update object write permissions
diff --git a/planetstack/core/admin.py b/planetstack/core/admin.py
index a379302..e03098e 100644
--- a/planetstack/core/admin.py
+++ b/planetstack/core/admin.py
@@ -636,7 +636,7 @@
suit_form_tabs =(('sites','Deployment Details'),('deploymentprivileges','Privileges'), ('sitedeployments', 'Site Deployments'))
def get_form(self, request, obj=None, **kwargs):
- if request.user.isReadOnlyUser():
+ if request.user.isReadOnlyUser() or not request.user.is_admin:
kwargs["form"] = DeploymentAdminROForm
else:
kwargs["form"] = DeploymentAdminForm
diff --git a/planetstack/core/models/node.py b/planetstack/core/models/node.py
index 94f93a5..1cd0e40 100644
--- a/planetstack/core/models/node.py
+++ b/planetstack/core/models/node.py
@@ -1,7 +1,7 @@
import os
from django.db import models
from core.models import PlCoreBase
-from core.models import Site, SiteDeployment
+from core.models import Site, SiteDeployment, SitePrivilege
from core.models import Tag
from django.contrib.contenttypes import generic
@@ -20,3 +20,14 @@
self.site = self.site_deployment.site
super(Node, self).save(*args, **kwds)
+
+ def can_update(self, user):
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+ if SitePrivilege.objects.filter(
+ user=user, site=self.site, role__role__in=['admin','tech']):
+ return True
+
+ return False
diff --git a/planetstack/core/models/site.py b/planetstack/core/models/site.py
index cc2ad03..f368bbe 100644
--- a/planetstack/core/models/site.py
+++ b/planetstack/core/models/site.py
@@ -214,6 +214,17 @@
return Deployment.objects.filter(id__in=ids)
+ def can_update(self, user):
+ if user.is_readonly:
+ return False
+ if user.is_admin:
+ return True
+
+ if self.deploymentprivileges.filter(user=user, role__role='admin'):
+ return True
+
+ return False
+
def __unicode__(self): return u'%s' % (self.name)
class DeploymentRole(PlCoreBase):
diff --git a/planetstack/core/models/slice.py b/planetstack/core/models/slice.py
index 8dfde4c..476cf8e 100644
--- a/planetstack/core/models/slice.py
+++ b/planetstack/core/models/slice.py
@@ -85,16 +85,16 @@
return False
if user.is_admin:
return True
+ if user == self.creator:
+ return True
# slice admins can update
- slice_privs = SlicePrivilege.objects.filter(user=user, slice=self)
- for slice_priv in slice_privs:
- if slice_priv.role.role == 'admin':
- return True
+ if SlicePrivilege.objects.filter(
+ user=user, slice=self, role__role='admin'):
+ return True
# site pis can update
- site_privs = SitePrivilege.objects.filter(user=user, site=self.site)
- for site_priv in site_privs:
- if site_priv.role.role == 'pi':
- return True
+ if SitePrivilege.objects.filter(
+ user=user, site=self.site, role__role__in=['admin', 'pi']):
+ return True
return False