From 9a1531442a9529115dca2ec83a46968f5295ff6e Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Fri, 26 Jun 2020 15:11:05 -0400 Subject: [PATCH] Apply restrict_form_fields() to bulk edit views --- netbox/utilities/testing/views.py | 10 ++++------ netbox/utilities/views.py | 2 ++ 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index 392a26fb2..bd0eaeccd 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -654,7 +654,6 @@ class ViewTestCases: def _get_csv_data(self): return '\n'.join(self.csv_data) - @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) def test_bulk_import_objects_without_permission(self): data = { 'csv': self._get_csv_data(), @@ -669,7 +668,7 @@ class ViewTestCases: with disable_warnings('django.request'): self.assertHttpStatus(response, 403) - @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_bulk_import_objects_with_permission(self): initial_count = self.model.objects.count() data = { @@ -691,7 +690,7 @@ class ViewTestCases: self.assertHttpStatus(self.client.post(self._get_url('import'), data), 200) self.assertEqual(self.model.objects.count(), initial_count + len(self.csv_data) - 1) - @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_bulk_import_objects_with_constrained_permission(self): initial_count = self.model.objects.count() data = { @@ -728,7 +727,6 @@ class ViewTestCases: """ bulk_edit_data = {} - @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) def test_bulk_edit_objects_without_permission(self): pk_list = self.model.objects.values_list('pk', flat=True)[:3] data = { @@ -744,7 +742,7 @@ class ViewTestCases: with disable_warnings('django.request'): self.assertHttpStatus(self.client.post(self._get_url('bulk_edit'), data), 403) - @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_bulk_edit_objects_with_permission(self): pk_list = self.model.objects.values_list('pk', flat=True)[:3] data = { @@ -768,7 +766,7 @@ class ViewTestCases: for i, instance in enumerate(self.model.objects.filter(pk__in=pk_list)): self.assertInstanceEqual(instance, self.bulk_edit_data) - @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_bulk_edit_objects_with_constrained_permission(self): initial_instances = self.model.objects.all()[:3] pk_list = list(self.model.objects.values_list('pk', flat=True)[:3]) diff --git a/netbox/utilities/views.py b/netbox/utilities/views.py index 7fd41804b..a929b3af2 100644 --- a/netbox/utilities/views.py +++ b/netbox/utilities/views.py @@ -863,6 +863,7 @@ class BulkEditView(GetReturnURLMixin, ObjectPermissionRequiredMixin, View): if '_apply' in request.POST: form = self.form(model, request.POST) + restrict_form_fields(form, request.user) if form.is_valid(): logger.debug("Form validation was successful") @@ -970,6 +971,7 @@ class BulkEditView(GetReturnURLMixin, ObjectPermissionRequiredMixin, View): initial_data['device_type'] = request.GET.get('device_type') form = self.form(model, initial=initial_data) + restrict_form_fields(form, request.user) # Retrieve objects being edited table = self.table(self.queryset.filter(pk__in=pk_list), orderable=False)