diff --git a/circle/dashboard/views/template.py b/circle/dashboard/views/template.py
index e8d74ec..d5fd13b 100644
--- a/circle/dashboard/views/template.py
+++ b/circle/dashboard/views/template.py
@@ -323,6 +323,10 @@ class TemplateDetail(LoginRequiredMixin, SuccessMessageMixin, UpdateView):
 class DiskRemoveView(DeleteView):
     model = Disk
 
+    def get_queryset(self):
+        qs = super(DiskRemoveView, self).get_queryset()
+        return qs.exclude(template_set=None)
+
     def get_template_names(self):
         if self.request.is_ajax():
             return ['dashboard/confirm/ajax-delete.html']
@@ -332,27 +336,29 @@ class DiskRemoveView(DeleteView):
     def get_context_data(self, **kwargs):
         context = super(DiskRemoveView, self).get_context_data(**kwargs)
         disk = self.get_object()
-        app = disk.get_appliance()
+        template = disk.template_set.get()
+        if not template.has_level(self.request.user, 'owner'):
+            raise PermissionDenied()
         context['title'] = _("Disk remove confirmation")
         context['text'] = _("Are you sure you want to remove "
                             "<strong>%(disk)s</strong> from "
                             "<strong>%(app)s</strong>?" % {'disk': disk,
-                                                           'app': app}
+                                                           'app': template}
                             )
         return context
 
     def delete(self, request, *args, **kwargs):
         disk = self.get_object()
-        app = disk.get_appliance()
+        template = disk.template_set.get()
 
-        if not app.has_level(request.user, 'owner'):
+        if not template.has_level(request.user, 'owner'):
             raise PermissionDenied()
 
-        app.remove_disk(disk=disk, user=request.user)
+        template.remove_disk(disk=disk, user=request.user)
         disk.destroy()
 
         next_url = request.POST.get("next")
-        success_url = next_url if next_url else app.get_absolute_url()
+        success_url = next_url if next_url else template.get_absolute_url()
         success_message = _("Disk successfully removed.")
 
         if request.is_ajax():