NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-12-09 01:49:35 -06:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity

check object-level permission constraints (#20830)

Browse Source
This commit is contained in:
Elliott Balsley 2025-11-20 11:06:49 -08:00 committed by GitHub
parent 05f254a768
commit c6248f1142
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
netbox/extras/api/views.py
View File

@ -290,10 +290,12 @@ class ScriptViewSet(ModelViewSet):
"""
Run a Script identified by its numeric PK or module & name and return the pending Job as the result
"""
if not request.user.has_perm('extras.run_script'):
raise PermissionDenied("This user does not have permission to run scripts.")
script = self._get_script(pk)
if not request.user.has_perm('extras.run_script', obj=script):
raise PermissionDenied("This user does not have permission to run this script.")
input_serializer = serializers.ScriptInputSerializer(
data=request.data,
context={'script': script}