From 4d90d559be4567f2da2d9bcad0a43604cd3b6ded Mon Sep 17 00:00:00 2001 From: Jason Novinger Date: Mon, 5 Jan 2026 13:20:22 -0600 Subject: [PATCH] Fix permission constraint example error --- docs/administration/permissions.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/administration/permissions.md b/docs/administration/permissions.md index d16d599d9..a73eddcd8 100644 --- a/docs/administration/permissions.md +++ b/docs/administration/permissions.md @@ -88,7 +88,7 @@ While permissions are typically assigned to specific groups and/or users, it is ### Viewing Objects -Object-based permissions work by filtering the database query generated by a user's request to restrict the set of objects returned. When a request is received, NetBox first determines whether the user is authenticated and has been granted to perform the requested action. For example, if the requested URL is `/dcim/devices/`, NetBox will check for the `dcim.view_device` permission. If the user has not been assigned this permission (either directly or via a group assignment), NetBox will return a 403 (forbidden) HTTP response. +Object-based permissions work by filtering the database query generated by a user's request to restrict the set of objects returned. When a request is received, NetBox first determines whether the user is authenticated and has been granted permission to perform the requested action. For example, if the requested URL is `/dcim/devices/`, NetBox will check for the `dcim.view_device` permission. If the user has not been assigned this permission (either directly or via a group assignment), NetBox will return a 403 (forbidden) HTTP response. If the permission _has_ been granted, NetBox will compile any specified constraints for the model and action. For example, suppose two permissions have been assigned to the user granting view access to the device model, with the following constraints: @@ -102,9 +102,9 @@ If the permission _has_ been granted, NetBox will compile any specified constrai This grants the user access to view any device that is assigned to a site named NYC1 or NYC2, **or** which has a status of "offline" and has no tenant assigned. These constraints are equivalent to the following ORM query: ```no-highlight -Site.objects.filter( +Device.objects.filter( Q(site__name__in=['NYC1', 'NYC2']), - Q(status='active', tenant__isnull=True) + Q(status='offline', tenant__isnull=True) ) ```