Commit 8b724e09 by Kálmán Viktor

Merge branch 'issue-296' into 'master'

Disabled edit buttons if user has only user perm in vm detail

Closes #296

See merge request !215
parents a3ceda07 9d1a11ca
......@@ -47,7 +47,10 @@
<div class="input-group vm-details-home-name">
<input id="vm-details-rename-name" class="form-control input-sm" name="new_name" type="text" value="{{ instance.name }}"/>
<span class="input-group-btn">
<button type="submit" class="btn btn-sm vm-details-rename-submit">{% trans "Rename" %}</button>
<button type="submit" class="btn btn-sm vm-details-rename-submit
{% if not is_operator %}disabled{% endif %}">
{% trans "Rename" %}
</button>
</span>
</div>
</form>
......
......@@ -11,7 +11,8 @@
<span class="input-group-addon">/</span>
<select class="form-control" name="proto" style="width: 70px;"><option>tcp</option><option>udp</option></select>
<div class="input-group-btn">
<button type="submit" class="btn btn-success btn-sm">{% trans "Add" %}</button>
<button type="submit" class="btn btn-success btn-sm
{% if not is_operator %}disabled{% endif %}">{% trans "Add" %}</button>
</div>
</div>
</form>
......
......@@ -6,7 +6,9 @@
<dd><i class="fa fa-{{ os_type_icon }}"></i> {{ instance.system }}</dd>
<dt style="margin-top: 5px;">
{% trans "Name" %}:
{% if is_operator %}
<a href="#" class="vm-details-home-edit-name-click"><i class="fa fa-pencil"></i></a>
{% endif %}
</dt>
<dd>
<div class="vm-details-home-edit-name-click">
......@@ -18,8 +20,9 @@
<div class="input-group">
<input type="text" name="new_name" value="{{ instance.name }}" class="form-control input-sm"/>
<span class="input-group-btn">
<button type="submit" class="btn btn-success btn-sm vm-details-rename-submit">
<i class="fa fa-pencil"></i> {% trans "Rename" %}
<button type="submit" class="btn btn-success btn-sm vm-details-rename-submit
{% if not is_operator %}disabled{% endif %}" title="{% trans "Rename" %}">
<i class="fa fa-pencil"></i>
</button>
</span>
</div>
......@@ -28,7 +31,9 @@
</dd>
<dt style="margin-top: 5px;">
{% trans "Description" %}:
{% if is_operator %}
<a href="#" class="vm-details-home-edit-description-click"><i class="fa fa-pencil"></i></a>
{% endif %}
</dt>
<dd>
{% csrf_token %}
......@@ -38,7 +43,8 @@
<div id="vm-details-home-description" class="js-hidden">
<form method="POST">
<textarea name="new_description" class="form-control">{{ instance.description }}</textarea>
<button type="submit" class="btn btn-xs btn-success vm-details-description-submit">
<button type="submit" class="btn btn-xs btn-success vm-details-description-submit
{% if not is_operator %}disabled{% endif %}">
<i class="fa fa-pencil"></i> {% trans "Update" %}
</button>
</form>
......@@ -58,9 +64,17 @@
</h4>
<dl>
<dt>{% trans "Suspended at:" %}</dt>
<dd><i class="fa fa-moon-o"></i> {{ instance.time_of_suspend|timeuntil }}</dd>
<dd>
<span title="{{ instance.time_of_suspend }}">
<i class="fa fa-moon-o"></i> {{ instance.time_of_suspend|timeuntil }}
</span>
</dd>
<dt>{% trans "Destroyed at:" %}</dt>
<dd><i class="fa fa-times"></i> {{ instance.time_of_delete|timeuntil }}</dd>
<dd>
<span title="{{ instance.time_of_delete }}">
<i class="fa fa-times"></i> {{ instance.time_of_delete|timeuntil }}
</span>
</dd>
</dl>
<div style="font-weight: bold;">{% trans "Tags" %}</div>
......@@ -70,11 +84,13 @@
{% for t in instance.tags.all %}
<div class="label label-primary label-tag" style="display: inline-block">
{{ t }}
{% if is_operator %}
<a href="#" class="vm-details-remove-tag"><i class="fa fa-times"></i></a>
{% endif %}
</div>
{% endfor %}
