From 88c261e278d8c819ce08ae02cf9c2c6ad4c91b52 Mon Sep 17 00:00:00 2001 From: catborise Date: Fri, 20 Nov 2020 14:19:53 +0300 Subject: [PATCH 1/2] prevent users to access others vnc console if he is not owner --- console/views.py | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/console/views.py b/console/views.py index c5464aa..7a6691b 100644 --- a/console/views.py +++ b/console/views.py @@ -1,8 +1,13 @@ import re +from vrtManager.util import randomUUID + +from django.http.response import HttpResponseServerError from django.shortcuts import render +from django.utils.translation import gettext_lazy as _ from libvirt import libvirtError +from accounts.models import UserInstance from appsettings.settings import app_settings from instances.models import Instance from vrtManager.instance import wvmInstance @@ -35,7 +40,20 @@ def console(request): temptoken = token.split("-", 1) host = int(temptoken[0]) uuid = temptoken[1] - instance = Instance.objects.get(compute_id=host, uuid=uuid) + + if not request.user.is_superuser: + try: + userInstance = UserInstance.objects.get( + instance__compute_id=host, instance__uuid=uuid, user__id=request.user.id + ) + instance = Instance.objects.get(compute_id=host, uuid=uuid) + except UserInstance.DoesNotExist: + instance = None + console_error = _("User does not have permission to access console or host/instance not exist") + return HttpResponseServerError(console_error) + else: + instance = Instance.objects.get(compute_id=host, uuid=uuid) + conn = wvmInstance( instance.compute.hostname, instance.compute.login, @@ -63,9 +81,9 @@ def console(request): response = render(request, console_page, locals()) else: if console_type is None: - console_error = "Fail to get console. Please check the console configuration of your VM." + console_error = _("Fail to get console. Please check the console configuration of your VM.") else: - console_error = "Console type '%(type)s' has not support" % {"type": console_type} + console_error = _("Console type '%(type)s' has not support") % {"type": console_type} response = render(request, "console-vnc-lite.html", locals()) response.set_cookie("token", token) From 3b74571580ab00c526dc9458a8edd03fb5b2ab2f Mon Sep 17 00:00:00 2001 From: catborise Date: Fri, 20 Nov 2020 14:20:29 +0300 Subject: [PATCH 2/2] disable all codebase linting but only changed ones --- .github/workflows/linter.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 74c2b8e..e6a4139 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -71,6 +71,7 @@ jobs: FILTER_REGEX_EXCLUDE: .*(static|scss|venv|locale)/.* DEFAULT_BRANCH: master GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + VALIDATE_ALL_CODEBASE: false VALIDATE_ANSIBLE: false VALIDATE_CLOJURE: false VALIDATE_COFFEE: false