feat: added permissions and allowed transitions logic
This commit is contained in:
@@ -25,19 +25,104 @@ class TicketForm(forms.ModelForm):
|
||||
})
|
||||
}
|
||||
|
||||
def __init__(self, *args, **kwargs):
|
||||
# User und ticket aus kwargs holen (werden von der View übergeben)
|
||||
self.user = kwargs.pop('user', None)
|
||||
self.ticket = kwargs.pop('ticket', None)
|
||||
super().__init__(*args, **kwargs)
|
||||
|
||||
# Status-Choices basierend auf aktueller Situation einschränken
|
||||
if self.ticket and self.user:
|
||||
self._limit_status_choices()
|
||||
self._set_field_permissions()
|
||||
|
||||
def _set_field_permissions(self):
|
||||
"""Setzt welche Felder bearbeitet werden dürfen"""
|
||||
is_creator = self.user == self.ticket.created_by
|
||||
is_tutor = self.user == self.ticket.assigned_to
|
||||
is_superuser = self.user.is_superuser
|
||||
|
||||
if is_tutor and not is_superuser:
|
||||
# Tutor darf nur Status und Answer ändern
|
||||
readonly_fields = ['title', 'description', 'course', 'priority']
|
||||
for field_name in readonly_fields:
|
||||
if field_name in self.fields:
|
||||
self.fields[field_name].disabled = True
|
||||
elif is_creator and not is_superuser:
|
||||
# Ersteller darf gar nichts ändern
|
||||
for field_name in self.fields:
|
||||
self.fields[field_name].disabled = True
|
||||
|
||||
def _limit_status_choices(self):
|
||||
"""Beschränkt die verfügbaren Status-Optionen basierend auf Rolle und aktuellem Status"""
|
||||
current_status = self.ticket.status
|
||||
is_creator = self.user == self.ticket.created_by
|
||||
is_tutor = self.user == self.ticket.assigned_to
|
||||
|
||||
# Alle möglichen Status
|
||||
all_choices = list(self.fields['status'].choices)
|
||||
allowed_choices = []
|
||||
|
||||
if is_tutor:
|
||||
if current_status == 'new':
|
||||
allowed_choices = ['new', 'in_progress']
|
||||
elif current_status == 'in_progress':
|
||||
allowed_choices = ['in_progress', 'resolved', 'new']
|
||||
elif current_status == 'resolved':
|
||||
allowed_choices = ['resolved', 'closed']
|
||||
elif current_status == 'closed':
|
||||
allowed_choices = ['closed']
|
||||
else:
|
||||
# Nicht-Tutoren sehen nur aktuellen Status
|
||||
allowed_choices = [current_status]
|
||||
|
||||
# Filtern der erlaubten Choices
|
||||
self.fields['status'].choices = [
|
||||
choice for choice in all_choices
|
||||
if choice[0] in allowed_choices
|
||||
]
|
||||
|
||||
def clean(self):
|
||||
cleaned_data = super().clean()
|
||||
status = cleaned_data.get('status')
|
||||
answer = cleaned_data.get('answer')
|
||||
|
||||
# Wenn Status auf "gelöst" gesetzt wird, muss eine Antwort vorhanden sein
|
||||
# Wenn Status auf "resolved" gesetzt wird, muss eine Antwort vorhanden sein
|
||||
if status == 'resolved' and not answer:
|
||||
raise ValidationError({
|
||||
'answer': 'Eine Antwort ist erforderlich, wenn der Status auf "Gelöst" gesetzt wird.'
|
||||
})
|
||||
|
||||
# Zusätzliche Validierung: Status-Übergang erlaubt?
|
||||
if self.ticket and status:
|
||||
old_status = self.ticket.status
|
||||
if not self._is_status_transition_allowed(old_status, status):
|
||||
raise ValidationError({
|
||||
'status': f'Übergang von "{self.ticket.get_status_display()}" zu "{dict(self.fields["status"].choices)[status]}" ist nicht erlaubt.'
|
||||
})
|
||||
|
||||
return cleaned_data
|
||||
|
||||
def _is_status_transition_allowed(self, old_status, new_status):
|
||||
"""Prüft ob ein Status-Übergang erlaubt ist"""
|
||||
if old_status == new_status:
|
||||
return True
|
||||
|
||||
is_tutor = self.user == self.ticket.assigned_to
|
||||
|
||||
# Erlaubte Übergänge für Tutoren
|
||||
allowed_transitions = {
|
||||
'new': ['in_progress'],
|
||||
'in_progress': ['resolved', 'new'],
|
||||
'resolved': ['closed'],
|
||||
'closed': [] # Keine Änderung von closed
|
||||
}
|
||||
|
||||
if is_tutor and old_status in allowed_transitions:
|
||||
return new_status in allowed_transitions[old_status]
|
||||
|
||||
return False
|
||||
|
||||
def save(self, commit=True):
|
||||
ticket = super().save(commit=False)
|
||||
|
||||
|
||||
@@ -25,15 +25,15 @@
|
||||
<input type="text"
|
||||
name="title"
|
||||
value="{{ ticket.title }}"
|
||||
{% if not view.can_edit %}disabled{% endif %}
|
||||
class="w-full p-2 border border-gray-300 rounded shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500 {% if not view.can_edit %}bg-gray-100{% endif %}">
|
||||
{% if not view.can_edit or form.title.field.disabled %}disabled{% endif %}
|
||||
class="w-full p-2 border border-gray-300 rounded shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500 {% if not view.can_edit or form.title.field.disabled %}bg-gray-100{% endif %}">
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-sm font-medium mb-1">Beschreibung:</label>
|
||||
<textarea name="description"
|
||||
rows="4"
|
||||
{% if not view.can_edit %}disabled{% endif %}
|
||||
class="w-full p-2 border border-gray-300 rounded shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500 {% if not view.can_edit %}bg-gray-100{% endif %}">{{ ticket.description }}</textarea>
|
||||
{% if not view.can_edit or form.description.field.disabled %}disabled{% endif %}
|
||||
class="w-full p-2 border border-gray-300 rounded shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500 {% if not view.can_edit or form.description.field.disabled %}bg-gray-100{% endif %}">{{ ticket.description }}</textarea>
|
||||
</div>
|
||||
<div>
|
||||
<label class="block text-sm font-medium mb-1">Kurs:</label>
|
||||
@@ -74,7 +74,7 @@
|
||||
<!-- Zugewiesen an (Nur Anzeige) -->
|
||||
<div>
|
||||
<label class="block text-sm font-medium mb-1">Zugewiesen an:</label>
|
||||
<div id="tutor_display" class="w-full p-2 border border-gray-300 bg-gray-300 rounded shadow-sm">
|
||||
<div id="tutor_display" class="w-full p-2 border border-gray-300 bg-gray-100 rounded shadow-sm">
|
||||
<span id="tutor_text">{% if ticket.assigned_to %}{{ ticket.assigned_to.username }}{% else %}Niemand zugewiesen{% endif %}</span>
|
||||
</div>
|
||||
<p class="text-xs text-gray-500 mt-1">Wird automatisch basierend auf dem ausgewählten Kurs zugewiesen</p>
|
||||
@@ -104,7 +104,7 @@
|
||||
rows="4"
|
||||
{% if not view.can_edit or ticket.status != 'resolved' %}disabled{% endif %}
|
||||
placeholder="Beschreibe die Lösung des Problems..."
