Merge pull request #439 from pcoder/task/3655/check_authorization_delete_ssh_keys

Task/3655/Check authorization for delete ssh keys
This commit is contained in:
Arvind Tiwari 2017-08-12 00:42:08 +05:30 committed by GitHub
commit 415c914982

View file

@ -210,9 +210,9 @@ class SignupValidateView(TemplateView):
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super(SignupValidateView, self).get_context_data(**kwargs) context = super(SignupValidateView, self).get_context_data(**kwargs)
login_url = '<a href="' + \ login_url = '<a href="' + \
reverse('hosting:login') + '">' + str(_('login')) + '</a>' reverse('hosting:login') + '">' + str(_('login')) + '</a>'
home_url = '<a href="' + \ home_url = '<a href="' + \
reverse('datacenterlight:index') + '">Data Center Light</a>' reverse('datacenterlight:index') + '">Data Center Light</a>'
message = '{signup_success_message} {lurl}</a> \ message = '{signup_success_message} {lurl}</a> \
<br />{go_back} {hurl}.'.format( <br />{go_back} {hurl}.'.format(
signup_success_message=_( signup_success_message=_(
@ -234,7 +234,7 @@ class SignupValidatedView(SignupValidateView):
context = super(SignupValidateView, self).get_context_data(**kwargs) context = super(SignupValidateView, self).get_context_data(**kwargs)
validated = CustomUser.validate_url(self.kwargs['validate_slug']) validated = CustomUser.validate_url(self.kwargs['validate_slug'])
login_url = '<a href="' + \ login_url = '<a href="' + \
reverse('hosting:login') + '">' + str(_('login')) + '</a>' reverse('hosting:login') + '">' + str(_('login')) + '</a>'
section_title = _('Account activation') section_title = _('Account activation')
if validated: if validated:
message = '{account_activation_string} <br /> {login_string} {lurl}.'.format( message = '{account_activation_string} <br /> {login_string} {lurl}.'.format(
@ -244,7 +244,7 @@ class SignupValidatedView(SignupValidateView):
lurl=login_url) lurl=login_url)
else: else:
home_url = '<a href="' + \ home_url = '<a href="' + \
reverse('datacenterlight:index') + '">Data Center Light</a>' reverse('datacenterlight:index') + '">Data Center Light</a>'
message = '{sorry_message} <br />{go_back_to} {hurl}'.format( message = '{sorry_message} <br />{go_back_to} {hurl}'.format(
sorry_message=_("Sorry. Your request is invalid."), sorry_message=_("Sorry. Your request is invalid."),
go_back_to=_('Go back to'), go_back_to=_('Go back to'),
@ -342,6 +342,15 @@ class SSHKeyDeleteView(LoginRequiredMixin, DeleteView):
success_url = reverse_lazy('hosting:ssh_keys') success_url = reverse_lazy('hosting:ssh_keys')
model = UserHostingKey model = UserHostingKey
def get_object(self, queryset=None):
""" Hook to ensure UserHostingKey object is owned by request.user.
We reply with a Http404 if the user is not the owner of the key.
"""
obj = super(SSHKeyDeleteView, self).get_object()
if not obj.user == self.request.user:
raise Http404
return obj
def delete(self, request, *args, **kwargs): def delete(self, request, *args, **kwargs):
owner = self.request.user owner = self.request.user
manager = OpenNebulaManager() manager = OpenNebulaManager()