mirror of
https://github.com/retspen/webvirtcloud
synced 2025-01-12 08:25:18 +00:00
secure instance snapshot, media, options. check userinstance.is_change and instance.is_template correctly. secure mount_iso, snapshots for templates, not userinstance.is_change by @honza801
This commit is contained in:
catborise
parent
b5f38afbca
commit
b3b9596a12
2 changed files with 20 additions and 14 deletions
|
|
@ -72,12 +72,14 @@
|
||||||
{% trans "Resize" %}
|
{% trans "Resize" %}
|
||||||
</a>
|
</a>
|
||||||
</li>
|
</li>
|
||||||
<li role="presentation">
|
{% if request.user.is_superuser or request.user.is_staff or not userinstance.is_template %}
|
||||||
<a href="#snapshots" class="action-button" aria-controls="snapshots" role="tab" data-toggle="tab">
|
<li role="presentation">
|
||||||
<span id="action-block" class="glyphicon glyphicon-camera" aria-hidden="true"></span>
|
<a href="#snapshots" class="action-button" aria-controls="snapshots" role="tab" data-toggle="tab">
|
||||||
{% trans "Snapshots" %}
|
<span id="action-block" class="glyphicon glyphicon-camera" aria-hidden="true"></span>
|
||||||
</a>
|
{% trans "Snapshots" %}
|
||||||
</li>
|
</a>
|
||||||
|
</li>
|
||||||
|
{% endif %}
|
||||||
<li role="presentation">
|
<li role="presentation">
|
||||||
<a href="#settings" class="action-button" aria-controls="settings" role="tab" data-toggle="tab">
|
<a href="#settings" class="action-button" aria-controls="settings" role="tab" data-toggle="tab">
|
||||||
<span id="action-block" class="glyphicon glyphicon-cog" aria-hidden="true"></span>
|
<span id="action-block" class="glyphicon glyphicon-cog" aria-hidden="true"></span>
|
||||||
|
|
@ -609,7 +611,7 @@
|
||||||
</select>
|
</select>
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm-2">
|
<div class="col-sm-2">
|
||||||
{% if media_iso %}
|
{% if media_iso and request.user.is_superuser or request.user.is_staff or not userinstance.is_template %}
|
||||||
<button type="submit" class="btn btn-sm btn-success pull-left" name="mount_iso" value="{{ cd.dev }}" style="margin-top: 2px;">{% trans "Mount" %}</button>
|
<button type="submit" class="btn btn-sm btn-success pull-left" name="mount_iso" value="{{ cd.dev }}" style="margin-top: 2px;">{% trans "Mount" %}</button>
|
||||||
{% else %}
|
{% else %}
|
||||||
<button class="btn btn-sm btn-success pull-left disabled" name="mount_iso" style="margin-top: 2px;">{% trans "Mount" %}</button>
|
<button class="btn btn-sm btn-success pull-left disabled" name="mount_iso" style="margin-top: 2px;">{% trans "Mount" %}</button>
|
||||||
|
|
@ -621,7 +623,11 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="col-sm-2">
|
<div class="col-sm-2">
|
||||||
<input type="hidden" name="path" value="{{ cd.path }}">
|
<input type="hidden" name="path" value="{{ cd.path }}">
|
||||||
<button type="submit" class="btn btn-sm btn-success pull-left" value="{{ cd.dev }}" name="umount_iso" style="margin-top: 2px;">{% trans "Umount" %}</button>
|
{% if request.user.is_superuser or request.user.is_staff or not userinstance.is_template %}
|
||||||
|
<button type="submit" class="btn btn-sm btn-success pull-left" value="{{ cd.dev }}" name="umount_iso" style="margin-top: 2px;">{% trans "Umount" %}</button>
|
||||||
|
{% else %}
|
||||||
|
<button class="btn btn-sm btn-success pull-left disabled" value="{{ cd.dev }}" name="umount_iso" style="margin-top: 2px;">{% trans "Umount" %}</button>
|
||||||
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
</div>
|
</div>
|
||||||
|
|
|
||||||
|
|
@ -507,7 +507,7 @@ def instance(request, compute_id, vname):
|
||||||
addlogmsg(request.user.username, instance.name, msg)
|
addlogmsg(request.user.username, instance.name, msg)
|
||||||
return HttpResponseRedirect(request.get_full_path() + '#disks')
|
return HttpResponseRedirect(request.get_full_path() + '#disks')
|
||||||
|
|
||||||
if 'umount_iso' in request.POST:
|
