From 528248b560db3aeba7a300bb34ccf6cf43384210 Mon Sep 17 00:00:00 2001 From: Jason Novinger Date: Mon, 10 Mar 2025 09:52:59 -0500 Subject: [PATCH 1/2] Fixes #18782: properly check if htmx_url is None If this is done incorrently, then the string formatting operation turns `htmx_url` into a string and the test in the template fails. --- netbox/extras/dashboard/widgets.py | 2 +- netbox/extras/tests/test_dashboard.py | 43 +++++++++++++++++++++++++++ 2 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 netbox/extras/tests/test_dashboard.py diff --git a/netbox/extras/dashboard/widgets.py b/netbox/extras/dashboard/widgets.py index eeed5414f..72c46edf4 100644 --- a/netbox/extras/dashboard/widgets.py +++ b/netbox/extras/dashboard/widgets.py @@ -257,7 +257,7 @@ class ObjectListWidget(DashboardWidget): parameters['per_page'] = page_size parameters['embedded'] = True - if parameters: + if parameters and htmx_url is not None: try: htmx_url = f'{htmx_url}?{urlencode(parameters, doseq=True)}' except ValueError: diff --git a/netbox/extras/tests/test_dashboard.py b/netbox/extras/tests/test_dashboard.py new file mode 100644 index 000000000..4705de1ab --- /dev/null +++ b/netbox/extras/tests/test_dashboard.py @@ -0,0 +1,43 @@ +from django.test import tag, TestCase + +from extras.dashboard.widgets import ObjectListWidget + + +class ObjectListWidgetTests(TestCase): + @tag('regression') + def test_widget_fails_gracefully(self): + """ + Example: + '2829fd9b-5dee-4c9a-81f2-5bd84c350a27': { + 'class': 'extras.ObjectListWidget', + 'color': 'indigo', + 'title': 'Object List', + 'config': { + 'model': 'extras.notification', + 'page_size': None, + 'url_params': None + } + } + """ + config = { + # 'class': 'extras.ObjectListWidget', # normally popped off, left for clarity + 'color': 'yellow', + 'title': 'this should fail', + 'config': { + 'model': 'extras.notification', + 'page_size': None, + 'url_params': None, + }, + } + + class Request: + class User: + def has_perm(self, *args, **kwargs): + return True + + user = User() + + mock_request = Request() + widget = ObjectListWidget(id='2829fd9b-5dee-4c9a-81f2-5bd84c350a27', **config) + rendered = widget.render(mock_request) + self.assertTrue('Unable to load content. Invalid view name:' in rendered) From 76c3c613a927965244ec8d123f557c9d1f7b3fd6 Mon Sep 17 00:00:00 2001 From: Jason Novinger Date: Mon, 10 Mar 2025 09:57:45 -0500 Subject: [PATCH 2/2] Adds validation for ObjectListWidget.ConfigForm.model field --- netbox/extras/dashboard/widgets.py | 33 +++++++++++++++++++++++++++ netbox/extras/tests/test_dashboard.py | 5 ++++ 2 files changed, 38 insertions(+) diff --git a/netbox/extras/dashboard/widgets.py b/netbox/extras/dashboard/widgets.py index 72c46edf4..207e9c5d7 100644 --- a/netbox/extras/dashboard/widgets.py +++ b/netbox/extras/dashboard/widgets.py @@ -9,6 +9,7 @@ import requests from django import forms from django.conf import settings from django.core.cache import cache +from django.db.models import Model from django.template.loader import render_to_string from django.urls import NoReverseMatch, resolve, reverse from django.utils.translation import gettext as _ @@ -42,6 +43,27 @@ def get_object_type_choices(): ] +def object_list_widget_supports_model(model: Model) -> bool: + """Test whether a model is supported by the ObjectListWidget + + In theory there could be more than one reason why a model isn't supported by the + ObjectListWidget, although we've only identified one so far--there's no resolve-able 'list' URL + for the model. Add more tests if more conditions arise. + """ + def can_resolve_model_list_view(model: Model) -> bool: + try: + reverse(get_viewname(model, action='list')) + return True + except Exception: + return False + + tests = [ + can_resolve_model_list_view, + ] + + return all(test(model) for test in tests) + + def get_bookmarks_object_type_choices(): return [ (object_type_identifier(ot), object_type_name(ot)) @@ -234,6 +256,17 @@ class ObjectListWidget(DashboardWidget): raise forms.ValidationError(_("Invalid format. URL parameters must be passed as a dictionary.")) return data + def clean_model(self): + if model_info := self.cleaned_data['model']: + app_label, model_name = model_info.split('.') + model = ObjectType.objects.get_by_natural_key(app_label, model_name).model_class() + if not object_list_widget_supports_model(model): + raise forms.ValidationError( + _(f"Invalid model selection: {self['model'].data} is not supported.") + ) + + return model_info + def render(self, request): app_label, model_name = self.config['model'].split('.') model = ObjectType.objects.get_by_natural_key(app_label, model_name).model_class() diff --git a/netbox/extras/tests/test_dashboard.py b/netbox/extras/tests/test_dashboard.py index 4705de1ab..19ce5a43d 100644 --- a/netbox/extras/tests/test_dashboard.py +++ b/netbox/extras/tests/test_dashboard.py @@ -4,6 +4,11 @@ from extras.dashboard.widgets import ObjectListWidget class ObjectListWidgetTests(TestCase): + def test_widget_config_form_validates_model(self): + model_info = 'extras.notification' + form = ObjectListWidget.ConfigForm({'model': model_info}) + self.assertFalse(form.is_valid()) + @tag('regression') def test_widget_fails_gracefully(self): """