Remove delete_token permission from TokenDeleteView

2025-07-22 20:12:00 -06:00 · 2020-06-02 15:36:31 -04:00 · 2020-06-02 15:36:31 -04:00 · 3502398d1d
commit 3502398d1d
parent 205acd2c4d
2 changed files with 3 additions and 3 deletions
--- a/docs/release-notes/version-2.9.md
+++ b/docs/release-notes/version-2.9.md
@ -15,3 +15,4 @@ NetBox v2.9 replaces Django's built-in permissions framework with one that suppo
 ### Other Changes

 * The `secrets.activate_userkey` permission no longer exists. Instead, `secrets.change_userkey` is checked to determine whether a user has the ability to activate a UserKey.
+* The `users.delete_token` permission is no longer enforced. All users are permitted to delete their own API tokens.
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@ -3,7 +3,7 @@ import logging
 from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import login as auth_login, logout as auth_logout, update_session_auth_hash
-from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
+from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import update_last_login
 from django.contrib.auth.signals import user_logged_in
 from django.http import HttpResponseForbidden, HttpResponseRedirect
@ -320,8 +320,7 @@ class TokenEditView(LoginRequiredMixin, View):
        })


-class TokenDeleteView(PermissionRequiredMixin, View):
-    permission_required = 'users.delete_token'
+class TokenDeleteView(LoginRequiredMixin, View):

    def get(self, request, pk):