Restrict edit all items to janitors

inventory-app/inventory.py

@@ -149,7 +149,7 @@ def check_edit_permission(item_id):
     user_groups = user.get("groups", [])
     if item.get("type") == "key" and "k-space:janitors" not in user_groups:
         return False
-    if any(group in user_groups for group in ["k-space:kubernetes:admins", "k-space:janitors"]):
+    if "k-space:janitors" in user_groups:
         return True
     item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
     user_username = user.get("username", False)
@@ -166,7 +166,7 @@ def check_edit_permission(item_id):
 @login_required
 def view_inventory_edit(item_id=None, slug=None, clone_item_id=None):
     user = read_user()
-    has_board = user and "k-space:board" in user.get("groups", [])
+    has_edit_all = user and "k-space:janitors" in user.get("groups", [])
     item = None
     if item_id:
         if not check_edit_permission(item_id):

inventory-app/templates/inventory_edit.html

@@ -67,7 +67,7 @@
       <tr>
         <td>
           <span
-            {% if not has_board %}
+            {% if not has_edit_all %}
               class="tooltipped" data-position="right" data-tooltip="You can only edit items where you are the owner"
             {% endif %}
           >