From 773a4f9896b540a5dfd27798714761f31db53a99 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 2 Jun 2023 09:57:15 -0700 Subject: [PATCH 01/72] 125890 first working user list --- netbox/netbox/navigation/menu.py | 14 +++ netbox/users/filtersets.py | 6 +- netbox/users/forms.py | 130 --------------------- netbox/users/migrations/0004_netboxuser.py | 28 +++++ netbox/users/models.py | 11 ++ netbox/users/tables.py | 17 +++ netbox/users/urls.py | 8 ++ netbox/users/views.py | 73 +++++++++--- netbox/utilities/views.py | 3 +- 9 files changed, 143 insertions(+), 147 deletions(-) delete mode 100644 netbox/users/forms.py create mode 100644 netbox/users/migrations/0004_netboxuser.py diff --git a/netbox/netbox/navigation/menu.py b/netbox/netbox/navigation/menu.py index 6e5bcfc23f4..5e83226578e 100644 --- a/netbox/netbox/navigation/menu.py +++ b/netbox/netbox/navigation/menu.py @@ -344,6 +344,19 @@ ), ) +ADMIN_MENU = Menu( + label=_('Admin'), + icon_class='mdi mdi-account-multiple', + groups=( + MenuGroup( + label=_('Users'), + items=( + get_model_item('users', 'user', _('Users'), actions=['add']), + ), + ), + ), +) + MENUS = [ ORGANIZATION_MENU, @@ -358,6 +371,7 @@ PROVISIONING_MENU, CUSTOMIZATION_MENU, OPERATIONS_MENU, + ADMIN_MENU, ] # diff --git a/netbox/users/filtersets.py b/netbox/users/filtersets.py index 4ae9df89a9f..35353b4a3f3 100644 --- a/netbox/users/filtersets.py +++ b/netbox/users/filtersets.py @@ -1,10 +1,12 @@ import django_filters +from django.conf import settings +from django.contrib.auth import get_user_model from django.contrib.auth.models import Group, User from django.db.models import Q from django.utils.translation import gettext as _ from netbox.filtersets import BaseFilterSet -from users.models import ObjectPermission, Token +from users.models import ObjectPermission, Token, NetBoxUser __all__ = ( 'GroupFilterSet', @@ -47,7 +49,7 @@ class UserFilterSet(BaseFilterSet): ) class Meta: - model = User + model = NetBoxUser fields = ['id', 'username', 'first_name', 'last_name', 'email', 'is_staff', 'is_active'] def search(self, queryset, name, value): diff --git a/netbox/users/forms.py b/netbox/users/forms.py deleted file mode 100644 index 027fa532779..00000000000 --- a/netbox/users/forms.py +++ /dev/null @@ -1,130 +0,0 @@ -from django import forms -from django.conf import settings -from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm as DjangoPasswordChangeForm -from django.contrib.postgres.forms import SimpleArrayField -from django.utils.html import mark_safe -from django.utils.translation import gettext as _ - -from ipam.formfields import IPNetworkFormField -from ipam.validators import prefix_validator -from netbox.preferences import PREFERENCES -from utilities.forms import BootstrapMixin -from utilities.forms.widgets import DateTimePicker -from utilities.utils import flatten_dict -from .models import Token, UserConfig - - -class LoginForm(BootstrapMixin, AuthenticationForm): - pass - - -class PasswordChangeForm(BootstrapMixin, DjangoPasswordChangeForm): - pass - - -class UserConfigFormMetaclass(forms.models.ModelFormMetaclass): - - def __new__(mcs, name, bases, attrs): - - # Emulate a declared field for each supported user preference - preference_fields = {} - for field_name, preference in PREFERENCES.items(): - description = f'{preference.description}
' if preference.description else '' - help_text = f'{description}{field_name}' - field_kwargs = { - 'label': preference.label, - 'choices': preference.choices, - 'help_text': mark_safe(help_text), - 'coerce': preference.coerce, - 'required': False, - 'widget': forms.Select, - } - preference_fields[field_name] = forms.TypedChoiceField(**field_kwargs) - attrs.update(preference_fields) - - return super().__new__(mcs, name, bases, attrs) - - -class UserConfigForm(BootstrapMixin, forms.ModelForm, metaclass=UserConfigFormMetaclass): - fieldsets = ( - ('User Interface', ( - 'pagination.per_page', - 'pagination.placement', - 'ui.colormode', - )), - ('Miscellaneous', ( - 'data_format', - )), - ) - # List of clearable preferences - pk = forms.MultipleChoiceField( - choices=[], - required=False - ) - - class Meta: - model = UserConfig - fields = () - - def __init__(self, *args, instance=None, **kwargs): - - # Get initial data from UserConfig instance - initial_data = flatten_dict(instance.data) - kwargs['initial'] = initial_data - - super().__init__(*args, instance=instance, **kwargs) - - # Compile clearable preference choices - self.fields['pk'].choices = ( - (f'tables.{table_name}', '') for table_name in instance.data.get('tables', []) - ) - - def save(self, *args, **kwargs): - - # Set UserConfig data - for pref_name, value in self.cleaned_data.items(): - if pref_name == 'pk': - continue - self.instance.set(pref_name, value, commit=False) - - # Clear selected preferences - for preference in self.cleaned_data['pk']: - self.instance.clear(preference) - - return super().save(*args, **kwargs) - - @property - def plugin_fields(self): - return [ - name for name in self.fields.keys() if name.startswith('plugins.') - ] - - -class TokenForm(BootstrapMixin, forms.ModelForm): - key = forms.CharField( - required=False, - help_text=_("If no key is provided, one will be generated automatically.") - ) - allowed_ips = SimpleArrayField( - base_field=IPNetworkFormField(validators=[prefix_validator]), - required=False, - label=_('Allowed IPs'), - help_text=_('Allowed IPv4/IPv6 networks from where the token can be used. Leave blank for no restrictions. ' - 'Example: 10.1.1.0/24,192.168.10.16/32,2001:db8:1::/64'), - ) - - class Meta: - model = Token - fields = [ - 'key', 'write_enabled', 'expires', 'description', 'allowed_ips', - ] - widgets = { - 'expires': DateTimePicker(), - } - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - - # Omit the key field if token retrieval is not permitted - if self.instance.pk and not settings.ALLOW_TOKEN_RETRIEVAL: - del self.fields['key'] diff --git a/netbox/users/migrations/0004_netboxuser.py b/netbox/users/migrations/0004_netboxuser.py new file mode 100644 index 00000000000..03355ea3c16 --- /dev/null +++ b/netbox/users/migrations/0004_netboxuser.py @@ -0,0 +1,28 @@ +# Generated by Django 4.1.9 on 2023-06-02 16:55 + +import django.contrib.auth.models +from django.db import migrations + + +class Migration(migrations.Migration): + dependencies = [ + ('auth', '0012_alter_user_first_name_max_length'), + ('users', '0003_token_allowed_ips_last_used'), + ] + + operations = [ + migrations.CreateModel( + name='NetBoxUser', + fields=[], + options={ + 'verbose_name': 'User', + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('auth.user',), + managers=[ + ('objects', django.contrib.auth.models.UserManager()), + ], + ), + ] diff --git a/netbox/users/models.py b/netbox/users/models.py index 4e7d9ca523a..6b5b13b1417 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -20,6 +20,7 @@ from .constants import * __all__ = ( + 'NetBoxUser', 'ObjectPermission', 'Token', 'UserConfig', @@ -30,6 +31,7 @@ # Proxy models for admin # + class AdminGroup(Group): """ Proxy contrib.auth.models.Group for the admin UI @@ -48,10 +50,19 @@ class Meta: proxy = True +class NetBoxUser(User): + """ + Proxy contrib.auth.models.User for the UI + """ + class Meta: + verbose_name = 'User' + proxy = True + # # User preferences # + class UserConfig(models.Model): """ This model stores arbitrary user-specific preferences in a JSON data structure. diff --git a/netbox/users/tables.py b/netbox/users/tables.py index 0f14848875d..f7c27ff6346 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -1,8 +1,11 @@ +import django_tables2 as tables from .models import Token from netbox.tables import NetBoxTable, columns +from users.models import NetBoxUser __all__ = ( 'TokenTable', + 'UserTable', ) @@ -50,3 +53,17 @@ class Meta(NetBoxTable.Meta): fields = ( 'pk', 'description', 'key', 'write_enabled', 'created', 'expires', 'last_used', 'allowed_ips', ) + + +class UserTable(NetBoxTable): + username = tables.Column() + actions = columns.ActionsColumn( + actions=('edit', 'delete'), + ) + + class Meta(NetBoxTable.Meta): + model = NetBoxUser + fields = ( + 'pk', 'id', 'username', 'email', 'first_name', 'last_name' + ) + default_columns = ('pk', 'username', 'email', 'first_name', 'last_name') diff --git a/netbox/users/urls.py b/netbox/users/urls.py index ed1c21c024b..03c1bf9b4c9 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -11,6 +11,14 @@ path('preferences/', views.UserConfigView.as_view(), name='preferences'), path('password/', views.ChangePasswordView.as_view(), name='change_password'), + # Users + path('users/', views.NetBoxUserListView.as_view(), name='user_list'), + path('users/add/', views.NetBoxUserEditView.as_view(), name='user_add'), + path('users/import/', views.NetBoxUserBulkImportView.as_view(), name='netboxuser_import'), + path('users/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxuser_bulk_edit'), + path('users/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxuser_bulk_delete'), + path('users//', include(get_model_urls('users', 'netboxuser'))), + # API tokens path('api-tokens/', views.TokenListView.as_view(), name='token_list'), path('api-tokens/add/', views.TokenEditView.as_view(), name='token_add'), diff --git a/netbox/users/views.py b/netbox/users/views.py index a82620914ad..5c0dc1af37b 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -2,7 +2,7 @@ from django.conf import settings from django.contrib import messages -from django.contrib.auth import login as auth_login, logout as auth_logout, update_session_auth_hash +from django.contrib.auth import login as auth_login, logout as auth_logout, update_session_auth_hash, get_user_model from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.models import update_last_login from django.contrib.auth.signals import user_logged_in @@ -19,11 +19,11 @@ from extras.tables import ObjectChangeTable from netbox.authentication import get_auth_backend_display, get_saml_idps from netbox.config import get_config +from netbox.views import generic from utilities.forms import ConfirmationForm from utilities.views import register_model_view -from .forms import LoginForm, PasswordChangeForm, TokenForm, UserConfigForm -from .models import Token, UserConfig -from .tables import TokenTable +from . import filtersets, forms, tables +from .models import Token, UserConfig, NetBoxUser # @@ -69,7 +69,7 @@ def get_auth_backends(self, request): return auth_backends def get(self, request): - form = LoginForm(request) + form = forms.LoginForm(request) if request.user.is_authenticated: logger = logging.getLogger('netbox.auth.login') @@ -82,7 +82,7 @@ def get(self, request): def post(self, request): logger = logging.getLogger('netbox.auth.login') - form = LoginForm(request, data=request.POST) + form = forms.LoginForm(request, data=request.POST) if form.is_valid(): logger.debug("Login form validation was successful") @@ -175,7 +175,7 @@ class UserConfigView(LoginRequiredMixin, View): def