Commit 7e942150 by Őry Máté

dashboard: acl support for vm_delete

parent c6428503
......@@ -65,3 +65,39 @@ class VmDetailTest(TestCase):
inst.set_level(self.u2, 'user')
response = c.get('/dashboard/vm/1/')
self.assertEqual(response.status_code, 200)
def test_permitted_vm_delete(self):
c = Client()
self.login(c, 'user2')
inst = Instance.objects.get(pk=1)
inst.set_level(self.u2, 'owner')
response = c.post('/dashboard/vm/delete/1/')
self.assertEqual(response.status_code, 302)
def test_not_permitted_vm_delete(self):
c = Client()
self.login(c, 'user2')
inst = Instance.objects.get(pk=1)
inst.set_level(self.u2, 'operator')
response = c.post('/dashboard/vm/delete/1/')
self.assertEqual(response.status_code, 403)
def test_unpermitted_vm_delete(self):
c = Client()
self.login(c, 'user1')
response = c.post('/dashboard/vm/delete/1/')
self.assertEqual(response.status_code, 403)
def test_unpermitted_vm_mass_delete(self):
c = Client()
self.login(c, 'user1')
response = c.post('/dashboard/vm/mass-delete/', {'vms': [1]})
self.assertEqual(response.status_code, 403)
def test_permitted_vm_mass_delete(self):
c = Client()
self.login(c, 'user2')
inst = Instance.objects.get(pk=1)
inst.set_level(self.u2, 'owner')
response = c.post('/dashboard/vm/mass-delete/', {'vms': [1]})
self.assertEqual(response.status_code, 302)
......@@ -10,6 +10,7 @@ from django.core import signing
from django.core.urlresolvers import reverse, reverse_lazy
from django.http import HttpResponse
from django.shortcuts import redirect
from django.views.decorators.http import require_POST
from django.views.generic.detail import SingleObjectMixin
from django.views.generic import TemplateView, DetailView, View
from django.contrib import messages
......@@ -238,10 +239,13 @@ class VmCreate(TemplateView):
return redirect(reverse_lazy('dashboard.views.detail', resp))
@require_POST
def delete_vm(request, **kwargs):
vm_pk = kwargs['pk']
vm = Instance.objects.get(pk=vm_pk)
if not vm.has_level(request.user, 'owner'):
raise PermissionDenied()
vm.destroy_async()
success_message = _("VM successfully deleted!")
......@@ -256,11 +260,18 @@ def delete_vm(request, **kwargs):
return redirect(next if next else reverse_lazy('dashboard.index'))
@require_POST
def mass_delete_vm(request, **kwargs):
vms = request.POST.getlist('vms')
names = []
if vms is not None:
for i in Instance.objects.filter(pk__in=vms):
if not i.has_level(request.user, 'owner'):
logger.info('Tried to delete instance #%d without owner '
'permission by %s.', i.pk, unicode(request.user))
raise PermissionDenied() # no need for rollback or proper
# error message, this can't
# normally happen.
i.destroy_async()
names.append(i.name)
......@@ -274,4 +285,6 @@ def mass_delete_vm(request, **kwargs):
content_type="application/json"
)
else:
print "wat"
messages.success(request, success_message)
next = request.GET.get('next')
return redirect(next if next else reverse_lazy('dashboard.index'))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment