diff --git a/circle/dashboard/views/template.py b/circle/dashboard/views/template.py index e8d74ec..d5fd13b 100644 --- a/circle/dashboard/views/template.py +++ b/circle/dashboard/views/template.py @@ -323,6 +323,10 @@ class TemplateDetail(LoginRequiredMixin, SuccessMessageMixin, UpdateView): class DiskRemoveView(DeleteView): model = Disk + def get_queryset(self): + qs = super(DiskRemoveView, self).get_queryset() + return qs.exclude(template_set=None) + def get_template_names(self): if self.request.is_ajax(): return ['dashboard/confirm/ajax-delete.html'] @@ -332,27 +336,29 @@ class DiskRemoveView(DeleteView): def get_context_data(self, **kwargs): context = super(DiskRemoveView, self).get_context_data(**kwargs) disk = self.get_object() - app = disk.get_appliance() + template = disk.template_set.get() + if not template.has_level(self.request.user, 'owner'): + raise PermissionDenied() context['title'] = _("Disk remove confirmation") context['text'] = _("Are you sure you want to remove " "<strong>%(disk)s</strong> from " "<strong>%(app)s</strong>?" % {'disk': disk, - 'app': app} + 'app': template} ) return context def delete(self, request, *args, **kwargs): disk = self.get_object() - app = disk.get_appliance() + template = disk.template_set.get() - if not app.has_level(request.user, 'owner'): + if not template.has_level(request.user, 'owner'): raise PermissionDenied() - app.remove_disk(disk=disk, user=request.user) + template.remove_disk(disk=disk, user=request.user) disk.destroy() next_url = request.POST.get("next") - success_url = next_url if next_url else app.get_absolute_url() + success_url = next_url if next_url else template.get_absolute_url() success_message = _("Disk successfully removed.") if request.is_ajax():