get(self, request): userconfig = request.user.config - form = UserConfigForm(instance=userconfig) + form = forms.UserConfigForm(instance=userconfig) return render(request, self.template_name, { 'form': form, @@ -184,7 +184,7 @@ def get(self, request): def post(self, request): userconfig = request.user.config - form = UserConfigForm(request.POST, instance=userconfig) + form = forms.UserConfigForm(request.POST, instance=userconfig) if form.is_valid(): form.save() @@ -207,7 +207,7 @@ def get(self, request): messages.warning(request, "LDAP-authenticated user credentials cannot be changed within NetBox.") return redirect('users:profile') - form = PasswordChangeForm(user=request.user) + form = forms.PasswordChangeForm(user=request.user) return render(request, self.template_name, { 'form': form, @@ -215,7 +215,7 @@ def get(self, request): }) def post(self, request): - form = PasswordChangeForm(user=request.user, data=request.POST) + form = forms.PasswordChangeForm(user=request.user, data=request.POST) if form.is_valid(): form.save() update_session_auth_hash(request, form.user) @@ -237,7 +237,7 @@ class TokenListView(LoginRequiredMixin, View): def get(self, request): tokens = Token.objects.filter(user=request.user) - table = TokenTable(tokens) + table = tables.TokenTable(tokens) table.configure(request) return render(request, 'users/api_tokens.html', { @@ -257,7 +257,7 @@ def get(self, request, pk=None): else: token = Token(user=request.user) - form = TokenForm(instance=token) + form = forms.TokenForm(instance=token) return render(request, 'generic/object_edit.html', { 'object': token, @@ -269,10 +269,10 @@ def post(self, request, pk=None): if pk: token = get_object_or_404(Token.objects.filter(user=request.user), pk=pk) - form = TokenForm(request.POST, instance=token) + form = forms.TokenForm(request.POST, instance=token) else: token = Token(user=request.user) - form = TokenForm(request.POST) + form = forms.TokenForm(request.POST) if form.is_valid(): @@ -333,3 +333,48 @@ def post(self, request, pk): 'form': form, 'return_url': reverse('users:token_list'), }) + +# +# Users +# + + +class NetBoxUserListView(generic.ObjectListView): + queryset = NetBoxUser.objects.all() + filterset = filtersets.UserFilterSet + filterset_form = forms.UserFilterForm + table = tables.UserTable + + +@register_model_view(get_user_model()) +class NetBoxUserView(generic.ObjectView): + queryset = get_user_model().objects.all() + + +@register_model_view(NetBoxUser, 'edit') +class NetBoxUserEditView(generic.ObjectEditView): + queryset = get_user_model().objects.all() + form = forms.UserForm + + +@register_model_view(NetBoxUser, 'delete') +class NetBoxUserDeleteView(generic.ObjectDeleteView): + queryset = get_user_model().objects.all() + + +class NetBoxUserBulkImportView(generic.BulkImportView): + queryset = get_user_model().objects.all() + model_form = forms.UserImportForm + + +class NetBoxUserBulkEditView(generic.BulkEditView): + queryset = get_user_model().objects.all() + filterset = filtersets.UserFilterSet + table = tables.UserTable + form = forms.UserBulkEditForm + + +class NetBoxUserBulkDeleteView(generic.BulkDeleteView): + queryset = get_user_model().objects.all() + filterset = filtersets.UserFilterSet + table = tables.UserTable diff --git a/netbox/utilities/views.py b/netbox/utilities/views.py index 43ca9a58981..a45e149c779 100644 --- a/netbox/utilities/views.py +++ b/netbox/utilities/views.py @@ -5,6 +5,7 @@ from netbox.registry import registry from .permissions import resolve_permission +from .querysets import RestrictedQuerySet __all__ = ( 'ContentTypePermissionRequiredMixin', @@ -93,7 +94,7 @@ def dispatch(self, request, *args, **kwargs): 'a base queryset'.format(self.__class__.__name__) ) - if not self.has_permission(): + if isinstance(self.queryset, RestrictedQuerySet) and not self.has_permission(): return self.handle_no_permission() return super().dispatch(request, *args, **kwargs) From b17dfa05345fce3505aa928a748bc8897d618023 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 2 Jun 2023 09:58:45 -0700 Subject: [PATCH 02/72] 125890 first working user list --- netbox/users/forms/__init__.py | 4 + netbox/users/forms/bulk_edit.py | 38 ++++++++ netbox/users/forms/bulk_import.py | 24 +++++ netbox/users/forms/filtersets.py | 55 +++++++++++ netbox/users/forms/model_forms.py | 153 ++++++++++++++++++++++++++++++ 5 files changed, 274 insertions(+) create mode 100644 netbox/users/forms/__init__.py create mode 100644 netbox/users/forms/bulk_edit.py create mode 100644 netbox/users/forms/bulk_import.py create mode 100644 netbox/users/forms/filtersets.py create mode 100644 netbox/users/forms/model_forms.py diff --git a/netbox/users/forms/__init__.py b/netbox/users/forms/__init__.py new file mode 100644 index 00000000000..1499f98b281 --- /dev/null +++ b/netbox/users/forms/__init__.py @@ -0,0 +1,4 @@ +from .bulk_edit import * +from .bulk_import import * +from .filtersets import * +from .model_forms import * diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py new file mode 100644 index 00000000000..dd2dc6aa9d7 --- /dev/null +++ b/netbox/users/forms/bulk_edit.py @@ -0,0 +1,38 @@ +from django import forms +from django.utils.translation import gettext as _ + +from circuits.choices import CircuitCommitRateChoices, CircuitStatusChoices +from circuits.models import * +from ipam.models import ASN +from netbox.forms import NetBoxModelBulkEditForm +from tenancy.models import Tenant +from utilities.forms import add_blank_choice +from utilities.forms.fields import CommentField, DynamicModelChoiceField, DynamicModelMultipleChoiceField +from utilities.forms.widgets import DatePicker, NumberWithOptions + +__all__ = ( + 'UserBulkEditForm', +) + + +class UserBulkEditForm(NetBoxModelBulkEditForm): + asns = DynamicModelMultipleChoiceField( + queryset=ASN.objects.all(), + label=_('ASNs'), + required=False + ) + description = forms.CharField( + max_length=200, + required=False + ) + comments = CommentField( + label=_('Comments') + ) + + model = Provider + fieldsets = ( + (None, ('asns', 'description')), + ) + nullable_fields = ( + 'asns', 'description', 'comments', + ) diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py new file mode 100644 index 00000000000..aa3718d24d7 --- /dev/null +++ b/netbox/users/forms/bulk_import.py @@ -0,0 +1,24 @@ +from django import forms + +from circuits.choices import CircuitStatusChoices +from circuits.models import * +from dcim.models import Site +from django.utils.translation import gettext as _ +from netbox.forms import NetBoxModelImportForm +from tenancy.models import Tenant +from utilities.forms import BootstrapMixin +from utilities.forms.fields import CSVChoiceField, CSVModelChoiceField, SlugField + +__all__ = ( + 'UserImportForm', +) + + +class UserImportForm(NetBoxModelImportForm): + slug = SlugField() + + class Meta: + model = Provider + fields = ( + 'name', 'slug', 'description', 'comments', 'tags', + ) diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py new file mode 100644 index 00000000000..30b6bd83288 --- /dev/null +++ b/netbox/users/forms/filtersets.py @@ -0,0 +1,55 @@ +from django import forms +from django.utils.translation import gettext as _ + +from circuits.choices import CircuitCommitRateChoices, CircuitStatusChoices +from circuits.models import * +from dcim.models import Region, Site, SiteGroup +from ipam.models import ASN +from netbox.forms import NetBoxModelFilterSetForm +from tenancy.forms import TenancyFilterForm, ContactModelFilterForm +from users.models import NetBoxUser +from utilities.forms.fields import DynamicModelMultipleChoiceField, TagFilterField +from utilities.forms.widgets import DatePicker, NumberWithOptions + +__all__ = ( + 'UserFilterForm', +) + + +class UserFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): + model = NetBoxUser + fieldsets = ( + (None, ('q', 'filter_id',)), + ('Location', ('region_id', 'site_group_id', 'site_id')), + ('ASN', ('asn',)), + ('Contacts', ('contact', 'contact_role', 'contact_group')), + ) + region_id = DynamicModelMultipleChoiceField( + queryset=Region.objects.all(), + required=False, + label=_('Region') + ) + site_group_id = DynamicModelMultipleChoiceField( + queryset=SiteGroup.objects.all(), + required=False, + label=_('Site group') + ) + site_id = DynamicModelMultipleChoiceField( + queryset=Site.objects.all(), + required=False, + query_params={ + 'region_id': '$region_id', + 'site_group_id': '$site_group_id', + }, + label=_('Site') + ) + asn = forms.IntegerField( + required=False, + label=_('ASN (legacy)') + ) + asn_id = DynamicModelMultipleChoiceField( + queryset=ASN.objects.all(), + required=False, + label=_('ASNs') + ) + tag = TagFilterField(model) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py new file mode 100644 index 00000000000..265a66cc85d --- /dev/null +++ b/netbox/users/forms/model_forms.py @@ -0,0 +1,153 @@ +from django import forms +from django.conf import settings +from django.contrib.auth import get_user_model +from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm as DjangoPasswordChangeForm +from django.contrib.postgres.forms import SimpleArrayField +from django.utils.html import mark_safe +from django.utils.translation import gettext as _ + +from ipam.formfields import IPNetworkFormField +from ipam.validators import prefix_validator +from netbox.preferences import PREFERENCES +from utilities.forms import BootstrapMixin +from utilities.forms.widgets import DateTimePicker +from utilities.utils import flatten_dict +from users.models import * + + +__all__ = ( + 'LoginForm', + 'PasswordChangeForm', + 'TokenForm', + 'UserConfigForm', + 'UserForm', +) + + +class LoginForm(BootstrapMixin, AuthenticationForm): + pass + + +class PasswordChangeForm(BootstrapMixin, DjangoPasswordChangeForm): + pass + + +class UserConfigFormMetaclass(forms.models.ModelFormMetaclass): + + def __new__(mcs, name, bases, attrs): + + # Emulate a declared field for each supported user preference + preference_fields = {} + for field_name, preference in PREFERENCES.items(): + description = f'{preference.description}
' if preference.description else '' + help_text = f'{description}{field_name}' + field_kwargs = { + 'label': preference.label, + 'choices': preference.choices, + 'help_text': mark_safe(help_text), + 'coerce': preference.coerce, + 'required': False, + 'widget': forms.Select, + } + preference_fields[field_name] = forms.TypedChoiceField(**field_kwargs) + attrs.update(preference_fields) + + return super().__new__(mcs, name, bases, attrs) + + +class UserConfigForm(BootstrapMixin, forms.ModelForm, metaclass=UserConfigFormMetaclass): + fieldsets = ( + ('User Interface', ( + 'pagination.per_page', + 'pagination.placement', + 'ui.colormode', + )), + ('Miscellaneous', ( + 'data_format', + )), + ) + # List of clearable preferences + pk = forms.MultipleChoiceField( + choices=[], + required=False + ) + + class Meta: + model = UserConfig + fields = () + + def __init__(self, *args, instance=None, **kwargs): + + # Get initial data from UserConfig instance + initial_data = flatten_dict(instance.data) + kwargs['initial'] = initial_data + + super().__init__(*args, instance=instance, **kwargs) + + # Compile clearable preference choices + self.fields['pk'].choices = ( + (f'tables.{table_name}', '') for table_name in instance.data.get('tables', []) + ) + + def save(self, *args, **kwargs): + + # Set UserConfig data + for pref_name, value in self.cleaned_data.items(): + if pref_name == 'pk': + continue + self.instance.set(pref_name, value, commit=False) + + # Clear selected preferences + for preference in self.cleaned_data['pk']: + self.instance.clear(preference) + + return super().save(*args, **kwargs) + + @property + def plugin_fields(self): + return [ + name for name in self.fields.keys() if name.startswith('plugins.') + ] + + +class TokenForm(BootstrapMixin, forms.ModelForm): + key = forms.CharField( + required=False, + help_text=_("If no key is provided, one will be generated automatically.") + ) + allowed_ips = SimpleArrayField( + base_field=IPNetworkFormField(validators=[prefix_validator]), + required=False, + label=_('Allowed IPs'), + help_text=_('Allowed IPv4/IPv6 networks from where the token can be used. Leave blank for no restrictions. ' + 'Example: 10.1.1.0/24,192.168.10.16/32,2001:db8:1::/64'), + ) + + class Meta: + model = Token + fields = [ + 'key', 'write_enabled', 'expires', 'description', 'allowed_ips', + ] + widgets = { + 'expires': DateTimePicker(), + } + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + + # Omit the key field if token retrieval is not permitted + if self.instance.pk and not settings.ALLOW_TOKEN_RETRIEVAL: + del self.fields['key'] + + +class UserForm(BootstrapMixin, forms.ModelForm): + + fieldsets = ( + ('User', ('username', )), + ) + + class Meta: + model = NetBoxUser + fields = [ + 'username', + ] From a6094679683629ac209929c8bb8994836614ef9a Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 6 Jun 2023 09:57:23 -0700 Subject: [PATCH 03/72] 125890 add form fields --- netbox/netbox/views/generic/mixins.py | 1 + netbox/users/forms/filtersets.py | 39 +++++++++++---------------- netbox/users/forms/model_forms.py | 13 +++++++-- netbox/users/tables.py | 7 ++--- netbox/users/urls.py | 1 + netbox/users/views.py | 15 ++++++++++- 6 files changed, 46 insertions(+), 30 deletions(-) diff --git a/netbox/netbox/views/generic/mixins.py b/netbox/netbox/views/generic/mixins.py index 8e363f0a574..a55f015094e 100644 --- a/netbox/netbox/views/generic/mixins.py +++ b/netbox/netbox/views/generic/mixins.py @@ -22,6 +22,7 @@ def get_permitted_actions(self, user, model=None): Return a tuple of actions for which the given user is permitted to do. """ model = model or self.queryset.model + return [ action for action in self.actions if user.has_perms([ get_permission_for_model(model, name) for name in self.action_perms[action] diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py index 30b6bd83288..473bddac9a6 100644 --- a/netbox/users/forms/filtersets.py +++ b/netbox/users/forms/filtersets.py @@ -20,36 +20,27 @@ class UserFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): model = NetBoxUser fieldsets = ( (None, ('q', 'filter_id',)), - ('Location', ('region_id', 'site_group_id', 'site_id')), - ('ASN', ('asn',)), - ('Contacts', ('contact', 'contact_role', 'contact_group')), + ('Name', ('username', 'first_name', 'last_name')), + ('Security', ('is_superuser', 'is_staff', 'is_active')), ) - region_id = DynamicModelMultipleChoiceField( - queryset=Region.objects.all(), - required=False, - label=_('Region') + username = forms.CharField( + required=False ) - site_group_id = DynamicModelMultipleChoiceField( - queryset=SiteGroup.objects.all(), - required=False, - label=_('Site group') + first_name = forms.CharField( + required=False + ) + last_name = forms.CharField( + required=False ) - site_id = DynamicModelMultipleChoiceField( - queryset=Site.objects.all(), + is_superuser = forms.BooleanField( required=False, - query_params={ - 'region_id': '$region_id', - 'site_group_id': '$site_group_id', - }, - label=_('Site') + label='Is Superuser', ) - asn = forms.IntegerField( + is_staff = forms.BooleanField( required=False, - label=_('ASN (legacy)') + label='Is Staff', ) - asn_id = DynamicModelMultipleChoiceField( - queryset=ASN.objects.all(), + is_active = forms.BooleanField( required=False, - label=_('ASNs') + label='Is Active', ) - tag = TagFilterField(model) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 265a66cc85d..fbf55ffa8e9 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -2,6 +2,7 @@ from django.conf import settings from django.contrib.auth import get_user_model from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm as DjangoPasswordChangeForm +from django.contrib.auth.models import Group from django.contrib.postgres.forms import SimpleArrayField from django.utils.html import mark_safe from django.utils.translation import gettext as _ @@ -10,6 +11,7 @@ from ipam.validators import prefix_validator from netbox.preferences import PREFERENCES from utilities.forms import BootstrapMixin +from utilities.forms.fields import DynamicModelChoiceField, DynamicModelMultipleChoiceField from utilities.forms.widgets import DateTimePicker from utilities.utils import flatten_dict from users.models import * @@ -141,13 +143,20 @@ def __init__(self, *args, **kwargs): class UserForm(BootstrapMixin, forms.ModelForm): + groups = DynamicModelMultipleChoiceField( + queryset=Group.objects.all() + ) fieldsets = ( - ('User', ('username', )), + ('User', ('username', 'first_name', 'last_name', 'email', )), + ('Groups', ('groups', )), + ('Status', ('is_active', 'is_staff', 'is_superuser', )), + ('Important Dates', ('last_login', 'date_joined', )), ) class Meta: model = NetBoxUser fields = [ - 'username', + 'username', 'first_name', 'last_name', 'email', 'groups', + 'is_active', 'is_staff', 'is_superuser', 'last_login', 'date_joined', ] diff --git a/netbox/users/tables.py b/netbox/users/tables.py index f7c27ff6346..45a87e7ac07 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -1,4 +1,5 @@ import django_tables2 as tables +from django_tables2.utils import A from .models import Token from netbox.tables import NetBoxTable, columns from users.models import NetBoxUser @@ -56,7 +57,7 @@ class Meta(NetBoxTable.Meta): class UserTable(NetBoxTable): - username = tables.Column() + username = tables.LinkColumn('users:netboxuser', args=[A('pk')]) actions = columns.ActionsColumn( actions=('edit', 'delete'), ) @@ -64,6 +65,6 @@ class UserTable(NetBoxTable): class Meta(NetBoxTable.Meta): model = NetBoxUser fields = ( - 'pk', 'id', 'username', 'email', 'first_name', 'last_name' + 'pk', 'id', 'username', 'email', 'first_name', 'last_name', 'is_superuser', 'is_staff', 'is_active' ) - default_columns = ('pk', 'username', 'email', 'first_name', 'last_name') + default_columns = ('pk', 'username', 'email', 'first_name', 'last_name', 'is_superuser') diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 03c1bf9b4c9..12c4e6e667c 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -14,6 +14,7 @@ # Users path('users/', views.NetBoxUserListView.as_view(), name='user_list'), path('users/add/', views.NetBoxUserEditView.as_view(), name='user_add'), + path('users/add/', views.NetBoxUserEditView.as_view(), name='netboxuser_add'), path('users/import/', views.NetBoxUserBulkImportView.as_view(), name='netboxuser_import'), path('users/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxuser_bulk_edit'), path('users/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxuser_bulk_delete'), diff --git a/netbox/users/views.py b/netbox/users/views.py index 5c0dc1af37b..d114deb7a91 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -346,9 +346,22 @@ class NetBoxUserListView(generic.ObjectListView): table = tables.UserTable -@register_model_view(get_user_model()) +@register_model_view(NetBoxUser) class NetBoxUserView(generic.ObjectView): queryset = get_user_model().objects.all() + template_name = 'users/user.html' + + def get_extra_context(self, request, instance): + # Compile changelog table + changelog = ObjectChange.objects.restrict(request.user, 'view').filter(user=request.user).prefetch_related( + 'changed_object_type' + )[:20] + changelog_table = ObjectChangeTable(changelog) + + return { + 'changelog_table': changelog_table, + 'active_tab': 'user', + } @register_model_view(NetBoxUser, 'edit') From bd67cfb4014bd96cf297e830eff4d71dbf36735b Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 6 Jun 2023 11:15:35 -0700 Subject: [PATCH 04/72] 125890 basic group objectpermission views --- netbox/netbox/navigation/menu.py | 4 +- netbox/users/forms/bulk_edit.py | 48 ++++++++ netbox/users/forms/bulk_import.py | 31 ++++- netbox/users/forms/filtersets.py | 62 ++++++++++ netbox/users/forms/model_forms.py | 30 +++++ ...user.py => 0004_netboxgroup_netboxuser.py} | 16 ++- netbox/users/models.py | 10 ++ netbox/users/tables.py | 30 +++++ netbox/users/urls.py | 19 +++- netbox/users/views.py | 106 ++++++++++++++++-- 10 files changed, 339 insertions(+), 17 deletions(-) rename netbox/users/migrations/{0004_netboxuser.py => 0004_netboxgroup_netboxuser.py} (59%) diff --git a/netbox/netbox/navigation/menu.py b/netbox/netbox/navigation/menu.py index 5e83226578e..b896f67ef4f 100644 --- a/netbox/netbox/navigation/menu.py +++ b/netbox/netbox/navigation/menu.py @@ -351,7 +351,9 @@ MenuGroup( label=_('Users'), items=( - get_model_item('users', 'user', _('Users'), actions=['add']), + get_model_item('users', 'netboxuser', _('Users'), actions=['add']), + get_model_item('users', 'netboxgroup', _('Groups'), actions=['add']), + get_model_item('users', 'objectpermission', _('Permissions'), actions=['add']), ), ), ), diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index dd2dc6aa9d7..c2b548e8d84 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -11,6 +11,8 @@ from utilities.forms.widgets import DatePicker, NumberWithOptions __all__ = ( + 'GroupBulkEditForm', + 'ObjectPermissionBulkEditForm', 'UserBulkEditForm', ) @@ -36,3 +38,49 @@ class UserBulkEditForm(NetBoxModelBulkEditForm): nullable_fields = ( 'asns', 'description', 'comments', ) + + +class GroupBulkEditForm(NetBoxModelBulkEditForm): + asns = DynamicModelMultipleChoiceField( + queryset=ASN.objects.all(), + label=_('ASNs'), + required=False + ) + description = forms.CharField( + max_length=200, + required=False + ) + comments = CommentField( + label=_('Comments') + ) + + model = Provider + fieldsets = ( + (None, ('asns', 'description')), + ) + nullable_fields = ( + 'asns', 'description', 'comments', + ) + + +class ObjectPermissionBulkEditForm(NetBoxModelBulkEditForm): + asns = DynamicModelMultipleChoiceField( + queryset=ASN.objects.all(), + label=_('ASNs'), + required=False + ) + description = forms.CharField( + max_length=200, + required=False + ) + comments = CommentField( + label=_('Comments') + ) + + model = Provider + fieldsets = ( + (None, ('asns', 'description')), + ) + nullable_fields = ( + 'asns', 'description', 'comments', + ) diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py index aa3718d24d7..060d771ee3d 100644 --- a/netbox/users/forms/bulk_import.py +++ b/netbox/users/forms/bulk_import.py @@ -1,15 +1,14 @@ from django import forms -from circuits.choices import CircuitStatusChoices -from circuits.models import * -from dcim.models import Site +from users.models import * from django.utils.translation import gettext as _ from netbox.forms import NetBoxModelImportForm -from tenancy.models import Tenant from utilities.forms import BootstrapMixin from utilities.forms.fields import CSVChoiceField, CSVModelChoiceField, SlugField __all__ = ( + 'GroupImportForm', + 'ObjectPermissionImportForm', 'UserImportForm', ) @@ -18,7 +17,27 @@ class UserImportForm(NetBoxModelImportForm): slug = SlugField() class Meta: - model = Provider + model = NetBoxUser fields = ( - 'name', 'slug', 'description', 'comments', 'tags', + 'email', + ) + + +class GroupImportForm(NetBoxModelImportForm): + slug = SlugField() + + class Meta: + model = NetBoxGroup + fields = ( + 'name', + ) + + +class ObjectPermissionImportForm(NetBoxModelImportForm): + slug = SlugField() + + class Meta: + model = ObjectPermission + fields = ( + 'name', ) diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py index 473bddac9a6..cef567230d3 100644 --- a/netbox/users/forms/filtersets.py +++ b/netbox/users/forms/filtersets.py @@ -12,6 +12,8 @@ from utilities.forms.widgets import DatePicker, NumberWithOptions __all__ = ( + 'GroupFilterForm', + 'ObjectPermissionFilterForm', 'UserFilterForm', ) @@ -44,3 +46,63 @@ class UserFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): required=False, label='Is Active', ) + + +class GroupFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): + model = NetBoxUser + fieldsets = ( + (None, ('q', 'filter_id',)), + ('Name', ('username', 'first_name', 'last_name')), + ('Security', ('is_superuser', 'is_staff', 'is_active')), + ) + username = forms.CharField( + required=False + ) + first_name = forms.CharField( + required=False + ) + last_name = forms.CharField( + required=False + ) + is_superuser = forms.BooleanField( + required=False, + label='Is Superuser', + ) + is_staff = forms.BooleanField( + required=False, + label='Is Staff', + ) + is_active = forms.BooleanField( + required=False, + label='Is Active', + ) + + +class ObjectPermissionFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): + model = NetBoxUser + fieldsets = ( + (None, ('q', 'filter_id',)), + ('Name', ('username', 'first_name', 'last_name')), + ('Security', ('is_superuser', 'is_staff', 'is_active')), + ) + username = forms.CharField( + required=False + ) + first_name = forms.CharField( + required=False + ) + last_name = forms.CharField( + required=False + ) + is_superuser = forms.BooleanField( + required=False, + label='Is Superuser', + ) + is_staff = forms.BooleanField( + required=False, + label='Is Staff', + ) + is_active = forms.BooleanField( + required=False, + label='Is Active', + ) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index fbf55ffa8e9..209e6b7daa0 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -18,7 +18,9 @@ __all__ = ( + 'GroupForm', 'LoginForm', + 'ObjectPermissionForm', 'PasswordChangeForm', 'TokenForm', 'UserConfigForm', @@ -160,3 +162,31 @@ class Meta: 'username', 'first_name', 'last_name', 'email', 'groups', 'is_active', 'is_staff', 'is_superuser', 'last_login', 'date_joined', ] + + +class GroupForm(BootstrapMixin, forms.ModelForm): + + fieldsets = ( + ('User', ('username', 'first_name', 'last_name', 'email', )), + ) + + class Meta: + model = NetBoxUser + fields = [ + 'username', 'first_name', 'last_name', 'email', 'groups', + 'is_active', 'is_staff', 'is_superuser', 'last_login', 'date_joined', + ] + + +class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): + + fieldsets = ( + ('User', ('username', 'first_name', 'last_name', 'email', )), + ) + + class Meta: + model = NetBoxUser + fields = [ + 'username', 'first_name', 'last_name', 'email', 'groups', + 'is_active', 'is_staff', 'is_superuser', 'last_login', 'date_joined', + ] diff --git a/netbox/users/migrations/0004_netboxuser.py b/netbox/users/migrations/0004_netboxgroup_netboxuser.py similarity index 59% rename from netbox/users/migrations/0004_netboxuser.py rename to netbox/users/migrations/0004_netboxgroup_netboxuser.py index 03355ea3c16..7bb746bd568 100644 --- a/netbox/users/migrations/0004_netboxuser.py +++ b/netbox/users/migrations/0004_netboxgroup_netboxuser.py @@ -1,4 +1,4 @@ -# Generated by Django 4.1.9 on 2023-06-02 16:55 +# Generated by Django 4.1.9 on 2023-06-06 18:15 import django.contrib.auth.models from django.db import migrations @@ -11,6 +11,20 @@ class Migration(migrations.Migration): ] operations = [ + migrations.CreateModel( + name='NetBoxGroup', + fields=[], + options={ + 'verbose_name': 'Group', + 'proxy': True, + 'indexes': [], + 'constraints': [], + }, + bases=('auth.group',), + managers=[ + ('objects', django.contrib.auth.models.GroupManager()), + ], + ), migrations.CreateModel( name='NetBoxUser', fields=[], diff --git a/netbox/users/models.py b/netbox/users/models.py index 6b5b13b1417..7bb0377e49e 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -20,6 +20,7 @@ from .constants import * __all__ = ( + 'NetBoxGroup', 'NetBoxUser', 'ObjectPermission', 'Token', @@ -58,6 +59,15 @@ class Meta: verbose_name = 'User' proxy = True + +class NetBoxGroup(Group): + """ + Proxy contrib.auth.models.User for the UI + """ + class Meta: + verbose_name = 'Group' + proxy = True + # # User preferences # diff --git a/netbox/users/tables.py b/netbox/users/tables.py index 45a87e7ac07..4931d932743 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -5,6 +5,8 @@ from users.models import NetBoxUser __all__ = ( + 'GroupTable', + 'ObjectPermissionTable', 'TokenTable', 'UserTable', ) @@ -68,3 +70,31 @@ class Meta(NetBoxTable.Meta): 'pk', 'id', 'username', 'email', 'first_name', 'last_name', 'is_superuser', 'is_staff', 'is_active' ) default_columns = ('pk', 'username', 'email', 'first_name', 'last_name', 'is_superuser') + + +class GroupTable(NetBoxTable): + username = tables.LinkColumn('users:netboxuser', args=[A('pk')]) + actions = columns.ActionsColumn( + actions=('edit', 'delete'), + ) + + class Meta(NetBoxTable.Meta): + model = NetBoxUser + fields = ( + 'pk', 'id', 'username', 'email', 'first_name', 'last_name', 'is_superuser', 'is_staff', 'is_active' + ) + default_columns = ('pk', 'username', 'email', 'first_name', 'last_name', 'is_superuser') + + +class ObjectPermissionTable(NetBoxTable): + username = tables.LinkColumn('users:netboxuser', args=[A('pk')]) + actions = columns.ActionsColumn( + actions=('edit', 'delete'), + ) + + class Meta(NetBoxTable.Meta): + model = NetBoxUser + fields = ( + 'pk', 'id', 'username', 'email', 'first_name', 'last_name', 'is_superuser', 'is_staff', 'is_active' + ) + default_columns = ('pk', 'username', 'email', 'first_name', 'last_name', 'is_superuser') diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 12c4e6e667c..17e9b96852b 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -12,14 +12,29 @@ path('password/', views.ChangePasswordView.as_view(), name='change_password'), # Users - path('users/', views.NetBoxUserListView.as_view(), name='user_list'), - path('users/add/', views.NetBoxUserEditView.as_view(), name='user_add'), + path('users/', views.NetBoxUserListView.as_view(), name='netboxuser_list'), path('users/add/', views.NetBoxUserEditView.as_view(), name='netboxuser_add'), path('users/import/', views.NetBoxUserBulkImportView.as_view(), name='netboxuser_import'), path('users/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxuser_bulk_edit'), path('users/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxuser_bulk_delete'), path('users//', include(get_model_urls('users', 'netboxuser'))), + # Groups + path('groups/', views.NetBoxUserListView.as_view(), name='netboxgroup_list'), + path('groups/add/', views.NetBoxUserEditView.as_view(), name='netboxgroup_add'), + path('groups/import/', views.NetBoxUserBulkImportView.as_view(), name='netboxgroup_import'), + path('groups/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxgroup_bulk_edit'), + path('groups/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxgroup_bulk_delete'), + path('groups//', include(get_model_urls('users', 'netboxgroup'))), + + # Permissions + path('permissions/', views.NetBoxUserListView.as_view(), name='objectpermission_list'), + path('permissions/add/', views.NetBoxUserEditView.as_view(), name='objectpermission_add'), + path('permissions/import/', views.NetBoxUserBulkImportView.as_view(), name='objectpermission_import'), + path('permissions/edit/', views.NetBoxUserBulkEditView.as_view(), name='objectpermission_bulk_edit'), + path('permissions/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='objectpermission_bulk_delete'), + path('permissions//', include(get_model_urls('users', 'objectpermission'))), + # API tokens path('api-tokens/', views.TokenListView.as_view(), name='token_list'), path('api-tokens/add/', views.TokenEditView.as_view(), name='token_add'), diff --git a/netbox/users/views.py b/netbox/users/views.py index d114deb7a91..3bf6d5e1c7f 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -23,7 +23,7 @@ from utilities.forms import ConfirmationForm from utilities.views import register_model_view from . import filtersets, forms, tables -from .models import Token, UserConfig, NetBoxUser +from .models import Token, UserConfig, NetBoxGroup, NetBoxUser, ObjectPermission # @@ -348,7 +348,7 @@ class NetBoxUserListView(generic.ObjectListView): @register_model_view(NetBoxUser) class NetBoxUserView(generic.ObjectView): - queryset = get_user_model().objects.all() + queryset = NetBoxUser.objects.all() template_name = 'users/user.html' def get_extra_context(self, request, instance): @@ -366,28 +366,120 @@ def get_extra_context(self, request, instance): @register_model_view(NetBoxUser, 'edit') class NetBoxUserEditView(generic.ObjectEditView): - queryset = get_user_model().objects.all() + queryset = NetBoxUser.objects.all() form = forms.UserForm @register_model_view(NetBoxUser, 'delete') class NetBoxUserDeleteView(generic.ObjectDeleteView): - queryset = get_user_model().objects.all() + queryset = NetBoxUser.objects.all() class NetBoxUserBulkImportView(generic.BulkImportView): - queryset = get_user_model().objects.all() + queryset = NetBoxUser.objects.all() model_form = forms.UserImportForm class NetBoxUserBulkEditView(generic.BulkEditView): - queryset = get_user_model().objects.all() + queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet table = tables.UserTable form = forms.UserBulkEditForm class NetBoxUserBulkDeleteView(generic.BulkDeleteView): - queryset = get_user_model().objects.all() + queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet table = tables.UserTable + +# +# Groups +# + + +class