Fix group permissions
fixed (3cf09597)
diff --git a/circle/dashboard/templates/dashboard/index.html b/circle/dashboard/templates/dashboard/index.html
index 095a8a4..9d3b191 100644
--- a/circle/dashboard/templates/dashboard/index.html
+++ b/circle/dashboard/templates/dashboard/index.html
@@ -17,7 +17,7 @@
</div>
{% endif %}
- {% if perms.group %}
+ {% if perms.auth %}
<div class="col-lg-4 col-sm-6">
{% include "dashboard/index-groups.html" %}
</div>
diff --git a/circle/dashboard/views.py b/circle/dashboard/views.py
index 7a8446d..f6b10a4 100644
--- a/circle/dashboard/views.py
+++ b/circle/dashboard/views.py
@@ -50,7 +51,7 @@ from vm.models import (
)
from storage.models import Disk
from firewall.models import Vlan, Host, Rule
-from dashboard.models import Favourite, Profile
+from dashboard.models import Favourite, Profile, GroupProfile
logger = logging.getLogger(__name__)
@@ -127,11 +128,14 @@ class IndexView(LoginRequiredMixin, TemplateView):
})
# groups
- groups = Group.objects.all()
- context.update({
- 'groups': groups[:5],
- 'more_groups': groups.count() - len(groups[:5]),
- })
+ if user.has_module_perms('auth'):
+ pks = [i[0] for i in GroupProfile.get_objects_with_level(
+ 'operator', user).values_list('pk')]
+ groups = Group.objects.filter(groupprofile__in=pks)
+ context.update({
+ 'groups': groups[:5],
+ 'more_groups': groups.count() - len(groups[:5]),
+ })
# template
if user.has_perm('vm.create_template'):
@@ -583,6 +587,7 @@ class NodeDetailView(LoginRequiredMixin, SuperuserRequiredMixin, DetailView):
class GroupDetailView(CheckedDetailView):
template_name = "dashboard/group-detail.html"
model = Group
+ read_level = 'operator'
def get_has_level(self):
return self.object.profile.has_level
@@ -1349,7 +1366,7 @@ class NodeCreate(LoginRequiredMixin, SuperuserRequiredMixin, TemplateView):
return redirect(path)
-class GroupCreate(LoginRequiredMixin, SuperuserRequiredMixin, TemplateView):
+class GroupCreate(LoginRequiredMixin, TemplateView):
form_class = GroupCreateForm
form = None
@@ -1361,6 +1378,8 @@ class GroupCreate(LoginRequiredMixin, SuperuserRequiredMixin, TemplateView):
return ['dashboard/nojs-wrapper.html']
def get(self, request, form=None, *args, **kwargs):
+ if not request.user.has_module_perms('auth'):
+ raise PermissionDenied()
if form is None:
form = self.form_class()
context = self.get_context_data(**kwargs)
@@ -1381,11 +1400,14 @@ class GroupCreate(LoginRequiredMixin, SuperuserRequiredMixin, TemplateView):
return context
def post(self, request, *args, **kwargs):
+ if not request.user.has_module_perms('auth'):
+ raise PermissionDenied()
form = self.form_class(request.POST)
if not form.is_valid():
return self.get(request, form, *args, **kwargs)
form.cleaned_data
savedform = form.save()
+ savedform.profile.set_level(request.user, 'owner')
messages.success(request, _('Group successfully created!'))
if request.is_ajax():
return HttpResponse(json.dumps({'redirect':