Limit networks to same scope for extra interfaces

Non admin users can't add an interface on a different network scope than
the main one.
No change for admin users.

Note that this is more to avoid confusion.
This is not restricted via the API.

JIRA INFRA-1297

app/network/views.py

@@ -285,6 +285,15 @@ def create_interface(hostname):
     form = InterfaceForm(
         request.form, host_id=host.id, interface_name=host.name, random_mac=random_mac
     )
+    if not current_user.is_admin:
+        # Restrict the networks to the same network scope as the main interface
+        form.network_id.choices = [
+            (str(network.id), network.vlan_name)
+            for network in models.Network.query.filter_by(scope=host.main_network.scope)
+            .order_by(models.Network.vlan_name)
+            .all()
+            if current_user.has_access_to_network(network)
+        ]
     if form.validate_on_submit():
         # User shall have access to the new interface domain
         network = models.Network.query.get(form.network_id.data)
@@ -337,6 +346,17 @@ def edit_interface(name):
         interface_name=interface.name,
         cnames_string=cnames_string,
     )
+    if not current_user.is_admin and not interface.is_main:
+        # Restrict the networks to the same network scope as the main interface
+        form.network_id.choices = [
+            (str(network.id), network.vlan_name)
+            for network in models.Network.query.filter_by(
+                scope=interface.host.main_network.scope
+            )
+            .order_by(models.Network.vlan_name)
+            .all()
+            if current_user.has_access_to_network(network)
+        ]
     # Remove the random_mac field (not used when editing)
     del form.random_mac
     ips = [interface.ip]