fix(tickets): 修复申请资产工单不能关闭

apps/common/permissions.py

@@ -182,3 +182,9 @@ class CanUpdateDeleteUser(permissions.BasePermission):
         if request.method in ['PUT', 'PATCH']:
             return self.has_update_object_permission(request, view, obj)
         return True
+
+
+class IsObjectOwner(IsValidUser):
+    def has_object_permission(self, request, view, obj):
+        return (super().has_object_permission(request, view, obj) and
+                request.user == getattr(obj, 'user', None))

apps/tickets/api/request_asset_perm.py

@@ -8,7 +8,7 @@ from orgs.models import Organization, ROLE as ORG_ROLE
 from users.models.user import User
 from common.const.http import POST, GET
 from common.drf.api import JMSModelViewSet
-from common.permissions import IsValidUser
+from common.permissions import IsValidUser, IsObjectOwner
 from common.utils.django import get_object_or_none
 from common.utils.timezone import dt_parser
 from common.drf.serializers import EmptySerializer
@@ -31,6 +31,7 @@ class RequestAssetPermTicketViewSet(JMSModelViewSet):
         'default': serializers.RequestAssetPermTicketSerializer,
         'approve': EmptySerializer,
         'reject': EmptySerializer,
+        'close': EmptySerializer,
         'assignees': serializers.AssigneeSerializer,
     }
     permission_classes = (IsValidUser,)
@@ -103,6 +104,13 @@ class RequestAssetPermTicketViewSet(JMSModelViewSet):
         self._create_asset_permission(instance, assets, system_user)
         return Response({'detail': _('Succeed')})
 
+    @action(detail=True, methods=[POST], permission_classes=[IsAssignee | IsObjectOwner])
+    def close(self, request, *args, **kwargs):
+        instance = self.get_object()
+        instance.status = Ticket.STATUS.CLOSED
+        instance.save()
+        return Response({'detail': _('Succeed')})
+
     def _create_asset_permission(self, instance: Ticket, assets, system_user):
         meta = instance.meta
         request = self.request