From b1439dc298e4988f95c1aeda6ca8c7caf56e3282 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Tue, 2 Sep 2025 15:38:32 -0400 Subject: [PATCH 1/6] Closes #19889: Drop support for Python 3.10 & 3.11 --- .github/ISSUE_TEMPLATE/02-bug_report.yaml | 2 -- .github/workflows/ci.yml | 2 +- docs/development/getting-started.md | 2 +- docs/installation/3-netbox.md | 8 ++++---- docs/installation/4a-gunicorn.md | 3 --- docs/installation/index.md | 2 +- netbox/netbox/settings.py | 4 ++-- netbox/utilities/datetime.py | 5 ----- pyproject.toml | 6 ++---- upgrade.sh | 8 ++++---- 10 files changed, 15 insertions(+), 27 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/02-bug_report.yaml b/.github/ISSUE_TEMPLATE/02-bug_report.yaml index f25b70b19..2a70c13b9 100644 --- a/.github/ISSUE_TEMPLATE/02-bug_report.yaml +++ b/.github/ISSUE_TEMPLATE/02-bug_report.yaml @@ -35,8 +35,6 @@ body: label: Python Version description: What version of Python are you currently running? options: - - "3.10" - - "3.11" - "3.12" validations: required: true diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 85070d98e..a7bf43fe2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: NETBOX_CONFIGURATION: netbox.configuration_testing strategy: matrix: - python-version: ['3.10', '3.11', '3.12'] + python-version: ['3.12'] node-version: ['20.x'] services: redis: diff --git a/docs/development/getting-started.md b/docs/development/getting-started.md index 8add82c90..956226760 100644 --- a/docs/development/getting-started.md +++ b/docs/development/getting-started.md @@ -7,7 +7,7 @@ Getting started with NetBox development is pretty straightforward, and should fe * A Linux system or compatible environment * A PostgreSQL server, which can be installed locally [per the documentation](../installation/1-postgresql.md) * A Redis server, which can also be [installed locally](../installation/2-redis.md) -* Python 3.10 or later +* Python 3.12 or later ### 1. Fork the Repo diff --git a/docs/installation/3-netbox.md b/docs/installation/3-netbox.md index acf04dc2a..1b4633610 100644 --- a/docs/installation/3-netbox.md +++ b/docs/installation/3-netbox.md @@ -6,8 +6,8 @@ This section of the documentation discusses installing and configuring the NetBo Begin by installing all system packages required by NetBox and its dependencies. -!!! warning "Python 3.10 or later required" - NetBox supports Python 3.10, 3.11, and 3.12. +!!! warning "Python 3.12 or later required" + NetBox supports only Python 3.12 or later. ```no-highlight sudo apt install -y python3 python3-pip python3-venv python3-dev \ @@ -15,7 +15,7 @@ build-essential libxml2-dev libxslt1-dev libffi-dev libpq-dev \ libssl-dev zlib1g-dev ``` -Before continuing, check that your installed Python version is at least 3.10: +Before continuing, check that your installed Python version is at least 3.12: ```no-highlight python3 -V @@ -235,7 +235,7 @@ Once NetBox has been configured, we're ready to proceed with the actual installa sudo /opt/netbox/upgrade.sh ``` -Note that **Python 3.10 or later is required** for NetBox v4.0 and later releases. If the default Python installation on your server is set to a lesser version, pass the path to the supported installation as an environment variable named `PYTHON`. (Note that the environment variable must be passed _after_ the `sudo` command.) +Note that **Python 3.12 or later is required** for NetBox v4.5 and later releases. If the default Python installation on your server is set to a lesser version, pass the path to the supported installation as an environment variable named `PYTHON`. (Note that the environment variable must be passed _after_ the `sudo` command.) ```no-highlight sudo PYTHON=/usr/bin/python3.10 /opt/netbox/upgrade.sh diff --git a/docs/installation/4a-gunicorn.md b/docs/installation/4a-gunicorn.md index 3aca4ef0e..91bbcd0e5 100644 --- a/docs/installation/4a-gunicorn.md +++ b/docs/installation/4a-gunicorn.md @@ -60,6 +60,3 @@ You should see output similar to the following: If the NetBox service fails to start, issue the command `journalctl -eu netbox` to check for log messages that may indicate the problem. Once you've verified that the WSGI workers are up and running, move on to HTTP server setup. - -!!! note - There is a bug in the current stable release of gunicorn (v21.2.0) where automatic restarts of the worker processes can result in 502 errors under heavy load. (See [gunicorn bug #3038](https://github.com/benoitc/gunicorn/issues/3038) for more detail.) Users who encounter this issue may opt to downgrade to an earlier, unaffected release of gunicorn (`pip install gunicorn==20.1.0`). Note, however, that this earlier release does not officially support Python 3.11. diff --git a/docs/installation/index.md b/docs/installation/index.md index aefa39d17..08146ea2a 100644 --- a/docs/installation/index.md +++ b/docs/installation/index.md @@ -27,7 +27,7 @@ The following sections detail how to set up a new instance of NetBox: | Dependency | Supported Versions | |------------|--------------------| -| Python | 3.10, 3.11, 3.12 | +| Python | 3.12+ | | PostgreSQL | 14+ | | Redis | 4.0+ | diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py index c9eed75e1..3bf453ca3 100644 --- a/netbox/netbox/settings.py +++ b/netbox/netbox/settings.py @@ -31,9 +31,9 @@ VERSION = RELEASE.full_version # Retained for backward compatibility BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) # Validate Python version -if sys.version_info < (3, 10): +if sys.version_info < (3, 12): raise RuntimeError( - f"NetBox requires Python 3.10 or later. (Currently installed: Python {platform.python_version()})" + f"NetBox requires Python 3.12 or later. (Currently installed: Python {platform.python_version()})" ) # diff --git a/netbox/utilities/datetime.py b/netbox/utilities/datetime.py index d54ea7c46..e3853cd99 100644 --- a/netbox/utilities/datetime.py +++ b/netbox/utilities/datetime.py @@ -20,9 +20,4 @@ def datetime_from_timestamp(value): """ Convert an ISO 8601 or RFC 3339 timestamp to a datetime object. """ - # Work around UTC issue for Python < 3.11; see - # https://docs.python.org/3/library/datetime.html#datetime.datetime.fromisoformat - # TODO: Remove this once Python 3.10 is no longer supported - if type(value) is str and value.endswith('Z'): - value = f'{value[:-1]}+00:00' return datetime.datetime.fromisoformat(value) diff --git a/pyproject.toml b/pyproject.toml index ca437c649..8d44db59f 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ [project] name = "netbox" version = "4.4.0" -requires-python = ">=3.10" +requires-python = ">=3.12" description = "The premier source of truth powering network automation." readme = "README.md" license = "Apache-2.0" @@ -15,8 +15,6 @@ classifiers = [ "Natural Language :: English", "Programming Language :: Python", "Programming Language :: Python :: 3 :: Only", - "Programming Language :: Python :: 3.10", - "Programming Language :: Python :: 3.11", "Programming Language :: Python :: 3.12", ] @@ -28,7 +26,7 @@ Issues = "https://github.com/netbox-community/netbox/issues" [tool.black] line-length = 120 -target_version = ['py310', 'py311', 'py312'] +target_version = ['py312'] skip-string-normalization = true [tool.isort] diff --git a/upgrade.sh b/upgrade.sh index 75a3ffc7f..ac4788def 100755 --- a/upgrade.sh +++ b/upgrade.sh @@ -4,7 +4,7 @@ # This script will invoke Python with the value of the PYTHON environment # variable (if set), or fall back to "python3". Note that NetBox v4.0+ requires -# Python 3.10 or later. +# Python 3.12 or later. # Parse arguments if [[ "$1" == "--readonly" ]]; then @@ -22,15 +22,15 @@ VIRTUALENV="$(pwd -P)/venv" PYTHON="${PYTHON:-python3}" # Validate the minimum required Python version -COMMAND="${PYTHON} -c 'import sys; exit(1 if sys.version_info < (3, 10) else 0)'" +COMMAND="${PYTHON} -c 'import sys; exit(1 if sys.version_info < (3, 12) else 0)'" PYTHON_VERSION=$(eval "${PYTHON} -V") eval $COMMAND || { echo "--------------------------------------------------------------------" echo "ERROR: Unsupported Python version: ${PYTHON_VERSION}. NetBox requires" - echo "Python 3.10 or later. To specify an alternate Python executable, set" + echo "Python 3.12 or later. To specify an alternate Python executable, set" echo "the PYTHON environment variable. For example:" echo "" - echo " sudo PYTHON=/usr/bin/python3.10 ./upgrade.sh" + echo " sudo PYTHON=/usr/bin/python3.12 ./upgrade.sh" echo "" echo "To show your current Python version: ${PYTHON} -V" echo "--------------------------------------------------------------------" From 530dad279aff7927227a272f23f9357f3f56ed93 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 5 Sep 2025 08:49:59 -0400 Subject: [PATCH 2/6] Closes #20095: Remove obsolete module core.models.contenttypes (#20250) --- netbox/core/models/contenttypes.py | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 netbox/core/models/contenttypes.py diff --git a/netbox/core/models/contenttypes.py b/netbox/core/models/contenttypes.py deleted file mode 100644 index 3d5c5e8b2..000000000 --- a/netbox/core/models/contenttypes.py +++ /dev/null @@ -1,3 +0,0 @@ -# TODO: Remove this module in NetBox v4.5 -# Provided for backward compatibility -from .object_types import * From ec9da881348406e270c829c67829dbe3ed0cf992 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Mon, 8 Sep 2025 15:36:12 -0400 Subject: [PATCH 3/6] Closes #19095: Introduce support for Python 3.13 & 3.14 --- .github/ISSUE_TEMPLATE/02-bug_report.yaml | 2 ++ .github/workflows/ci.yml | 2 +- docs/installation/3-netbox.md | 2 +- docs/installation/index.md | 2 +- docs/installation/upgrading.md | 5 +++-- docs/plugins/development/index.md | 8 ++++---- pyproject.toml | 4 +++- 7 files changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/02-bug_report.yaml b/.github/ISSUE_TEMPLATE/02-bug_report.yaml index 2a70c13b9..de92b3b8d 100644 --- a/.github/ISSUE_TEMPLATE/02-bug_report.yaml +++ b/.github/ISSUE_TEMPLATE/02-bug_report.yaml @@ -36,6 +36,8 @@ body: description: What version of Python are you currently running? options: - "3.12" + - "3.13" + - "3.14" validations: required: true - type: textarea diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a7bf43fe2..2fbc48d5a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: NETBOX_CONFIGURATION: netbox.configuration_testing strategy: matrix: - python-version: ['3.12'] + python-version: ['3.12', '3.13', '3.14'] node-version: ['20.x'] services: redis: diff --git a/docs/installation/3-netbox.md b/docs/installation/3-netbox.md index 1b4633610..c192a3094 100644 --- a/docs/installation/3-netbox.md +++ b/docs/installation/3-netbox.md @@ -238,7 +238,7 @@ sudo /opt/netbox/upgrade.sh Note that **Python 3.12 or later is required** for NetBox v4.5 and later releases. If the default Python installation on your server is set to a lesser version, pass the path to the supported installation as an environment variable named `PYTHON`. (Note that the environment variable must be passed _after_ the `sudo` command.) ```no-highlight -sudo PYTHON=/usr/bin/python3.10 /opt/netbox/upgrade.sh +sudo PYTHON=/usr/bin/python3.12 /opt/netbox/upgrade.sh ``` !!! note diff --git a/docs/installation/index.md b/docs/installation/index.md index 08146ea2a..73bf1220c 100644 --- a/docs/installation/index.md +++ b/docs/installation/index.md @@ -27,7 +27,7 @@ The following sections detail how to set up a new instance of NetBox: | Dependency | Supported Versions | |------------|--------------------| -| Python | 3.12+ | +| Python | 3.12, 3.13, 3.14 | | PostgreSQL | 14+ | | Redis | 4.0+ | diff --git a/docs/installation/upgrading.md b/docs/installation/upgrading.md index cf0a16754..ce5282b04 100644 --- a/docs/installation/upgrading.md +++ b/docs/installation/upgrading.md @@ -19,7 +19,7 @@ NetBox requires the following dependencies: | Dependency | Supported Versions | |------------|--------------------| -| Python | 3.10, 3.11, 3.12 | +| Python | 3.12, 3.13, 3.14 | | PostgreSQL | 14+ | | Redis | 4.0+ | @@ -27,6 +27,7 @@ NetBox requires the following dependencies: | NetBox Version | Python min | Python max | PostgreSQL min | Redis min | Documentation | |:--------------:|:----------:|:----------:|:--------------:|:---------:|:-----------------------------------------------------------------------------------------:| +| 4.5 | 3.12 | 3.14 | 14 | 4.0 | [Link](https://github.com/netbox-community/netbox/blob/v4.5.0/docs/installation/index.md) | | 4.4 | 3.10 | 3.12 | 14 | 4.0 | [Link](https://github.com/netbox-community/netbox/blob/v4.4.0/docs/installation/index.md) | | 4.3 | 3.10 | 3.12 | 14 | 4.0 | [Link](https://github.com/netbox-community/netbox/blob/v4.3.0/docs/installation/index.md) | | 4.2 | 3.10 | 3.12 | 13 | 4.0 | [Link](https://github.com/netbox-community/netbox/blob/v4.2.0/docs/installation/index.md) | @@ -130,7 +131,7 @@ sudo ./upgrade.sh If the default version of Python is not at least 3.10, you'll need to pass the path to a supported Python version as an environment variable when calling the upgrade script. For example: ```no-highlight - sudo PYTHON=/usr/bin/python3.10 ./upgrade.sh + sudo PYTHON=/usr/bin/python3.12 ./upgrade.sh ``` !!! note diff --git a/docs/plugins/development/index.md b/docs/plugins/development/index.md index 56bde5e41..df8876391 100644 --- a/docs/plugins/development/index.md +++ b/docs/plugins/development/index.md @@ -173,12 +173,12 @@ classifiers=[ 'Intended Audience :: Developers', 'Natural Language :: English', "Programming Language :: Python :: 3 :: Only", - 'Programming Language :: Python :: 3.10', - 'Programming Language :: Python :: 3.11', 'Programming Language :: Python :: 3.12', + 'Programming Language :: Python :: 3.13', + 'Programming Language :: Python :: 3.14', ] -requires-python = ">=3.10.0" +requires-python = ">=3.12.0" ``` @@ -195,7 +195,7 @@ python3 -m venv ~/.virtualenvs/my_plugin You can make NetBox available within this environment by creating a path file pointing to its location. This will add NetBox to the Python path upon activation. (Be sure to adjust the command below to specify your actual virtual environment path, Python version, and NetBox installation.) ```shell -echo /opt/netbox/netbox > $VENV/lib/python3.10/site-packages/netbox.pth +echo /opt/netbox/netbox > $VENV/lib/python3.12/site-packages/netbox.pth ``` ## Development Installation diff --git a/pyproject.toml b/pyproject.toml index 8d44db59f..bd84e8bb6 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -16,6 +16,8 @@ classifiers = [ "Programming Language :: Python", "Programming Language :: Python :: 3 :: Only", "Programming Language :: Python :: 3.12", + "Programming Language :: Python :: 3.13", + "Programming Language :: Python :: 3.14", ] [project.urls] @@ -26,7 +28,7 @@ Issues = "https://github.com/netbox-community/netbox/issues" [tool.black] line-length = 120 -target_version = ['py312'] +target_version = ['py312', 'py313', 'py314'] skip-string-normalization = true [tool.isort] From 550690186730285be1747baf9c7df451f3ac18ea Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Mon, 8 Sep 2025 15:41:06 -0400 Subject: [PATCH 4/6] Omit Python 3.14 from the testing matrix temporarily --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 2fbc48d5a..1cd9b9463 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,7 +31,7 @@ jobs: NETBOX_CONFIGURATION: netbox.configuration_testing strategy: matrix: - python-version: ['3.12', '3.13', '3.14'] + python-version: ['3.12', '3.13'] node-version: ['20.x'] services: redis: From c0e4d1c1e3a799046e9f1def844c075c4151822b Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Wed, 10 Sep 2025 16:51:59 -0400 Subject: [PATCH 5/6] Closes #16137: Remove `is_staff` boolean from User model (#20306) * Closes #16137: Remove is_staff boolean from User model * Remove default is_staff value from UserManager.create_user() * Restore staff_only on MenuItem * Introduce IsSuperuser API permission to replace IsAdminUser * Update and improve RQ task API view tests * Remove is_staff attribute assignment from RemoteUserBackend --- .../administration/authentication/overview.md | 2 +- docs/configuration/remote-authentication.md | 16 --- docs/installation/6-ldap.md | 3 - docs/plugins/development/navigation.md | 19 +-- netbox/core/api/views.py | 4 +- netbox/core/tests/test_api.py | 109 ++++++++++++++---- netbox/core/tests/test_views.py | 8 +- netbox/core/views.py | 6 +- netbox/netbox/authentication/__init__.py | 20 +--- netbox/netbox/plugins/views.py | 4 +- netbox/netbox/settings.py | 2 - netbox/netbox/views/misc.py | 4 +- netbox/templates/account/profile.html | 4 - netbox/templates/inc/user_menu.html | 2 - netbox/templates/media_failure.html | 2 +- netbox/templates/users/user.html | 4 - netbox/users/api/serializers_/users.py | 2 +- netbox/users/filtersets.py | 2 +- netbox/users/forms/bulk_edit.py | 7 +- netbox/users/forms/bulk_import.py | 3 +- netbox/users/forms/filtersets.py | 9 +- netbox/users/forms/model_forms.py | 4 +- netbox/users/graphql/filters.py | 1 - netbox/users/graphql/types.py | 2 +- .../migrations/0012_user_remove_is_staff.py | 15 +++ netbox/users/models/users.py | 71 +++++++++++- netbox/users/tables.py | 7 +- netbox/users/tests/test_filtersets.py | 5 - netbox/utilities/api.py | 10 ++ netbox/utilities/templatetags/navigation.py | 2 +- 30 files changed, 220 insertions(+), 129 deletions(-) create mode 100644 netbox/users/migrations/0012_user_remove_is_staff.py diff --git a/docs/administration/authentication/overview.md b/docs/administration/authentication/overview.md index 19c86a4c0..6b805ee92 100644 --- a/docs/administration/authentication/overview.md +++ b/docs/administration/authentication/overview.md @@ -2,7 +2,7 @@ ## Local Authentication -Local user accounts and groups can be created in NetBox under the "Authentication" section in the "Admin" menu. This section is available only to users with the "staff" permission enabled. +Local user accounts and groups can be created in NetBox under the "Authentication" section in the "Admin" menu. At a minimum, each user account must have a username and password set. User accounts may also denote a first name, last name, and email address. [Permissions](../permissions.md) may also be assigned to individual users and/or groups as needed. diff --git a/docs/configuration/remote-authentication.md b/docs/configuration/remote-authentication.md index 5d5f1ee58..2dbb689c2 100644 --- a/docs/configuration/remote-authentication.md +++ b/docs/configuration/remote-authentication.md @@ -127,19 +127,3 @@ The list of groups that promote an remote User to Superuser on Login. If group i Default: `[]` (Empty list) The list of users that get promoted to Superuser on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` ) - ---- - -## REMOTE_AUTH_STAFF_GROUPS - -Default: `[]` (Empty list) - -The list of groups that promote an remote User to Staff on Login. If group isn't present on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` ) - ---- - -## REMOTE_AUTH_STAFF_USERS - -Default: `[]` (Empty list) - -The list of users that get promoted to Staff on Login. If user isn't present in list on next Login, the Role gets revoked. (Requires `REMOTE_AUTH_ENABLED` and `REMOTE_AUTH_GROUP_SYNC_ENABLED` ) diff --git a/docs/installation/6-ldap.md b/docs/installation/6-ldap.md index 7de9f116d..4d27f2f01 100644 --- a/docs/installation/6-ldap.md +++ b/docs/installation/6-ldap.md @@ -121,7 +121,6 @@ AUTH_LDAP_MIRROR_GROUPS = True # Define special user types using groups. Exercise great caution when assigning superuser status. AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": "cn=active,ou=groups,dc=example,dc=com", - "is_staff": "cn=staff,ou=groups,dc=example,dc=com", "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com" } @@ -134,7 +133,6 @@ AUTH_LDAP_CACHE_TIMEOUT = 3600 ``` * `is_active` - All users must be mapped to at least this group to enable authentication. Without this, users cannot log in. -* `is_staff` - Users mapped to this group are enabled for access to the administration tools; this is the equivalent of checking the "staff status" box on a manually created user. This doesn't grant any specific permissions. * `is_superuser` - Users mapped to this group will be granted superuser status. Superusers are implicitly granted all permissions. !!! warning @@ -248,7 +246,6 @@ AUTH_LDAP_MIRROR_GROUPS = True # Define special user types using groups. Exercise great caution when assigning superuser