j3d1/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2025-07-31 12:41:08 +00:00
Code Issues Projects Releases Wiki Activity

secure instance snapshot, media, options. check userinstance.is_change and instance.is_template correctly. secure mount_iso, snapshots for templates, not userinstance.is_change by @honza801

Browse source
This commit is contained in:
catborise 2018-10-24 16:42:00 +03:00
parent b5f38afbca
commit b3b9596a12
2 changed files with 20 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

22
instances/templates/instance.html
View file

@ -72,12 +72,14 @@
{% trans "Resize" %}
</a>
</li>
<li role="presentation">
<a href="#snapshots" class="action-button" aria-controls="snapshots" role="tab" data-toggle="tab">
<span id="action-block" class="glyphicon glyphicon-camera" aria-hidden="true"></span>
{% trans "Snapshots" %}
</a>
</li>
{% if request.user.is_superuser or request.user.is_staff or not userinstance.is_template %}
<li role="presentation">
<a href="#snapshots" class="action-button" aria-controls="snapshots" role="tab" data-toggle="tab">
<span id="action-block" class="glyphicon glyphicon-camera" aria-hidden="true"></span>
{% trans "Snapshots" %}
</a>
</li>
{% endif %}
<li role="presentation">
<a href="#settings" class="action-button" aria-controls="settings" role="tab" data-toggle="tab">
<span id="action-block" class="glyphicon glyphicon-cog" aria-hidden="true"></span>
@ -609,7 +611,7 @@
</select>
</div>
<div class="col-sm-2">
{% if media_iso %}
{% if media_iso and request.user.is_superuser or request.user.is_staff or not userinstance.is_template %}
<button type="submit" class="btn btn-sm btn-success pull-left" name="mount_iso" value="{{ cd.dev }}" style="margin-top: 2px;">{% trans "Mount" %}</button>
{% else %}
<button class="btn btn-sm btn-success pull-left disabled" name="mount_iso" style="margin-top: 2px;">{% trans "Mount" %}</button>
@ -621,7 +623,11 @@
</div>
<div class="col-sm-2">
<input type="hidden" name="path" value="{{ cd.path }}">
<button type="submit" class="btn btn-sm btn-success pull-left" value="{{ cd.dev }}" name="umount_iso" style="margin-top: 2px;">{% trans "Umount" %}</button>
{% if request.user.is_superuser or request.user.is_staff or not userinstance.is_template %}
<button type="submit" class="btn btn-sm btn-success pull-left" value="{{ cd.dev }}" name="umount_iso" style="margin-top: 2px;">{% trans "Umount" %}</button>
{% else %}
<button class="btn btn-sm btn-success pull-left disabled" value="{{ cd.dev }}" name="umount_iso" style="margin-top: 2px;">{% trans "Umount" %}</button>
{% endif %}
</div>
{% endif %}
</div>