From 3f8901aa93be4fdff00360586bd09c8c188197a2 Mon Sep 17 00:00:00 2001 From: Tobias Kunze Date: Fri, 11 Jul 2025 12:14:20 +0200 Subject: [PATCH 1/3] Try to fix permissions issue --- src/servala/core/models/service.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/servala/core/models/service.py b/src/servala/core/models/service.py index 362661b..a747ddb 100644 --- a/src/servala/core/models/service.py +++ b/src/servala/core/models/service.py @@ -571,7 +571,7 @@ class ServiceInstance(ServalaModelMixin, models.Model): unique_together = [("name", "organization", "context")] rules_permissions = { "view": rules.is_staff | perms.is_organization_member, - "change": rules.is_staff | perms.is_organization_member, + "change": rules.is_staff | perms.is_organization_admin, "delete": rules.is_staff | perms.is_organization_admin, "add": rules.is_authenticated, } From 5feabda513c838d85aca2421b1bdbe28c6c98a5b Mon Sep 17 00:00:00 2001 From: Tobias Kunze Date: Fri, 11 Jul 2025 12:25:20 +0200 Subject: [PATCH 2/3] Make sure admin is visible to staff users --- src/servala/core/rules.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/servala/core/rules.py b/src/servala/core/rules.py index 5ead2c3..814a8ea 100644 --- a/src/servala/core/rules.py +++ b/src/servala/core/rules.py @@ -25,3 +25,5 @@ def is_organization_admin(user, org): @rules.predicate def is_organization_member(user, org): return has_organization_role(user, org, None) + +rules.add_perm("core", rules.is_staff) From 0bd895c4868925634e8d5b298df0b1564383ca7b Mon Sep 17 00:00:00 2001 From: Tobias Kunze Date: Fri, 11 Jul 2025 16:37:45 +0200 Subject: [PATCH 3/3] Make rules compatible with instance checks --- src/servala/core/rules.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/servala/core/rules.py b/src/servala/core/rules.py index 814a8ea..cf4dc1c 100644 --- a/src/servala/core/rules.py +++ b/src/servala/core/rules.py @@ -13,17 +13,30 @@ def has_organization_role(user, org, roles): @rules.predicate -def is_organization_owner(user, org): +def is_organization_owner(user, obj): + if hasattr(obj, "organization"): + org = obj.organization + else: + org = obj return has_organization_role(user, org, ["owner"]) @rules.predicate -def is_organization_admin(user, org): +def is_organization_admin(user, obj): + if hasattr(obj, "organization"): + org = obj.organization + else: + org = obj return has_organization_role(user, org, ["owner", "admin"]) @rules.predicate -def is_organization_member(user, org): +def is_organization_member(user, obj): + if hasattr(obj, "organization"): + org = obj.organization + else: + org = obj return has_organization_role(user, org, None) + rules.add_perm("core", rules.is_staff)