Fixes #16228: Fix permissions enforcement for GraphQL queries of users & groups

2025-07-19 05:21:55 -06:00 · 2024-05-21 16:21:56 -04:00 · 2024-05-21 16:21:56 -04:00 · a3b34c7a78
commit a3b34c7a78
parent 902c61bf47
1 changed files with 5 additions and 9 deletions
--- a/netbox/users/graphql/types.py
+++ b/netbox/users/graphql/types.py
@ -1,13 +1,10 @@
 from typing import List

-import strawberry
 import strawberry_django
 from django.contrib.auth import get_user_model
-from django.contrib.auth.models import Group
-from strawberry import auto
-from users import filtersets
+
+from netbox.graphql.types import BaseObjectType
 from users.models import Group
-from utilities.querysets import RestrictedQuerySet
 from .filters import *

 __all__ = (
@ -21,17 +18,16 @@ __all__ = (
    fields=['id', 'name'],
    filters=GroupFilter
 )
-class GroupType:
+class GroupType(BaseObjectType):
    pass


@strawberry_django.type(
    get_user_model(),
    fields=[
-        'id', 'username', 'password', 'first_name', 'last_name', 'email', 'is_staff',
-        'is_active', 'date_joined', 'groups',
+        'id', 'username', 'first_name', 'last_name', 'email', 'is_staff', 'is_active', 'date_joined', 'groups',
    ],
    filters=UserFilter
 )
-class UserType:
+class UserType(BaseObjectType):
    groups: List[GroupType]