NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-19 17:59:11 -06:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fixes #16228: Fix permissions enforcement for GraphQL queries of users & groups

Browse Source
This commit is contained in:
Jeremy Stretch 2024-05-21 16:21:56 -04:00
parent 902c61bf47
commit a3b34c7a78
1 changed files with 5 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
netbox/users/graphql/types.py
View File

@ -1,13 +1,10 @@
from typing import List from typing import List
import strawberry
import strawberry_django import strawberry_django
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.contrib.auth.models import Group
from strawberry import auto from netbox.graphql.types import BaseObjectType
from users import filtersets
from users.models import Group from users.models import Group
from utilities.querysets import RestrictedQuerySet
from .filters import * from .filters import *
__all__ = ( __all__ = (
@ -21,17 +18,16 @@ __all__ = (
fields=['id', 'name'], fields=['id', 'name'],
filters=GroupFilter filters=GroupFilter
) )
class GroupType: class GroupType(BaseObjectType):
pass pass
@strawberry_django.type( @strawberry_django.type(
get_user_model(), get_user_model(),
fields=[ fields=[
'id', 'username', 'password', 'first_name', 'last_name', 'email', 'is_staff', 'id', 'username', 'first_name', 'last_name', 'email', 'is_staff', 'is_active', 'date_joined', 'groups',
'is_active', 'date_joined', 'groups',
], ],
filters=UserFilter filters=UserFilter
) )
class UserType: class UserType(BaseObjectType):
groups: List[GroupType] groups: List[GroupType]