setty: added server-side access management.

circle/setty/templates/setty/index.html

@@ -118,14 +118,14 @@
           </div>
           <div class="panel-body container-fluid" id="dragContainer">
             {% for element in elementTemplateList %}
-            <div class="col-md-12 col-sm-4" id="elementTemplatePanel">
+            <div class="col-md-6 col-sm-4" id="elementTemplatePanel">
               <div class="panel panel-default">
                 <div class="panel-heading">
                   <div class="row text-center">
-                    <div class="col-xs-10 col-xs-push-1 text-center">
+                    <div class="col-xs-8 col-xs-push-2 text-center">
                       <label class="no-margin">{{ element.name }}</label>
                     </div>
-                    <div class="col-xs-1 col-xs-push-1 text-right">
+                    <div class="col-xs-2 col-xs-push-2 text-left">
                       <button class="btn btn-primary btn-xs elementTemplateInfo" element="{{ element.id }}">
                         <i class="fa fa-info"></i>
                       </button>

circle/setty/views.py

@@ -15,7 +15,7 @@
 # You should have received a copy of the GNU General Public License along
 # with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.
 
-from django.contrib import messages  # NOTE: ezt tettem ide
+from django.contrib import messages
 from django.core.exceptions import PermissionDenied
 from django.core.urlresolvers import reverse, reverse_lazy
 from django.db.models import Q
@@ -41,12 +41,24 @@ class DetailView(LoginRequiredMixin, TemplateView):
     template_name = "setty/index.html"
 
     def get_context_data(self, **kwargs):
+        logger.debug('DetailView.get_context_data() called. User: %s',
+                     unicode(self.request.user))
+        service = Service.objects.get(id=kwargs['pk'])
+
+        if self.request.user == service.user or self.request.user.is_superuser:
             context = super(DetailView, self).get_context_data(**kwargs)
             context['elementTemplateList'] = ElementTemplate.objects.all()
             context['actualId'] = kwargs['pk']
             return context
+        else:
+            raise PermissionDenied
 
     def post(self, request, *args, **kwargs):
+        logger.debug('DetailView.post() called. User: %s',
+                     unicode(self.request.user))
+        service = Service.objects.get(id=kwargs['pk'])
+
+        if self.request.user == service.user or self.request.user.is_superuser:
             if self.request.POST.get('event') == "saveService":
                 data = json.loads(self.request.POST.get('data'))
                 service = Service.objects.get(id=kwargs['pk'])
@@ -122,15 +134,26 @@ class DetailView(LoginRequiredMixin, TemplateView):
 
             else:
                 raise PermissionDenied
+        else:
+            raise PermissionDenied
 
 
 class DeleteView(LoginRequiredMixin, DeleteView):
     model = Service
     success_url = reverse_lazy("dashboard.index")
 
+    def post(self, request, *args, **kwargs):
+        logger.debug('DeleteView.post() called. User: %s',
+                     unicode(self.request.user))
+        service = Service.objects.get(id=kwargs['pk'])
+
+        if self.request.user == service.user or self.request.user.is_superuser:
+            return super(DeleteView, self).post(request, *args, **kwargs)
+        else:
+            return PermissionDenied
 
-class CreateView(LoginRequiredMixin, TemplateView):
 
+class CreateView(LoginRequiredMixin, TemplateView):
     def get_template_names(self):
         if self.request.is_ajax():
             return ['dashboard/_modal.html']
@@ -138,6 +161,8 @@ class CreateView(LoginRequiredMixin, TemplateView):
             return ['dashboard/nojs-wrapper.html']
 
     def get_context_data(self, *args, **kwargs):
+        logger.debug('CreateView.get_context_data() called. User: %s',
+                     unicode(self.request.user))
         context = super(CreateView, self).get_context_data(*args, **kwargs)
 
         context.update({
@@ -148,6 +173,8 @@ class CreateView(LoginRequiredMixin, TemplateView):
         return context
 
     def post(self, request, *args, **kwargs):
+        logger.debug('CreateView.post() called. User: %s',
+                     unicode(self.request.user))
         service_name = self.request.POST.get('serviceName')
 
         if not service_name:
@@ -181,11 +208,15 @@ class ListView(LoginRequiredMixin, FilterMixin, SingleTableView):
     }
 
     def get_context_data(self, *args, **kwargs):
+        logger.debug('ListView.get_context_data() called. User: %s',
+                     unicode(self.request.user))
         context = super(ListView, self).get_context_data(*args, **kwargs)
         context['search_form'] = self.search_form
         return context
 
     def get(self, *args, **kwargs):
+        logger.debug('ListView.get() called. User: %s',
+                     unicode(self.request.user))
         self.search_form = ServiceListSearchForm(self.request.GET)
         self.search_form.full_clean()
 
@@ -203,14 +234,14 @@ class ListView(LoginRequiredMixin, FilterMixin, SingleTableView):
             return super(ListView, self).get(*args, **kwargs)
 
     def get_queryset(self):
-        logger.debug('ListView.get  _queryset() called. User: %s',
+        logger.debug('ListView.get_queryset() called. User: %s',
                      unicode(self.request.user))
         qs = self.model.objects.all()
-        self.create_fake_get()  # NOTE: ezt tettem ide
+        self.create_fake_get()
         try:
             filters, excludes = self.get_queryset_filters()
             if not self.request.user.is_superuser:
-                filters['user'] = self.request.user  # NOTE: ezt visszairtam
+                filters['user'] = self.request.user
             qs = qs.filter(**filters).exclude(**excludes).distinct()
         except ValueError:
             messages.error(self.request, _("Error during filtering."))