Restrict edit all items to janitors
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
parent
a83b0c6ff6
commit
8d296286f1
@ -149,7 +149,7 @@ def check_edit_permission(item_id):
|
||||
user_groups = user.get("groups", [])
|
||||
if item.get("type") == "key" and "k-space:janitors" not in user_groups:
|
||||
return False
|
||||
if any(group in user_groups for group in ["k-space:kubernetes:admins", "k-space:janitors"]):
|
||||
if "k-space:janitors" in user_groups:
|
||||
return True
|
||||
item_username = item.get("inventory", {}).get("owner", {}).get("username", False)
|
||||
user_username = user.get("username", False)
|
||||
@ -166,7 +166,7 @@ def check_edit_permission(item_id):
|
||||
@login_required
|
||||
def view_inventory_edit(item_id=None, slug=None, clone_item_id=None):
|
||||
user = read_user()
|
||||
has_board = user and "k-space:board" in user.get("groups", [])
|
||||
has_edit_all = user and "k-space:janitors" in user.get("groups", [])
|
||||
item = None
|
||||
if item_id:
|
||||
if not check_edit_permission(item_id):
|
||||
|
||||
@ -67,7 +67,7 @@
|
||||
<tr>
|
||||
<td>
|
||||
<span
|
||||
{% if not has_board %}
|
||||
{% if not has_edit_all %}
|
||||
class="tooltipped" data-position="right" data-tooltip="You can only edit items where you are the owner"
|
||||
{% endif %}
|
||||
>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user