mirror of
https://github.com/retspen/webvirtcloud
synced 2024-12-24 23:25:24 +00:00
Check user permission before delete or resize
Else a user without these permission could delete or resize and instance by forging a good post request.
This commit is contained in:
parent
4ce76f57c6
commit
7b3fcd17ea
1 changed files with 2 additions and 2 deletions
|
@ -260,7 +260,7 @@ def instance(request, compute_id, vname):
|
|||
addlogmsg(request.user.username, instance.name, msg)
|
||||
return HttpResponseRedirect(request.get_full_path() + '#powerforce')
|
||||
|
||||
if 'delete' in request.POST:
|
||||
if 'delete' in request.POST and (request.user.is_superuser or userinstace.is_delete):
|
||||
if conn.get_status() == 1:
|
||||
conn.force_shutdown()
|
||||
if request.POST.get('delete_disk', ''):
|
||||
|
@ -330,7 +330,7 @@ def instance(request, compute_id, vname):
|
|||
msg = _("Please shutdow down your instance and then try again")
|
||||
error_messages.append(msg)
|
||||
|
||||
if 'resize' in request.POST:
|
||||
if 'resize' in request.POST and (request.user.is_superuser or userinstace.is_change):
|
||||
vcpu = request.POST.get('vcpu', '')
|
||||
cur_vcpu = request.POST.get('cur_vcpu', '')
|
||||
memory = request.POST.get('memory', '')
|
||||
|
|
Loading…
Reference in a new issue