2025-07-07 12:05:11 +00:00 · 2025-07-08 09:21:55 +00:00
2 changed files with 29 additions and 8 deletions
--- a/src/servala/frontend/views/organization.py
+++ b/src/servala/frontend/views/organization.py
@ -3,6 +3,7 @@ from django.utils.translation import gettext_lazy as _
 from django.views.generic import CreateView, DetailView
 from rules.contrib.views import AutoPermissionRequiredMixin

+from servala.core.rules import is_organization_admin
 from servala.core.models import (
    BillingEntity,
    Organization,
@ -75,10 +76,10 @@ class OrganizationDashboardView(
        )
        recent_instances = service_instances.order_by("-created_at")[:5]

+        has_admin_permission = is_organization_admin(self.request.user, organization)
+
        for instance in recent_instances:
-            instance.has_change_permission = self.request.user.has_perm(
-                "core.change_serviceinstance", instance
-            )
+            instance.has_change_permission = has_admin_permission

        user_membership = OrganizationMembership.objects.filter(
            user=self.request.user, organization=organization
--- a/src/servala/frontend/views/service.py
+++ b/src/servala/frontend/views/service.py
@ -6,6 +6,7 @@ from django.utils.functional import cached_property
 from django.utils.translation import gettext_lazy as _
 from django.views.generic import DetailView, ListView, UpdateView

+from servala.core.rules import is_organization_admin
 from servala.core.crd import deslugify
 from servala.core.models import (
    ControlPlaneCRD,
@ -219,12 +220,13 @@ class ServiceInstanceDetailView(
            and self.object.spec
        ):
            context["spec_fieldsets"] = self.get_nested_spec()
-        context["has_change_permission"] = self.request.user.has_perm(
-            ServiceInstance.get_perm("change"), self.object
-        )
-        context["has_delete_permission"] = self.request.user.has_perm(
-            ServiceInstance.get_perm("delete"), self.object
+
+        has_admin_permission = is_organization_admin(
+            self.request.user, self.object.organization
        )
+
+        context["has_change_permission"] = has_admin_permission
+        context["has_delete_permission"] = has_admin_permission
        return context

    def get_nested_spec(self):
@ -338,6 +340,15 @@ class ServiceInstanceUpdateView(
    template_name = "frontend/organizations/service_instance_update.html"
    permission_type = "change"

+    def has_permission(self):
+        """Override to use organization role-based permissions."""
+        # First check if user has organization access
+        if not self.has_organization_permission():
+            return False
+
+        # Then check if user has admin or owner role
+        return is_organization_admin(self.request.user, self.object.organization)
+
    def get_form_class(self):
        return self.object.context.model_form_class

@ -420,6 +431,15 @@ class ServiceInstanceDeleteView(
    form_class = ServiceInstanceDeleteForm
    permission_type = "delete"

+    def has_permission(self):
+        """Override to use organization role-based permissions."""
+        # First check if user has organization access
+        if not self.has_organization_permission():
+            return False
+
+        # Then check if user has admin or owner role
+        return is_organization_admin(self.request.user, self.object.organization)
+
    def form_valid(self, form):
        try:
            self.object.delete_instance(user=self.request.user)