NetBoxGroupListView(generic.ObjectListView): + queryset = NetBoxGroup.objects.all() + filterset = filtersets.GroupFilterSet + filterset_form = forms.GroupFilterForm + table = tables.GroupTable + + +@register_model_view(NetBoxGroup) +class NetBoxGroupView(generic.ObjectView): + queryset = NetBoxGroup.objects.all() + template_name = 'users/group.html' + + +@register_model_view(NetBoxGroup, 'edit') +class NetBoxGroupEditView(generic.ObjectEditView): + queryset = NetBoxGroup.objects.all() + form = forms.GroupForm + + +@register_model_view(NetBoxGroup, 'delete') +class NetBoxGroupDeleteView(generic.ObjectDeleteView): + queryset = NetBoxGroup.objects.all() + + +class NetBoxGroupBulkImportView(generic.BulkImportView): + queryset = NetBoxGroup.objects.all() + model_form = forms.GroupImportForm + + +class NetBoxGroupBulkEditView(generic.BulkEditView): + queryset = NetBoxGroup.objects.all() + filterset = filtersets.GroupFilterSet + table = tables.GroupTable + form = forms.GroupBulkEditForm + + +class NetBoxGroupBulkDeleteView(generic.BulkDeleteView): + queryset = NetBoxGroup.objects.all() + filterset = filtersets.GroupFilterSet + table = tables.GroupTable + +# +# ObjectPermissions +# + + +class ObjectPermissionListView(generic.ObjectListView): + queryset = NetBoxGroup.objects.all() + filterset = filtersets.ObjectPermissionFilterSet + filterset_form = forms.ObjectPermissionFilterForm + table = tables.ObjectPermissionTable + + +@register_model_view(ObjectPermission) +class ObjectPermissionView(generic.ObjectView): + queryset = NetBoxGroup.objects.all() + template_name = 'users/objectpermission.html' + + +@register_model_view(ObjectPermission, 'edit') +class ObjectPermissionEditView(generic.ObjectEditView): + queryset = ObjectPermission.objects.all() + form = forms.ObjectPermissionForm + + +@register_model_view(ObjectPermission, 'delete') +class ObjectPermissionDeleteView(generic.ObjectDeleteView): + queryset = ObjectPermission.objects.all() + + +class ObjectPermissionBulkImportView(generic.BulkImportView): + queryset = ObjectPermission.objects.all() + model_form = forms.ObjectPermissionImportForm + + +class ObjectPermissionBulkEditView(generic.BulkEditView): + queryset = ObjectPermission.objects.all() + filterset = filtersets.ObjectPermissionFilterSet + table = tables.ObjectPermissionTable + form = forms.ObjectPermissionBulkEditForm + + +class ObjectPermissionBulkDeleteView(generic.BulkDeleteView): + queryset = ObjectPermission.objects.all() + filterset = filtersets.ObjectPermissionFilterSet + table = tables.ObjectPermissionTable From 4da0b835fdd1461baa1f3811e34d192e2b55f0fe Mon Sep 17 00:00:00 2001 From: Arthur Date: Wed, 7 Jun 2023 08:36:42 -0700 Subject: [PATCH 05/72] 125890 basic group objectpermission views --- netbox/users/forms/model_forms.py | 13 ++++++------- netbox/users/urls.py | 20 ++++++++++---------- 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 209e6b7daa0..ea586965429 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -167,26 +167,25 @@ class Meta: class GroupForm(BootstrapMixin, forms.ModelForm): fieldsets = ( - ('User', ('username', 'first_name', 'last_name', 'email', )), + ('name', ), ) class Meta: - model = NetBoxUser + model = NetBoxGroup fields = [ - 'username', 'first_name', 'last_name', 'email', 'groups', - 'is_active', 'is_staff', 'is_superuser', 'last_login', 'date_joined', + 'name', ] class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): fieldsets = ( + ('name', 'description', 'enabled'), ('User', ('username', 'first_name', 'last_name', 'email', )), ) class Meta: - model = NetBoxUser + model = ObjectPermission fields = [ - 'username', 'first_name', 'last_name', 'email', 'groups', - 'is_active', 'is_staff', 'is_superuser', 'last_login', 'date_joined', + 'name', 'description', 'enabled', ] diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 17e9b96852b..caed08c45f3 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -20,19 +20,19 @@ path('users//', include(get_model_urls('users', 'netboxuser'))), # Groups - path('groups/', views.NetBoxUserListView.as_view(), name='netboxgroup_list'), - path('groups/add/', views.NetBoxUserEditView.as_view(), name='netboxgroup_add'), - path('groups/import/', views.NetBoxUserBulkImportView.as_view(), name='netboxgroup_import'), - path('groups/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxgroup_bulk_edit'), - path('groups/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxgroup_bulk_delete'), + path('groups/', views.NetBoxGroupListView.as_view(), name='netboxgroup_list'), + path('groups/add/', views.NetBoxGroupEditView.as_view(), name='netboxgroup_add'), + path('groups/import/', views.NetBoxGroupBulkImportView.as_view(), name='netboxgroup_import'), + path('groups/edit/', views.NetBoxGroupBulkEditView.as_view(), name='netboxgroup_bulk_edit'), + path('groups/delete/', views.NetBoxGroupBulkDeleteView.as_view(), name='netboxgroup_bulk_delete'), path('groups//', include(get_model_urls('users', 'netboxgroup'))), # Permissions - path('permissions/', views.NetBoxUserListView.as_view(), name='objectpermission_list'), - path('permissions/add/', views.NetBoxUserEditView.as_view(), name='objectpermission_add'), - path('permissions/import/', views.NetBoxUserBulkImportView.as_view(), name='objectpermission_import'), - path('permissions/edit/', views.NetBoxUserBulkEditView.as_view(), name='objectpermission_bulk_edit'), - path('permissions/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='objectpermission_bulk_delete'), + path('permissions/', views.ObjectPermissionListView.as_view(), name='objectpermission_list'), + path('permissions/add/', views.ObjectPermissionEditView.as_view(), name='objectpermission_add'), + path('permissions/import/', views.ObjectPermissionBulkImportView.as_view(), name='objectpermission_import'), + path('permissions/edit/', views.ObjectPermissionBulkEditView.as_view(), name='objectpermission_bulk_edit'), + path('permissions/delete/', views.ObjectPermissionBulkDeleteView.as_view(), name='objectpermission_bulk_delete'), path('permissions//', include(get_model_urls('users', 'objectpermission'))), # API tokens From 2fdd834a6601c9c5b3496427fa31e7a2136b3631 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 9 Jun 2023 11:05:31 -0700 Subject: [PATCH 06/72] 125890 fix group permission views --- netbox/templates/users/group.html | 43 +++++++++++ netbox/templates/users/objectpermission.html | 43 +++++++++++ netbox/templates/users/user.html | 81 ++++++++++++++++++++ netbox/users/filtersets.py | 2 +- netbox/users/forms/model_forms.py | 24 +++++- netbox/users/tables.py | 16 ++-- netbox/users/views.py | 13 +++- 7 files changed, 209 insertions(+), 13 deletions(-) create mode 100644 netbox/templates/users/group.html create mode 100644 netbox/templates/users/objectpermission.html create mode 100644 netbox/templates/users/user.html diff --git a/netbox/templates/users/group.html b/netbox/templates/users/group.html new file mode 100644 index 00000000000..ec5c0acad44 --- /dev/null +++ b/netbox/templates/users/group.html @@ -0,0 +1,43 @@ +{% extends 'users/base.html' %} +{% load helpers %} +{% load render_table from django_tables2 %} + +{% block title %}Group Detail{% endblock %} + +{% block tabs %} + +{% endblock tabs %} + +{% block content %} +
+
+
+
Account Details
+
+ + + + + +
Name{{ object.name }}
+
+
+
+
+
+
Assigned Groups
+
    + {% for group in request.user.groups.all %} +
  • {{ group }}
    • + {% empty %} +
  • None
    • + {% endfor %} +
+
+
+
+{% endblock %} diff --git a/netbox/templates/users/objectpermission.html b/netbox/templates/users/objectpermission.html new file mode 100644 index 00000000000..4fdbb428a98 --- /dev/null +++ b/netbox/templates/users/objectpermission.html @@ -0,0 +1,43 @@ +{% extends 'users/base.html' %} +{% load helpers %} +{% load render_table from django_tables2 %} + +{% block title %}Permission Detail{% endblock %} + +{% block tabs %} + +{% endblock tabs %} + +{% block content %} +
+
+
+
Account Details
+
+ + + + + +
Name{{ object.name }}
+
+
+
+
+
+
Assigned Groups
+
    + {% for group in request.user.groups.all %} +
  • {{ group }}
    • + {% empty %} +
  • None
    • + {% endfor %} +
+
+
+
+{% endblock %} diff --git a/netbox/templates/users/user.html b/netbox/templates/users/user.html new file mode 100644 index 00000000000..3b514b10351 --- /dev/null +++ b/netbox/templates/users/user.html @@ -0,0 +1,81 @@ +{% extends 'users/base.html' %} +{% load helpers %} +{% load render_table from django_tables2 %} + +{% block title %}User Detail{% endblock %} + +{% block tabs %} + +{% endblock tabs %} + +{% block content %} +
+
+
+
Account Details
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
Username{{ object.username }}
Full Name + {% if object.first_name or object.last_name %} + {{ object.first_name }} {{ object.last_name }} + {% else %} + {{ ''|placeholder }} + {% endif %} +
Email{{ object.email|placeholder }}
Account Created{{ object.date_joined|annotated_date }}
Superuser{% checkmark object.is_superuser %}
Admin Access{% checkmark object.is_staff %}
+
+
+
+
+
+
Assigned Groups
+
    + {% for group in object.groups.all %} +
  • {{ group }}
    • + {% empty %} +
  • None
    • + {% endfor %} +
+
+
+
+ {% if perms.extras.view_objectchange %} +
+
+
+
Recent Activity
+
+ {% render_table changelog_table 'inc/table.html' %} +
+
+
+
+ {% endif %} +{% endblock %} diff --git a/netbox/users/filtersets.py b/netbox/users/filtersets.py index 35353b4a3f3..e89f358305e 100644 --- a/netbox/users/filtersets.py +++ b/netbox/users/filtersets.py @@ -49,7 +49,7 @@ class UserFilterSet(BaseFilterSet): ) class Meta: - model = NetBoxUser + model = get_user_model() fields = ['id', 'username', 'first_name', 'last_name', 'email', 'is_staff', 'is_active'] def search(self, queryset, name, value): diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index ea586965429..20f779bf22a 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -146,34 +146,52 @@ def __init__(self, *args, **kwargs): class UserForm(BootstrapMixin, forms.ModelForm): groups = DynamicModelMultipleChoiceField( + required=False, queryset=Group.objects.all() ) + object_permissions = DynamicModelMultipleChoiceField( + required=False, + label=_('Permissions'), + queryset=ObjectPermission.objects.all() + ) fieldsets = ( ('User', ('username', 'first_name', 'last_name', 'email', )), ('Groups', ('groups', )), ('Status', ('is_active', 'is_staff', 'is_superuser', )), ('Important Dates', ('last_login', 'date_joined', )), + ('Permissions', ('object_permissions', )), ) class Meta: model = NetBoxUser fields = [ - 'username', 'first_name', 'last_name', 'email', 'groups', + 'username', 'first_name', 'last_name', 'email', 'groups', 'object_permissions', 'is_active', 'is_staff', 'is_superuser', 'last_login', 'date_joined', ] class GroupForm(BootstrapMixin, forms.ModelForm): + users = DynamicModelMultipleChoiceField( + required=False, + queryset=get_user_model().objects.all() + ) + object_permissions = DynamicModelMultipleChoiceField( + required=False, + label=_('Permissions'), + queryset=ObjectPermission.objects.all() + ) fieldsets = ( - ('name', ), + ('', ('name', )), + ('Users', ('users', )), + ('Permissions', ('object_permissions', )), ) class Meta: model = NetBoxGroup fields = [ - 'name', + 'name', 'users', 'object_permissions', ] diff --git a/netbox/users/tables.py b/netbox/users/tables.py index 4931d932743..cc181763f20 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -2,7 +2,7 @@ from django_tables2.utils import A from .models import Token from netbox.tables import NetBoxTable, columns -from users.models import NetBoxUser +from users.models import NetBoxGroup, NetBoxUser __all__ = ( 'GroupTable', @@ -73,21 +73,21 @@ class Meta(NetBoxTable.Meta): class GroupTable(NetBoxTable): - username = tables.LinkColumn('users:netboxuser', args=[A('pk')]) + name = tables.LinkColumn('users:netboxgroup', args=[A('pk')]) actions = columns.ActionsColumn( actions=('edit', 'delete'), ) class Meta(NetBoxTable.Meta): - model = NetBoxUser + model = NetBoxGroup fields = ( - 'pk', 'id', 'username', 'email', 'first_name', 'last_name', 'is_superuser', 'is_staff', 'is_active' + 'pk', 'id', 'name', 'users_count', ) - default_columns = ('pk', 'username', 'email', 'first_name', 'last_name', 'is_superuser') + default_columns = ('pk', 'name', 'users_count', ) class ObjectPermissionTable(NetBoxTable): - username = tables.LinkColumn('users:netboxuser', args=[A('pk')]) + name = tables.LinkColumn('users:objectpermission', args=[A('pk')]) actions = columns.ActionsColumn( actions=('edit', 'delete'), ) @@ -95,6 +95,6 @@ class ObjectPermissionTable(NetBoxTable): class Meta(NetBoxTable.Meta): model = NetBoxUser fields = ( - 'pk', 'id', 'username', 'email', 'first_name', 'last_name', 'is_superuser', 'is_staff', 'is_active' + 'pk', 'id', 'name', 'enabled', 'actions', 'constraints', ) - default_columns = ('pk', 'username', 'email', 'first_name', 'last_name', 'is_superuser') + default_columns = ('pk', 'name', 'enabled', 'actions', 'constraints',) diff --git a/netbox/users/views.py b/netbox/users/views.py index 3bf6d5e1c7f..012b304537e 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -6,6 +6,7 @@ from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.models import update_last_login from django.contrib.auth.signals import user_logged_in +from django.db.models import Count from django.http import HttpResponseRedirect from django.shortcuts import get_object_or_404, redirect, render, resolve_url from django.urls import reverse @@ -398,7 +399,7 @@ class NetBoxUserBulkDeleteView(generic.BulkDeleteView): class NetBoxGroupListView(generic.ObjectListView): - queryset = NetBoxGroup.objects.all() + queryset = NetBoxGroup.objects.all().annotate(users_count=Count('user')) filterset = filtersets.GroupFilterSet filterset_form = forms.GroupFilterForm table = tables.GroupTable @@ -409,6 +410,11 @@ class NetBoxGroupView(generic.ObjectView): queryset = NetBoxGroup.objects.all() template_name = 'users/group.html' + def get_extra_context(self, request, instance): + return { + 'active_tab': 'group', + } + @register_model_view(NetBoxGroup, 'edit') class NetBoxGroupEditView(generic.ObjectEditView): @@ -455,6 +461,11 @@ class ObjectPermissionView(generic.ObjectView): queryset = NetBoxGroup.objects.all() template_name = 'users/objectpermission.html' + def get_extra_context(self, request, instance): + return { + 'active_tab': 'objectpermission', + } + @register_model_view(ObjectPermission, 'edit') class ObjectPermissionEditView(generic.ObjectEditView): From f1eadc6a5c15d5e718d35b16037f94cab75692db Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 9 Jun 2023 13:00:23 -0700 Subject: [PATCH 07/72] 125890 fix objectpermission form --- netbox/users/forms/model_forms.py | 84 +++++++++++++++++++++++++++++-- netbox/users/tables.py | 4 +- netbox/users/views.py | 4 +- 3 files changed, 83 insertions(+), 9 deletions(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 20f779bf22a..dd30a081355 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -3,6 +3,7 @@ from django.contrib.auth import get_user_model from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm as DjangoPasswordChangeForm from django.contrib.auth.models import Group +from django.contrib.contenttypes.models import ContentType from django.contrib.postgres.forms import SimpleArrayField from django.utils.html import mark_safe from django.utils.translation import gettext as _ @@ -11,9 +12,10 @@ from ipam.validators import prefix_validator from netbox.preferences import PREFERENCES from utilities.forms import BootstrapMixin -from utilities.forms.fields import DynamicModelChoiceField, DynamicModelMultipleChoiceField +from utilities.forms.fields import ContentTypeMultipleChoiceField, DynamicModelChoiceField, DynamicModelMultipleChoiceField from utilities.forms.widgets import DateTimePicker from utilities.utils import flatten_dict +from users.constants import * from users.models import * @@ -183,7 +185,7 @@ class GroupForm(BootstrapMixin, forms.ModelForm): ) fieldsets = ( - ('', ('name', )), + (None, ('name', )), ('Users', ('users', )), ('Permissions', ('object_permissions', )), ) @@ -196,14 +198,86 @@ class Meta: class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): + users = DynamicModelMultipleChoiceField( + required=False, + queryset=get_user_model().objects.all() + ) + groups = DynamicModelMultipleChoiceField( + required=False, + queryset=Group.objects.all() + ) + object_types = ContentTypeMultipleChoiceField( + queryset=ContentType.objects.all(), + limit_choices_to=OBJECTPERMISSION_OBJECT_TYPES + ) + + can_view = forms.BooleanField(required=False) + can_add = forms.BooleanField(required=False) + can_change = forms.BooleanField(required=False) + can_delete = forms.BooleanField(required=False) fieldsets = ( - ('name', 'description', 'enabled'), - ('User', ('username', 'first_name', 'last_name', 'email', )), + (None, ('name', 'description', 'enabled',)), + ('Actions', ('can_view', 'can_add', 'can_change', 'can_delete', 'actions')), + ('Objects', ('object_types')), + ('Assignment', ('groups', 'users')), + ('Constraints', ('constraints',)) ) class Meta: model = ObjectPermission fields = [ - 'name', 'description', 'enabled', + 'name', 'description', 'enabled', 'object_types', 'users', 'groups', 'constraints', 'actions', ] + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + + # Make the actions field optional since the admin form uses it only for non-CRUD actions + self.fields['actions'].required = False + + # Order group and user fields + self.fields['groups'].queryset = self.fields['groups'].queryset.order_by('name') + self.fields['users'].queryset = self.fields['users'].queryset.order_by('username') + + # Check the appropriate checkboxes when editing an existing ObjectPermission + if self.instance.pk: + for action in ['view', 'add', 'change', 'delete']: + if action in self.instance.actions: + self.fields[f'can_{action}'].initial = True + self.instance.actions.remove(action) + + def clean(self): + super().clean() + + object_types = self.cleaned_data.get('object_types') + constraints = self.cleaned_data.get('constraints') + + # Append any of the selected CRUD checkboxes to the actions list + if not self.cleaned_data.get('actions'): + self.cleaned_data['actions'] = list() + for action in ['view', 'add', 'change', 'delete']: + if self.cleaned_data[f'can_{action}'] and action not in self.cleaned_data['actions']: + self.cleaned_data['actions'].append(action) + + # At least one action must be specified + if not self.cleaned_data['actions']: + raise ValidationError("At least one action must be selected.") + + # Validate the specified model constraints by attempting to execute a query. We don't care whether the query + # returns anything; we just want to make sure the specified constraints are valid. + if object_types and constraints: + # Normalize the constraints to a list of dicts + if type(constraints) is not list: + constraints = [constraints] + for ct in object_types: + model = ct.model_class() + try: + tokens = { + CONSTRAINT_TOKEN_USER: 0, # Replace token with a null user ID + } + model.objects.filter(qs_filter_from_constraints(constraints, tokens)).exists() + except FieldError as e: + raise ValidationError({ + 'constraints': f'Invalid filter for {model}: {e}' + }) diff --git a/netbox/users/tables.py b/netbox/users/tables.py index cc181763f20..ba81c282845 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -2,7 +2,7 @@ from django_tables2.utils import A from .models import Token from netbox.tables import NetBoxTable, columns -from users.models import NetBoxGroup, NetBoxUser +from users.models import NetBoxGroup, NetBoxUser, ObjectPermission __all__ = ( 'GroupTable', @@ -93,7 +93,7 @@ class ObjectPermissionTable(NetBoxTable): ) class Meta(NetBoxTable.Meta): - model = NetBoxUser + model = ObjectPermission fields = ( 'pk', 'id', 'name', 'enabled', 'actions', 'constraints', ) diff --git a/netbox/users/views.py b/netbox/users/views.py index 012b304537e..16556dc2af7 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -450,7 +450,7 @@ class NetBoxGroupBulkDeleteView(generic.BulkDeleteView): class ObjectPermissionListView(generic.ObjectListView): - queryset = NetBoxGroup.objects.all() + queryset = ObjectPermission.objects.all() filterset = filtersets.ObjectPermissionFilterSet filterset_form = forms.ObjectPermissionFilterForm table = tables.ObjectPermissionTable @@ -458,7 +458,7 @@ class ObjectPermissionListView(generic.ObjectListView): @register_model_view(ObjectPermission) class ObjectPermissionView(generic.ObjectView): - queryset = NetBoxGroup.objects.all() + queryset = ObjectPermission.objects.all() template_name = 'users/objectpermission.html' def get_extra_context(self, request, instance): From 4560eb650856842ce5c9563bdf409278f7232f05 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 9 Jun 2023 14:06:30 -0700 Subject: [PATCH 08/72] 125890 fixes --- netbox/templates/users/group.html | 6 +- netbox/templates/users/objectpermission.html | 6 +- netbox/users/forms/bulk_edit.py | 71 ++++++++------------ netbox/users/urls.py | 2 +- netbox/users/views.py | 10 +-- 5 files changed, 39 insertions(+), 56 deletions(-) diff --git a/netbox/templates/users/group.html b/netbox/templates/users/group.html index ec5c0acad44..77e1a3f88bb 100644 --- a/netbox/templates/users/group.html +++ b/netbox/templates/users/group.html @@ -29,10 +29,10 @@
Account Details
-
Assigned Groups
+
Users
    - {% for group in request.user.groups.all %} -
  • {{ group }}
    • + {% for user in object.user_set.all %} +
  • {{ user }}
    • {% empty %}
  • None
    • {% endfor %} diff --git a/netbox/templates/users/objectpermission.html b/netbox/templates/users/objectpermission.html index 4fdbb428a98..4f646515a08 100644 --- a/netbox/templates/users/objectpermission.html +++ b/netbox/templates/users/objectpermission.html @@ -29,10 +29,10 @@
    Account Details
-
Assigned Groups
+
Assigned Users
    - {% for group in request.user.groups.all %} -
  • {{ group }}
    • + {% for user in object.users.all %} +
  • {{ user }}
    • {% empty %}
  • None
    • {% endfor %} diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index c2b548e8d84..c444b4cf616 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -1,13 +1,11 @@ from django import forms from django.utils.translation import gettext as _ -from circuits.choices import CircuitCommitRateChoices, CircuitStatusChoices -from circuits.models import * -from ipam.models import ASN from netbox.forms import NetBoxModelBulkEditForm -from tenancy.models import Tenant +from users.models import * from utilities.forms import add_blank_choice from utilities.forms.fields import CommentField, DynamicModelChoiceField, DynamicModelMultipleChoiceField +from utilities.forms import BootstrapMixin from utilities.forms.widgets import DatePicker, NumberWithOptions __all__ = ( @@ -17,44 +15,42 @@ ) -class UserBulkEditForm(NetBoxModelBulkEditForm): - asns = DynamicModelMultipleChoiceField( - queryset=ASN.objects.all(), - label=_('ASNs'), +class UserBulkEditForm(BootstrapMixin, forms.Form): + first_name = forms.CharField( + max_length=150, required=False ) - description = forms.CharField( - max_length=200, + last_name = forms.CharField( + max_length=150, required=False ) - comments = CommentField( - label=_('Comments') + is_active = forms.BooleanField( + required=False, + label=_('Active') + ) + is_staff = forms.BooleanField( + required=False, + label=_('Staff status') + ) + is_superuser = forms.BooleanField( + required=False, + label=_('Superuser status') ) - model = Provider + model = NetBoxUser fieldsets = ( - (None, ('asns', 'description')), - ) - nullable_fields = ( - 'asns', 'description', 'comments', + (None, ('first_name', 'last_name', 'is_active', 'is_staff', 'is_superuser')), ) + nullable_fields = () class GroupBulkEditForm(NetBoxModelBulkEditForm): - asns = DynamicModelMultipleChoiceField( - queryset=ASN.objects.all(), - label=_('ASNs'), - required=False - ) - description = forms.CharField( - max_length=200, + first_name = forms.CharField( + max_length=150, required=False ) - comments = CommentField( - label=_('Comments') - ) - model = Provider + model = NetBoxGroup fieldsets = ( (None, ('asns', 'description')), ) @@ -64,23 +60,10 @@ class GroupBulkEditForm(NetBoxModelBulkEditForm): class ObjectPermissionBulkEditForm(NetBoxModelBulkEditForm): - asns = DynamicModelMultipleChoiceField( - queryset=ASN.objects.all(), - label=_('ASNs'), - required=False - ) - description = forms.CharField( - max_length=200, - required=False - ) - comments = CommentField( - label=_('Comments') - ) - - model = Provider + model = ObjectPermission fieldsets = ( - (None, ('asns', 'description')), + (None, ('description')), ) nullable_fields = ( - 'asns', 'description', 'comments', + 'description', ) diff --git a/netbox/users/urls.py b/netbox/users/urls.py index caed08c45f3..fd248993acc 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -23,7 +23,7 @@ path('groups/', views.NetBoxGroupListView.as_view(), name='netboxgroup_list'), path('groups/add/', views.NetBoxGroupEditView.as_view(), name='netboxgroup_add'), path('groups/import/', views.NetBoxGroupBulkImportView.as_view(), name='netboxgroup_import'), - path('groups/edit/', views.NetBoxGroupBulkEditView.as_view(), name='netboxgroup_bulk_edit'), + # path('groups/edit/', views.NetBoxGroupBulkEditView.as_view(), name='netboxgroup_bulk_edit'), path('groups/delete/', views.NetBoxGroupBulkDeleteView.as_view(), name='netboxgroup_bulk_delete'), path('groups//', include(get_model_urls('users', 'netboxgroup'))), diff --git a/netbox/users/views.py b/netbox/users/views.py index 16556dc2af7..21f613e85df 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -432,11 +432,11 @@ class NetBoxGroupBulkImportView(generic.BulkImportView): model_form = forms.GroupImportForm -class NetBoxGroupBulkEditView(generic.BulkEditView): - queryset = NetBoxGroup.objects.all() - filterset = filtersets.GroupFilterSet - table = tables.GroupTable - form = forms.GroupBulkEditForm +# class NetBoxGroupBulkEditView(generic.BulkEditView): +# queryset = NetBoxGroup.objects.all() +# filterset = filtersets.GroupFilterSet +# table = tables.GroupTable +# form = forms.GroupBulkEditForm class NetBoxGroupBulkDeleteView(generic.BulkDeleteView): From 30a168a33e1f19c8fdf87818c65b3e898454ec89 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 9 Jun 2023 14:40:41 -0700 Subject: [PATCH 09/72] 125890 fixes --- netbox/users/forms/model_forms.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index dd30a081355..39929afa170 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -229,11 +229,20 @@ class Meta: fields = [ 'name', 'description', 'enabled', 'object_types', 'users', 'groups', 'constraints', 'actions', ] + help_texts = { + 'actions': _('Actions granted in addition to those listed above'), + 'constraints': _('JSON expression of a queryset filter that will return only permitted objects. Leave null ' + 'to match all objects of this type. A list of multiple objects will result in a logical OR ' + 'operation.') + } + labels = { + 'actions': 'Additional actions' + } def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - # Make the actions field optional since the admin form uses it only for non-CRUD actions + # Make the actions field optional since the form uses it only for non-CRUD actions self.fields['actions'].required = False # Order group and user fields From 057fbf0ac4bd0e240a5ee4792f9b0a844612704a Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 12 Jun 2023 09:36:46 -0700 Subject: [PATCH 10/72] 12589 fix boolean filters --- netbox/users/forms/bulk_edit.py | 18 ++++++++- netbox/users/forms/filtersets.py | 65 ++++++++++---------------------- 2 files changed, 37 insertions(+), 46 deletions(-) diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index c444b4cf616..9fe16db7bc1 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -16,6 +16,10 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): + pk = forms.ModelMultipleChoiceField( + queryset=None, # Set from self.model on init + widget=forms.MultipleHiddenInput + ) first_name = forms.CharField( max_length=150, required=False @@ -43,8 +47,16 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): ) nullable_fields = () + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.fields['pk'].queryset = self.model.objects.all() + -class GroupBulkEditForm(NetBoxModelBulkEditForm): +class GroupBulkEditForm(BootstrapMixin, forms.Form): + pk = forms.ModelMultipleChoiceField( + queryset=None, # Set from self.model on init + widget=forms.MultipleHiddenInput + ) first_name = forms.CharField( max_length=150, required=False @@ -58,6 +70,10 @@ class GroupBulkEditForm(NetBoxModelBulkEditForm): 'asns', 'description', 'comments', ) + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.fields['pk'].queryset = self.model.objects.all() + class ObjectPermissionBulkEditForm(NetBoxModelBulkEditForm): model = ObjectPermission diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py index cef567230d3..0746b42a339 100644 --- a/netbox/users/forms/filtersets.py +++ b/netbox/users/forms/filtersets.py @@ -8,6 +8,7 @@ from netbox.forms import NetBoxModelFilterSetForm from tenancy.forms import TenancyFilterForm, ContactModelFilterForm from users.models import NetBoxUser +from utilities.forms import BOOLEAN_WITH_BLANK_CHOICES, FilterForm, add_blank_choice from utilities.forms.fields import DynamicModelMultipleChoiceField, TagFilterField from utilities.forms.widgets import DatePicker, NumberWithOptions @@ -34,16 +35,25 @@ class UserFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): last_name = forms.CharField( required=False ) - is_superuser = forms.BooleanField( + is_superuser = forms.NullBooleanField( required=False, + widget=forms.Select( + choices=BOOLEAN_WITH_BLANK_CHOICES + ), label='Is Superuser', ) - is_staff = forms.BooleanField( + is_staff = forms.NullBooleanField( required=False, + widget=forms.Select( + choices=BOOLEAN_WITH_BLANK_CHOICES + ), label='Is Staff', ) - is_active = forms.BooleanField( + is_active = forms.NullBooleanField( required=False, + widget=forms.Select( + choices=BOOLEAN_WITH_BLANK_CHOICES + ), label='Is Active', ) @@ -52,57 +62,22 @@ class GroupFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): model = NetBoxUser fieldsets = ( (None, ('q', 'filter_id',)), - ('Name', ('username', 'first_name', 'last_name')), - ('Security', ('is_superuser', 'is_staff', 'is_active')), - ) - username = forms.CharField( - required=False + ('Name', ('name',)), ) - first_name = forms.CharField( - required=False - ) - last_name = forms.CharField( + name = forms.CharField( required=False ) - is_superuser = forms.BooleanField( - required=False, - label='Is Superuser', - ) - is_staff = forms.BooleanField( - required=False, - label='Is Staff', - ) - is_active = forms.BooleanField( - required=False, - label='Is Active', - ) class ObjectPermissionFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): model = NetBoxUser fieldsets = ( (None, ('q', 'filter_id',)), - ('Name', ('username', 'first_name', 'last_name')), - ('Security', ('is_superuser', 'is_staff', 'is_active')), - ) - username = forms.CharField( - required=False - ) - first_name = forms.CharField( - required=False - ) - last_name = forms.CharField( - required=False - ) - is_superuser = forms.BooleanField( - required=False, - label='Is Superuser', + ('Name', ('enabled',)), ) - is_staff = forms.BooleanField( + enabled = forms.NullBooleanField( required=False, - label='Is Staff', - ) - is_active = forms.BooleanField( - required=False, - label='Is Active', + widget=forms.Select( + choices=BOOLEAN_WITH_BLANK_CHOICES + ) ) From 78ef1d14127651f2c32cf5e5ca68dd82b230f746 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 12 Jun 2023 12:41:18 -0700 Subject: [PATCH 11/72] 12589 UI fixes --- netbox/templates/users/base.html | 7 ++++++- netbox/users/filtersets.py | 2 +- netbox/users/forms/model_forms.py | 3 ++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/netbox/templates/users/base.html b/netbox/templates/users/base.html index 58861ee90af..5b5f860f779 100644 --- a/netbox/templates/users/base.html +++ b/netbox/templates/users/base.html @@ -1,4 +1,9 @@ -{% extends 'base/layout.html' %} +{% extends 'generic/object.html' %} +{% load buttons %} +{% load static %} +{% load helpers %} +{% load plugins %} + {% block tabs %}