|
||||
class="w-full p-2 border border-gray-300 rounded shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500 placeholder:text-black {% if not view.can_edit or ticket.status != 'resolved' %}bg-gray-300 cursor-not-allowed{% endif %}">{{ ticket.answer|default:'' }}</textarea>
|
||||
class="w-full p-2 border border-gray-300 rounded shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500 placeholder:text-black {% if not view.can_edit or ticket.status != 'resolved' %}bg-gray-100 cursor-not-allowed{% endif %}">{{ ticket.answer|default:'' }}</textarea>
|
||||
{% if form.answer.errors %}
|
||||
<div class="text-red-600 text-sm mt-1">{{ form.answer.errors }}</div>
|
||||
{% endif %}
|
||||
|
||||
@@ -64,7 +64,7 @@
|
||||
<label class="block text-sm font-medium mb-1">Status:</label>
|
||||
<select name="status"
|
||||
disabled
|
||||
class="w-full p-2 border border-gray-300 bg-gray-300 rounded shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500">
|
||||
class="w-full p-2 border border-gray-300 bg-gray-100 rounded shadow-sm focus:outline-none focus:ring-2 focus:ring-blue-500 focus:border-blue-500">
|
||||
<option value="new"
|
||||
{% if form.status.value == 'new' or not form.status.value %}selected{% endif %}>
|
||||
Neu
|
||||
@@ -91,7 +91,7 @@
|
||||
<!-- Zugewiesen an -->
|
||||
<div>
|
||||
<label class="block text-sm font-medium mb-1">Zugewiesen an:</label>
|
||||
<div id="tutor_display" class="w-full p-2 border border-gray-300 bg-gray-300 rounded shadow-sm">
|
||||
<div id="tutor_display" class="w-full p-2 border border-gray-300 bg-gray-100 rounded shadow-sm">
|
||||
<span id="tutor_text">Bitte Kurs auswählen</span>
|
||||
</div>
|
||||
<p class="text-xs text-gray-500 mt-1">Wird automatisch basierend auf dem ausgewählten Kurs zugewiesen</p>
|
||||
|
||||
@@ -79,19 +79,34 @@ class TicketDetailUpdateView(UpdateView):
|
||||
def dispatch(self, request, *args, **kwargs):
|
||||
self.ticket = self.get_object()
|
||||
user = request.user
|
||||
# Prüfen, ob User bearbeiten darf
|
||||
self.can_edit = (user == self.ticket.assigned_to) or user.is_superuser
|
||||
|
||||
# Erweiterte Berechtigungslogik
|
||||
is_creator = user == self.ticket.created_by
|
||||
is_assigned_tutor = user == self.ticket.assigned_to
|
||||
is_superuser = user.is_superuser
|
||||
|
||||
self.can_edit = is_assigned_tutor or is_superuser
|
||||
|
||||
# Zusätzliche Flags für Template
|
||||
self.is_creator = is_creator
|
||||
self.is_tutor = is_assigned_tutor
|
||||
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_form(self, form_class=None):
|
||||
form = super().get_form(form_class)
|
||||
if not self.can_edit:
|
||||
for field in form.fields:
|
||||
form.fields[field].disabled = True # Felder lesbar, aber nicht änderbar
|
||||
return form
|
||||
def get_form_kwargs(self):
|
||||
"""Übergibt zusätzliche kwargs ans Form"""
|
||||
kwargs = super().get_form_kwargs()
|
||||
kwargs['user'] = self.request.user
|
||||
kwargs['ticket'] = self.object
|
||||
return kwargs
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
context = super().get_context_data(**kwargs)
|
||||
# Füge Berechtigungs-Infos zum Context hinzu
|
||||
context['is_creator'] = self.is_creator
|
||||
context['is_tutor'] = self.is_tutor
|
||||
context['can_edit'] = self.can_edit
|
||||
|
||||
# Kommentarformular hinzufügen
|
||||
if "comment_form" not in context:
|
||||
context["comment_form"] = self.comment_form_class()
|
||||
|
||||
Reference in New Issue
Block a user