#68: Improved permissions-related error handling

netbox/templates/secrets/inc/secret_tr.html

@@ -1,13 +1,20 @@
+{% load secret_helpers %}
 <tr>
     <td><a href="{% url 'secrets:secret' pk=secret.pk %}">{{ secret.role }}</a></td>
     <td>{{ secret.name }}</td>
     <td id="secret_{{ secret.pk }}">********</td>
     <td class="text-right">
-        <button class="btn btn-xs btn-success unlock-secret" secret-id="{{ secret.pk }}">
-            <i class="fa fa-lock"></i> Unlock
-        </button>
-        <button class="btn btn-xs btn-danger lock-secret collapse" secret-id="{{ secret.pk }}">
-            <i class="fa fa-unlock-alt"></i> Lock
-        </button>
+        {% if secret|decryptable_by:request.user %}
+            <button class="btn btn-xs btn-success unlock-secret" secret-id="{{ secret.pk }}">
+                <i class="fa fa-lock"></i> Unlock
+            </button>
+            <button class="btn btn-xs btn-danger lock-secret collapse" secret-id="{{ secret.pk }}">
+                <i class="fa fa-unlock-alt"></i> Lock
+            </button>
+        {% else %}
+            <button class="btn btn-xs btn-default" disabled="disabled" title="Permission denied">
+                <i class="fa fa-lock"></i> Unlock
+            </button>
+        {% endif %}
     </td>
 </tr>

netbox/templates/secrets/secret.html

@@ -1,5 +1,6 @@
 {% extends '_base.html' %}
 {% load static from staticfiles %}
+{% load secret_helpers %}
 
 {% block title %}Secret: {{ secret }}{% endblock %}
 
@@ -67,28 +68,35 @@
         </div>
 	</div>
 	<div class="col-md-6">
-        <div class="panel panel-default">
-            <div class="panel-heading">
-                <strong>Secret Data</strong>
-            </div>
-            <div class="panel-body">
-                <form id="secret_form">
-                    {% csrf_token %}
-                </form>
-                <div class="row">
-                    <div class="col-md-2">Secret</div>
-                    <div class="col-md-8" id="secret_{{ secret.pk }}">********</div>
-                    <div class="col-md-2 text-right">
-                        <button class="btn btn-xs btn-success unlock-secret" secret-id="{{ secret.pk }}">
-                            <i class="fa fa-lock"></i> Unlock
-                        </button>
-                        <button class="btn btn-xs btn-danger lock-secret collapse" secret-id="{{ secret.pk }}">
-                            <i class="fa fa-unlock-alt"></i> Lock
-                        </button>
+        {% if secret|decryptable_by:request.user %}
+            <div class="panel panel-default">
+                <div class="panel-heading">
+                    <strong>Secret Data</strong>
+                </div>
+                <div class="panel-body">
+                    <form id="secret_form">
+                        {% csrf_token %}
+                    </form>
+                    <div class="row">
+                        <div class="col-md-2">Secret</div>
+                        <div class="col-md-8" id="secret_{{ secret.pk }}">********</div>
+                        <div class="col-md-2 text-right">
+                            <button class="btn btn-xs btn-success unlock-secret" secret-id="{{ secret.pk }}">
+                                <i class="fa fa-lock"></i> Unlock
+                            </button>
+                            <button class="btn btn-xs btn-danger lock-secret collapse" secret-id="{{ secret.pk }}">
+                                <i class="fa fa-unlock-alt"></i> Lock
+                            </button>
+                        </div>
                     </div>
                 </div>
             </div>
-        </div>
+        {% else %}
+            <div class="alert alert-warning">
+                <i class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></i>
+                You do not have permission to decrypt this secret.
+            </div>
+        {% endif %}
     </div>
 </div>