Commit 31317946 by Kálmán Viktor

dashboard: fix template/lease deletes

Closes #213
Closes #214
parent 345a3659
......@@ -2,7 +2,7 @@ $(function() {
/* for template removes buttons */
$('.template-delete').click(function() {
var template_pk = $(this).data('template-pk');
addModalConfirmation(deleteTemplate,
addModalConfirmationOrDisplayMessage(deleteTemplate,
{ 'url': '/dashboard/template/delete/' + template_pk + '/',
'data': [],
'template_pk': template_pk,
......@@ -13,7 +13,7 @@ $(function() {
/* for lease removes buttons */
$('.lease-delete').click(function() {
var lease_pk = $(this).data('lease-pk');
addModalConfirmation(deleteLease,
addModalConfirmationOrDisplayMessage(deleteLease,
{ 'url': '/dashboard/lease/delete/' + lease_pk + '/',
'data': [],
'lease_pk': lease_pk,
......@@ -81,3 +81,29 @@ function deleteLease(data) {
}
});
}
function addModalConfirmationOrDisplayMessage(func, data) {
$.ajax({
type: 'GET',
url: data['url'],
data: jQuery.param(data['data']),
success: function(result) {
$('body').append(result);
$('#confirmation-modal').modal('show');
$('#confirmation-modal').on('hidden.bs.modal', function() {
$('#confirmation-modal').remove();
});
$('#confirmation-modal-button').click(function() {
func(data);
$('#confirmation-modal').modal('hide');
});
},
error: function(xhr, textStatus, error) {
if(xhr.status === 403) {
addMessage(gettext("Only the owners can delete the selected object."), "warning");
} else {
addMessage(gettext("An error occurred. (") + xhr.status + ")", 'danger')
}
}
});
}
......@@ -240,6 +240,16 @@ class TemplateDelete(LoginRequiredMixin, DeleteView):
else:
return ['dashboard/confirm/base-delete.html']
def get(self, request, *args, **kwargs):
if not self.get_object().has_level(request.user, "owner"):
message = _("Only the owners can delete the selected template.")
if request.is_ajax():
raise PermissionDenied()
else:
messages.warning(request, message)
return redirect(self.get_success_url())
return super(TemplateDelete, self).get(request, *args, **kwargs)
def delete(self, request, *args, **kwargs):
object = self.get_object()
if not object.has_level(request.user, 'owner'):
......@@ -382,13 +392,17 @@ class LeaseCreate(LoginRequiredMixin, PermissionRequiredMixin,
def get_success_url(self):
return reverse_lazy("dashboard.views.template-list")
def form_valid(self, form):
retval = super(LeaseCreate, self).form_valid(form)
self.object.set_level(self.request.user, "owner")
return retval
class LeaseAclUpdateView(AclUpdateView):
model = Lease
class LeaseDetail(LoginRequiredMixin, SuperuserRequiredMixin,
SuccessMessageMixin, UpdateView):
class LeaseDetail(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
model = Lease
form_class = LeaseForm
template_name = "dashboard/lease-edit.html"
......@@ -404,8 +418,20 @@ class LeaseDetail(LoginRequiredMixin, SuperuserRequiredMixin,
def get_success_url(self):
return reverse_lazy("dashboard.views.lease-detail", kwargs=self.kwargs)
def get(self, request, *args, **kwargs):
if not self.get_object().has_level(request.user, "owner"):
message = _("Only the owners can modify the selected lease.")
messages.warning(request, message)
return redirect(reverse_lazy("dashboard.views.template-list"))
return super(LeaseDetail, self).get(request, *args, **kwargs)
def post(self, request, *args, **kwargs):
if not self.get_object().has_level(request.user, "owner"):
raise PermissionDenied()
class LeaseDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
return super(LeaseDetail, self).post(request, *args, **kwargs)
class LeaseDelete(LoginRequiredMixin, DeleteView):
model = Lease
def get_success_url(self):
......@@ -431,10 +457,23 @@ class LeaseDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
c['disable_submit'] = True
return c
def get(self, request, *args, **kwargs):
if not self.get_object().has_level(request.user, "owner"):
message = _("Only the owners can delete the selected lease.")
if request.is_ajax():
raise PermissionDenied()
else:
messages.warning(request, message)
return redirect(self.get_success_url())
return super(LeaseDelete, self).get(request, *args, **kwargs)
def delete(self, request, *args, **kwargs):
object = self.get_object()
if (object.instancetemplate_set.count() > 0):
# if there are still templates with this lease
# or the user is not owner
if (object.instancetemplate_set.count() > 0
or not object.has_level(request.user, "owner")):
raise SuspiciousOperation()
object.delete()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment