Commit 13bfd1ff by Őry Máté

dashboard: do basic ownership auth for mass ops

parent 71b3d176
...@@ -1024,7 +1024,10 @@ class MassOperationView(OperationView): ...@@ -1024,7 +1024,10 @@ class MassOperationView(OperationView):
template_name = 'dashboard/mass-operate.html' template_name = 'dashboard/mass-operate.html'
def check_auth(self): def check_auth(self):
pass # OperationView.get calls this for i in self.get_object():
if not i.has_level(self.request.user, "user"):
raise PermissionDenied(
"You have no user access to instance %d" % i.pk)
@classmethod @classmethod
def get_urlname(cls): def get_urlname(cls):
...@@ -1075,13 +1078,19 @@ class MassOperationView(OperationView): ...@@ -1075,13 +1078,19 @@ class MassOperationView(OperationView):
op = self.get_op(i) op = self.get_op(i)
op.check_auth(user) op.check_auth(user)
op.check_precond() op.check_precond()
except PermissionDenied as e:
i.disabled = create_readable(
_("You are not permitted to execute %(op)s on instance "
"%(instance)s."), instance=i.pk, op=self.name)
i.disabled_icon = "lock"
except Exception as e: except Exception as e:
i.disabled = fetch_human_exception(e) i.disabled = fetch_human_exception(e)
else: else:
i.disabled = False i.disabled = None
return instances return instances
def post(self, request, extra=None, *args, **kwargs): def post(self, request, extra=None, *args, **kwargs):
self.check_auth()
if extra is None: if extra is None:
extra = {} extra = {}
self._call_operations(extra) self._call_operations(extra)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment