Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission constraint doesn't work on sync action #15582

Closed
llamafilm opened this issue Mar 29, 2024 · 1 comment · Fixed by #15704
Closed

Permission constraint doesn't work on sync action #15582

llamafilm opened this issue Mar 29, 2024 · 1 comment · Fixed by #15704
Assignees
@arthanson
Labels
severity: medium Results in substantial degraded or broken functionality for specfic workflows status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application

Comments

@llamafilm
Copy link
Contributor

llamafilm commented Mar 29, 2024
edited
Loading

Deployment Type

Self-hosted

NetBox Version

v3.7.3

Python Version

3.11

Steps to Reproduce

  1. Create a user permission with object type: Core > Data Source. Allow add, view, and sync actions. Add constraint: {"id": 4}.
  2. Create an API token for this user
  3. Sync a different data source: curl -X POST -H "Authorization: Token $TOKEN" -H "Accept: application/json" http://localhost:8001/api/core/data-sources/7/sync/

Additional Context

I'd like to sync this git data source it as a post-commit hook when I make changes to the scripts. So I want to restrict this user permission to only one data source.

The constraint works properly on the view action. If I GET /api/core/data-sources/7/ I get a response: {"detail":"Not found."}.

Expected Behavior

I should get a permission denied error.

Observed Behavior

It works.
@llamafilm llamafilm added status: needs triage This issue is awaiting triage by a maintainer type: bug A confirmed report of unexpected behavior in the application labels Mar 29, 2024
@llamafilm
Copy link
Contributor Author

By the way, it seems weird that the add action is required for this.

@jeremystretch jeremystretch added status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation severity: medium Results in substantial degraded or broken functionality for specfic workflows and removed status: needs triage This issue is awaiting triage by a maintainer labels Apr 2, 2024
@jeremystretch jeremystretch removed their assignment Apr 2, 2024
@arthanson arthanson self-assigned this Apr 11, 2024
@arthanson arthanson removed the status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation label Apr 11, 2024
@arthanson arthanson mentioned this issue Apr 11, 2024
Merged
@jeremystretch jeremystretch added the status: accepted This issue has been accepted for implementation label Apr 17, 2024
jeremystretch added a commit that referenced this issue Apr 17, 2024
@jeremystretch
Changelog for #15427, #15582, #15635
19fe5ef
jeffgdotorg pushed a commit to jeffgdotorg/netbox that referenced this issue Apr 18, 2024
@jeremystretch @jeffgdotorg
Changelog for netbox-community#15427, netbox-community#15582, netbox-…
9ef9ba4 
…community#15635
@jeremystretch jeremystretch mentioned this issue Apr 22, 2024
Merged
JCWasmx86 pushed a commit to JCWasmx86/netbox that referenced this issue Apr 23, 2024
@jeremystretch @JCWasmx86
Changelog for netbox-community#15427, netbox-community#15582, netbox-…
e3c9382 
…community#15635
@github-actions github-actions bot mentioned this issue May 1, 2024
Open
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@arthanson arthanson

Labels
severity: medium Results in substantial degraded or broken functionality for specfic workflows status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

15582 check permissions on specific object when sync request netbox-community/netbox
3 participants
@arthanson @llamafilm @jeremystretch