Commit b0eb77fb by Kálmán Viktor

occi: raise permission denied if user can't create disk

parent d3987543
import re import re
import logging import logging
from django.contrib.auth.models import User
from django.template.loader import render_to_string from django.template.loader import render_to_string
from django.utils import timezone from django.utils import timezone
from django.utils.formats import date_format from django.utils.formats import date_format
......
...@@ -41,6 +41,9 @@ class CSRFExemptMixin(object): ...@@ -41,6 +41,9 @@ class CSRFExemptMixin(object):
return super(CSRFExemptMixin, self).dispatch(*args, **kwargs) return super(CSRFExemptMixin, self).dispatch(*args, **kwargs)
except HumanReadableException as e: except HumanReadableException as e:
return HttpResponse(e.get_user_text(), status=400) return HttpResponse(e.get_user_text(), status=400)
except PermissionDenied as e:
return HttpResponse("", status=401)
class OCCIPostDataAsListMixin(object): class OCCIPostDataAsListMixin(object):
...@@ -103,7 +106,8 @@ class QueryInterface(CSRFExemptMixin, View): ...@@ -103,7 +106,8 @@ class QueryInterface(CSRFExemptMixin, View):
class ComputeInterface(CSRFExemptMixin, OCCIPostDataAsListMixin, View): class ComputeInterface(CSRFExemptMixin, OCCIPostDataAsListMixin, View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
vms = Instance.get_objects_with_level("user", self.request.user) vms = Instance.get_objects_with_level(
"user", self.request.user).filter(destroyed_at=None)
response = "\n".join([Compute(instance=i).render_location() response = "\n".join([Compute(instance=i).render_location()
for i in vms]) for i in vms])
return HttpResponse( return HttpResponse(
...@@ -183,6 +187,9 @@ class StorageInterface(CSRFExemptMixin, OCCIPostDataAsListMixin, View): ...@@ -183,6 +187,9 @@ class StorageInterface(CSRFExemptMixin, OCCIPostDataAsListMixin, View):
) )
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
if not self.request.user.has_perm("storage.create_empty_disk"):
raise PermissionDenied
data = self.get_post_data(request) data = self.get_post_data(request)
d = Storage.create_object(data=data, user=self.request.user) d = Storage.create_object(data=data, user=self.request.user)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment