Commit 1be19049 by Kálmán Viktor

Merge branch 'feature-filter-su-perms' into 'master'

Filter out not owned VM-s for superuser
parents 451790d6 73218bb7
...@@ -177,14 +177,15 @@ class AclBase(Model): ...@@ -177,14 +177,15 @@ class AclBase(Model):
@classmethod @classmethod
def get_objects_with_level(cls, level, user, def get_objects_with_level(cls, level, user,
group_also=True, owner_also=False): group_also=True, owner_also=False,
disregard_superuser=False):
logger.debug('%s.get_objects_with_level(%s,%s) called', logger.debug('%s.get_objects_with_level(%s,%s) called',
unicode(cls), unicode(level), unicode(user)) unicode(cls), unicode(level), unicode(user))
if user is None or not user.is_authenticated(): if user is None or not user.is_authenticated():
return cls.objects.none() return cls.objects.none()
if getattr(user, 'is_superuser', False): if getattr(user, 'is_superuser', False) and not disregard_superuser:
logger.debug('- superuser granted') logger.debug('- superuser granted')
return cls.objects return cls.objects.all()
if isinstance(level, basestring): if isinstance(level, basestring):
level = cls.get_level_object(level) level = cls.get_level_object(level)
logger.debug("- level set by str: %s", unicode(level)) logger.debug("- level set by str: %s", unicode(level))
......
...@@ -161,6 +161,20 @@ class AclUserTest(TestCase): ...@@ -161,6 +161,20 @@ class AclUserTest(TestCase):
self.assertItemsEqual( self.assertItemsEqual(
TestModel.get_objects_with_level('alfa', self.u2), [i2]) TestModel.get_objects_with_level('alfa', self.u2), [i2])
def test_get_objects_with_level_for_superuser(self):
i1 = TestModel.objects.create(normal_field='Hello1')
i2 = TestModel.objects.create(normal_field='Hello2')
i1.set_level(self.u1, 'alfa')
i2.set_level(self.us, 'alfa')
self.assertItemsEqual(
TestModel.get_objects_with_level('alfa', self.u1), [i1])
self.assertItemsEqual(
TestModel.get_objects_with_level('alfa', self.us), [i1, i2])
self.assertItemsEqual(
TestModel.get_objects_with_level('alfa', self.us,
disregard_superuser=True), [i2])
def test_get_objects_with_level_for_group(self): def test_get_objects_with_level_for_group(self):
i1 = TestModel.objects.create(normal_field='Hello1') i1 = TestModel.objects.create(normal_field='Hello1')
i2 = TestModel.objects.create(normal_field='Hello2') i2 = TestModel.objects.create(normal_field='Hello2')
......
...@@ -90,7 +90,7 @@ class IndexView(LoginRequiredMixin, TemplateView): ...@@ -90,7 +90,7 @@ class IndexView(LoginRequiredMixin, TemplateView):
# instances # instances
favs = Instance.objects.filter(favourite__user=self.request.user) favs = Instance.objects.filter(favourite__user=self.request.user)
instances = Instance.get_objects_with_level( instances = Instance.get_objects_with_level(
'user', user).filter(destroyed_at=None) 'user', user, disregard_superuser=True).filter(destroyed_at=None)
display = list(favs) + list(set(instances) - set(favs)) display = list(favs) + list(set(instances) - set(favs))
for d in display: for d in display:
d.fav = True if d in favs else False d.fav = True if d in favs else False
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment