From c86b28a305e8030f7c5bd2e7e2d743d92c7f828d Mon Sep 17 00:00:00 2001
From: jiangweidong <weidong.jiang@fit2cloud.com>
Date: Fri, 28 Jul 2023 14:32:31 +0800
Subject: [PATCH] =?UTF-8?q?feat:=20=E6=94=AF=E6=8C=81=E6=89=B9=E9=87=8F?=
 =?UTF-8?q?=E5=AE=A1=E6=89=B9=E5=B7=A5=E5=8D=95=20(#11014)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 apps/tickets/api/ticket.py | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/apps/tickets/api/ticket.py b/apps/tickets/api/ticket.py
index 2fa710ed6..bbe4ca4d4 100644
--- a/apps/tickets/api/ticket.py
+++ b/apps/tickets/api/ticket.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 #
+from django.utils.translation import gettext_lazy as _
 from rest_framework import viewsets
 from rest_framework.decorators import action
 from rest_framework.exceptions import MethodNotAllowed
@@ -38,9 +39,9 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
     ordering = ('-date_created',)
     rbac_perms = {
         'open': 'tickets.view_ticket',
+        'bulk': 'tickets.change_ticket',
     }
 
-
     def retrieve(self, request, *args, **kwargs):
         instance = self.get_object()
         with tmp_to_root_org():
@@ -57,6 +58,10 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
     def destroy(self, request, *args, **kwargs):
         raise MethodNotAllowed(self.action)
 
+    def ticket_not_allowed(self):
+        if self.model == Ticket:
+            raise MethodNotAllowed(self.action)
+
     def get_queryset(self):
         with tmp_to_root_org():
             queryset = self.model.get_user_related_tickets(self.request.user)
@@ -74,6 +79,8 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
 
     @action(detail=True, methods=[PUT, PATCH], permission_classes=[IsAssignee, ])
     def approve(self, request, *args, **kwargs):
+        self.ticket_not_allowed()
+
         partial = kwargs.pop('partial', False)
         instance = self.get_object()
         serializer = self.get_serializer(instance, data=request.data, partial=partial)
@@ -95,6 +102,27 @@ class TicketViewSet(CommonApiMixin, viewsets.ModelViewSet):
         instance.close()
         return Response('ok')
 
+    @action(detail=False, methods=[PUT], permission_classes=[RBACPermission, ])
+    def bulk(self, request, *args, **kwargs):
+        self.ticket_not_allowed()
+
+        allow_action = ('approve', 'reject')
+        action_ = request.query_params.get('action')
+        if action_ not in allow_action:
+            msg = _("The parameter 'action' must be [{}]").format(','.join(allow_action))
+            return Response({'error': msg}, status=400)
+
+        ticket_ids = request.data.get('tickets', [])
+        queryset = self.get_queryset().filter(state='pending').filter(id__in=ticket_ids)
+        for obj in queryset:
+            if not obj.has_current_assignee(request.user):
+                return Response(
+                    {'error': f"{_('User does not have permission')}: {obj}"}, status=400
+                )
+            handler = getattr(obj, action_)
+            handler(processor=request.user)
+        return Response('ok')
+
 
 class ApplyAssetTicketViewSet(TicketViewSet):
     model = ApplyAssetTicket