aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSawyer Bergeron <sbergeron@iol.unh.edu>2019-04-10 13:15:34 -0400
committerSawyer Bergeron <sbergeron@iol.unh.edu>2019-04-10 13:24:12 -0400
commitc4fd0505788fd3b0cac96bc2dd0c627b1a0054ce (patch)
tree18fa5a7d42a9f892587e80990906c963c1208f39
parent04bfb6151023f0a0436a828d099b14cad8e4720d (diff)
Fix private images being visible to anyone
Change-Id: I1df1a11dd1b9e51d026157f9c7fd8b4a008371d8 Signed-off-by: Sawyer Bergeron <sbergeron@iol.unh.edu>
-rw-r--r--src/booking/forms.py14
1 files changed, 6 insertions, 8 deletions
diff --git a/src/booking/forms.py b/src/booking/forms.py
index 7ba5af0..9349ac1 100644
--- a/src/booking/forms.py
+++ b/src/booking/forms.py
@@ -8,7 +8,6 @@
##############################################################################
import django.forms as forms
from django.forms.widgets import NumberInput
-from django.db.models import Q
from workflow.forms import (
SearchableSelectMultipleWidget,
@@ -22,7 +21,6 @@ from resource_inventory.models import Image, Installer, Scenario
class QuickBookingForm(forms.Form):
purpose = forms.CharField(max_length=1000)
project = forms.CharField(max_length=400)
- image = forms.ModelChoiceField(queryset=Image.objects.all())
hostname = forms.CharField(max_length=400)
installer = forms.ModelChoiceField(queryset=Installer.objects.all(), required=False)
@@ -40,14 +38,14 @@ class QuickBookingForm(forms.Form):
elif data and "users" in data:
chosen_users = data.getlist("users")
- if user:
- self.image = forms.ModelChoiceField(queryset=Image.objects.filter(
- Q(public=True) | Q(owner=user)), required=False)
- else:
- self.image = forms.ModelChoiceField(queryset=Image.objects.all(), required=False)
-
super(QuickBookingForm, self).__init__(data=data, **kwargs)
+ self.fields["image"] = forms.ModelChoiceField(
+ queryset=Image.objects.difference(
+ Image.objects.filter(public=False).difference(Image.objects.filter(owner=user))
+ )
+ )
+
self.fields['users'] = forms.CharField(
widget=SearchableSelectMultipleWidget(
attrs=self.build_search_widget_attrs(chosen_users, default_user=default_user)