dashboard: require user level for vm details page

circle/dashboard/tests/test_vm.py

@@ -2,25 +2,66 @@ from django.test import TestCase
 from django.test.client import Client
 from django.contrib.auth.models import User, Group
 
+from vm.models import Instance
+
 
 class VmDetailTest(TestCase):
     fixtures = ['test-vm-fixture.json']
 
     def setUp(self):
         self.u1 = User.objects.create(username='user1')
+        self.u1.set_password('password')
+        self.u1.save()
         self.u2 = User.objects.create(username='user2', is_staff=True)
+        self.u2.set_password('password')
+        self.u2.save()
         self.us = User.objects.create(username='superuser', is_superuser=True)
+        self.us.save()
         self.g1 = Group.objects.create(name='group1')
         self.g1.user_set.add(self.u1)
         self.g1.user_set.add(self.u2)
         self.g1.save()
 
+    def tearDown(self):
+        super(VmDetailTest, self).tearDown()
+        self.u1.delete()
+        self.u2.delete()
+        self.us.delete()
+        self.g1.delete()
+
+    def login(self, client, username, password='password'):
+        response = client.post('/login/', {'username': username,
+                                           'password': password})
+        self.assertNotEqual(response.status_code, 403)
+
     def test_404_vm_page(self):
         c = Client()
         response = c.get('/dashboard/vm/235555/')
         self.assertEqual(response.status_code, 404)
 
-    def test_vm_page(self):
+    def test_anon_vm_page(self):
+        c = Client()
+        response = c.get('/dashboard/vm/1/')
+        self.assertEqual(response.status_code, 403)
+
+    def test_unauth_vm_page(self):
+        c = Client()
+        self.login(c, 'user1')
+        response = c.get('/dashboard/vm/1/')
+        self.assertEqual(response.status_code, 403)
+
+    def test_operator_vm_page(self):
+        c = Client()
+        self.login(c, 'user2')
+        inst = Instance.objects.get(pk=1)
+        inst.set_level(self.u2, 'operator')
+        response = c.get('/dashboard/vm/1/')
+        self.assertEqual(response.status_code, 200)
+
+    def test_user_vm_page(self):
         c = Client()
+        self.login(c, 'user2')
+        inst = Instance.objects.get(pk=1)
+        inst.set_level(self.u2, 'user')
         response = c.get('/dashboard/vm/1/')
         self.assertEqual(response.status_code, 200)

circle/dashboard/views.py

@@ -5,20 +5,16 @@ import re
 
 from django.contrib.auth.models import User, Group
 from django.contrib.messages import warning
-from django.core import signing
 from django.core.exceptions import PermissionDenied
-from django.core.urlresolvers import reverse
+from django.core import signing
+from django.core.urlresolvers import reverse, reverse_lazy
+from django.http import HttpResponse
 from django.shortcuts import redirect
 from django.utils.translation import ugettext_lazy as _
-from django.views.generic import TemplateView, DetailView, View
 from django.views.generic.detail import SingleObjectMixin
-from django.http import HttpResponse
-from django.views.generic import TemplateView, DetailView
-from django.core.urlresolvers import reverse_lazy
-from django.shortcuts import redirect
+from django.views.generic import TemplateView, DetailView, View
 
 from django_tables2 import SingleTableView
-from tables import VmListTable
 
 from .tables import VmListTable
 from vm.models import Instance, InstanceTemplate, InterfaceTemplate
@@ -63,7 +59,18 @@ def get_acl_data(obj):
             'url': reverse('dashboard.views.vm-acl', args=[obj.pk])}
 
 
-class VmDetailView(DetailView):
+class CheckedDetailView(DetailView):
+    read_level = 'user'
+
+    def get_context_data(self, **kwargs):
+        context = super(CheckedDetailView, self).get_context_data(**kwargs)
+        instance = context['instance']
+        if not instance.has_level(self.request.user, self.read_level):
+            raise PermissionDenied()
+        return context
+
+
+class VmDetailView(CheckedDetailView):
     template_name = "dashboard/vm-detail.html"
     model = Instance