From 11493b9f3dbfad1ef2bf8d29080d167c43ef15cb Mon Sep 17 00:00:00 2001
From: xinwen <coderWen@126.com>
Date: Wed, 19 Aug 2020 13:49:59 +0800
Subject: [PATCH] =?UTF-8?q?fix(tickets):=20=E4=BF=AE=E5=A4=8D=E7=94=B3?=
 =?UTF-8?q?=E8=AF=B7=E8=B5=84=E4=BA=A7=E5=B7=A5=E5=8D=95=E4=B8=8D=E8=83=BD?=
 =?UTF-8?q?=E5=85=B3=E9=97=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/common/permissions.py             |  6 ++++++
 apps/tickets/api/request_asset_perm.py | 10 +++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/apps/common/permissions.py b/apps/common/permissions.py
index 43aa3fe3f..40f665af1 100644
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -182,3 +182,9 @@ class CanUpdateDeleteUser(permissions.BasePermission):
         if request.method in ['PUT', 'PATCH']:
             return self.has_update_object_permission(request, view, obj)
         return True
+
+
+class IsObjectOwner(IsValidUser):
+    def has_object_permission(self, request, view, obj):
+        return (super().has_object_permission(request, view, obj) and
+                request.user == getattr(obj, 'user', None))
diff --git a/apps/tickets/api/request_asset_perm.py b/apps/tickets/api/request_asset_perm.py
index 5b62b8dcf..d33ea34cf 100644
--- a/apps/tickets/api/request_asset_perm.py
+++ b/apps/tickets/api/request_asset_perm.py
@@ -8,7 +8,7 @@ from orgs.models import Organization, ROLE as ORG_ROLE
 from users.models.user import User
 from common.const.http import POST, GET
 from common.drf.api import JMSModelViewSet
-from common.permissions import IsValidUser
+from common.permissions import IsValidUser, IsObjectOwner
 from common.utils.django import get_object_or_none
 from common.utils.timezone import dt_parser
 from common.drf.serializers import EmptySerializer
@@ -31,6 +31,7 @@ class RequestAssetPermTicketViewSet(JMSModelViewSet):
         'default': serializers.RequestAssetPermTicketSerializer,
         'approve': EmptySerializer,
         'reject': EmptySerializer,
+        'close': EmptySerializer,
         'assignees': serializers.AssigneeSerializer,
     }
     permission_classes = (IsValidUser,)
@@ -103,6 +104,13 @@ class RequestAssetPermTicketViewSet(JMSModelViewSet):
         self._create_asset_permission(instance, assets, system_user)
         return Response({'detail': _('Succeed')})
 
+    @action(detail=True, methods=[POST], permission_classes=[IsAssignee | IsObjectOwner])
+    def close(self, request, *args, **kwargs):
+        instance = self.get_object()
+        instance.status = Ticket.STATUS.CLOSED
+        instance.save()
+        return Response({'detail': _('Succeed')})
+
     def _create_asset_permission(self, instance: Ticket, assets, system_user):
         meta = instance.meta
         request = self.request