From 53239fa9ac1a6477061a5a29f79ff8f73dea2396 Mon Sep 17 00:00:00 2001
From: jamesparkin675 <78595078+jamesparkin675@users.noreply.github.com>
Date: Sun, 28 Apr 2024 23:24:03 +0100
Subject: [PATCH] changed ticket + filter view perms

change view perms so users can only see their own tickets

changed default signup to user, rather than admin
---
 apps/api/views.py                | 25 +++++++++++++++++++++++++
 apps/authentication/views.py     |  6 +++---
 apps/templates/home/tickets.html |  2 +-
 3 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/apps/api/views.py b/apps/api/views.py
index a477fc5..5f05332 100644
--- a/apps/api/views.py
+++ b/apps/api/views.py
@@ -47,7 +47,11 @@ class TicketListApiView(generics.ListAPIView):
     pagination_class = TicketPaginiation
     serializer_class = TicketSerializer
 
+<<<<<<< Updated upstream
     queryset = Ticket.objects.all()
+=======
+    # queryset = Ticket.objects.all()
+>>>>>>> Stashed changes
 
     filter_backends = [filters.SearchFilter, rest_filters.DjangoFilterBackend, filters.OrderingFilter]
     filterset_fields = ["uuid", "priority", "tags", "author", "author__department"]
@@ -55,12 +59,25 @@ class TicketListApiView(generics.ListAPIView):
     ordering_fields = ["create_timestamp", "edit_timestamp"]
 
     def get_queryset(self):
+<<<<<<< Updated upstream
         strict_tags = self.request.query_params.get("strict-tags")
         if not strict_tags:
             return self.queryset
 
         tag_uuids = self.request.query_params.getlist("tags", [])
         queryset = self.queryset
+=======
+        if self.request.user.is_superuser:
+            queryset=Ticket.objects.all()
+        else:
+            queryset = Ticket.objects.filter(author=self.request.user)
+
+        strict_tags = self.request.query_params.get("strict-tags")
+        if not strict_tags:
+            return queryset
+
+        tag_uuids = self.request.query_params.getlist("tags", [])
+>>>>>>> Stashed changes
 
         log.debug("tag uuids %s", tag_uuids)
 
@@ -77,7 +94,15 @@ class FilterCountListApiView(generics.ListAPIView):
     permission_classes = [permissions.IsAuthenticated]
 
     def get(self, request):
+<<<<<<< Updated upstream
         self._tickets = Ticket.objects.all()
+=======
+        if self.request.user.is_superuser:
+            self._tickets = Ticket.objects.all()
+        else:
+            self._tickets = Ticket.objects.filter(author=self.request.user)
+        
+>>>>>>> Stashed changes
         data = {"tickets": self._tickets.count()}
 
         self._fill_data(TicketPriority, data, "priority")
diff --git a/apps/authentication/views.py b/apps/authentication/views.py
index d95784c..ea15a12 100644
--- a/apps/authentication/views.py
+++ b/apps/authentication/views.py
@@ -39,9 +39,9 @@ def register_user(request):
             user = form.save(commit=False)
 
             # Develepment, give all new users admin
-            user.is_staff = True
-            user.is_superuser = True
-            user.save()
+            # user.is_staff = True
+            # user.is_superuser = True
+            # user.save()
 
             email = form.cleaned_data.get("email")
             raw_password = form.cleaned_data.get("password1")
diff --git a/apps/templates/home/tickets.html b/apps/templates/home/tickets.html
index 297024a..acbf27f 100644
--- a/apps/templates/home/tickets.html
+++ b/apps/templates/home/tickets.html
@@ -350,7 +350,7 @@
 
     <div id="ticketModal" class="modal fade" aria-hidden="true">
         <div class="modal-dialog">
-            <form method="post">
+            <form method="post" action="/tickets/new/">
 
                 {% csrf_token %}