{% else %}
<small>{% trans "No tag added!" %}</small>
<small>{% trans "No tag added." %}</small>
{% endif %}
</div>
<form action="" method="POST">
......@@ -85,7 +101,8 @@
<i class="fa fa-question"></i>
</div>-->
<div class="input-group-btn">
<input type="submit" class="btn btn-default btn-sm input-tags" value="{% trans "Add tag" %}"/>
<input type="submit" class="btn btn-default btn-sm input-tags
{% if not is_operator %}disabled{% endif %}" value="{% trans "Add tag" %}"/>
</div>
</div>
</form>
......
......@@ -21,11 +21,13 @@
<a href="{{ i.host.get_absolute_url }}"
class="btn btn-default btn-xs">{% trans "edit" %}</a>
{% endif %}
{% if is_owner %}
<a href="{% url "dashboard.views.interface-delete" pk=i.pk %}?next={{ request.path }}"
class="btn btn-danger btn-xs interface-remove"
data-interface-pk="{{ i.pk }}">
{% trans "remove" %}
</a>
{% endif %}
</h3>
{% if i.host %}
<div class="row">
......
......@@ -97,6 +97,8 @@ class VmDetailView(GraphMixin, CheckedDetailView):
context = super(VmDetailView, self).get_context_data(**kwargs)
instance = context['instance']
user = self.request.user
is_operator = instance.has_level(user, "operator")
is_owner = instance.has_level(user, "owner")
ops = get_operations(instance, user)
context.update({
'graphite_enabled': settings.GRAPHITE_URL is not None,
......@@ -152,9 +154,11 @@ class VmDetailView(GraphMixin, CheckedDetailView):
context['client_download'] = self.request.COOKIES.get(
'downloaded_client')
# can link template
context['can_link_template'] = (
instance.template and instance.template.has_level(user, "operator")
)
context['can_link_template'] = instance.template and is_operator
# is operator/owner
context['is_operator'] = is_operator
context['is_owner'] = is_owner
return context
......@@ -174,7 +178,7 @@ class VmDetailView(GraphMixin, CheckedDetailView):
def __set_name(self, request):
self.object = self.get_object()
if not self.object.has_level(request.user, 'owner'):
if not self.object.has_level(request.user, "operator"):
raise PermissionDenied()
new_name = request.POST.get("new_name")
Instance.objects.filter(pk=self.object.pk).update(
......@@ -197,7 +201,7 @@ class VmDetailView(GraphMixin, CheckedDetailView):
def __set_description(self, request):
self.object = self.get_object()
if not self.object.has_level(request.user, 'owner'):
if not self.object.has_level(request.user, "operator"):
raise PermissionDenied()
new_description = request.POST.get("new_description")
......@@ -221,7 +225,7 @@ class VmDetailView(GraphMixin, CheckedDetailView):
def __add_tag(self, request):
new_tag = request.POST.get('new_tag')
self.object = self.get_object()
if not self.object.has_level(request.user, 'owner'):
if not self.object.has_level(request.user, "operator"):
raise PermissionDenied()
if len(new_tag) < 1:
......@@ -243,7 +247,7 @@ class VmDetailView(GraphMixin, CheckedDetailView):
try:
to_remove = request.POST.get('to_remove')
self.object = self.get_object()
if not self.object.has_level(request.user, 'owner'):
if not self.object.has_level(request.user, "operator"):
raise PermissionDenied()
self.object.tags.remove(to_remove)
......@@ -262,8 +266,8 @@ class VmDetailView(GraphMixin, CheckedDetailView):
def __add_port(self, request):
object = self.get_object()
if (not object.has_level(request.user, 'owner') or
not request.user.has_perm('vm.config_ports')):
if not (object.has_level(request.user, "operator") and
request.user.has_perm('vm.config_ports')):
raise PermissionDenied()
port = request.POST.get("port")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment