* Closes#16681: Introduce render_config permission for configuration rendering
Add a new custom permission action `render_config` for rendering device and
virtual machine configurations via the REST API. This allows users to render
configurations without requiring the `add` permission.
Changes:
- Add permission check to RenderConfigMixin.render_config() for devices and VMs
- Update API tests to use render_config permission instead of add
- Add tests verifying permission enforcement (403 without render_config)
- Document new permission requirement in configuration-rendering.md
Note: Currently requires both render_config AND add permissions due to the
automatic POST='add' filter in BaseViewSet.initial(). Removing the add
requirement will be addressed in a follow-up commit.
* Correct permission denied message and enable translation
* Remove add permission requirement for render_config endpoint
Remove the add permission requirement from the render-config API endpoint
while maintaining token write_enabled enforcement as specified in #16681.
Changes:
- Add TokenWritePermission class to check token write ability without requiring
specific model permissions
- Override get_permissions() in RenderConfigMixin to use TokenWritePermission
instead of TokenPermissions for render_config action
- Replace queryset restriction: use render_config instead of add
- Remove add permissions from tests - render_config permission now sufficient
- Update tests to expect 404 when permission denied (NetBox standard pattern)
Per #16681: 'requirement for write permission makes sense for API calls
(because we're accepting and processing arbitrary user data), the specific
permission for creating devices does not'
* Add render_config permission to ConfigTemplate render endpoint
Extend render_config permission requirement to the ConfigTemplate render
endpoint per issue comments.
Changes:
- Add TokenWritePermission check via get_permissions() override in
ConfigTemplateViewSet
- Restrict queryset to render_config permission in render() method
- Add explicit render_config permission check
- Add tests for ConfigTemplate.render() with and without permission
- Update documentation to include ConfigTemplate endpoint
* Address PR feedback on render_config permissions
Remove redundant permission checks, add view permission enforcement via
chained restrict() calls, and rename ConfigTemplate permission action
from render_config to render for consistency.
* Address second round of PR feedback on render_config permissions
- Remove ConfigTemplate view permission check from render_config endpoint
- Add sanity check to TokenWritePermission for non-token auth
- Use named URL patterns instead of string concatenation in tests
- Remove extras.view_configtemplate from test permissions
- Add token write_enabled enforcement tests for all render endpoints
* Misc cleanup
---------
Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
* Fixes#17443: Adds ExportTemplate.file_name field
* Addresses PR feedback
- Adds `file_name` to `ExportTemplateBulkEditForm.nullable_fields`
- Shortens max length of `ExportTemplate.file_name` to 200 chars
- Adds tests for `ExportTemplateFilterSet.file_extension`
* Fixes migration conflict caused by fix for #17841
* Align strawberry resolver with expected return type
* Align test data with expected representation of extra_choices in CustomFieldChoiceSet model
---------
Co-authored-by: Griffin Ellis <griffin.ellis@pico.net>
* Initial work on #15621
* Signal receiver should ignore models which don't support notifications
* Flesh out NotificationGroup functionality
* Add NotificationGroup filters for users & groups
* Separate read & dimiss actions
* Enable one-click dismissals from notifications list
* Include total notification count in dropdown
* Drop 'kind' field from Notification model
* Register event types in the registry; add colors & icons
* Enable event rules to target notification groups
* Define dynamic choices for Notification.event_name
* Move event registration to core
* Add more job events
* Misc cleanup
* Misc cleanup
* Correct absolute URLs for notifications & subscriptions
* Optimize subscriber notifications
* Use core event types when queuing events
* Standardize queued event attribute to event_type; change content_type to object_type
* Rename Notification.event_name to event_type
* Restore NotificationGroupBulkEditView
* Add API tests
* Add view & filterset tests
* Add model documentation
* Fix tests
* Update notification bell when notifications have been cleared
* Ensure subscribe button appears only on relevant models
* Notifications/subscriptions cannot be ordered by object
* Misc cleanup
* Add event icon & type to notifications table
* Adjust icon sizing
* Mute color of read notifications
* Misc cleanup
- Introduces the Script model to represent individual Python classes within a ScriptModule file
- Automatically migrates jobs & event rules
---------
Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
* Fixes#14755: ValueError in web UI after REST API accepts invalid custom-field choice-set data
* PR Comments Addressed
* Set max_length=2 on extra_choices items; remove custom validation logic
* Move test for invalid choices to CustomFieldChoiceSetTest
* Omit unused imports
---------
Co-authored-by: julio.oliveira <julio.oliveira@alertmedia.com>
Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
* replaces device_role with role on device model #6391
* fixes lint issue #6391
* revert the database user
* revert test_runner comment
* changes as per review
* Update references to device_role column in UserConfigs
---------
Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
* Initial work on custom field choice sets
* Rename choices to extra_choices (prep for #12194)
* Remove CustomField.choices
* Add & update tests
* Clean up table columns
* Add order_alphanetically boolean for choice sets
* Introduce ArrayColumn for choice lists
* Show dependent custom fields on choice set view
* Update custom fields documentation
* Introduce ArrayWidget for more convenient editing of choices
* Incorporate PR feedback
* Misc cleanup
* Initial work on predefined choices for custom fields
* Misc cleanup
* Add IATA airport codes
* #13241: Add support for custom field choice labels
* Restore ArrayColumn
* Misc cleanup
* Change extra_choices back to a nested ArrayField to preserve choice ordering
* Hack to bypass GraphQL API test utility absent support for nested ArrayFields
* Fixes#11335: Default manager for ObjectChange should filter by installed apps
* Employ canonical model discovery mechanism
* Move filtering logic to valid_models() queryset method
* fixed import to avoid content type does not exist
* Cleanup
---------
Co-authored-by: Abhimanyu Saharan <desk.abhimanyu@gmail.com>
* 12794 change User ref to get_user_model
* 12794 call get_user_model once in tests
* 12794 call get_user_model once in tests
* 12794 use settings.AUTH_USER_MODEL for FK reference
* Reference database object by GFK when running scripts & reports via UI
* Reference database object by GFK when running scripts & reports via API
* Remove old enqueue_job() method
* Enable filtering jobs by object
* Introduce ObjectJobsView
* Add tabbed views for report & script jobs
* Add object_id to JobSerializer
* Move generic relation to JobsMixin
* Clean up old naming
