#2434: Fix database transaction context scoping

2025-07-16 12:12:53 -06:00 · 2021-05-14 11:21:42 -07:00 · 2021-05-14 11:21:42 -07:00 · e429ba6fa2
commit e429ba6fa2
parent 234475effe
2 changed files with 12 additions and 9 deletions
--- a/netbox/dcim/views.py
+++ b/netbox/dcim/views.py
@ -1920,13 +1920,13 @@ class InterfaceCreateView(generic.ComponentCreateView):
        """
        logger = logging.getLogger('netbox.dcim.views.InterfaceCreateView')
        form = self.form(request.POST, initial=request.GET)
-        self.validate_form(request, form)
+        new_objs = self.validate_form(request, form)

        if form.is_valid() and not form.errors:
            if '_addanother' in request.POST:
                return redirect(request.get_full_path())
-            elif '_assignip' in request.POST and len(self.created_objects) >= 1 and request.user.has_perm('ipam.add_ipaddress'):
-                first_obj = self.created_objects[0].pk
+            elif new_objs is not None and '_assignip' in request.POST and len(new_objs) >= 1 and request.user.has_perm('ipam.add_ipaddress'):
+                first_obj = new_objs[0].pk
                return redirect(f'/ipam/ip-addresses/add/?interface={first_obj}&return_url={self.get_return_url(request)}')
            else:
                return redirect(self.get_return_url(request))
--- a/netbox/netbox/views/generic.py
+++ b/netbox/netbox/views/generic.py
@ -1088,7 +1088,6 @@ class ComponentCreateView(GetReturnURLMixin, ObjectPermissionRequiredMixin, View
    form = None
    model_form = None
    template_name = None
-    created_objects = []

    def get_required_permission(self):
        return get_permission_for_model(self.queryset.model, 'add')
@ -1161,22 +1160,26 @@ class ComponentCreateView(GetReturnURLMixin, ObjectPermissionRequiredMixin, View
                try:
                    with transaction.atomic():
                        # Create the new components
+                        new_objs = []
                        for component_form in new_components:
                            obj = component_form.save()
-                            self.created_objects.append(obj)
+                            new_objs.append(obj)

                        # Enforce object-level permissions
-                        if self.queryset.filter(pk__in=[obj.pk for obj in self.created_objects]).count() != len(self.created_objects):
+                        if self.queryset.filter(pk__in=[obj.pk for obj in new_objs]).count() != len(new_objs):
                            raise ObjectDoesNotExist

                        messages.success(request, "Added {} {}".format(
                            len(new_components), self.queryset.model._meta.verbose_name_plural
                        ))
+                        # Return the newly created objects so overridden post methods can use the data as needed.
+                        return new_objs

                except ObjectDoesNotExist:
                    msg = "Component creation failed due to object-level permissions violation"
                    logger.debug(msg)
                    form.add_error(None, msg)
+        return None


 class BulkComponentCreateView(GetReturnURLMixin, ObjectPermissionRequiredMixin, View):