NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-24 17:38:37 -06:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Fix issue with tests. Reverted to overriding the permissions map as the only viable option

Browse Source
This commit is contained in:
Daniel Sheppard 2024-06-17 10:49:07 -05:00
parent 542fa71267
commit 67b6857745
2 changed files with 19 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
netbox/netbox/api/authentication.py
View File

@ -141,18 +141,25 @@ class TokenPermissions(DjangoObjectPermissions):
permission = self.perms_map.get(method)[0] if len(self.perms_map.get(method)) > 0 else None permission = self.perms_map.get(method)[0] if len(self.perms_map.get(method)) > 0 else None
if permission: if permission:
# Remove app and model label # Remove app and model label
action = resolve_permission(permission) app_label, action, model_name = resolve_permission(permission)
return action return action
return None return None
class RequireViewOnlyPermissions(TokenPermissions): class RequireViewOnlyPermissions(TokenPermissions):
"""
# Only return view as the action Overrides permission map to return only view permissions as required
def get_action(self, method): """
if method != 'OPTIONS': # Override the stock perm_map to enforce view permissions
return 'view' perms_map = {
return None 'GET': ['%(app_label)s.view_%(model_name)s'],
'OPTIONS': [],
'HEAD': ['%(app_label)s.view_%(model_name)s'],
'POST': ['%(app_label)s.view_%(model_name)s'],
'PUT': ['%(app_label)s.view_%(model_name)s'],
'PATCH': ['%(app_label)s.view_%(model_name)s'],
'DELETE': ['%(app_label)s.view_%(model_name)s'],
}
class IsAuthenticatedOrLoginNotRequired(BasePermission): class IsAuthenticatedOrLoginNotRequired(BasePermission):

6
netbox/utilities/permissions.py
View File

@ -33,7 +33,11 @@ def resolve_permission(name):
""" """
try: try:
app_label, codename = name.split('.') app_label, codename = name.split('.')
action, model_name = codename.rsplit('_', 1) if '%' in codename:
action, model_name = codename.split('_%')
model_name = '%' + model_name
else:
action, model_name = codename.rsplit('_', 1)
except ValueError: except ValueError:
raise ValueError( raise ValueError(
_("Invalid permission name: {name}. Must be in the format <app_label>.<action>_<model>").format(name=name) _("Invalid permission name: {name}. Must be in the format <app_label>.<action>_<model>").format(name=name)