dashboard: limit context evaluation by permission on dashboard index

circle/dashboard/tests/test_views.py

@@ -710,3 +710,29 @@ class RenewViewTest(LoginMixin, TestCase):
         ct2 = Instance.objects.get(pk=12).activity_log.\
         ct2 = Instance.objects.get(pk=12).activity_log.\
             filter(activity_code__endswith='renew').count()
             filter(activity_code__endswith='renew').count()
         self.assertEquals(ct, ct2)
         self.assertEquals(ct, ct2)
+
+
+class IndexViewTest(LoginMixin, TestCase):
+    fixtures = ['test-vm-fixture.json', 'node.json']
+
+    def setUp(self):
+        self.u1 = User.objects.create(username='user1')
+        self.u1.set_password('password')
+        self.u1.save()
+        self.us = User.objects.create(username='superuser', is_superuser=True)
+        self.us.set_password('password')
+        self.us.save()
+
+    def test_context_variables_as_user(self):
+        c = Client()
+        self.login(c, 'user1')
+        response = c.get("/dashboard/")
+        self.assertEqual(response.status_code, 200)
+        self.assertFalse("nodes" in response.context)
+
+    def test_context_variables_as_superuser(self):
+        c = Client()
+        self.login(c, 'superuser')
+        response = c.get("/dashboard/")
+        self.assertEqual(response.status_code, 200)
+        self.assertTrue("nodes" in response.context)

circle/dashboard/views.py

@@ -81,12 +81,10 @@ class IndexView(LoginRequiredMixin, TemplateView):
     template_name = "dashboard/index.html"
     template_name = "dashboard/index.html"
 
 
     def get_context_data(self, **kwargs):
     def get_context_data(self, **kwargs):
-        if self.request.user.is_authenticated():
         user = self.request.user
         user = self.request.user
-        else:
-            user = None
         context = super(IndexView, self).get_context_data(**kwargs)
         context = super(IndexView, self).get_context_data(**kwargs)
 
 
+        # instances
         favs = Instance.objects.filter(favourite__user=self.request.user)
         favs = Instance.objects.filter(favourite__user=self.request.user)
         instances = Instance.get_objects_with_level(
         instances = Instance.get_objects_with_level(
             'user', user).filter(destroyed_at=None)
             'user', user).filter(destroyed_at=None)
@@ -98,17 +96,25 @@ class IndexView(LoginRequiredMixin, TemplateView):
             'more_instances': instances.count() - len(instances[:5])
             'more_instances': instances.count() - len(instances[:5])
         })
         })
 
 
-        if user is not None:
+        running = instances.filter(status='RUNNING')
+        stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
+
+        context.update({
+            'running_vms': running[:20],
+            'running_vm_num': running.count(),
+            'stopped_vm_num': stopped.count()
+        })
+
+        # notifications
         context['new_notifications'] = user.notification_set.filter(
         context['new_notifications'] = user.notification_set.filter(
             status="new").count()
             status="new").count()
 
 
+        # nodes
+        if user.is_superuser:
             nodes = Node.objects.all()
             nodes = Node.objects.all()
-        groups = Group.objects.all()
             context.update({
             context.update({
                 'nodes': nodes[:10],
                 'nodes': nodes[:10],
                 'more_nodes': nodes.count() - len(nodes[:10]),
                 'more_nodes': nodes.count() - len(nodes[:10]),
-            'groups': groups[:10],
-            'more_groups': groups.count() - len(groups[:10]),
                 'sum_node_num': nodes.count(),
                 'sum_node_num': nodes.count(),
                 'node_num': {
                 'node_num': {
                     'running': Node.get_state_count(True, True),
                     'running': Node.get_state_count(True, True),
@@ -118,16 +124,18 @@ class IndexView(LoginRequiredMixin, TemplateView):
                 }
                 }
             })
             })
 
 
-        running = instances.filter(status='RUNNING')
-        stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
-
+        # groups
+        groups = Group.objects.all()
         context.update({
         context.update({
-            'running_vms': running[:20],
-            'running_vm_num': running.count(),
-            'stopped_vm_num': stopped.count()
+            'groups': groups[:10],
+            'more_groups': groups.count() - len(groups[:10]),
         })
         })
 
 
-        context['templates'] = InstanceTemplate.objects.all()[:5]
+        # template
+        if user.has_perm('vm.create_template'):
+            context['templates'] = InstanceTemplate.get_objects_with_level(
+                'operator', user).all()[:5]
+
         return context
         return context