From cff534890f45ff2838a2f28640c091e4871f7d72 Mon Sep 17 00:00:00 2001
From: Vadim Aleksandrov <valeksandrov@me.com>
Date: Tue, 23 Jan 2018 12:08:50 +0300
Subject: [PATCH] Deny to delete 'SOA' record

---
 app/models.py             | 12 +++++++++---
 app/templates/domain.html | 12 +++++-------
 app/views.py              |  4 ++--
 3 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/app/models.py b/app/models.py
index 9bf2b58..50b2889 100644
--- a/app/models.py
+++ b/app/models.py
@@ -891,7 +891,7 @@ class Record(object):
         list_deleted_records = [x for x in list_current_records if x not in list_new_records]
 
         # convert back to list of hash
-        deleted_records = [x for x in current_records if [x['name'],x['type']] in list_deleted_records and x['type'] in app.config['RECORDS_ALLOW_EDIT']]
+        deleted_records = [x for x in current_records if [x['name'],x['type']] in list_deleted_records and (x['type'] in app.config['RECORDS_ALLOW_EDIT'] and x['type'] != 'SOA')]
 
         # return a tuple
         return deleted_records, new_records
@@ -1126,12 +1126,18 @@ class Record(object):
             logging.error("Cannot remove record %s/%s/%s from domain %s" % (self.name, self.type, self.data, domain))
             return {'status': 'error', 'msg': 'There was something wrong, please contact administrator'}
 
-    def is_allowed(self):
+    def is_allowed_edit(self):
         """
-        Check if record is allowed to edit/removed
+        Check if record is allowed to edit
         """
         return self.type in app.config['RECORDS_ALLOW_EDIT']
 
+    def is_allowed_delete(self):
+        """
+        Check if record is allowed to removed
+        """
+        return (self.type in app.config['RECORDS_ALLOW_EDIT'] and self.type != 'SOA')
+
     def exists(self, domain):
         """
         Check if record is present within domain records, and if it's present set self to found record
diff --git a/app/templates/domain.html b/app/templates/domain.html
index eeb4c27..56a683a 100644
--- a/app/templates/domain.html
+++ b/app/templates/domain.html
@@ -70,25 +70,23 @@
                                     </td>
                                 {% if domain.type != 'Slave' %}
                                     <td width="6%">
-                                    {% if record.is_allowed() %}
+                                    {% if record.is_allowed_edit() %}
                                         <button type="button" class="btn btn-flat btn-warning button_edit" id="{{ (record.name,domain.name)|display_record_name }}">Edit&nbsp;<i class="fa fa-edit"></i></button>
                                        {% else %}
                                        <button type="button" class="btn btn-flat btn-warning"">&nbsp;&nbsp;<i class="fa fa-exclamation-circle"></i>&nbsp;&nbsp;</button>
                                     {% endif %}
                                     </td>
                                     <td width="6%">
-                                    {% if record.is_allowed() %}
+                                    {% if record.is_allowed_delete() %}
                                         <button type="button" class="btn btn-flat btn-danger button_delete" id="{{ (record.name,domain.name)|display_record_name }}">Delete&nbsp;<i class="fa fa-trash"></i></button>
-                                    {% else %}
-                                        <button type="button" class="btn btn-flat btn-warning"">&nbsp;&nbsp;<i class="fa fa-exclamation-circle"></i>&nbsp;&nbsp;</button>
                                     {% endif %}
                                 {% else %}
                                     <td width="6%">
-                                        <button type="button" class="btn btn-flat btn-warning"">&nbsp;&nbsp;<i class="fa fa-exclamation-circle"></i>&nbsp;&nbsp;</button>
+                                        <button type="button" class="btn btn-flat btn-warning">&nbsp;&nbsp;<i class="fa fa-exclamation-circle"></i>&nbsp;&nbsp;</button>
                                     </td>
                                     <td width="6%">
-                                        <button type="button" class="btn btn-flat btn-warning"">&nbsp;&nbsp;<i class="fa fa-exclamation-circle"></i>&nbsp;&nbsp;</button>
-                                    </td> 
+                                        <button type="button" class="btn btn-flat btn-warning">&nbsp;&nbsp;<i class="fa fa-exclamation-circle"></i>&nbsp;&nbsp;</button>
+                                    </td>
                                 {% endif %}
                                     </td>
                                     <!-- hidden column that we can sort on -->
diff --git a/app/views.py b/app/views.py
index 8f4cc0a..b59cfee 100644
--- a/app/views.py
+++ b/app/views.py
@@ -966,7 +966,7 @@ def dyndns_update():
     r = Record()
     r.name = hostname
     # check if the user requested record exists within this domain
-    if r.exists(domain.name) and r.is_allowed:
+    if r.exists(domain.name) and r.is_allowed_edit():
         if r.data == myip:
             # record content did not change, return 'nochg'
             history = History(msg="DynDNS update: attempted update of %s but record did not change" % hostname, created_by=current_user.username)
@@ -981,7 +981,7 @@ def dyndns_update():
                 return render_template('dyndns.html', response='good'), 200
             else:
                 return render_template('dyndns.html', response='911'), 200
-    elif r.is_allowed:
+    elif r.is_allowed_edit():
         ondemand_creation = DomainSetting.query.filter(DomainSetting.domain == domain).filter(DomainSetting.setting == 'create_via_dyndns').first()
         if (ondemand_creation != None) and (strtobool(ondemand_creation.value) == True):
             record = Record(name=hostname,type='A',data=myip,status=False,ttl=3600)