NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-20 19:19:22 -06:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Implemented permissions for scripts

Browse Source
This commit is contained in:
Jeremy Stretch 2019-08-12 11:39:36 -04:00
parent 463c636301
commit ab504439fb
5 changed files with 58 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
netbox/extras/migrations/0024_scripts.py Normal file
View File

@ -0,0 +1,23 @@
# Generated by Django 2.2 on 2019-08-12 15:28
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('extras', '0023_fix_tag_sequences'),
]
operations = [
migrations.CreateModel(
name='Script',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False)),
],
options={
'permissions': (('run_script', 'Can run script'),),
'managed': False,
},
),
]

15
netbox/extras/models.py
View File

@ -826,6 +826,21 @@ class ConfigContextModel(models.Model):
return data return data
#
# Custom scripts
#
class Script(models.Model):
"""
Dummy model used to generate permissions for custom scripts. Does not exist in the database.
"""
class Meta:
managed = False
permissions = (
('run_script', 'Can run script'),
)
# #
# Report results # Report results
# #

14
netbox/extras/views.py
View File

@ -1,11 +1,11 @@
from django import template from django import template
from django.conf import settings from django.conf import settings
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin from django.contrib.auth.mixins import PermissionRequiredMixin
from django.contrib.contenttypes.models import ContentType from django.contrib.contenttypes.models import ContentType
from django.db import transaction from django.db import transaction
from django.db.models import Count, Q from django.db.models import Count, Q
from django.http import Http404 from django.http import Http404, HttpResponseForbidden
from django.shortcuts import get_object_or_404, redirect, render from django.shortcuts import get_object_or_404, redirect, render
from django.utils.safestring import mark_safe from django.utils.safestring import mark_safe
from django.views.generic import View from django.views.generic import View
@ -363,7 +363,8 @@ class ReportRunView(PermissionRequiredMixin, View):
# Scripts # Scripts
# #
class ScriptListView(LoginRequiredMixin, View): class ScriptListView(PermissionRequiredMixin, View):
permission_required = 'extras.view_script'
def get(self, request): def get(self, request):
@ -372,7 +373,8 @@ class ScriptListView(LoginRequiredMixin, View):
}) })
class ScriptView(LoginRequiredMixin, View): class ScriptView(PermissionRequiredMixin, View):
permission_required = 'extras.view_script'
def _get_script(self, module, name): def _get_script(self, module, name):
scripts = get_scripts() scripts = get_scripts()
@ -394,6 +396,10 @@ class ScriptView(LoginRequiredMixin, View):
def post(self, request, module, name): def post(self, request, module, name):
# Permissions check
if not request.user.has_perm('extras.run_script'):
return HttpResponseForbidden()
script = self._get_script(module, name) script = self._get_script(module, name)
form = script.as_form(request.POST) form = script.as_form(request.POST)
output = None output = None

8
netbox/templates/extras/script.html
View File

@ -57,6 +57,12 @@
{% endif %} {% endif %}
<div class="row"> <div class="row">
<div class="col-md-8 col-md-offset-2"> <div class="col-md-8 col-md-offset-2">
{% if not perms.extras.run_script %}
<div class="alert alert-warning">
<i class="fa fa-warning"></i>
You do not have permission to run scripts.
</div>
{% endif %}
<form action="" method="post"> <form action="" method="post">
{% csrf_token %} {% csrf_token %}
{% if form %} {% if form %}
@ -65,7 +71,7 @@
<p>This script does not require any input to run.</p> <p>This script does not require any input to run.</p>
{% endif %} {% endif %}
<div class="pull-right"> <div class="pull-right">
<button type="submit" name="_run" class="btn btn-primary"><i class="fa fa-play"></i> Run Script</button> <button type="submit" name="_run" class="btn btn-primary"{% if not perms.extras.run_script %} disabled="disabled"{% endif %}><i class="fa fa-play"></i> Run Script</button>
<a href="{% url 'extras:script_list' %}" class="btn btn-default">Cancel</a> <a href="{% url 'extras:script_list' %}" class="btn btn-default">Cancel</a>
</div> </div>
</form> </form>

3
netbox/templates/inc/nav_menu.html
View File

@ -66,6 +66,9 @@
<li{% if not perms.extras.view_configcontext %} class="disabled"{% endif %}> <li{% if not perms.extras.view_configcontext %} class="disabled"{% endif %}>
<a href="{% url 'extras:configcontext_list' %}">Config Contexts</a> <a href="{% url 'extras:configcontext_list' %}">Config Contexts</a>
</li> </li>
<li{% if not perms.extras.view_script %} class="disabled"{% endif %}>
<a href="{% url 'extras:script_list' %}">Scripts</a>
</li>
<li{% if not perms.extras.view_reportresult %} class="disabled"{% endif %}> <li{% if not perms.extras.view_reportresult %} class="disabled"{% endif %}>
<a href="{% url 'extras:report_list' %}">Reports</a> <a href="{% url 'extras:report_list' %}">Reports</a>
</li> </li>