feat: restricted ticket modifications to specific users
This commit is contained in:
@@ -1,4 +1,3 @@
|
||||
from django.shortcuts import get_object_or_404, render
|
||||
from django.views.generic import ListView, TemplateView
|
||||
from django.views.generic.edit import CreateView, UpdateView
|
||||
from django.urls import reverse_lazy
|
||||
@@ -6,6 +5,10 @@ from django.views.generic.detail import DetailView
|
||||
from django.views.generic.edit import FormMixin
|
||||
from .forms import CommentForm
|
||||
from django.urls import reverse
|
||||
from django.http import HttpResponseForbidden
|
||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||
from django.contrib import messages
|
||||
from django.shortcuts import redirect
|
||||
|
||||
from .models import Ticket
|
||||
|
||||
@@ -36,7 +39,7 @@ class TicketListView(ListView):
|
||||
|
||||
|
||||
class TicketDetailView(FormMixin, DetailView):
|
||||
model = Ticket # <- das ist wichtig!
|
||||
model = Ticket
|
||||
template_name = "ticketsystem/detail.html"
|
||||
context_object_name = "ticket"
|
||||
form_class = CommentForm
|
||||
@@ -62,20 +65,28 @@ class TicketDetailView(FormMixin, DetailView):
|
||||
|
||||
class TicketCreateView(CreateView):
|
||||
model = Ticket
|
||||
fields = ["title", "description", "priority", "assigned_to"] # user & status setzen wir automatisch
|
||||
fields = ["title", "description", "priority", "assigned_to"] # user & status wird automatisch gesetzt
|
||||
template_name = "ticketsystem/ticket_form.html"
|
||||
success_url = reverse_lazy("index")
|
||||
success_url = reverse_lazy("ticket-list")
|
||||
|
||||
def form_valid(self, form):
|
||||
form.instance.created_by = self.request.user # Der angemeldete User wird automatisch gesetzt
|
||||
form.instance.status = "open" # Neues Ticket beginnt immer als "offen"
|
||||
return super().form_valid(form)
|
||||
|
||||
class TicketUpdateView(UpdateView):
|
||||
class TicketUpdateView(LoginRequiredMixin, UpdateView):
|
||||
model = Ticket
|
||||
fields = ["title", "description", "status", "priority", "assigned_to"]
|
||||
template_name = "ticketsystem/ticket_form.html" # kannst das gleiche Template wie beim Erstellen verwenden
|
||||
success_url = reverse_lazy("index") # oder zurück zur Detailseite
|
||||
template_name = "ticketsystem/ticket_form.html"
|
||||
success_url = reverse_lazy("ticket-list")
|
||||
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
ticket = self.get_object()
|
||||
user = request.user
|
||||
if user != ticket.assigned_to:
|
||||
messages.error(request, "⛔ Du darfst dieses Ticket nicht bearbeiten.")
|
||||
return redirect("detail", pk=ticket.pk)
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_queryset(self):
|
||||
return Ticket.objects.all() # Optional: Nur eigene Tickets bearbeiten lassen?
|
||||
|
||||
Reference in New Issue
Block a user