status. AUTH_LDAP_USER_FLAGS_BY_GROUP = { "is_active": "cn=active,ou=groups,dc=example,dc=com", - "is_staff": "cn=staff,ou=groups,dc=example,dc=com", "is_superuser": "cn=superuser,ou=groups,dc=example,dc=com" } diff --git a/docs/plugins/development/navigation.md b/docs/plugins/development/navigation.md index b5e2694b4..bb855bcea 100644 --- a/docs/plugins/development/navigation.md +++ b/docs/plugins/development/navigation.md @@ -64,14 +64,17 @@ item1 = PluginMenuItem( A `PluginMenuItem` has the following attributes: -| Attribute | Required | Description | -|-----------------|----------|----------------------------------------------------------------------------------------------------------| -| `link` | Yes | Name of the URL path to which this menu item links | -| `link_text` | Yes | The text presented to the user | -| `permissions` | - | A list of permissions required to display this link | -| `auth_required` | - | Display only for authenticated users | -| `staff_only` | - | Display only for users who have `is_staff` set to true (any specified permissions will also be required) | -| `buttons` | - | An iterable of PluginMenuButton instances to include | +| Attribute | Required | Description | +|-----------------|----------|------------------------------------------------------| +| `link` | Yes | Name of the URL path to which this menu item links | +| `link_text` | Yes | The text presented to the user | +| `permissions` | - | A list of permissions required to display this link | +| `auth_required` | - | Display only for authenticated users | +| `staff_only` | - | Display only for superusers | +| `buttons` | - | An iterable of PluginMenuButton instances to include | + +!!! note "Changed in NetBox v4.5" + In releases prior to NetBox v4.5, `staff_only` restricted display of a menu item to only users with `is_staff` set to True. In NetBox v4.5, the `is_staff` flag was removed from the user model. Menu items with `staff_only` set to True are now displayed only for superusers. ## Menu Buttons diff --git a/netbox/core/api/views.py b/netbox/core/api/views.py index e9569a717..afa30ce56 100644 --- a/netbox/core/api/views.py +++ b/netbox/core/api/views.py @@ -9,7 +9,6 @@ from drf_spectacular.utils import extend_schema from rest_framework import viewsets from rest_framework.decorators import action from rest_framework.exceptions import PermissionDenied -from rest_framework.permissions import IsAdminUser from rest_framework.response import Response from rest_framework.routers import APIRootView from rest_framework.viewsets import ReadOnlyModelViewSet @@ -24,6 +23,7 @@ from netbox.api.authentication import IsAuthenticatedOrLoginNotRequired from netbox.api.metadata import ContentTypeMetadata from netbox.api.pagination import LimitOffsetListPagination from netbox.api.viewsets import NetBoxModelViewSet, NetBoxReadOnlyModelViewSet +from utilities.api import IsSuperuser from . import serializers @@ -99,7 +99,7 @@ class BaseRQViewSet(viewsets.ViewSet): """ Base class for RQ view sets. Provides a list() method. Subclasses must implement get_data(). """ - permission_classes = [IsAdminUser] + permission_classes = [IsSuperuser] serializer_class = None def get_data(self): diff --git a/netbox/core/tests/test_api.py b/netbox/core/tests/test_api.py index 4a285bdb4..159a8e5e1 100644 --- a/netbox/core/tests/test_api.py +++ b/netbox/core/tests/test_api.py @@ -134,10 +134,7 @@ class BackgroundTaskTestCase(TestCase): Create a user and token for API calls. """ # Create the test user and assign permissions - self.user = User.objects.create_user(username='testuser') - self.user.is_staff = True - self.user.is_active = True - self.user.save() + self.user = User.objects.create_user(username='testuser', is_active=True) self.token = Token.objects.create(user=self.user) self.header = {'HTTP_AUTHORIZATION': f'Token {self.token.key}'} @@ -150,13 +147,11 @@ class BackgroundTaskTestCase(TestCase): url = reverse('core-api:rqqueue-list') # Attempt to load view without permission - self.user.is_staff = False - self.user.save() response = self.client.get(url, **self.header) self.assertEqual(response.status_code, 403) # Load view with permission - self.user.is_staff = True + self.user.is_superuser = True self.user.save() response = self.client.get(url, **self.header) self.assertEqual(response.status_code, 200) @@ -165,7 +160,16 @@ class BackgroundTaskTestCase(TestCase): self.assertIn('low', str(response.content)) def test_background_queue(self): - response = self.client.get(reverse('core-api:rqqueue-detail', args=['default']), **self.header) + url = reverse('core-api:rqqueue-detail', args=['default']) + + # Attempt to load view without permission + response = self.client.get(url, **self.header) + self.assertEqual(response.status_code, 403) + + # Load view with permission + self.user.is_superuser = True + self.user.save() + response = self.client.get(url, **self.header) self.assertEqual(response.status_code, 200) self.assertIn('default', str(response.content)) self.assertIn('oldest_job_timestamp', str(response.content)) @@ -174,8 +178,16 @@ class BackgroundTaskTestCase(TestCase): def test_background_task_list(self): queue = get_queue('default') queue.enqueue(self.dummy_job_default) + url = reverse('core-api:rqtask-list') - response = self.client.get(reverse('core-api:rqtask-list'), **self.header) + # Attempt to load view without permission + response = self.client.get(url, **self.header) + self.assertEqual(response.status_code, 403) + + # Load view with permission + self.user.is_superuser = True + self.user.save() + response = self.client.get(url, **self.header) self.assertEqual(response.status_code, 200) self.assertIn('origin', str(response.content)) self.assertIn('core.tests.test_api.BackgroundTaskTestCase.dummy_job_default()', str(response.content)) @@ -183,8 +195,16 @@ class BackgroundTaskTestCase(TestCase): def test_background_task(self): queue = get_queue('default') job = queue.enqueue(self.dummy_job_default) + url = reverse('core-api:rqtask-detail', args=[job.id]) - response = self.client.get(reverse('core-api:rqtask-detail', args=[job.id]), **self.header) + # Attempt to load view without permission + response = self.client.get(url, **self.header) + self.assertEqual(response.status_code, 403) + + # Load view with permission + self.user.is_superuser = True + self.user.save() + response = self.client.get(url, **self.header) self.assertEqual(response.status_code, 200) self.assertIn(str(job.id), str(response.content)) self.assertIn('origin', str(response.content)) @@ -194,45 +214,65 @@ class BackgroundTaskTestCase(TestCase): def test_background_task_delete(self): queue = get_queue('default') job = queue.enqueue(self.dummy_job_default) + url = reverse('core-api:rqtask-delete', args=[job.id]) - response = self.client.post(reverse('core-api:rqtask-delete', args=[job.id]), **self.header) + # Attempt to load view without permission + response = self.client.get(url, **self.header) + self.assertEqual(response.status_code, 403) + + # Load view with permission + self.user.is_superuser = True + self.user.save() + response = self.client.post(url, **self.header) self.assertEqual(response.status_code, 200) self.assertFalse(RQ_Job.exists(job.id, connection=queue.connection)) queue = get_queue('default') self.assertNotIn(job.id, queue.job_ids) def test_background_task_requeue(self): - queue = get_queue('default') - # Enqueue & run a job that will fail + queue = get_queue('default') job = queue.enqueue(self.dummy_job_failing) worker = get_worker('default') with disable_logging(): worker.work(burst=True) self.assertTrue(job.is_failed) + url = reverse('core-api:rqtask-requeue', args=[job.id]) + + # Attempt to requeue the job without permission + response = self.client.post(url, **self.header) + self.assertEqual(response.status_code, 403) # Re-enqueue the failed job and check that its status has been reset - response = self.client.post(reverse('core-api:rqtask-requeue', args=[job.id]), **self.header) + self.user.is_superuser = True + self.user.save() + response = self.client.post(url, **self.header) self.assertEqual(response.status_code, 200) job = RQ_Job.fetch(job.id, queue.connection) self.assertFalse(job.is_failed) def test_background_task_enqueue(self): - queue = get_queue('default') - # Enqueue some jobs that each depends on its predecessor + queue = get_queue('default') job = previous_job = None for _ in range(0, 3): job = queue.enqueue(self.dummy_job_default, depends_on=previous_job) previous_job = job + url = reverse('core-api:rqtask-enqueue', args=[job.id]) # Check that the last job to be enqueued has a status of deferred self.assertIsNotNone(job) self.assertEqual(job.get_status(), JobStatus.DEFERRED) self.assertIsNone(job.enqueued_at) + # Attempt to force-enqueue the job without permission + response = self.client.post(url, **self.header) + self.assertEqual(response.status_code, 403) + # Force-enqueue the deferred job - response = self.client.post(reverse('core-api:rqtask-enqueue', args=[job.id]), **self.header) + self.user.is_superuser = True + self.user.save() + response = self.client.post(url, **self.header) self.assertEqual(response.status_code, 200) # Check that job's status is updated correctly @@ -242,19 +282,27 @@ class BackgroundTaskTestCase(TestCase): def test_background_task_stop(self): queue = get_queue('default') - worker = get_worker('default') job = queue.enqueue(self.dummy_job_default) worker.prepare_job_execution(job) - + url = reverse('core-api:rqtask-stop', args=[job.id]) self.assertEqual(job.get_status(), JobStatus.STARTED) - response = self.client.post(reverse('core-api:rqtask-stop', args=[job.id]), **self.header) + + # Attempt to stop the task without permission + response = self.client.post(url, **self.header) + self.assertEqual(response.status_code, 403) + + # Stop the task + self.user.is_superuser = True + self.user.save() + response = self.client.post(url, **self.header) self.assertEqual(response.status_code, 200) with disable_logging(): worker.monitor_work_horse(job, queue) # Sets the job as Failed and removes from Started started_job_registry = StartedJobRegistry(queue.name, connection=queue.connection) self.assertEqual(len(started_job_registry), 0) + # Verify that the task was cancelled canceled_job_registry = FailedJobRegistry(queue.name, connection=queue.connection) self.assertEqual(len(canceled_job_registry), 1) self.assertIn(job.id, canceled_job_registry) @@ -262,19 +310,34 @@ class BackgroundTaskTestCase(TestCase): def test_worker_list(self): worker1 = get_worker('default', name=uuid.uuid4().hex) worker1.register_birth() - worker2 = get_worker('high') worker2.register_birth() + url = reverse('core-api:rqworker-list') - response = self.client.get(reverse('core-api:rqworker-list'), **self.header) + # Attempt to fetch the worker list without permission + response = self.client.get(url, **self.header) + self.assertEqual(response.status_code, 403) + + # Fetch the worker list + self.user.is_superuser = True + self.user.save() + response = self.client.get(url, **self.header) self.assertEqual(response.status_code, 200) self.assertIn(str(worker1.name), str(response.content)) def test_worker(self): worker1 = get_worker('default', name=uuid.uuid4().hex) worker1.register_birth() + url = reverse('core-api:rqworker-detail', args=[worker1.name]) - response = self.client.get(reverse('core-api:rqworker-detail', args=[worker1.name]), **self.header) + # Attempt to fetch a worker without permission + response = self.client.get(url, **self.header) + self.assertEqual(response.status_code, 403) + + # Fetch the worker + self.user.is_superuser = True + self.user.save() + response = self.client.get(url, **self.header) self.assertEqual(response.status_code, 200) self.assertIn(str(worker1.name), str(response.content)) self.assertIn('birth_date', str(response.content)) diff --git a/netbox/core/tests/test_views.py b/netbox/core/tests/test_views.py index 1001243eb..2f0ef59e6 100644 --- a/netbox/core/tests/test_views.py +++ b/netbox/core/tests/test_views.py @@ -158,7 +158,7 @@ class BackgroundTaskTestCase(TestCase): def setUp(self): super().setUp() - self.user.is_staff = True + self.user.is_superuser = True self.user.is_active = True self.user.save() @@ -171,13 +171,13 @@ class BackgroundTaskTestCase(TestCase): url = reverse('core:background_queue_list') # Attempt to load view without permission - self.user.is_staff = False + self.user.is_superuser = False self.user.save() response = self.client.get(url) self.assertEqual(response.status_code, 403) # Load view with permission - self.user.is_staff = True + self.user.is_superuser = True self.user.save() response = self.client.get(url) self.assertEqual(response.status_code, 200) @@ -356,7 +356,7 @@ class SystemTestCase(TestCase): def setUp(self): super().setUp() - self.user.is_staff = True + self.user.is_superuser = True self.user.save() def test_system_view_default(self): diff --git a/netbox/core/views.py b/netbox/core/views.py index b18937308..aa3be7303 100644 --- a/netbox/core/views.py +++ b/netbox/core/views.py @@ -366,7 +366,7 @@ class ConfigRevisionRestoreView(ContentTypePermissionRequiredMixin, View): class BaseRQView(UserPassesTestMixin, View): def test_func(self): - return self.request.user.is_staff + return self.request.user.is_superuser class BackgroundQueueListView(TableMixin, BaseRQView): @@ -549,7 +549,7 @@ class WorkerView(BaseRQView): class SystemView(UserPassesTestMixin, View): def test_func(self): - return self.request.user.is_staff + return self.request.user.is_superuser def get(self, request): @@ -632,7 +632,7 @@ class