From 2634147feed5dfc89d5387e896acca2140e6524c Mon Sep 17 00:00:00 2001
From: Benjamin Bertrand <benjamin.bertrand@esss.se>
Date: Wed, 30 Oct 2019 15:54:20 +0100
Subject: [PATCH] Limit networks to same scope for extra interfaces
Non admin users can't add an interface on a different network scope than
the main one.
No change for admin users.
Note that this is more to avoid confusion.
This is not restricted via the API.
JIRA INFRA-1297
---
app/network/views.py | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/app/network/views.py b/app/network/views.py
index 6abdd12..e759400 100644
--- a/app/network/views.py
+++ b/app/network/views.py
@@ -285,6 +285,15 @@ def create_interface(hostname):
form = InterfaceForm(
request.form, host_id=host.id, interface_name=host.name, random_mac=random_mac
)
+ if not current_user.is_admin:
+ # Restrict the networks to the same network scope as the main interface
+ form.network_id.choices = [
+ (str(network.id), network.vlan_name)
+ for network in models.Network.query.filter_by(scope=host.main_network.scope)
+ .order_by(models.Network.vlan_name)
+ .all()
+ if current_user.has_access_to_network(network)
+ ]
if form.validate_on_submit():
# User shall have access to the new interface domain
network = models.Network.query.get(form.network_id.data)
@@ -337,6 +346,17 @@ def edit_interface(name):
interface_name=interface.name,
cnames_string=cnames_string,
)
+ if not current_user.is_admin and not interface.is_main:
+ # Restrict the networks to the same network scope as the main interface
+ form.network_id.choices = [
+ (str(network.id), network.vlan_name)
+ for network in models.Network.query.filter_by(
+ scope=interface.host.main_network.scope
+ )
+ .order_by(models.Network.vlan_name)
+ .all()
+ if current_user.has_access_to_network(network)
+ ]
# Remove the random_mac field (not used when editing)
del form.random_mac
ips = [interface.ip]
--
GitLab