From 38786748b7012f61b16277bf6f66d1a98aa2d64e Mon Sep 17 00:00:00 2001 From: Daniel Sheppard Date: Tue, 18 Jun 2024 09:59:34 -0500 Subject: [PATCH] Add override for read_only tokens to be used with an overriden permission set --- netbox/netbox/api/authentication.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/netbox/netbox/api/authentication.py b/netbox/netbox/api/authentication.py index ef307775b..fbdd7e0ff 100644 --- a/netbox/netbox/api/authentication.py +++ b/netbox/netbox/api/authentication.py @@ -103,9 +103,14 @@ class TokenPermissions(DjangoObjectPermissions): super().__init__() def _verify_write_permission(self, request): + # Determine if this permission set allows read-only tokens + allow_readonly_token = getattr(self, 'allow_readonly_token', False) # If token authentication is in use, verify that the token allows write operations (for unsafe methods). - if request.method in SAFE_METHODS or request.auth.write_enabled: + # If this permission set allows read-only tokens, also permit access + if request.method in SAFE_METHODS or request.auth.write_enabled or ( + not request.auth.write_enabled and allow_readonly_token + ): return True def has_permission(self, request, view): @@ -150,6 +155,8 @@ class RequireViewOnlyPermissions(TokenPermissions): 'DELETE': ['%(app_label)s.view_%(model_name)s'], } + allow_readonly_token = True + class IsAuthenticatedOrLoginNotRequired(BasePermission): """