NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-08-25 16:56:10 -06:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

12589 fix permission model check

Browse Source
This commit is contained in:
Arthur 2023-06-20 10:16:15 -07:00
parent d0d74c98ad
commit bdfcb939f1
3 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
netbox/users/views.py
View File

@ -360,7 +360,6 @@ class NetBoxUserView(generic.ObjectView):
def get_required_permission(self): def get_required_permission(self):
# Need to override as ObjectView will query for NetBoxUser as the model # Need to override as ObjectView will query for NetBoxUser as the model
# but the model we need to check perms for is User # but the model we need to check perms for is User
breakpoint()
return get_permission_for_model(User, 'view') return get_permission_for_model(User, 'view')
def get_extra_context(self, request, instance): def get_extra_context(self, request, instance):

6
netbox/utilities/permissions.py
View File

@ -18,10 +18,12 @@ def get_permission_for_model(model, action):
:param model: A model or instance :param model: A model or instance
:param action: View, add, change, or delete (string) :param action: View, add, change, or delete (string)
""" """
# breakpoint()
ct = ContentType.objects.get_for_model(model)
return '{}.{}_{}'.format( return '{}.{}_{}'.format(
model._meta.app_label, ct.app_label,
action, action,
model._meta.model_name ct.model
) )

7
netbox/utilities/views.py
View File

@ -79,8 +79,9 @@ class ObjectPermissionRequiredMixin(AccessMixin):
if user.has_perms((permission_required, *self.additional_permissions)): if user.has_perms((permission_required, *self.additional_permissions)):
# Update the view's QuerySet to filter only the permitted objects # Update the view's QuerySet to filter only the permitted objects
action = resolve_permission(permission_required)[1] if isinstance(self.queryset, RestrictedQuerySet):
self.queryset = self.queryset.restrict(user, action) action = resolve_permission(permission_required)[1]
self.queryset = self.queryset.restrict(user, action)
return True return True
@ -94,7 +95,7 @@ class ObjectPermissionRequiredMixin(AccessMixin):
'a base queryset'.format(self.__class__.__name__) 'a base queryset'.format(self.__class__.__name__)
) )
if isinstance(self.queryset, RestrictedQuerySet) and not self.has_permission(): if not self.has_permission():
return self.handle_no_permission() return self.handle_no_permission()
return super().dispatch(request, *args, **kwargs) return super().dispatch(request, *args, **kwargs)