From c817d3e61a2d5d5326ad2bf11975d7dbdf2bad88 Mon Sep 17 00:00:00 2001 From: Info-IIG Date: Mon, 13 Jun 2022 09:58:46 +0200 Subject: [PATCH] Add permission can view instances --- console/views.py | 2 +- instances/models.py | 1 + instances/templates/allinstances.html | 2 +- instances/views.py | 4 ++-- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/console/views.py b/console/views.py index 7a6691b..81f5465 100644 --- a/console/views.py +++ b/console/views.py @@ -41,7 +41,7 @@ def console(request): host = int(temptoken[0]) uuid = temptoken[1] - if not request.user.is_superuser: + if not request.user.is_superuser and not request.user.has_perm("instances.view_instances"): try: userInstance = UserInstance.objects.get( instance__compute_id=host, instance__uuid=uuid, user__id=request.user.id diff --git a/instances/models.py b/instances/models.py index 68d2ecc..83aa54f 100644 --- a/instances/models.py +++ b/instances/models.py @@ -214,6 +214,7 @@ class PermissionSet(models.Model): permissions = [ ('clone_instances', 'Can clone instances'), ('passwordless_console', _('Can access console without password')), + ('view_instances', 'Can view instances'), ] managed = False diff --git a/instances/templates/allinstances.html b/instances/templates/allinstances.html index e69bc22..095d99c 100644 --- a/instances/templates/allinstances.html +++ b/instances/templates/allinstances.html @@ -25,7 +25,7 @@ {% endif %} {% endfor %}
- {% if app_settings.VIEW_INSTANCES_LIST_STYLE == 'grouped' and request.user.is_superuser %} + {% if app_settings.VIEW_INSTANCES_LIST_STYLE == 'grouped' and request.user.is_superuser or 'instances.view_instances' in perms %} {% include 'allinstances_index_grouped.html' %} {% else %} {% include 'allinstances_index_nongrouped.html' %} diff --git a/instances/views.py b/instances/views.py index aed5b28..6436684 100644 --- a/instances/views.py +++ b/instances/views.py @@ -46,7 +46,7 @@ def index(request): for compute in computes: utils.refr(compute) - if request.user.is_superuser: + if request.user.is_superuser or request.user.has_perm("instances.view_instances"): instances = Instance.objects.all().prefetch_related("userinstance_set") else: instances = Instance.objects.filter(userinstance__user=request.user).prefetch_related("userinstance_set") @@ -237,7 +237,7 @@ def get_instance(user, pk): instance = get_object_or_404(Instance, pk=pk) user_instances = user.userinstance_set.all().values_list("instance", flat=True) - if user.is_superuser or instance.id in user_instances: + if user.is_superuser or user.has_perm("instances.view_instances") or instance.id in user_instances: return instance else: raise Http404()