Merge pull request #439 from pcoder/task/3655/check_authorization_delete_ssh_keys

Task/3655/Check authorization for delete ssh keys
This commit is contained in:
Arvind Tiwari 2017-08-12 00:42:08 +05:30 committed by GitHub
commit 415c914982

View file

@ -342,6 +342,15 @@ class SSHKeyDeleteView(LoginRequiredMixin, DeleteView):
success_url = reverse_lazy('hosting:ssh_keys')
model = UserHostingKey
def get_object(self, queryset=None):
""" Hook to ensure UserHostingKey object is owned by request.user.
We reply with a Http404 if the user is not the owner of the key.
"""
obj = super(SSHKeyDeleteView, self).get_object()
if not obj.user == self.request.user:
raise Http404
return obj
def delete(self, request, *args, **kwargs):
owner = self.request.user
manager = OpenNebulaManager()