From 567761f68fd6ccb120f94b7aef030f3d285ab8ce Mon Sep 17 00:00:00 2001
From: Andreas Zweili <andreas@2li.ch>
Date: Fri, 19 Jul 2019 16:10:33 +0200
Subject: [PATCH] add decorators for Device and ConnectedDevice

---
 network_inventory/inventory/decorators.py | 30 ++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/network_inventory/inventory/decorators.py b/network_inventory/inventory/decorators.py
index 0696c5e..c2b1995 100644
--- a/network_inventory/inventory/decorators.py
+++ b/network_inventory/inventory/decorators.py
@@ -1,5 +1,5 @@
 from django.http import HttpResponseForbidden
-from inventory.models import Computer, Customer
+from inventory.models import Computer, Customer, Device, ConnectedDevice
 
 
 def computer_view_permission(old_fuction):
@@ -14,3 +14,31 @@ def computer_view_permission(old_fuction):
                 "You're not allowed to access this device."
                 )
     return new_function
+
+
+def device_view_permission(old_function):
+    def new_function(request, device_id, *args, **kwargs):
+        computer = Device.objects.get(pk=device_id)
+        customer = Customer.objects.get(pk=device.customer.pk)
+        user = request.user
+        if user.has_perm('inventory.view_customer', customer):
+            return old_fuction(request, device_id)
+        else:
+            return HttpResponseForbidden(
+                "You're not allowed to access this device."
+                )
+    return new_function
+
+
+def connect_device_view_permission(old_function):
+    def new_function(request, device_id, *args, **kwargs):
+        computer = Device.objects.get(pk=device_id)
+        customer = Customer.objects.get(pk=device.customer.pk)
+        user = request.user
+        if user.has_perm('inventory.view_customer', customer):
+            return old_fuction(request, device_id)
+        else:
+            return HttpResponseForbidden(
+                "You're not allowed to access this device."
+                )
+    return new_function