From 8412f9481cacc3dac9173b97703621edd023f79f Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 26 Jun 2020 13:18:12 -0400 Subject: [PATCH] Force restriction of RestrictedQuerySet even for superusers --- netbox/utilities/api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/utilities/api.py b/netbox/utilities/api.py index 50401dfd1..2e2d7f7f5 100644 --- a/netbox/utilities/api.py +++ b/netbox/utilities/api.py @@ -327,7 +327,7 @@ class ModelViewSet(_ModelViewSet): def initial(self, request, *args, **kwargs): super().initial(request, *args, **kwargs) - if not request.user.is_authenticated or request.user.is_superuser: + if not request.user.is_authenticated: return # TODO: Reconcile this with TokenPermissions.perms_map