[FIX] HELPDESK: Create ticket type is restricted to reporting managers

helpdesk/decorators.py

@@ -0,0 +1,51 @@
+from pyexpat.errors import messages
+from django.http import HttpResponseRedirect
+from django.shortcuts import render
+from base.methods import check_manager
+from helpdesk.models import Ticket
+
+
+decorator_with_arguments = (
+    lambda decorator: lambda *args, **kwargs: lambda func: decorator(
+        func, *args, **kwargs
+    )
+)
+
+
+@decorator_with_arguments
+def ticket_owner_can_enter(function, perm: str, model: object, manager_access=False):
+    from employee.models import Employee, EmployeeWorkInformation
+
+    """
+    Only the users with permission, or the owner, or employees manager can enter,
+    If manager_access:True then all the managers can enter
+    """
+
+    def _function(request, *args, **kwargs):
+        instance_id = kwargs[list(kwargs.keys())[0]]
+        if model == Employee:
+            employee = Employee.objects.get(id=instance_id)
+        else:
+            try:
+                employee = model.objects.get(id=instance_id).employee_id
+            except:
+                messages.error(request, ("Sorry, something went wrong!"))
+                return HttpResponseRedirect(request.META.get("HTTP_REFERER", "/"))
+        can_enter = (
+            request.user.employee_get == employee
+            or request.user.has_perm(perm)
+            or check_manager(request.user.employee_get, employee)
+            or (
+                EmployeeWorkInformation.objects.filter(
+                    reporting_manager_id__employee_user_id=request.user
+                ).exists()
+                if manager_access
+                else False
+            )
+            or Ticket.objects.filter(assigned_to__in = [request.user.employee_get])
+        )
+        if can_enter:
+            return function(request, *args, **kwargs)
+        return render(request, "no_perm.html")
+
+    return _function

helpdesk/forms.py

@@ -27,6 +27,7 @@ from django import forms
 from django.template.loader import render_to_string
 
 from base.forms import ModelForm
+from base.methods import is_reportingmanager
 from base.models import Department, JobPosition
 from employee.forms import MultipleFileField
 from employee.models import Employee
@@ -39,6 +40,7 @@ from helpdesk.models import (
     Ticket,
     TicketType,
 )
+from horilla import horilla_middlewares
 
 
 class TicketTypeForm(ModelForm):
@@ -122,9 +124,11 @@ class TicketForm(ModelForm):
         self.fields["tags"].choices = list(self.fields["tags"].choices)
         self.fields["tags"].choices.append(("create_new_tag", "Create new tag"))
         self.fields["ticket_type"].choices = list(self.fields["ticket_type"].choices)
-        self.fields["ticket_type"].choices.append(
-            ("create_new_ticket_type", "Create new ticket type")
-        )
+        request = getattr(horilla_middlewares._thread_locals, "request", None)
+        if is_reportingmanager(request):
+            self.fields["ticket_type"].choices.append(
+                ("create_new_ticket_type", "Create new ticket type")
+            )
 
 
 class TicketTagForm(ModelForm):

helpdesk/views.py

@@ -17,6 +17,7 @@ from base.forms import TagsForm
 from base.methods import filtersubordinates, get_key_instances, get_pagination, sortby
 from base.models import Department, JobPosition, Tags
 from employee.models import Employee
+from helpdesk.decorators import ticket_owner_can_enter
 from helpdesk.filter import FAQCategoryFilter, FAQFilter, TicketFilter, TicketReGroup
 from helpdesk.forms import (
     AttachmentForm,
@@ -45,7 +46,6 @@ from horilla.decorators import (
     hx_request_required,
     login_required,
     manager_can_enter,
-    owner_can_enter,
     permission_required,
 )
 from horilla.group_by import group_by_queryset
@@ -484,7 +484,7 @@ def ticket_create(request):
 
 @login_required
 @hx_request_required
-@owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
+@ticket_owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
 def ticket_update(request, ticket_id):
     """
     This function is responsible for updating the Ticket.
@@ -543,7 +543,7 @@ def ticket_archive(request, ticket_id):
 
 
 @login_required
-@owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
+@ticket_owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
 def change_ticket_status(request, ticket_id):
     """
     This function is responsible for changing the Ticket status.
@@ -615,7 +615,7 @@ def change_ticket_status(request, ticket_id):
 
 
 @login_required
-@owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
+@ticket_owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
 def ticket_delete(request, ticket_id):
     """
     This function is responsible for deleting the Ticket.
@@ -790,7 +790,7 @@ def ticket_filter(request):
 
 
 @login_required
-@owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
+@ticket_owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
 def ticket_detail(request, ticket_id, **kwargs):
     today = datetime.now().date()
     ticket = Ticket.objects.get(id=ticket_id)
@@ -851,7 +851,7 @@ def ticket_detail(request, ticket_id, **kwargs):
 
 
 @login_required
-# @owner_can_enter("perms.helpdesk.helpdesk_changeticket", Ticket)
+# @ticket_owner_can_enter("perms.helpdesk.helpdesk_changeticket", Ticket)
 def ticket_update_tag(request):
     """
     method to update the tags of ticket
@@ -872,7 +872,7 @@ def ticket_update_tag(request):
 
 @login_required
 @hx_request_required
-@owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
+@ticket_owner_can_enter(perm="helpdesk.change_ticket", model=Ticket)
 def ticket_change_raised_on(request, ticket_id):
     ticket = Ticket.objects.get(id=ticket_id)
     form = TicketRaisedOnForm(instance=ticket)
@@ -1137,7 +1137,7 @@ def tickets_bulk_archive(request):
 
 
 @login_required
-# @owner_can_enter("perms.helpdesk.helpdesk_changeticket", Ticket)
+# @ticket_owner_can_enter("perms.helpdesk.helpdesk_changeticket", Ticket)
 @permission_required("helpdesk.delete_ticket")
 def tickets_bulk_delete(request):
     """