10719 check ip permission on fhrpgroup form save

2025-08-24 16:26:09 -06:00 · 2022-10-25 14:30:43 -07:00 · 2022-10-25 14:30:43 -07:00 · 830a82fa7e
commit 830a82fa7e
parent 4c504870e0
3 changed files with 27 additions and 20 deletions
--- a/netbox/ipam/forms/models.py
+++ b/netbox/ipam/forms/models.py
@ -550,26 +550,6 @@ class FHRPGroupForm(NetBoxModelForm):
            'protocol', 'group_id', 'auth_type', 'auth_key', 'description', 'ip_vrf', 'ip_address', 'ip_status', 'tags',
        )

-    def save(self, *args, **kwargs):
-        instance = super().save(*args, **kwargs)
-
-        # Check if we need to create a new IPAddress for the group
-        if self.cleaned_data.get('ip_address'):
-            ipaddress = IPAddress(
-                vrf=self.cleaned_data['ip_vrf'],
-                address=self.cleaned_data['ip_address'],
-                status=self.cleaned_data['ip_status'],
-                role=FHRP_PROTOCOL_ROLE_MAPPINGS.get(self.cleaned_data['protocol'], IPAddressRoleChoices.ROLE_VIP),
-                assigned_object=instance
-            )
-            ipaddress.save()
-
-            # Check that the new IPAddress conforms with any assigned object-level permissions
-            if not IPAddress.objects.filter(pk=ipaddress.pk).first():
-                raise PermissionsViolation()
-
-        return instance
-
    def clean(self):
        super().clean()

--- a/netbox/ipam/views.py
+++ b/netbox/ipam/views.py
@ -11,6 +11,7 @@ from dcim.models import Interface, Site, Device
 from dcim.tables import SiteTable
 from netbox.views import generic
 from utilities.utils import count_related
+from utilities.exceptions import PermissionsViolation
 from virtualization.filtersets import VMInterfaceFilterSet
 from virtualization.models import VMInterface, VirtualMachine
 from . import filtersets, forms, tables
@ -930,6 +931,20 @@ class FHRPGroupEditView(generic.ObjectEditView):

        return return_url

+    def save_related_data(self, request, form, obj):
+        ipaddress = IPAddress(
+            vrf=form.cleaned_data['ip_vrf'],
+            address=form.cleaned_data['ip_address'],
+            status=form.cleaned_data['ip_status'],
+            role=FHRP_PROTOCOL_ROLE_MAPPINGS.get(form.cleaned_data['protocol'], IPAddressRoleChoices.ROLE_VIP),
+            assigned_object=obj
+        )
+        ipaddress.save()
+
+        # Check that the new IPAddress conforms with any assigned object-level permissions
+        if not IPAddress.objects.restrict(request.user, 'add').filter(pk=ipaddress.pk).first():
+            raise PermissionsViolation()
+

 class FHRPGroupDeleteView(generic.ObjectDeleteView):
    queryset = FHRPGroup.objects.all()
--- a/netbox/netbox/views/generic/object_views.py
+++ b/netbox/netbox/views/generic/object_views.py
@ -362,6 +362,13 @@ class ObjectEditView(GetReturnURLMixin, BaseObjectView):
            **self.get_extra_context(request, obj),
        })

+    def save_related_data(self, request, form, objd):
+        """
+        Optionally override to save model specific related data after the form is saved.
+        Raise exception (PermissionsViolation) or such if error.
+        """
+        return
+
    def post(self, request, *args, **kwargs):
        """
        POST request handler.
@ -371,6 +378,7 @@ class ObjectEditView(GetReturnURLMixin, BaseObjectView):
        """
        logger = logging.getLogger('netbox.views.ObjectEditView')
        obj = self.get_object(**kwargs)
+        object_created = False

        # Take a snapshot for change logging (if editing an existing object)
        if obj.pk and hasattr(obj, 'snapshot'):
@ -389,6 +397,8 @@ class ObjectEditView(GetReturnURLMixin, BaseObjectView):
                    object_created = form.instance.pk is None
                    obj = form.save()

+                    self.save_related_data(request, form, obj)
+
                    # Check that the new object conforms with any assigned object-level permissions
                    if not self.queryset.filter(pk=obj.pk).exists():
                        raise PermissionsViolation()
@ -425,6 +435,8 @@ class ObjectEditView(GetReturnURLMixin, BaseObjectView):
                logger.debug(e.message)
                form.add_error(None, e.message)
                clear_webhooks.send(sender=self)
+                if object_created and obj:
+                    obj.pk = None

        else:
            logger.debug("Form validation failed")