NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-23 04:22:01 -06:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Enforce object-level permissions for cluster add/remove devices views

Browse Source
This commit is contained in:
Jeremy Stretch 2020-05-22 11:30:46 -04:00
parent bae050e689
commit 5282ae2250
1 changed files with 7 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
netbox/virtualization/views.py
View File

@ -4,7 +4,6 @@ from django.db import transaction
from django.db.models import Count from django.db.models import Count
from django.shortcuts import get_object_or_404, redirect, render from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse from django.urls import reverse
from django.views.generic import View
from dcim.models import Device, Interface from dcim.models import Device, Interface
from dcim.tables import DeviceTable from dcim.tables import DeviceTable
@ -137,14 +136,13 @@ class ClusterBulkDeleteView(BulkDeleteView):
default_return_url = 'virtualization:cluster_list' default_return_url = 'virtualization:cluster_list'
class ClusterAddDevicesView(PermissionRequiredMixin, View): class ClusterAddDevicesView(ObjectEditView):
permission_required = 'virtualization.change_cluster' queryset = Cluster.objects.all()
form = forms.ClusterAddDevicesForm form = forms.ClusterAddDevicesForm
template_name = 'virtualization/cluster_add_devices.html' template_name = 'virtualization/cluster_add_devices.html'
def get(self, request, pk): def get(self, request, pk):
cluster = get_object_or_404(self.queryset, pk=pk)
cluster = get_object_or_404(Cluster, pk=pk)
form = self.form(cluster, initial=request.GET) form = self.form(cluster, initial=request.GET)
return render(request, self.template_name, { return render(request, self.template_name, {
@ -154,8 +152,7 @@ class ClusterAddDevicesView(PermissionRequiredMixin, View):
}) })
def post(self, request, pk): def post(self, request, pk):
cluster = get_object_or_404(self.queryset, pk=pk)
cluster = get_object_or_404(Cluster, pk=pk)
form = self.form(cluster, request.POST) form = self.form(cluster, request.POST)
if form.is_valid(): if form.is_valid():
@ -180,14 +177,14 @@ class ClusterAddDevicesView(PermissionRequiredMixin, View):
}) })
class ClusterRemoveDevicesView(PermissionRequiredMixin, View): class ClusterRemoveDevicesView(ObjectEditView):
permission_required = 'virtualization.change_cluster' queryset = Cluster.objects.all()
form = forms.ClusterRemoveDevicesForm form = forms.ClusterRemoveDevicesForm
template_name = 'utilities/obj_bulk_remove.html' template_name = 'utilities/obj_bulk_remove.html'
def post(self, request, pk): def post(self, request, pk):
cluster = get_object_or_404(Cluster, pk=pk) cluster = get_object_or_404(self.queryset, pk=pk)
if '_confirm' in request.POST: if '_confirm' in request.POST:
form = self.form(request.POST) form = self.form(request.POST)