From e50519862623277ad6016e5cf940907a18361b3e Mon Sep 17 00:00:00 2001
From: Benjamin Bertrand <benjamin.bertrand@esss.se>
Date: Wed, 20 Dec 2017 09:10:47 +0100
Subject: [PATCH] Fix some permissions

- Only admin should be able to create networks
- Deleting an interface should require at least create group (should
  that be restricted to admin?)
---
 app/network/views.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/network/views.py b/app/network/views.py
index 3840b50..f17b43c 100644
--- a/app/network/views.py
+++ b/app/network/views.py
@@ -188,7 +188,7 @@ def edit_interface(name):
 
 
 @bp.route('/interfaces/delete', methods=['POST'])
-@login_required
+@login_groups_accepted('admin', 'create')
 def delete_interface():
     interface = models.Interface.query.get_or_404(request.form['interface_id'])
     hostname = interface.host.name
@@ -280,7 +280,7 @@ def retrieve_networks():
 
 
 @bp.route('/networks/create', methods=('GET', 'POST'))
-@login_groups_accepted('admin', 'create')
+@login_groups_accepted('admin')
 def create_network():
     # Try to get the scope_id from the session
     # to pre-fill the form with the same network scope
-- 
GitLab