BasePluginView(UserPassesTestMixin, View): CACHE_KEY_CATALOG_ERROR = 'plugins-catalog-error' def test_func(self): - return self.request.user.is_staff + return self.request.user.is_superuser def get_cached_plugins(self, request): catalog_plugins = {} diff --git a/netbox/netbox/authentication/__init__.py b/netbox/netbox/authentication/__init__.py index 25f9b902c..8596c59ab 100644 --- a/netbox/netbox/authentication/__init__.py +++ b/netbox/netbox/authentication/__init__.py @@ -184,14 +184,13 @@ class RemoteUserBackend(_RemoteUserBackend): else: user.groups.clear() logger.debug(f"Stripping user {user} from Groups") + + # Evaluate superuser status user.is_superuser = self._is_superuser(user) logger.debug(f"User {user} is Superuser: {user.is_superuser}") logger.debug( f"User {user} should be Superuser: {self._is_superuser(user)}") - user.is_staff = self._is_staff(user) - logger.debug(f"User {user} is Staff: {user.is_staff}") - logger.debug(f"User {user} should be Staff: {self._is_staff(user)}") user.save() return user @@ -251,19 +250,8 @@ class RemoteUserBackend(_RemoteUserBackend): return bool(result) def _is_staff(self, user): - logger = logging.getLogger('netbox.auth.RemoteUserBackend') - staff_groups = settings.REMOTE_AUTH_STAFF_GROUPS - logger.debug(f"Superuser Groups: {staff_groups}") - staff_users = settings.REMOTE_AUTH_STAFF_USERS - logger.debug(f"Staff Users :{staff_users}") - user_groups = set() - for g in user.groups.all(): - user_groups.add(g.name) - logger.debug(f"User {user.username} is in Groups:{user_groups}") - result = user.username in staff_users or ( - set(user_groups) & set(staff_groups)) - logger.debug(f"User {user.username} in Staff Users :{result}") - return bool(result) + # Retain for pre-v4.5 compatibility + return user.is_superuser def configure_user(self, request, user): logger = logging.getLogger('netbox.auth.RemoteUserBackend') diff --git a/netbox/netbox/plugins/views.py b/netbox/netbox/plugins/views.py index feee78e82..f413b8032 100644 --- a/netbox/netbox/plugins/views.py +++ b/netbox/netbox/plugins/views.py @@ -3,12 +3,12 @@ from collections import OrderedDict from django.apps import apps from django.urls.exceptions import NoReverseMatch from drf_spectacular.utils import extend_schema -from rest_framework import permissions from rest_framework.response import Response from rest_framework.reverse import reverse from rest_framework.views import APIView from netbox.registry import registry +from utilities.api import IsSuperuser @extend_schema(exclude=True) @@ -16,7 +16,7 @@ class InstalledPluginsAPIView(APIView): """ API view for listing all installed plugins """ - permission_classes = [permissions.IsAdminUser] + permission_classes = [IsSuperuser] _ignore_model_permissions = True schema = None diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py index 3bf453ca3..a0a6225c3 100644 --- a/netbox/netbox/settings.py +++ b/netbox/netbox/settings.py @@ -161,8 +161,6 @@ REMOTE_AUTH_SUPERUSERS = getattr(configuration, 'REMOTE_AUTH_SUPERUSERS', []) REMOTE_AUTH_USER_EMAIL = getattr(configuration, 'REMOTE_AUTH_USER_EMAIL', 'HTTP_REMOTE_USER_EMAIL') REMOTE_AUTH_USER_FIRST_NAME = getattr(configuration, 'REMOTE_AUTH_USER_FIRST_NAME', 'HTTP_REMOTE_USER_FIRST_NAME') REMOTE_AUTH_USER_LAST_NAME = getattr(configuration, 'REMOTE_AUTH_USER_LAST_NAME', 'HTTP_REMOTE_USER_LAST_NAME') -REMOTE_AUTH_STAFF_GROUPS = getattr(configuration, 'REMOTE_AUTH_STAFF_GROUPS', []) -REMOTE_AUTH_STAFF_USERS = getattr(configuration, 'REMOTE_AUTH_STAFF_USERS', []) # Required by extras/migrations/0109_script_models.py REPORTS_ROOT = getattr(configuration, 'REPORTS_ROOT', os.path.join(BASE_DIR, 'reports')).rstrip('/') RQ_DEFAULT_TIMEOUT = getattr(configuration, 'RQ_DEFAULT_TIMEOUT', 300) diff --git a/netbox/netbox/views/misc.py b/netbox/netbox/views/misc.py index ab995db66..4537f14c9 100644 --- a/netbox/netbox/views/misc.py +++ b/netbox/netbox/views/misc.py @@ -47,9 +47,9 @@ class HomeView(ConditionalLoginRequiredMixin, View): )) dashboard = get_default_dashboard(config=DEFAULT_DASHBOARD).get_layout() - # Check whether a new release is available. (Only for staff/superusers.) + # Check whether a new release is available. (Only for superusers.) new_release = None - if request.user.is_staff or request.user.is_superuser: + if request.user.is_superuser: latest_release = cache.get('latest_release') if latest_release: release_version, release_url = latest_release diff --git a/netbox/templates/account/profile.html b/netbox/templates/account/profile.html index 442cce9ba..8ef0db6e8 100644 --- a/netbox/templates/account/profile.html +++ b/netbox/templates/account/profile.html @@ -39,10 +39,6 @@ {% trans "Superuser" %} {% checkmark request.user.is_superuser %} - - {% trans "Staff" %} - {% checkmark request.user.is_staff %} - diff --git a/netbox/templates/inc/user_menu.html b/netbox/templates/inc/user_menu.html index 4cca0b57e..50173ea56 100644 --- a/netbox/templates/inc/user_menu.html +++ b/netbox/templates/inc/user_menu.html @@ -27,8 +27,6 @@
{% if request.user.is_superuser %} {% trans "Admin" %} - {% elif request.user.is_staff %} - {% trans "Staff" %} {% else %} {% trans "User" %} {% endif %} diff --git a/netbox/templates/media_failure.html b/netbox/templates/media_failure.html index 8f357aea1..50ee1b63f 100644 --- a/netbox/templates/media_failure.html +++ b/netbox/templates/media_failure.html @@ -37,7 +37,7 @@ path. Refer to the installation documentation for further guidance. {% endblocktrans %}
    - {% if request.user.is_staff or request.user.is_superuser %} + {% if request.user.is_superuser %}
  • STATIC_ROOT: {{ settings.STATIC_ROOT }}
    • {% endif %}
  • STATIC_URL: {{ settings.STATIC_URL }}
    • diff --git a/netbox/templates/users/user.html b/netbox/templates/users/user.html index 84e4cac68..90a0bb084 100644 --- a/netbox/templates/users/user.html +++ b/netbox/templates/users/user.html @@ -35,10 +35,6 @@ {% trans "Active" %} {% checkmark object.is_active %} - - {% trans "Staff" %} - {% checkmark object.is_staff %} - {% trans "Superuser" %} {% checkmark object.is_superuser %} diff --git a/netbox/users/api/serializers_/users.py b/netbox/users/api/serializers_/users.py index 7b4dc5a07..da2aa1820 100644 --- a/netbox/users/api/serializers_/users.py +++ b/netbox/users/api/serializers_/users.py @@ -52,7 +52,7 @@ class UserSerializer(ValidatedModelSerializer): model = User fields = ( 'id', 'url', 'display_url', 'display', 'username', 'password', 'first_name', 'last_name', 'email', - 'is_staff', 'is_active', 'date_joined', 'last_login', 'groups', 'permissions', + 'is_active', 'date_joined', 'last_login', 'groups', 'permissions', ) brief_fields = ('id', 'url', 'display', 'username') extra_kwargs = { diff --git a/netbox/users/filtersets.py b/netbox/users/filtersets.py index af769e437..4e1510410 100644 --- a/netbox/users/filtersets.py +++ b/netbox/users/filtersets.py @@ -81,7 +81,7 @@ class UserFilterSet(BaseFilterSet): class Meta: model = User fields = ( - 'id', 'username', 'first_name', 'last_name', 'email', 'date_joined', 'last_login', 'is_staff', 'is_active', + 'id', 'username', 'first_name', 'last_name', 'email', 'date_joined', 'last_login', 'is_active', 'is_superuser', ) diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index 7c50f1ed1..bca417b3d 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -37,11 +37,6 @@ class UserBulkEditForm(BulkEditForm): widget=BulkEditNullBooleanSelect, label=_('Active') ) - is_staff = forms.NullBooleanField( - required=False, - widget=BulkEditNullBooleanSelect, - label=_('Staff status') - ) is_superuser = forms.NullBooleanField( required=False, widget=BulkEditNullBooleanSelect, @@ -50,7 +45,7 @@ class UserBulkEditForm(BulkEditForm): model = User fieldsets = ( - FieldSet('first_name', 'last_name', 'is_active', 'is_staff', 'is_superuser'), + FieldSet('first_name', 'last_name', 'is_active', 'is_superuser'), ) nullable_fields = ('first_name', 'last_name') diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py index 748338a64..f478dedbf 100644 --- a/netbox/users/forms/bulk_import.py +++ b/netbox/users/forms/bulk_import.py @@ -23,8 +23,7 @@ class UserImportForm(CSVModelForm): class Meta: model = User fields = ( - 'username', 'first_name', 'last_name', 'email', 'password', 'is_staff', - 'is_active', 'is_superuser' + 'username', 'first_name', 'last_name', 'email', 'password', 'is_active', 'is_superuser' ) def save(self, *args, **kwargs): diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py index 750b77ba4..61e55949c 100644 --- a/netbox/users/forms/filtersets.py +++ b/netbox/users/forms/filtersets.py @@ -29,7 +29,7 @@ class UserFilterForm(NetBoxModelFilterSetForm): fieldsets = ( FieldSet('q', 'filter_id',), FieldSet('group_id', name=_('Group')), - FieldSet('is_active', 'is_staff', 'is_superuser', name=_('Status')), + FieldSet('is_active', 'is_superuser', name=_('Status')), ) group_id = DynamicModelMultipleChoiceField( queryset=Group.objects.all(), @@ -43,13 +43,6 @@ class UserFilterForm(NetBoxModelFilterSetForm): ), label=_('Is Active'), ) - is_staff = forms.NullBooleanField( - required=False, - widget=forms.Select( - choices=BOOLEAN_WITH_BLANK_CHOICES - ), - label=_('Is Staff'), - ) is_superuser = forms.NullBooleanField( required=False, widget=forms.Select( diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 505104c03..127e43e5a 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -192,7 +192,7 @@ class UserForm(forms.ModelForm): fieldsets = ( FieldSet('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email', name=_('User')), FieldSet('groups', name=_('Groups')), - FieldSet('is_active', 'is_staff', 'is_superuser', name=_('Status')), + FieldSet('is_active', 'is_superuser', name=_('Status')), FieldSet('object_permissions', name=_('Permissions')), ) @@ -200,7 +200,7 @@ class UserForm(forms.ModelForm): model = User fields = [ 'username', 'first_name', 'last_name', 'email', 'groups', 'object_permissions', - 'is_active', 'is_staff', 'is_superuser', + 'is_active', 'is_superuser', ] def __init__(self, *args, **kwargs): diff --git a/netbox/users/graphql/filters.py b/netbox/users/graphql/filters.py index 60a80181b..07f28bb88 100644 --- a/netbox/users/graphql/filters.py +++ b/netbox/users/graphql/filters.py @@ -27,7 +27,6 @@ class UserFilter(BaseObjectTypeFilterMixin): last_name: FilterLookup[str] | None = strawberry_django.filter_field() email: FilterLookup[str] | None = strawberry_django.filter_field() is_superuser: FilterLookup[bool] | None = strawberry_django.filter_field() - is_staff: FilterLookup[bool] | None = strawberry_django.filter_field() is_active: FilterLookup[bool] | None = strawberry_django.filter_field() date_joined: DatetimeFilterLookup[datetime] | None = strawberry_django.filter_field() last_login: DatetimeFilterLookup[datetime] | None = strawberry_django.filter_field() diff --git a/netbox/users/graphql/types.py b/netbox/users/graphql/types.py index c5b338553..5231194e5 100644 --- a/netbox/users/graphql/types.py +++ b/netbox/users/graphql/types.py @@ -25,7 +25,7 @@ class GroupType(BaseObjectType): @strawberry_django.type( User, fields=[ - 'id', 'username', 'first_name', 'last_name', 'email', 'is_staff', 'is_active', 'date_joined', 'groups', + 'id', 'username', 'first_name', 'last_name', 'email', 'is_active', 'date_joined', 'groups', ], filters=UserFilter, pagination=True diff --git a/netbox/users/migrations/0012_user_remove_is_staff.py b/netbox/users/migrations/0012_user_remove_is_staff.py new file mode 100644 index 000000000..04f90107d --- /dev/null +++ b/netbox/users/migrations/0012_user_remove_is_staff.py @@ -0,0 +1,15 @@ +from django.db import migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('users', '0011_concrete_objecttype'), + ] + + operations = [ + migrations.RemoveField( + model_name='user', + name='is_staff', + ), + ] diff --git a/netbox/users/models/users.py b/netbox/users/models/users.py index b5308f8d5..4a7e917b3 100644 --- a/netbox/users/models/users.py +++ b/netbox/users/models/users.py @@ -1,12 +1,16 @@ +from django.contrib.auth.base_user import AbstractBaseUser from django.contrib.auth.models import ( - AbstractUser, GroupManager as DjangoGroupManager, Permission, + PermissionsMixin, UserManager as DjangoUserManager ) +from django.contrib.auth.validators import UnicodeUsernameValidator from django.core.exceptions import ValidationError +from django.core.mail import send_mail from django.db import models from django.urls import reverse +from django.utils import timezone from django.utils.translation import gettext_lazy as _ from utilities.querysets import RestrictedQuerySet @@ -68,10 +72,48 @@ class Group(models.Model): class UserManager(DjangoUserManager.from_queryset(RestrictedQuerySet)): - pass + + def create_user(self, username, email=None, password=None, **extra_fields): + extra_fields.setdefault("is_superuser", False) + return self._create_user(username, email, password, **extra_fields) -class User(AbstractUser): +class User(AbstractBaseUser, PermissionsMixin): + username = models.CharField( + _("username"), + max_length=150, + unique=True, + help_text=_("Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only."), + validators=[UnicodeUsernameValidator()], + error_messages={ + "unique": _("A user with that username already exists."), + }, + ) + first_name = models.CharField( + _("first name"), + max_length=150, + blank=True, + ) + last_name = models.CharField( + _("last name"), + max_length=150, + blank=True, + ) + email = models.EmailField( + _("email address"), + blank=True, + ) + is_active = models.BooleanField( + _("active"), + default=True, + help_text=_( + "Designates whether this user should be treated as active. Unselect this instead of deleting accounts." + ), + ) + date_joined = models.DateTimeField( + _("date joined"), + default=timezone.now, + ) groups = models.ManyToManyField( to='users.Group', verbose_name=_('groups'), @@ -87,6 +129,11 @@ class User(AbstractUser): objects = UserManager() + # Ensure compatibility with Django's stock User model + EMAIL_FIELD = "email" + USERNAME_FIELD = "username" + REQUIRED_FIELDS = ["email"] + class Meta: ordering = ('username',) verbose_name = _('user') @@ -98,7 +145,25 @@ class User(AbstractUser): def clean(self): super().clean() + # Normalize email address + self.email = self.__class__.objects.normalize_email(self.email) + # Check for any existing Users with names that differ only in case model = self._meta.model if model.objects.exclude(pk=self.pk).filter(username__iexact=self.username).exists(): raise ValidationError(_("A user with this username already exists.")) + + def get_full_name(self): + """ + Return the first_name plus the last_name, with a space in between. + """ + full_name = "%s %s" % (self.first_name, self.last_name) + return full_name.strip() + + def get_short_name(self): + """Return the short name for the user.""" + return self.first_name + + def email_user(self, subject, message, from_email=None, **kwargs): + """Send an email to this user.""" + send_mail(subject, message, from_email, [self.email], **kwargs) diff --git a/netbox/users/tables.py b/netbox/users/tables.py index fc2f9702d..40cbeca47 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -38,9 +38,6 @@ class UserTable(NetBoxTable): is_active = columns.BooleanColumn( verbose_name=_('Is Active'), ) - is_staff = columns.BooleanColumn( - verbose_name=_('Is Staff'), - ) is_superuser = columns.BooleanColumn( verbose_name=_('Is Superuser'), ) @@ -51,8 +48,8 @@ class UserTable(NetBoxTable): class Meta(NetBoxTable.Meta): model = User fields = ( - 'pk', 'id', 'username', 'first_name', 'last_name', 'email', 'groups', 'is_active', 'is_staff', - 'is_superuser', 'last_login', + 'pk', 'id', 'username', 'first_name', 'last_name', 'email', 'groups', 'is_active', 'is_superuser', + 'last_login', ) default_columns = ('pk', 'username', 'first_name', 'last_name', 'email', 'is_active') diff --git a/netbox/users/tests/test_filtersets.py b/netbox/users/tests/test_filtersets.py index 8b683b346..e15df0d18 100644 --- a/netbox/users/tests/test_filtersets.py +++ b/netbox/users/tests/test_filtersets.py @@ -30,7 +30,6 @@ class UserTestCase(TestCase, BaseFilterSetTests): first_name='Hank', last_name='Hill', email='hank@stricklandpropane.com', - is_staff=True, is_superuser=True ), User( @@ -98,10 +97,6 @@ class UserTestCase(TestCase, BaseFilterSetTests): params = {'is_active': True} self.assertEqual(self.filterset(params, self.queryset).qs.count(), 4) - def test_is_staff(self): - params = {'is_staff': True} - self.assertEqual(self.filterset(params, self.queryset).qs.count(), 1) - def test_is_superuser(self): params = {'is_superuser': True} self.assertEqual(self.filterset(params, self.queryset).qs.count(), 1) diff --git a/netbox/utilities/api.py b/netbox/utilities/api.py index 0aec1daef..6e7ce5ffb 100644 --- a/netbox/utilities/api.py +++ b/netbox/utilities/api.py @@ -6,6 +6,7 @@ from django.db.models.fields.related import ManyToOneRel, RelatedField from django.urls import reverse from django.utils.module_loading import import_string from django.utils.translation import gettext_lazy as _ +from rest_framework.permissions import BasePermission from rest_framework.serializers import Serializer from rest_framework.views import get_view_name as drf_get_view_name @@ -16,6 +17,7 @@ from .query import count_related, dict_to_filter_params from .string import title __all__ = ( + 'IsSuperuser', 'get_annotations_for_serializer', 'get_graphql_type_for_model', 'get_prefetches_for_serializer', @@ -27,6 +29,14 @@ __all__ = ( ) +class IsSuperuser(BasePermission): + """ + Allows access only to superusers. + """ + def has_permission(self, request, view): + return bool(request.user and request.user.is_superuser) + + def get_serializer_for_model(model, prefix=''): """ Return the appropriate REST API serializer for the given model. diff --git a/netbox/utilities/templatetags/navigation.py b/netbox/utilities/templatetags/navigation.py index 176996aa1..2c7ce18dd 100644 --- a/netbox/utilities/templatetags/navigation.py +++ b/netbox/utilities/templatetags/navigation.py @@ -30,7 +30,7 @@ def nav(context): continue if not user.has_perms(item.permissions): continue - if item.staff_only and not user.is_staff: + if item.staff_only and not user.is_superuser: continue buttons = [ button for button in item.buttons if user.has_perms(button.permissions) From cfcea7c9418649491c5540adf650621b04f75091 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 11 Sep 2025 16:09:49 -0400 Subject: [PATCH 6/6] Closes #19898: Remove legacy /api/extras/object-types/ endpoint (#20324) Closes #19898: Remove legacy /api/extras/object-types/ endpoint --- netbox/core/tests/test_api.py | 4 ++-- netbox/extras/api/urls.py | 5 ----- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/netbox/core/tests/test_api.py b/netbox/core/tests/test_api.py index 159a8e5e1..4d612e157 100644 --- a/netbox/core/tests/test_api.py +++ b/netbox/core/tests/test_api.py @@ -107,14 +107,14 @@ class ObjectTypeTest(APITestCase): def test_list_objects(self): object_type_count = ObjectType.objects.count() - response = self.client.get(reverse('extras-api:objecttype-list'), **self.header) + response = self.client.get(reverse('core-api:objecttype-list'), **self.header) self.assertHttpStatus(response, status.HTTP_200_OK) self.assertEqual(response.data['count'], object_type_count) def test_get_object(self): object_type = ObjectType.objects.first() - url = reverse('extras-api:objecttype-detail', kwargs={'pk': object_type.pk}) + url = reverse('core-api:objecttype-detail', kwargs={'pk': object_type.pk}) self.assertHttpStatus(self.client.get(url, **self.header), status.HTTP_200_OK) diff --git a/netbox/extras/api/urls.py b/netbox/extras/api/urls.py index 3757157b4..52cf28b16 100644 --- a/netbox/extras/api/urls.py +++ b/netbox/extras/api/urls.py @@ -1,10 +1,8 @@ from django.urls import include, path -from core.api.views import ObjectTypeViewSet from netbox.api.routers import NetBoxRouter from . import views - router = NetBoxRouter() router.APIRootView = views.ExtrasRootView @@ -29,9 +27,6 @@ router.register('config-context-profiles', views.ConfigContextProfileViewSet) router.register('config-templates', views.ConfigTemplateViewSet) router.register('scripts', views.ScriptViewSet, basename='script') -# TODO: Remove in NetBox v4.5 -router.register('object-types', ObjectTypeViewSet) - app_name = 'extras-api' urlpatterns = [ path('dashboard/', views.DashboardView.as_view(), name='dashboard'),