feat: added permissions and allowed transitions logic

2025-05-31 21:32:55 +02:00
parent aabf84ecc0
commit f5d2550000
4 changed files with 117 additions and 17 deletions
--- a/ticketsystem/views.py
+++ b/ticketsystem/views.py
@@ -79,19 +79,34 @@ class TicketDetailUpdateView(UpdateView):
    def dispatch(self, request, *args, **kwargs):
        self.ticket = self.get_object()
        user = request.user
-        # Prüfen, ob User bearbeiten darf
-        self.can_edit = (user == self.ticket.assigned_to) or user.is_superuser
+
+        # Erweiterte Berechtigungslogik
+        is_creator = user == self.ticket.created_by
+        is_assigned_tutor = user == self.ticket.assigned_to
+        is_superuser = user.is_superuser
+
+        self.can_edit = is_assigned_tutor or is_superuser
+
+        # Zusätzliche Flags für Template
+        self.is_creator = is_creator
+        self.is_tutor = is_assigned_tutor
+
        return super().dispatch(request, *args, **kwargs)

-    def get_form(self, form_class=None):
-        form = super().get_form(form_class)
-        if not self.can_edit:
-            for field in form.fields:
-                form.fields[field].disabled = True  # Felder lesbar, aber nicht änderbar
-        return form
+    def get_form_kwargs(self):
+        """Übergibt zusätzliche kwargs ans Form"""
+        kwargs = super().get_form_kwargs()
+        kwargs['user'] = self.request.user
+        kwargs['ticket'] = self.object
+        return kwargs

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
+        # Füge Berechtigungs-Infos zum Context hinzu
+        context['is_creator'] = self.is_creator
+        context['is_tutor'] = self.is_tutor
+        context['can_edit'] = self.can_edit
+
        # Kommentarformular hinzufügen
        if "comment_form" not in context:
            context["comment_form"] = self.comment_form_class()