From 606566aa7ccfaf42e507138a593d45497669bb8c Mon Sep 17 00:00:00 2001
From: Bach Dániel <bd@ik.bme.hu>
Date: Fri, 4 Jul 2014 08:21:20 +0200
Subject: [PATCH] dasboard: fix permission check in TemplateCreate

---
 circle/dashboard/templates/dashboard/_template-choose.html | 2 ++
 circle/dashboard/views.py                                  | 6 ++----
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/circle/dashboard/templates/dashboard/_template-choose.html b/circle/dashboard/templates/dashboard/_template-choose.html
index fbddc3e..5772395 100644
--- a/circle/dashboard/templates/dashboard/_template-choose.html
+++ b/circle/dashboard/templates/dashboard/_template-choose.html
@@ -16,10 +16,12 @@
       <div class="clearfix"></div>
     </div>
     {% endfor %}
+    {% if perms.vm.create_base_template %}
     <div class="panel panel-default template-choose-list-element">
       <input type="radio" name="parent" value="base_vm"/>
       {% trans "Create a new base VM without disk" %}
     </div>
+    {% endif %}
     <button type="submit" id="template-choose-next-button" class="btn btn-success pull-right">{% trans "Next" %}</button>
     <div class="clearfix"></div>
   </div>
diff --git a/circle/dashboard/views.py b/circle/dashboard/views.py
index eee09b6..5cc532c 100644
--- a/circle/dashboard/views.py
+++ b/circle/dashboard/views.py
@@ -1019,7 +1019,7 @@ class TemplateChoose(LoginRequiredMixin, TemplateView):
         else:
             template = get_object_or_404(InstanceTemplate, pk=template)
 
-        if not template.has_level(user, "user"):
+        if not template.has_level(request.user, "user"):
             raise PermissionDenied()
 
         instance = Instance.create_from_template(
@@ -1049,7 +1049,7 @@ class TemplateCreate(SuccessMessageMixin, CreateView):
         return context
 
     def get(self, *args, **kwargs):
-        if not self.request.user.has_perm('vm.create_template'):
+        if not self.request.user.has_perm('vm.create_base_template'):
             raise PermissionDenied()
 
         return super(TemplateCreate, self).get(*args, **kwargs)
@@ -1082,8 +1082,6 @@ class TemplateCreate(SuccessMessageMixin, CreateView):
 
             return redirect("%s#resources" % inst.get_absolute_url())
 
-        return super(TemplateCreate, self).post(self, request, args, kwargs)
-
     def __create_networks(self, vlans, user):
         networks = []
         for v in vlans:
--
libgit2 0.26.0