Add list and class level functionality to mixin

recircle/authorization/admin.py

+from django.contrib.auth.models import Permission
+from django.contrib import admin
+
+admin.site.register(Permission)

recircle/authorization/mixins.py

@@ -19,15 +19,19 @@ class AuthorizationMixin():
     def has_perms_for_object(self, user, method, instance):
         auth_params = self.authorization[method]
         if auth_params:
-
             for perm in auth_params["perms"]:
-                user.has_perm('')
+                if not user.has_perm(perm, instance):
+                    return False
+            return True
         else:
             logger.error(f"Invalid method for authorization: {method}")
 
-    def has_perms_for_model(self, user, method, model):
+    def has_perms_for_model(self, user, method):
         auth_params = self.authorization[method]
         if auth_params:
-            pass
+            for perm in auth_params["perms"]:
+                if not user.has_perm(perm):
+                    return False
+            return True
         else:
             logger.error(f"Invalid method for authorization: {method}")

recircle/instance/migrations/0012_auto_20190829_0754.py

+# Generated by Django 2.2.4 on 2019-08-29 07:54
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('instance', '0011_auto_20190808_1137'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='instance',
+            options={'default_permissions': (), 'permissions': (('create_instance', 'Can create a new VM.'), ('use_instance', 'Can access the VM connection info.'), ('operate_instance', 'Can use basic lifecycle methods of the VM.'), ('administer_instance', 'Can delete VM.'), ('access_console', 'Can access the graphical console of a VM.'), ('change_resources', 'Can change resources of a VM.'), ('manage_access', 'Can manage access rights for the VM.'), ('config_ports', 'Can configure port forwards.'))},
+        ),
+    ]

recircle/instance/models.py

@@ -83,6 +83,7 @@ class Instance(models.Model):
     from template.models import ImageTemplate
 
     class Meta:
+        default_permissions = ()
         permissions = (
             ('create_instance', 'Can create a new VM.'),
             ('use_instance', 'Can access the VM connection info.'),

recircle/instance/views.py

@@ -14,7 +14,7 @@ from authorization.mixins import AuthorizationMixin
 
 authorization = {
     "list": {"auth_type": "filter", "perms": ["use_instance"]},
-    "create": {"auth_type": "class", "perms": ["create_instance"]},
+    "create": {"auth_type": "class", "perms": ["instance.create_instance"], "message": "No permission to create Virtual Machine."},
     "retrieve": {"auth_type": "object", "perms": ["use_instance"]},
     "destroy": {"auth_type": "object", "perms": ["administer_instance"]},
     "template": {"auth_type": "object", "perms": ["use_instance"]},
@@ -42,6 +42,10 @@ class InstanceViewSet(AuthorizationMixin, ViewSet):
         return Response(InstanceSerializer(instances, many=True).data)
 
     def create(self, request):
+        # TODO: Put this logic in Mixin
+        if not self.has_perms_for_model(request.user, 'create'):
+            return Response({"error": "No permission to create Virtual Machine."}, status=status.HTTP_401_UNAUTHORIZED)
+
         data = request.data
         template = ImageTemplate.objects.get(pk=data["template"])
 
@@ -68,6 +72,9 @@ class InstanceViewSet(AuthorizationMixin, ViewSet):
 
     def retrieve(self, request, pk):
         instance = self.get_object(pk)
+        if not self.has_perms_for_object(request.user, 'retrieve', instance):
+            return Response({"error": "No permission to access the Virtual Machine."}, status=status.HTTP_401_UNAUTHORIZED)
+
         instanceDict = InstanceSerializer(instance).data
         remoteInstance = instance.get_remote_instance()
         remoteInstanceDict = remoteInstance.__dict__

interface_openstack @ e01d873c

-Subproject commit 1a19e4355f4af1abb49a3f6e07dc3a6c3f8bdf47
+Subproject commit e01d873c78ac17fed0438936f979de3cbaca6a5e