diff --git a/netbox/netbox/tests/test_authentication.py b/netbox/netbox/tests/test_authentication.py index 39e82df61..74f4c411a 100644 --- a/netbox/netbox/tests/test_authentication.py +++ b/netbox/netbox/tests/test_authentication.py @@ -201,13 +201,11 @@ class ObjectPermissionViewTestCase(TestCase): self.assertHttpStatus(response, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_view=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Retrieve permitted object response = self.client.get(self.prefixes[0].get_absolute_url()) @@ -225,13 +223,11 @@ class ObjectPermissionViewTestCase(TestCase): self.assertHttpStatus(response, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_view=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Retrieve all objects. Only permitted objects should be returned. response = self.client.get(reverse('ipam:prefix_list')) @@ -259,14 +255,12 @@ class ObjectPermissionViewTestCase(TestCase): self.assertEqual(initial_count, Prefix.objects.count()) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_view=True, can_add=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Attempt to create a non-permitted object request = { @@ -307,14 +301,12 @@ class ObjectPermissionViewTestCase(TestCase): self.assertHttpStatus(response, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_view=True, can_change=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Attempt to edit a non-permitted object request = { @@ -351,14 +343,12 @@ class ObjectPermissionViewTestCase(TestCase): self.assertHttpStatus(response, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_view=True, can_delete=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Delete permitted object request = { @@ -400,13 +390,11 @@ class ObjectPermissionViewTestCase(TestCase): self.assertEqual(initial_count, Prefix.objects.count()) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_add=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Attempt to create non-permitted objects request = { @@ -449,13 +437,11 @@ class ObjectPermissionViewTestCase(TestCase): self.assertHttpStatus(response, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_change=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Attempt to edit non-permitted objects request = { @@ -493,14 +479,12 @@ class ObjectPermissionViewTestCase(TestCase): self.assertHttpStatus(response, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_view=True, can_delete=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Attempt to delete non-permitted object request = { @@ -565,15 +549,11 @@ class ObjectPermissionAPIViewTestCase(TestCase): self.assertEqual(response.status_code, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), - attrs={ - 'site__name': 'Site 1', - }, + attrs={'site__name': 'Site 1'}, can_view=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Retrieve permitted object url = reverse('ipam-api:prefix-detail', kwargs={'pk': self.prefixes[0].pk}) @@ -594,15 +574,11 @@ class ObjectPermissionAPIViewTestCase(TestCase): self.assertEqual(response.status_code, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), - attrs={ - 'site__name': 'Site 1', - }, + attrs={'site__name': 'Site 1'}, can_view=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Retrieve all objects. Only permitted objects should be returned. response = self.client.get(url, **self.header) @@ -623,13 +599,11 @@ class ObjectPermissionAPIViewTestCase(TestCase): self.assertEqual(response.status_code, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_add=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Attempt to create a non-permitted object response = self.client.post(url, data, format='json', **self.header) @@ -652,13 +626,11 @@ class ObjectPermissionAPIViewTestCase(TestCase): self.assertEqual(response.status_code, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_change=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Attempt to edit a non-permitted object data = {'site': self.sites[0].pk} @@ -687,13 +659,11 @@ class ObjectPermissionAPIViewTestCase(TestCase): self.assertEqual(response.status_code, 403) # Assign object permission - obj_perm = ObjectPermission( + self.user.object_permissions.create( model=ContentType.objects.get_for_model(Prefix), attrs={'site__name': 'Site 1'}, can_delete=True ) - obj_perm.save() - obj_perm.users.add(self.user) # Attempt to delete a non-permitted object url = reverse('ipam-api:prefix-detail', kwargs={'pk': self.prefixes[3].pk}) diff --git a/netbox/utilities/auth_backends.py b/netbox/utilities/auth_backends.py index 99e4f559a..bb705a6df 100644 --- a/netbox/utilities/auth_backends.py +++ b/netbox/utilities/auth_backends.py @@ -122,14 +122,10 @@ class RemoteUserBackend(_RemoteUserBackend): try: app_label, codename = permission_name.split('.') action, model_name = codename.split('_') - - kwargs = { + user.object_permissions.create(**{ 'model': ContentType.objects.get(app_label=app_label, model=model_name), f'can_{action}': True - } - obj_perm = ObjectPermission(**kwargs) - obj_perm.save() - obj_perm.users.add(user) + }) permissions_list.append(permission_name) except ValueError: logging.error( diff --git a/netbox/utilities/testing/testcases.py b/netbox/utilities/testing/testcases.py index 8346f5d04..86f465364 100644 --- a/netbox/utilities/testing/testcases.py +++ b/netbox/utilities/testing/testcases.py @@ -1,5 +1,5 @@ from django.contrib.contenttypes.models import ContentType -from django.contrib.auth.models import Permission, User +from django.contrib.auth.models import User from django.core.exceptions import ObjectDoesNotExist from django.forms.models import model_to_dict from django.test import Client, TestCase as _TestCase, override_settings @@ -7,7 +7,6 @@ from django.urls import reverse, NoReverseMatch from rest_framework.test import APIClient from users.models import ObjectPermission, Token -from utilities.permissions import get_permission_for_model from .utils import disable_warnings, post_data @@ -36,13 +35,10 @@ class TestCase(_TestCase): app_label, codename = name.split('.') action, model_name = codename.split('_') - kwargs = { + self.user.object_permissions.create(**{ 'model': ContentType.objects.get(app_label=app_label, model=model_name), f'can_{action}': True - } - obj_perm = ObjectPermission(**kwargs) - obj_perm.save() - obj_perm.users.add(self.user) + }) def remove_permissions(self, *names): """ @@ -52,12 +48,10 @@ class TestCase(_TestCase): app_label, codename = name.split('.') action, model_name = codename.split('_') - kwargs = { - 'user': self.user, + self.user.object_permissions.filter(**{ 'model': ContentType.objects.get(app_label=app_label, model=model_name), f'can_{action}': True - } - ObjectPermission.objects.filter(**kwargs).delete() + }).delete() # # Convenience methods