builders: Introduce permission model

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/buildservice/builders.py b/src/buildservice/builders.py
index 7027533a9694cf7ede6334dcf74b9b1eccfb733a..032f5d49ac08daf53408b1ea221cf18869c21925 100644 (file)
--- a/src/buildservice/builders.py
+++ b/src/buildservice/builders.py
@@ -385,6 +385,16 @@ class Builder(base.DataObject):
 
        enabled = property(lambda s: s.data.enabled, set_enabled)
 
+       # Permissions
+
+       def has_perm(self, user):
+               # Anonymous users have no permissions
+               if not user:
+                       return False
+
+               # Admins have all permissions
+               return user.is_admin()
+
        @property
        def arch(self):
                """

diff --git a/src/templates/builders/detail.html b/src/templates/builders/detail.html
index b51d0564bd8ab123ab5480dd2c1ee713e4e17257..f829b4e7dd54567d6d020116e3b0b83a0c512a50 100644 (file)
--- a/src/templates/builders/detail.html
+++ b/src/templates/builders/detail.html
@@ -86,7 +86,7 @@
                </div>
        </div>
 
-       {% if current_user and current_user.has_perm("builders") %}
+       {% if builder.has_perm(current_user) %}
                <a class="warning button expanded" href="/builders/{{ builder.hostname }}/edit">
                        {{ _("Edit") }}
                </a>

diff --git a/src/web/builders.py b/src/web/builders.py
index dd74c6e76212178dcb81bce5696fff53407b5cd5..c3654e4a384e80aff9533cf86a5df2d72e074bd0 100644 (file)
--- a/src/web/builders.py
+++ b/src/web/builders.py
@@ -27,7 +27,8 @@ class BuilderNewHandler(base.BaseHandler):
 
        @tornado.web.authenticated
        def post(self):
-               if not self.current_user.has_perm("maintain_builders"):
+               # Check permissions
+               if not builder.has_perm(self.current_user):
                        raise tornado.web.HTTPError(403)
 
                name = self.get_argument("name")
@@ -54,8 +55,8 @@ class BuilderEditHandler(base.BaseHandler):
                if not builder:
                        raise tornado.web.HTTPError(404, "Builder not found: %s" % hostname)
 
-               # Check for sufficient right to edit things.
-               if not self.current_user.has_perm("builders"):
+               # Check permissions
+               if not builder.has_perm(self.current_user):
                        raise tornado.web.HTTPError(403)
 
                with self.db.transaction():
@@ -73,8 +74,8 @@ class BuilderDeleteHandler(base.BaseHandler):
                if not builder:
                        raise tornado.web.HTTPError(404, "Builder not found: %s" % name)
 
-               # Check for sufficient right to delete this builder.
-               if not self.current_user.has_perm("builders"):
+               # Check permissions
+               if not builder.has_perm(self.current_user):
                        raise tornado.web.HTTPError(403)
 
                confirmed = self.get_argument("confirmed", None)