NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-12-23 13:52:17 -06:00
Code Issues Actions 10 Packages Projects Releases Wiki Activity

Fixes #6073: Permit users to manage their own REST API tokens without needing explicit permission

Browse Source
This commit is contained in:
Jeremy Stretch
2021-03-31 13:25:06 -04:00
parent c8eae3a5c3
commit 6ec8ac7597
3 changed files with 19 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
netbox/users/views.py
View File

@@ -6,7 +6,7 @@ from django.contrib.auth import login as auth_login, logout as auth_logout, upda
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.models import update_last_login
from django.contrib.auth.signals import user_logged_in
from django.http import HttpResponseForbidden, HttpResponseRedirect
from django.http import HttpResponseRedirect
from django.shortcuts import get_object_or_404, redirect, render
from django.urls import reverse
from django.utils.decorators import method_decorator
@@ -282,13 +282,9 @@ class TokenEditView(LoginRequiredMixin, View):
def get(self, request, pk=None):
if pk is not None:
if not request.user.has_perm('users.change_token'):
return HttpResponseForbidden()
if pk:
token = get_object_or_404(Token.objects.filter(user=request.user), pk=pk)
else:
if not request.user.has_perm('users.add_token'):
return HttpResponseForbidden()
token = Token(user=request.user)
form = TokenForm(instance=token)
@@ -302,11 +298,11 @@ class TokenEditView(LoginRequiredMixin, View):
def post(self, request, pk=None):
if pk is not None:
if pk:
token = get_object_or_404(Token.objects.filter(user=request.user), pk=pk)
form = TokenForm(request.POST, instance=token)
else:
token = Token()
token = Token(user=request.user)
form = TokenForm(request.POST)
if form.is_valid():
@@ -314,7 +310,7 @@ class TokenEditView(LoginRequiredMixin, View):
token.user = request.user
token.save()
msg = "Modified token {}".format(token) if pk else "Created token {}".format(token)
msg = f"Modified token {token}" if pk else f"Created token {token}"
messages.success(request, msg)
if '_addanother' in request.POST: