corbz/ticket-website
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects 1 Releases 1 Wiki Activity

changed ticket + filter view perms

Browse Source 
change view perms so users can only see their own tickets

changed default signup to user, rather than admin
This commit is contained in:
jamesparkin675 2024-04-28 23:24:03 +01:00
parent bf4a50d6be
commit 53239fa9ac
3 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
apps/api/views.py
View File

@ -47,7 +47,11 @@ class TicketListApiView(generics.ListAPIView):
pagination_class = TicketPaginiation pagination_class = TicketPaginiation
serializer_class = TicketSerializer serializer_class = TicketSerializer
<<<<<<< Updated upstream
queryset = Ticket.objects.all() queryset = Ticket.objects.all()
=======
# queryset = Ticket.objects.all()
>>>>>>> Stashed changes
filter_backends = [filters.SearchFilter, rest_filters.DjangoFilterBackend, filters.OrderingFilter] filter_backends = [filters.SearchFilter, rest_filters.DjangoFilterBackend, filters.OrderingFilter]
filterset_fields = ["uuid", "priority", "tags", "author", "author__department"] filterset_fields = ["uuid", "priority", "tags", "author", "author__department"]
@ -55,12 +59,25 @@ class TicketListApiView(generics.ListAPIView):
ordering_fields = ["create_timestamp", "edit_timestamp"] ordering_fields = ["create_timestamp", "edit_timestamp"]
def get_queryset(self): def get_queryset(self):
<<<<<<< Updated upstream
strict_tags = self.request.query_params.get("strict-tags") strict_tags = self.request.query_params.get("strict-tags")
if not strict_tags: if not strict_tags:
return self.queryset return self.queryset
tag_uuids = self.request.query_params.getlist("tags", []) tag_uuids = self.request.query_params.getlist("tags", [])
queryset = self.queryset queryset = self.queryset
=======
if self.request.user.is_superuser:
queryset=Ticket.objects.all()
else:
queryset = Ticket.objects.filter(author=self.request.user)
strict_tags = self.request.query_params.get("strict-tags")
if not strict_tags:
return queryset
tag_uuids = self.request.query_params.getlist("tags", [])
>>>>>>> Stashed changes
log.debug("tag uuids %s", tag_uuids) log.debug("tag uuids %s", tag_uuids)
@ -77,7 +94,15 @@ class FilterCountListApiView(generics.ListAPIView):
permission_classes = [permissions.IsAuthenticated] permission_classes = [permissions.IsAuthenticated]
def get(self, request): def get(self, request):
<<<<<<< Updated upstream
self._tickets = Ticket.objects.all() self._tickets = Ticket.objects.all()
=======
if self.request.user.is_superuser:
self._tickets = Ticket.objects.all()
else:
self._tickets = Ticket.objects.filter(author=self.request.user)
>>>>>>> Stashed changes
data = {"tickets": self._tickets.count()} data = {"tickets": self._tickets.count()}
self._fill_data(TicketPriority, data, "priority") self._fill_data(TicketPriority, data, "priority")

6
apps/authentication/views.py
View File

@ -39,9 +39,9 @@ def register_user(request):
user = form.save(commit=False) user = form.save(commit=False)
# Develepment, give all new users admin # Develepment, give all new users admin
user.is_staff = True # user.is_staff = True
user.is_superuser = True # user.is_superuser = True
user.save() # user.save()
email = form.cleaned_data.get("email") email = form.cleaned_data.get("email")
raw_password = form.cleaned_data.get("password1") raw_password = form.cleaned_data.get("password1")

2
apps/templates/home/tickets.html
View File

@ -350,7 +350,7 @@
<div id="ticketModal" class="modal fade" aria-hidden="true"> <div id="ticketModal" class="modal fade" aria-hidden="true">
<div class="modal-dialog"> <div class="modal-dialog">
<form method="post"> <form method="post" action="/tickets/new/">
{% csrf_token %} {% csrf_token %}