Restrict edit all items to janitors
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful

This commit is contained in:
Madis Mägi 2024-08-26 22:20:58 +03:00
parent a83b0c6ff6
commit 8d296286f1
2 changed files with 3 additions and 3 deletions

View File

@ -149,7 +149,7 @@ def check_edit_permission(item_id):
user_groups = user.get("groups", [])
if item.get("type") == "key" and "k-space:janitors" not in user_groups:
return False
if any(group in user_groups for group in ["k-space:kubernetes:admins", "k-space:janitors"]):
if "k-space:janitors" in user_groups:
return True
item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
user_username = user.get("username", False)
@ -166,7 +166,7 @@ def check_edit_permission(item_id):
@login_required
def view_inventory_edit(item_id=None, slug=None, clone_item_id=None):
user = read_user()
has_board = user and "k-space:board" in user.get("groups", [])
has_edit_all = user and "k-space:janitors" in user.get("groups", [])
item = None
if item_id:
if not check_edit_permission(item_id):

View File

@ -67,7 +67,7 @@
<tr>
<td>
<span
{% if not has_board %}
{% if not has_edit_all %}
class="tooltipped" data-position="right" data-tooltip="You can only edit items where you are the owner"
{% endif %}
>