From 76c3c613a927965244ec8d123f557c9d1f7b3fd6 Mon Sep 17 00:00:00 2001 From: Jason Novinger Date: Mon, 10 Mar 2025 09:57:45 -0500 Subject: [PATCH] Adds validation for ObjectListWidget.ConfigForm.model field --- netbox/extras/dashboard/widgets.py | 33 +++++++++++++++++++++++++++ netbox/extras/tests/test_dashboard.py | 5 ++++ 2 files changed, 38 insertions(+) diff --git a/netbox/extras/dashboard/widgets.py b/netbox/extras/dashboard/widgets.py index 72c46edf4..207e9c5d7 100644 --- a/netbox/extras/dashboard/widgets.py +++ b/netbox/extras/dashboard/widgets.py @@ -9,6 +9,7 @@ import requests from django import forms from django.conf import settings from django.core.cache import cache +from django.db.models import Model from django.template.loader import render_to_string from django.urls import NoReverseMatch, resolve, reverse from django.utils.translation import gettext as _ @@ -42,6 +43,27 @@ def get_object_type_choices(): ] +def object_list_widget_supports_model(model: Model) -> bool: + """Test whether a model is supported by the ObjectListWidget + + In theory there could be more than one reason why a model isn't supported by the + ObjectListWidget, although we've only identified one so far--there's no resolve-able 'list' URL + for the model. Add more tests if more conditions arise. + """ + def can_resolve_model_list_view(model: Model) -> bool: + try: + reverse(get_viewname(model, action='list')) + return True + except Exception: + return False + + tests = [ + can_resolve_model_list_view, + ] + + return all(test(model) for test in tests) + + def get_bookmarks_object_type_choices(): return [ (object_type_identifier(ot), object_type_name(ot)) @@ -234,6 +256,17 @@ class ObjectListWidget(DashboardWidget): raise forms.ValidationError(_("Invalid format. URL parameters must be passed as a dictionary.")) return data + def clean_model(self): + if model_info := self.cleaned_data['model']: + app_label, model_name = model_info.split('.') + model = ObjectType.objects.get_by_natural_key(app_label, model_name).model_class() + if not object_list_widget_supports_model(model): + raise forms.ValidationError( + _(f"Invalid model selection: {self['model'].data} is not supported.") + ) + + return model_info + def render(self, request): app_label, model_name = self.config['model'].split('.') model = ObjectType.objects.get_by_natural_key(app_label, model_name).model_class() diff --git a/netbox/extras/tests/test_dashboard.py b/netbox/extras/tests/test_dashboard.py index 4705de1ab..19ce5a43d 100644 --- a/netbox/extras/tests/test_dashboard.py +++ b/netbox/extras/tests/test_dashboard.py @@ -4,6 +4,11 @@ from extras.dashboard.widgets import ObjectListWidget class ObjectListWidgetTests(TestCase): + def test_widget_config_form_validates_model(self): + model_info = 'extras.notification' + form = ObjectListWidget.ConfigForm({'model': model_info}) + self.assertFalse(form.is_valid()) + @tag('regression') def test_widget_fails_gracefully(self): """