User level check implementation

templates/access_denied.html

@@ -0,0 +1,19 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<div class='row'>
+    <div class='col-lg-6'>    
+<div class="card card-primary card-outline">
+    <div class="card-header">
+        <h3 class="card-title">Access Denied</h3>
+    </div>
+    <div class="card-body">
+        <p>Sorry, you do not have permission to access this page. <br>Please contact your system administrator if you believe this is an error.</p>
+    </div>
+</div>
+
+</div>
+</div>
+
+{% endblock %}

user_manager/views.py

@@ -8,6 +8,8 @@ from django.contrib.sessions.models import Session
 
 @login_required
 def view_user_list(request):
+    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
+        return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
     page_title = 'User Manager'
     user_acl_list = UserAcl.objects.all().order_by('user__username')
     context = {'page_title': page_title, 'user_acl_list': user_acl_list}
@@ -16,6 +18,8 @@ def view_user_list(request):
 
 @login_required
 def view_manage_user(request):
+    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
+        return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
     user_acl = None
     user = None
     if 'uuid' in request.GET:

wireguard/views.py

@@ -1,4 +1,5 @@
 from django.shortcuts import render, get_object_or_404, redirect
+from user_manager.models import UserAcl
 
 from wireguard.forms import WireGuardInstanceForm
 from .models import WireGuardInstance
@@ -80,6 +81,8 @@ def view_wireguard_status(request):
 
 @login_required
 def view_wireguard_manage_instance(request):
+    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=50).exists():
+        return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
     wireguard_instances = WireGuardInstance.objects.all().order_by('instance_id')
     if request.GET.get('uuid'):
         current_instance = get_object_or_404(WireGuardInstance, uuid=request.GET.get('uuid'))

wireguard_peer/views.py

@@ -1,5 +1,6 @@
 from django.shortcuts import render, get_object_or_404, redirect
 from django.contrib.auth.decorators import login_required
+from user_manager.models import UserAcl
 from wireguard.models import WireGuardInstance, Peer, PeerAllowedIP
 from django.contrib import messages
 from django.db.models import Max
@@ -60,6 +61,13 @@ def view_wireguard_peer_list(request):
 
 @login_required
 def view_wireguard_peer_manage(request):
+    if request.method == 'POST':
+        if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=30).exists():
+            return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
+    else:
+        if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=20).exists():
+            return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
+
     if request.GET.get('instance'):
         current_instance = get_object_or_404(WireGuardInstance, uuid=request.GET.get('instance'))
         current_peer = None
@@ -122,6 +130,8 @@ def view_wireguard_peer_manage(request):
 
 
 def view_manage_ip_address(request):
+    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=30).exists():
+        return render(request, 'access_denied.html', {'page_title': 'Access Denied'})
     if request.GET.get('peer'):
         current_peer = get_object_or_404(Peer, uuid=request.GET.get('peer'))
         page_title = 'Add new IP address for Peer '