Commit a51ffefa by Kálmán Viktor

dashboard: limit context evaluation by permission on dashboard index

parent a4b392d1
...@@ -710,3 +710,29 @@ class RenewViewTest(LoginMixin, TestCase): ...@@ -710,3 +710,29 @@ class RenewViewTest(LoginMixin, TestCase):
ct2 = Instance.objects.get(pk=12).activity_log.\ ct2 = Instance.objects.get(pk=12).activity_log.\
filter(activity_code__endswith='renew').count() filter(activity_code__endswith='renew').count()
self.assertEquals(ct, ct2) self.assertEquals(ct, ct2)
class IndexViewTest(LoginMixin, TestCase):
fixtures = ['test-vm-fixture.json', 'node.json']
def setUp(self):
self.u1 = User.objects.create(username='user1')
self.u1.set_password('password')
self.u1.save()
self.us = User.objects.create(username='superuser', is_superuser=True)
self.us.set_password('password')
self.us.save()
def test_context_variables_as_user(self):
c = Client()
self.login(c, 'user1')
response = c.get("/dashboard/")
self.assertEqual(response.status_code, 200)
self.assertFalse("nodes" in response.context)
def test_context_variables_as_superuser(self):
c = Client()
self.login(c, 'superuser')
response = c.get("/dashboard/")
self.assertEqual(response.status_code, 200)
self.assertTrue("nodes" in response.context)
...@@ -81,12 +81,10 @@ class IndexView(LoginRequiredMixin, TemplateView): ...@@ -81,12 +81,10 @@ class IndexView(LoginRequiredMixin, TemplateView):
template_name = "dashboard/index.html" template_name = "dashboard/index.html"
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
if self.request.user.is_authenticated(): user = self.request.user
user = self.request.user
else:
user = None
context = super(IndexView, self).get_context_data(**kwargs) context = super(IndexView, self).get_context_data(**kwargs)
# instances
favs = Instance.objects.filter(favourite__user=self.request.user) favs = Instance.objects.filter(favourite__user=self.request.user)
instances = Instance.get_objects_with_level( instances = Instance.get_objects_with_level(
'user', user).filter(destroyed_at=None) 'user', user).filter(destroyed_at=None)
...@@ -98,26 +96,6 @@ class IndexView(LoginRequiredMixin, TemplateView): ...@@ -98,26 +96,6 @@ class IndexView(LoginRequiredMixin, TemplateView):
'more_instances': instances.count() - len(instances[:5]) 'more_instances': instances.count() - len(instances[:5])
}) })
if user is not None:
context['new_notifications'] = user.notification_set.filter(
status="new").count()
nodes = Node.objects.all()
groups = Group.objects.all()
context.update({
'nodes': nodes[:10],
'more_nodes': nodes.count() - len(nodes[:10]),
'groups': groups[:10],
'more_groups': groups.count() - len(groups[:10]),
'sum_node_num': nodes.count(),
'node_num': {
'running': Node.get_state_count(True, True),
'missing': Node.get_state_count(False, True),
'disabled': Node.get_state_count(True, False),
'offline': Node.get_state_count(False, False)
}
})
running = instances.filter(status='RUNNING') running = instances.filter(status='RUNNING')
stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE')) stopped = instances.exclude(status__in=('RUNNING', 'NOSTATE'))
...@@ -127,7 +105,37 @@ class IndexView(LoginRequiredMixin, TemplateView): ...@@ -127,7 +105,37 @@ class IndexView(LoginRequiredMixin, TemplateView):
'stopped_vm_num': stopped.count() 'stopped_vm_num': stopped.count()
}) })
context['templates'] = InstanceTemplate.objects.all()[:5] # notifications
context['new_notifications'] = user.notification_set.filter(
status="new").count()
# nodes
if user.is_superuser:
nodes = Node.objects.all()
context.update({
'nodes': nodes[:10],
'more_nodes': nodes.count() - len(nodes[:10]),
'sum_node_num': nodes.count(),
'node_num': {
'running': Node.get_state_count(True, True),
'missing': Node.get_state_count(False, True),
'disabled': Node.get_state_count(True, False),
'offline': Node.get_state_count(False, False)
}
})
# groups
groups = Group.objects.all()
context.update({
'groups': groups[:10],
'more_groups': groups.count() - len(groups[:10]),
})
# template
if user.has_perm('vm.create_template'):
context['templates'] = InstanceTemplate.get_objects_with_level(
'operator', user).all()[:5]
return context return context
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment