From c6b23f6aa0dcacb6e0f3b75ada4bcc12f7c25924 Mon Sep 17 00:00:00 2001 From: PCoder Date: Fri, 4 Aug 2017 20:54:28 +0530 Subject: [PATCH] Added get_object method to verify if the user is the owner of the ssh key --- hosting/views.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hosting/views.py b/hosting/views.py index 19ec5b2a..33477b50 100644 --- a/hosting/views.py +++ b/hosting/views.py @@ -342,6 +342,13 @@ class SSHKeyDeleteView(LoginRequiredMixin, DeleteView): success_url = reverse_lazy('hosting:ssh_keys') model = UserHostingKey + def get_object(self, queryset=None): + """ Hook to ensure object is owned by request.user. """ + obj = super(SSHKeyDeleteView, self).get_object() + if not obj.owner == self.request.user: + raise Http404 + return obj + def delete(self, request, *args, **kwargs): owner = self.request.user manager = OpenNebulaManager()