From 7abcec33f65715fd629ba74dd9ba11b9a393e12a Mon Sep 17 00:00:00 2001
From: Kálmán Viktor <kviktor@cloud.bme.hu>
Date: Mon, 31 Aug 2015 10:24:59 +0200
Subject: [PATCH] request: fix disk resize view permission problem

---
 circle/request/views.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/circle/request/views.py b/circle/request/views.py
index dabb989..7e3c6f8 100644
--- a/circle/request/views.py
+++ b/circle/request/views.py
@@ -305,7 +305,10 @@ class ResizeRequestView(VmRequestMixin, FormView):
     success_message = _("Request successfully sent.")
 
     def get_disk(self, *args, **kwargs):
-        return get_object_or_404(Disk, pk=self.kwargs['disk_pk'])
+        disk = get_object_or_404(Disk, pk=self.kwargs['disk_pk'])
+        if disk not in self.get_vm().disks.all():
+            raise SuspiciousOperation
+        return disk
 
     def get_form_kwargs(self):
         kwargs = super(ResizeRequestView, self).get_form_kwargs()
--
libgit2 0.26.0