Replace direct string concatenation with URLSearchParams to properly
encode user input in export link URLs, preventing injection of malicious
parameters or scripts through the search functionality.
Resolves CodeQL Alert #63 (js/xss-through-dom)
* Closes#19977: Denormalize site, location, and rack for device components
* Set blank=True on denormalized ForeignKeys
* Populate denormalized field in test data
* Ignore private fields when constructing test GraphQL requests
* Closes#19968: Use multiple selection lists for the assignment of object types when editing a permission
* Remove errant logging statements
* Defer compilation of choices for object_types
* Fix test data
* Fixes#18900: introduce/raise QuerySetNotOrdered exception
Defines a new exception, `QuerySetNotOrdered`, and raises it in
`OptionalLimitOffsetPagination.paginate_queryset` in the right
conditions:
- the iterable to be paginated is a QuerySet isinstance
- the `queryset.ordered` flag is not truthy
* Don't try to reapply ordering if ordering is already present
* Add ordering for failing tagged-objects list API endpoint
I chose to implement this here for TaggedItemViewSet, rather than on the
model, because any meaningful ordering is going to be done on the
related Tag instance and I didn't want to introduce potential, not well
understood side-effects by applying a model-wide ordering via a related
model field.
* Add default Token ordering behavior
* Adds basic tests for raising QuerySetNotOrdered
* Note why ordering is not applied in TaggedItem.Meta
* feat(dcim): Add site fields to Cable bulk import form
Introduces `side_a_site` and `side_b_site` fields for the Cable bulk
import form. Limits device choices on both sides to the selected site
for improved input validation and consistency.
* feat(dcim): Enhance test data setup with multiple sites
Refactors tests to create multiple sites and assign devices accordingly.
Updates CSV data to include `side_a_site` and `side_b_site` fields for
scenarios involving multiple sites. This improves test coverage and
alignment with real-world use cases.
* docs(dcim): Update comments explaining indent for CSV import
Improved the inline comments to clarify the rationale behind allowing
devices with duplicate names on different sites during CSV bulk import.
The select list of 'Images and Label', 'Images Only', and 'Label Only'
was broken during recent work while implementing #19823.
This fixes the issue by placing the `rack_elevation` class attribute on
the <div> element that contains the SVG after being loaded by HTMX. In
addition, we needed to slightly modify the selectors in the frontend
code that looked for the elements within the SVG to hide and/or show.
Previously, it was looking inside of a contentDocument embedded in an
<object> element. The simplified version just looks inside of the
SVG containing div.
Replaced manual rendering of custom fields in the filter tab with the
`render_custom_fields` template tag. This change ensures that custom fields are
properly grouped, addressing the issue where they were previously displayed
without their associated groups.
* Fixes#19800: ModuleType import supports associating ModuleTypeProfile
* Fixes up ModuleTypeTestCase to include bulk import testing
Also includes an additional regression assertion.
* Address PR feedback
I ultimately left the extra asserts in for test_bulk_import_objects_with_permissionsince
since the parent test is currently only testing against number of
objects successfully imported. Will file a follow up FR to improve that
test.
* Support menu items that are callables
* Fix quote on add button
* Clarify docstring to differentiate link and url
* Back out support for callables but keep alternate prerendered url param
* Make url a property on MenuItem/PluginMenuItem etc, overridable via a setter
* Use reverse_lazy instead of reverse
* Use reverse_lazy instead of reverse
