From 29d16211525dead2391da0dddddfac5f538f4571 Mon Sep 17 00:00:00 2001
From: Eduardo Silva <eduardo@eth0.com.br>
Date: Mon, 16 Mar 2026 17:24:20 -0300
Subject: [PATCH] add reserved application checks to prevent modification and
 deletion

---
 app_gateway/views.py                          | 18 +++++++++++++-
 templates/app_gateway/app_gateway_list.html   |  2 +-
 .../app_gateway/application_details.html      | 24 +++++++++++++++++++
 3 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/app_gateway/views.py b/app_gateway/views.py
index 7926f4e..3d4d71d 100644
--- a/app_gateway/views.py
+++ b/app_gateway/views.py
@@ -15,7 +15,7 @@ from app_gateway.forms import (
     ApplicationPolicyForm, ApplicationRouteForm
 )
 from app_gateway.models import (
-    Application, ApplicationHost, AccessPolicy, ApplicationPolicy, ApplicationRoute
+    Application, ApplicationHost, AccessPolicy, ApplicationPolicy, ApplicationRoute, RESERVED_APP_NAME
 )
 from app_gateway.setup_defaults import create_default_entries
 from user_manager.models import UserAcl
@@ -59,6 +59,7 @@ def view_application_details(request):
         'application': application,
         'hosts': hosts,
         'routes': routes,
+        'is_reserved': application.name == RESERVED_APP_NAME,
         'page_title': _('Application Details'),
     }
     return render(request, 'app_gateway/application_details.html', context)
@@ -73,6 +74,9 @@ def view_manage_application(request):
 
     if application_uuid:
         application = get_object_or_404(Application, uuid=application_uuid)
+        if application.name == RESERVED_APP_NAME:
+            messages.error(request, _('The WireGuard WebAdmin application cannot be modified.'))
+            return redirect(reverse('view_application') + f'?uuid={application.uuid}')
         title = _('Edit Application')
     else:
         application = None
@@ -117,6 +121,10 @@ def view_delete_application(request):
 
     cancel_url = reverse('app_gateway_list') + '?tab=applications'
 
+    if application.name == RESERVED_APP_NAME:
+        messages.error(request, _('The WireGuard WebAdmin application cannot be deleted.'))
+        return redirect(reverse('view_application') + f'?uuid={application.uuid}')
+
     if request.method == 'POST':
         application.delete()
         messages.success(request, _('Application deleted successfully.'))
@@ -150,6 +158,10 @@ def view_manage_application_host(request):
 
     cancel_url = reverse('view_application') + f'?uuid={application.uuid}#hosts'
 
+    if application.name == RESERVED_APP_NAME:
+        messages.error(request, _('The WireGuard WebAdmin application cannot be modified.'))
+        return redirect(cancel_url)
+
     form = ApplicationHostForm(request.POST or None, instance=application_host, cancel_url=cancel_url)
     if form.is_valid():
         host = form.save(commit=False)
@@ -176,6 +188,10 @@ def view_delete_application_host(request):
 
     cancel_url = reverse('view_application') + f'?uuid={application.uuid}#hosts'
 
+    if application.name == RESERVED_APP_NAME:
+        messages.error(request, _('The WireGuard WebAdmin application cannot be modified.'))
+        return redirect(cancel_url)
+
     if request.method == 'POST':
         application_host.delete()
         messages.success(request, _('Application Host deleted successfully.'))
diff --git a/templates/app_gateway/app_gateway_list.html b/templates/app_gateway/app_gateway_list.html
index c93a80a..8f1d5ee 100644
--- a/templates/app_gateway/app_gateway_list.html
+++ b/templates/app_gateway/app_gateway_list.html
@@ -145,7 +145,7 @@
                             <tbody>
                                 {% for policy in access_policies %}
                                     <tr>
-                                        <td>{{ policy }}</td>
+                                        <td>{{ policy.display_name|default:policy.name }}</td>
                                         <td>{{ policy.get_policy_type_display }}</td>
                                         <td>{{ policy.groups.count }}</td>
                                         <td>{{ policy.methods.count }}</td>
diff --git a/templates/app_gateway/application_details.html b/templates/app_gateway/application_details.html
index e40b882..9a18789 100644
--- a/templates/app_gateway/application_details.html
+++ b/templates/app_gateway/application_details.html
@@ -11,12 +11,21 @@
             <a href="{% url 'app_gateway_list' %}" class="btn btn-sm btn-secondary">
                 <i class="fas fa-arrow-left"></i> {% trans 'Back to List' %}
             </a>
+            {% if is_reserved %}
+            <a class="btn btn-sm btn-secondary disabled" aria-disabled="true" tabindex="-1" title="{% trans 'This application cannot be modified' %}">
+                <i class="fas fa-edit"></i> {% trans 'Edit Application' %}
+            </a>
+            <a class="btn btn-sm btn-secondary disabled" aria-disabled="true" tabindex="-1" title="{% trans 'This application cannot be deleted' %}">
+                <i class="fas fa-trash"></i> {% trans 'Delete Application' %}
+            </a>
+            {% else %}
             <a href="{% url 'manage_application' %}?uuid={{ application.uuid }}" class="btn btn-sm btn-info">
                 <i class="fas fa-edit"></i> {% trans 'Edit Application' %}
             </a>
             <a href="{% url 'delete_application' %}?uuid={{ application.uuid }}" class="btn btn-sm btn-danger">
                 <i class="fas fa-trash"></i> {% trans 'Delete Application' %}
             </a>
+            {% endif %}
         </div>
     </div>
     <div class="card-body">
@@ -46,10 +55,16 @@
 
         <h4 id="hosts">{% trans 'Application Hosts' %}</h4>
         <div class="mb-3">
+            {% if is_reserved %}
+            <a class="btn btn-outline-secondary btn-sm disabled" aria-disabled="true" tabindex="-1" title="{% trans 'This application cannot be modified' %}">
+                <i class="fas fa-plus"></i> {% trans 'Add Host' %}
+            </a>
+            {% else %}
             <a href="{% url 'manage_application_host' %}?application_uuid={{ application.uuid }}"
                 class="btn btn-outline-primary btn-sm">
                 <i class="fas fa-plus"></i> {% trans 'Add Host' %}
             </a>
+            {% endif %}
         </div>
 
         {% if hosts %}
@@ -66,6 +81,14 @@
                     <tr>
                         <td>{{ host.hostname }}</td>
                         <td style="width: 15%">
+                            {% if is_reserved %}
+                            <a class="btn btn-sm btn-secondary disabled" aria-disabled="true" tabindex="-1" title="{% trans 'This application cannot be modified' %}">
+                                <i class="fas fa-edit"></i>
+                            </a>
+                            <a class="btn btn-sm btn-secondary disabled" aria-disabled="true" tabindex="-1" title="{% trans 'This application cannot be modified' %}">
+                                <i class="fas fa-trash"></i>
+                            </a>
+                            {% else %}
                             <a href="{% url 'manage_application_host' %}?uuid={{ host.uuid }}"
                                 class="btn btn-sm btn-info" title="{% trans 'Edit' %}">
                                 <i class="fas fa-edit"></i>
@@ -74,6 +97,7 @@
                                 class="btn btn-sm btn-danger" title="{% trans 'Delete' %}">
                                 <i class="fas fa-trash"></i>
                             </a>
+                            {% endif %}
                         </td>
                     </tr>
                     {% endfor %}