Restrict edit all items to janitors

2024-08-26 22:20:58 +03:00 · 2024-08-26 22:20:58 +03:00 · 8d296286f1
commit 8d296286f1
parent a83b0c6ff6
2 changed files with 3 additions and 3 deletions
--- a/inventory-app/inventory.py
+++ b/inventory-app/inventory.py
@ -149,7 +149,7 @@ def check_edit_permission(item_id):
    user_groups = user.get("groups", [])
    if item.get("type") == "key" and "k-space:janitors" not in user_groups:
        return False
-    if any(group in user_groups for group in ["k-space:kubernetes:admins", "k-space:janitors"]):
+    if "k-space:janitors" in user_groups:
        return True
    item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
    user_username = user.get("username", False)
@ -166,7 +166,7 @@ def check_edit_permission(item_id):
@login_required
 def view_inventory_edit(item_id=None, slug=None, clone_item_id=None):
    user = read_user()
-    has_board = user and "k-space:board" in user.get("groups", [])
+    has_edit_all = user and "k-space:janitors" in user.get("groups", [])
    item = None
    if item_id:
        if not check_edit_permission(item_id):
--- a/inventory-app/templates/inventory_edit.html
+++ b/inventory-app/templates/inventory_edit.html
@ -67,7 +67,7 @@
      <tr>
        <td>
          <span
-            {% if not has_board %}
+            {% if not has_edit_all %}
              class="tooltipped" data-position="right" data-tooltip="You can only edit items where you are the owner"
            {% endif %}
          >