NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-08-06 23:58:17 -06:00
Code Issues Actions 13 Packages Projects Releases Wiki Activity

Added permission check /api/dcim/connected-devices

Browse Source 
Api now checks dcim.view_device and dcim.view_interface
permissions when login is required
This commit is contained in:
Pavel Raur 2021-10-04 11:36:29 +02:00
parent c9c537a1b9
commit d6f6d0acf5
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
netbox/dcim/api/views.py
View File

@ -8,6 +8,7 @@ from drf_yasg import openapi
from drf_yasg.openapi import Parameter
from drf_yasg.utils import swagger_auto_schema
from rest_framework.decorators import action
from rest_framework.exceptions import PermissionDenied
from rest_framework.response import Response
from rest_framework.routers import APIRootView
from rest_framework.viewsets import ViewSet
@ -672,6 +673,12 @@ class ConnectedDeviceViewSet(ViewSet):
peer_device_name = request.query_params.get(self._device_param.name)
peer_interface_name = request.query_params.get(self._interface_param.name)
# check permissions of user, if login is required
if settings.LOGIN_REQUIRED:
if not request.user.has_perm('dcim.view_device') or not request.user.has_perm('dcim.view_interface'):
raise PermissionDenied('You do not have permission to perform this action.')
# check query parameters
if not peer_device_name or not peer_interface_name:
raise MissingFilterException(detail='Request must include "peer_device" and "peer_interface" filters.')