mirror of
https://github.com/netbox-community/netbox.git
synced 2025-07-23 17:08:41 -06:00
Fixes #5176: Enforce content type restrictions when creating objects via the REST API
This commit is contained in:
Jeremy Stretch
parent
52aa123a9f
commit
d9c503a9ec
@ -8,6 +8,7 @@
|
|||||||
|
|
||||||
### Bug Fixes
|
### Bug Fixes
|
||||||
|
|
||||||
|
* [#5176](https://github.com/netbox-community/netbox/issues/5176) - Enforce content type restrictions when creating objects via the REST API
|
||||||
* [#5358](https://github.com/netbox-community/netbox/issues/5358) - Fix user table configuration for VM interfaces
|
* [#5358](https://github.com/netbox-community/netbox/issues/5358) - Fix user table configuration for VM interfaces
|
||||||
* [#5374](https://github.com/netbox-community/netbox/issues/5374) - Fix exception thrown when tracing mid-point
|
* [#5374](https://github.com/netbox-community/netbox/issues/5374) - Fix exception thrown when tracing mid-point
|
||||||
* [#5376](https://github.com/netbox-community/netbox/issues/5376) - Correct invalid custom field filter logic values
|
* [#5376](https://github.com/netbox-community/netbox/issues/5376) - Correct invalid custom field filter logic values
|
||||||
|
|||||||
@ -94,14 +94,14 @@ class ContentTypeField(RelatedField):
|
|||||||
def to_internal_value(self, data):
|
def to_internal_value(self, data):
|
||||||
try:
|
try:
|
||||||
app_label, model = data.split('.')
|
app_label, model = data.split('.')
|
||||||
return ContentType.objects.get_by_natural_key(app_label=app_label, model=model)
|
return self.queryset.get(app_label=app_label, model=model)
|
||||||
except ObjectDoesNotExist:
|
except ObjectDoesNotExist:
|
||||||
self.fail('does_not_exist', content_type=data)
|
self.fail('does_not_exist', content_type=data)
|
||||||
except (TypeError, ValueError):
|
except (AttributeError, TypeError, ValueError):
|
||||||
self.fail('invalid')
|
self.fail('invalid')
|
||||||
|
|
||||||
def to_representation(self, obj):
|
def to_representation(self, obj):
|
||||||
return "{}.{}".format(obj.app_label, obj.model)
|
return f"{obj.app_label}.{obj.model}"
|
||||||
|
|
||||||
|
|
||||||
class TimeZoneField(serializers.Field):
|
class TimeZoneField(serializers.Field):
|
||||||
|
|||||||
@ -6,11 +6,10 @@ from rest_framework.exceptions import ValidationError
|
|||||||
from utilities.utils import dict_to_filter_params
|
from utilities.utils import dict_to_filter_params
|
||||||
|
|
||||||
|
|
||||||
# TODO: We should probably take a fresh look at exactly what we're doing with this. There might be a more elegant
|
|
||||||
# way to enforce model validation on the serializer.
|
|
||||||
class ValidatedModelSerializer(serializers.ModelSerializer):
|
class ValidatedModelSerializer(serializers.ModelSerializer):
|
||||||
"""
|
"""
|
||||||
Extends the built-in ModelSerializer to enforce calling clean() on the associated model during validation.
|
Extends the built-in ModelSerializer to enforce calling full_clean() on a copy of the associated instance during
|
||||||
|
validation. (DRF does not do this by default; see https://github.com/encode/django-rest-framework/issues/3144)
|
||||||
"""
|
"""
|
||||||
def validate(self, data):
|
def validate(self, data):
|
||||||
|
|
||||||
@ -31,8 +30,7 @@ class ValidatedModelSerializer(serializers.ModelSerializer):
|
|||||||
instance = self.instance
|
instance = self.instance
|
||||||
for k, v in attrs.items():
|
for k, v in attrs.items():
|
||||||
setattr(instance, k, v)
|
setattr(instance, k, v)
|
||||||
instance.clean()
|
instance.full_clean()
|
||||||
instance.validate_unique()
|
|
||||||
|
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user