if 'umount_iso' in request.POST and (request.user.is_superuser or request.user.is_staff or not userinstance.is_template):
|
||||||
image = request.POST.get('path', '')
|
image = request.POST.get('path', '')
|
||||||
dev = request.POST.get('umount_iso', '')
|
dev = request.POST.get('umount_iso', '')
|
||||||
conn.umount_iso(dev, image)
|
conn.umount_iso(dev, image)
|
||||||
|
|
@ -515,7 +515,7 @@ def instance(request, compute_id, vname):
|
||||||
addlogmsg(request.user.username, instance.name, msg)
|
addlogmsg(request.user.username, instance.name, msg)
|
||||||
return HttpResponseRedirect(request.get_full_path() + '#media')
|
return HttpResponseRedirect(request.get_full_path() + '#media')
|
||||||
|
|
||||||
if 'mount_iso' in request.POST:
|
if 'mount_iso' in request.POST and (request.user.is_superuser or request.user.is_staff or not userinstance.is_template):
|
||||||
image = request.POST.get('media', '')
|
image = request.POST.get('media', '')
|
||||||
dev = request.POST.get('mount_iso', '')
|
dev = request.POST.get('mount_iso', '')
|
||||||
conn.mount_iso(dev, image)
|
conn.mount_iso(dev, image)
|
||||||
|
|
@ -523,21 +523,21 @@ def instance(request, compute_id, vname):
|
||||||
addlogmsg(request.user.username, instance.name, msg)
|
addlogmsg(request.user.username, instance.name, msg)
|
||||||
return HttpResponseRedirect(request.get_full_path() + '#media')
|
return HttpResponseRedirect(request.get_full_path() + '#media')
|
||||||
|
|
||||||
if 'snapshot' in request.POST:
|
if 'snapshot' in request.POST and (request.user.is_superuser or request.user.is_staff or not userinstance.is_template):
|
||||||
name = request.POST.get('name', '')
|
name = request.POST.get('name', '')
|
||||||
conn.create_snapshot(name)
|
conn.create_snapshot(name)
|
||||||
msg = _("New snapshot")
|
msg = _("New snapshot")
|
||||||
addlogmsg(request.user.username, instance.name, msg)
|
addlogmsg(request.user.username, instance.name, msg)
|
||||||
return HttpResponseRedirect(request.get_full_path() + '#managesnapshot')
|
return HttpResponseRedirect(request.get_full_path() + '#managesnapshot')
|
||||||
|
|
||||||
if 'delete_snapshot' in request.POST:
|
if 'delete_snapshot' in request.POST and (request.user.is_superuser or request.user.is_staff or not userinstance.is_template):
|
||||||
snap_name = request.POST.get('name', '')
|
snap_name = request.POST.get('name', '')
|
||||||
conn.snapshot_delete(snap_name)
|
conn.snapshot_delete(snap_name)
|
||||||
msg = _("Delete snapshot")
|
msg = _("Delete snapshot")
|
||||||
addlogmsg(request.user.username, instance.name, msg)
|
addlogmsg(request.user.username, instance.name, msg)
|
||||||
return HttpResponseRedirect(request.get_full_path() + '#managesnapshot')
|
return HttpResponseRedirect(request.get_full_path() + '#managesnapshot')
|
||||||
|
|
||||||
if 'revert_snapshot' in request.POST:
|
if 'revert_snapshot' in request.POST and (request.user.is_superuser or request.user.is_staff or not userinstance.is_template):
|
||||||
snap_name = request.POST.get('name', '')
|
snap_name = request.POST.get('name', '')
|
||||||
conn.snapshot_revert(snap_name)
|
conn.snapshot_revert(snap_name)
|
||||||
msg = _("Successful revert snapshot: ")
|
msg = _("Successful revert snapshot: ")
|
||||||
|
|
@ -761,7 +761,7 @@ def instance(request, compute_id, vname):
|
||||||
return HttpResponseRedirect(
|
return HttpResponseRedirect(
|
||||||
reverse('instance', args=[new_instance.compute.id, new_instance.name]))
|
reverse('instance', args=[new_instance.compute.id, new_instance.name]))
|
||||||
|
|
||||||
if 'change_options' in request.POST:
|
if 'change_options' in request.POST and (request.user.is_superuser or request.user.is_staff or userinstance.is_change):
|
||||||
instance.is_template = request.POST.get('is_template', False)
|
instance.is_template = request.POST.get('is_template', False)
|
||||||
instance.save()
|
instance.save()
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue