearbeiten
+        if is_superuser:
+            return
+
+        if self.ticket.status == 'resolved' and is_creator:
            for field_name in self.fields:
                if field_name == "answer":
                    self.fields[field_name].disabled = True
-        elif is_tutor and not is_superuser:
+        elif is_tutor:
            # Tutor darf ändern:
            readonly_fields = ['title', 'description', 'material']
            for field_name in readonly_fields:
                if field_name in self.fields:
                    self.fields[field_name].disabled = True
-        elif is_creator and not is_superuser and self.ticket.status != 'resolved':
+        elif is_creator and self.ticket.status != 'resolved':
            for field_name in self.fields:
                self.fields[field_name].disabled = True

-    def _limit_status_choices(self, is_tutor, is_creator):
+    def _limit_status_choices(self, is_tutor, is_creator, is_superuser):
        """Beschränkt verfügbare Status-Optionen basierend auf der zentralen Logik"""
        current_status = self.ticket.status

-        if is_tutor:
+        # Superuser bekommen alle Status-Optionen
+        if is_superuser:
+            role = 'superuser'
+        elif is_tutor:
            role = 'tutor'
        elif is_creator:
            role = 'creator'
@@ -132,8 +146,12 @@ class TicketForm(forms.ModelForm):
        old_status = self.ticket.status
        is_tutor = self.user == self.ticket.assigned_to
        is_creator = self.user == self.ticket.created_by
+        is_superuser = self.user.is_superuser

-        if is_tutor:
+        # Superuser dürfen alle Übergänge
+        if is_superuser:
+            role = 'superuser'
+        elif is_tutor:
            role = 'tutor'
        elif is_creator:
            role = 'creator'