      diff --git a/netbox/users/filtersets.py b/netbox/users/filtersets.py index e89f358305e..8d900edb8b0 100644 --- a/netbox/users/filtersets.py +++ b/netbox/users/filtersets.py @@ -50,7 +50,7 @@ class UserFilterSet(BaseFilterSet): class Meta: model = get_user_model() - fields = ['id', 'username', 'first_name', 'last_name', 'email', 'is_staff', 'is_active'] + fields = ['id', 'username', 'first_name', 'last_name', 'email', 'is_staff', 'is_active', 'is_superuser'] def search(self, queryset, name, value): if not value.strip(): diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 39929afa170..1d7133d2ae6 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -198,6 +198,7 @@ class Meta: class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): + actions = forms.CharField(required=False) users = DynamicModelMultipleChoiceField( required=False, queryset=get_user_model().objects.all() @@ -219,7 +220,7 @@ class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): fieldsets = ( (None, ('name', 'description', 'enabled',)), ('Actions', ('can_view', 'can_add', 'can_change', 'can_delete', 'actions')), - ('Objects', ('object_types')), + ('Objects', ('object_types', )), ('Assignment', ('groups', 'users')), ('Constraints', ('constraints',)) ) From 3ed852f88aae6976432b0050adb8d5e1621f0855 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 12 Jun 2023 13:10:14 -0700 Subject: [PATCH 12/72] 12589 UI fixes --- netbox/users/forms/filtersets.py | 16 +--------------- netbox/users/forms/model_forms.py | 5 ++++- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py index 0746b42a339..136fd8c7047 100644 --- a/netbox/users/forms/filtersets.py +++ b/netbox/users/forms/filtersets.py @@ -23,18 +23,8 @@ class UserFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): model = NetBoxUser fieldsets = ( (None, ('q', 'filter_id',)), - ('Name', ('username', 'first_name', 'last_name')), ('Security', ('is_superuser', 'is_staff', 'is_active')), ) - username = forms.CharField( - required=False - ) - first_name = forms.CharField( - required=False - ) - last_name = forms.CharField( - required=False - ) is_superuser = forms.NullBooleanField( required=False, widget=forms.Select( @@ -62,10 +52,6 @@ class GroupFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): model = NetBoxUser fieldsets = ( (None, ('q', 'filter_id',)), - ('Name', ('name',)), - ) - name = forms.CharField( - required=False ) @@ -73,7 +59,7 @@ class ObjectPermissionFilterForm(ContactModelFilterForm, NetBoxModelFilterSetFor model = NetBoxUser fieldsets = ( (None, ('q', 'filter_id',)), - ('Name', ('enabled',)), + (None, ('enabled',)), ) enabled = forms.NullBooleanField( required=False, diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 1d7133d2ae6..f35c56cb4f5 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -198,7 +198,10 @@ class Meta: class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): - actions = forms.CharField(required=False) + actions = SimpleArrayField( + base_field=forms.CharField(), + required=False, + ) users = DynamicModelMultipleChoiceField( required=False, queryset=get_user_model().objects.all() From cc7f7687c413c51df74761f88b1077712474e478 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 12 Jun 2023 15:17:48 -0700 Subject: [PATCH 13/72] 12589 fix users object_permissions m2m --- netbox/users/forms/filtersets.py | 6 +++--- netbox/users/forms/model_forms.py | 28 +++++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 6 deletions(-) diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py index 136fd8c7047..95746a6c822 100644 --- a/netbox/users/forms/filtersets.py +++ b/netbox/users/forms/filtersets.py @@ -7,7 +7,7 @@ from ipam.models import ASN from netbox.forms import NetBoxModelFilterSetForm from tenancy.forms import TenancyFilterForm, ContactModelFilterForm -from users.models import NetBoxUser +from users.models import ObjectPermission, NetBoxGroup, NetBoxUser from utilities.forms import BOOLEAN_WITH_BLANK_CHOICES, FilterForm, add_blank_choice from utilities.forms.fields import DynamicModelMultipleChoiceField, TagFilterField from utilities.forms.widgets import DatePicker, NumberWithOptions @@ -49,14 +49,14 @@ class UserFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): class GroupFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): - model = NetBoxUser + model = NetBoxGroup fieldsets = ( (None, ('q', 'filter_id',)), ) class ObjectPermissionFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): - model = NetBoxUser + model = ObjectPermission fieldsets = ( (None, ('q', 'filter_id',)), (None, ('enabled',)), diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index f35c56cb4f5..fe0ac9431ab 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -154,7 +154,8 @@ class UserForm(BootstrapMixin, forms.ModelForm): object_permissions = DynamicModelMultipleChoiceField( required=False, label=_('Permissions'), - queryset=ObjectPermission.objects.all() + queryset=ObjectPermission.objects.all(), + to_field_name='pk', ) fieldsets = ( @@ -172,6 +173,15 @@ class Meta: 'is_active', 'is_staff', 'is_superuser', 'last_login', 'date_joined', ] + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) + + def save(self, *args, **kwargs): + instance = super().save(*args, **kwargs) + instance.object_permissions.set(self.cleaned_data['object_permissions']) + return instance + class GroupForm(BootstrapMixin, forms.ModelForm): users = DynamicModelMultipleChoiceField( @@ -181,7 +191,8 @@ class GroupForm(BootstrapMixin, forms.ModelForm): object_permissions = DynamicModelMultipleChoiceField( required=False, label=_('Permissions'), - queryset=ObjectPermission.objects.all() + queryset=ObjectPermission.objects.all(), + to_field_name='pk', ) fieldsets = ( @@ -196,6 +207,17 @@ class Meta: 'name', 'users', 'object_permissions', ] + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.fields['users'].initial = self.instance.user_set.all().values_list('id', flat=True) + self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) + + def save(self, *args, **kwargs): + instance = super().save(*args, **kwargs) + instance.user_set.set(self.cleaned_data['users']) + instance.object_permissions.set(self.cleaned_data['object_permissions']) + return instance + class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): actions = SimpleArrayField( @@ -212,7 +234,7 @@ class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): ) object_types = ContentTypeMultipleChoiceField( queryset=ContentType.objects.all(), - limit_choices_to=OBJECTPERMISSION_OBJECT_TYPES + limit_choices_to=OBJECTPERMISSION_OBJECT_TYPES, ) can_view = forms.BooleanField(required=False) From 281aa9232273f42326b5d505dcef16b112c28ac7 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 12 Jun 2023 15:53:09 -0700 Subject: [PATCH 14/72] 12589 fix objectpermissionform --- netbox/users/forms/model_forms.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index fe0ac9431ab..1886a065942 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -232,9 +232,10 @@ class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): required=False, queryset=Group.objects.all() ) - object_types = ContentTypeMultipleChoiceField( + object_types = forms.ModelMultipleChoiceField( queryset=ContentType.objects.all(), limit_choices_to=OBJECTPERMISSION_OBJECT_TYPES, + widget=forms.SelectMultiple(attrs={'size': 6}) ) can_view = forms.BooleanField(required=False) From 1435cd7f7abccbfcdddd2b014bf66e1a918a116a Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 13 Jun 2023 10:10:06 -0700 Subject: [PATCH 15/72] 12589 fix user/group create --- netbox/users/forms/model_forms.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 1886a065942..9346481bee8 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -175,7 +175,8 @@ class Meta: def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) + if self.instance.pk: + self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) def save(self, *args, **kwargs): instance = super().save(*args, **kwargs) @@ -209,8 +210,9 @@ class Meta: def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - self.fields['users'].initial = self.instance.user_set.all().values_list('id', flat=True) - self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) + if self.instance.pk: + self.fields['users'].initial = self.instance.user_set.all().values_list('id', flat=True) + self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) def save(self, *args, **kwargs): instance = super().save(*args, **kwargs) From 3c6091135d7d8b354f00860ae325dbe146e3ce3c Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 13 Jun 2023 10:20:16 -0700 Subject: [PATCH 16/72] 12589 user RestrictedQuerySet for permission --- netbox/users/views.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/netbox/users/views.py b/netbox/users/views.py index 21f613e85df..15f2698ba52 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -22,6 +22,7 @@ from netbox.config import get_config from netbox.views import generic from utilities.forms import ConfirmationForm +from utilities.querysets import RestrictedQuerySet from utilities.views import register_model_view from . import filtersets, forms, tables from .models import Token, UserConfig, NetBoxGroup, NetBoxUser, ObjectPermission @@ -367,29 +368,29 @@ def get_extra_context(self, request, instance): @register_model_view(NetBoxUser, 'edit') class NetBoxUserEditView(generic.ObjectEditView): - queryset = NetBoxUser.objects.all() + queryset = RestrictedQuerySet(model=NetBoxUser).all() form = forms.UserForm @register_model_view(NetBoxUser, 'delete') class NetBoxUserDeleteView(generic.ObjectDeleteView): - queryset = NetBoxUser.objects.all() + queryset = RestrictedQuerySet(model=NetBoxUser).all() class NetBoxUserBulkImportView(generic.BulkImportView): - queryset = NetBoxUser.objects.all() + queryset = RestrictedQuerySet(model=NetBoxUser).all() model_form = forms.UserImportForm class NetBoxUserBulkEditView(generic.BulkEditView): - queryset = NetBoxUser.objects.all() + queryset = RestrictedQuerySet(model=NetBoxUser).all() filterset = filtersets.UserFilterSet table = tables.UserTable form = forms.UserBulkEditForm class NetBoxUserBulkDeleteView(generic.BulkDeleteView): - queryset = NetBoxUser.objects.all() + queryset = RestrictedQuerySet(model=NetBoxUser).all() filterset = filtersets.UserFilterSet table = tables.UserTable @@ -399,7 +400,7 @@ class NetBoxUserBulkDeleteView(generic.BulkDeleteView): class NetBoxGroupListView(generic.ObjectListView): - queryset = NetBoxGroup.objects.all().annotate(users_count=Count('user')) + queryset = RestrictedQuerySet(model=NetBoxGroup).all().annotate(users_count=Count('user')) filterset = filtersets.GroupFilterSet filterset_form = forms.GroupFilterForm table = tables.GroupTable @@ -407,7 +408,7 @@ class NetBoxGroupListView(generic.ObjectListView): @register_model_view(NetBoxGroup) class NetBoxGroupView(generic.ObjectView): - queryset = NetBoxGroup.objects.all() + queryset = RestrictedQuerySet(model=NetBoxGroup).all() template_name = 'users/group.html' def get_extra_context(self, request, instance): @@ -418,17 +419,17 @@ def get_extra_context(self, request, instance): @register_model_view(NetBoxGroup, 'edit') class NetBoxGroupEditView(generic.ObjectEditView): - queryset = NetBoxGroup.objects.all() + queryset = RestrictedQuerySet(model=NetBoxGroup).all() form = forms.GroupForm @register_model_view(NetBoxGroup, 'delete') class NetBoxGroupDeleteView(generic.ObjectDeleteView): - queryset = NetBoxGroup.objects.all() + queryset = RestrictedQuerySet(model=NetBoxGroup).all() class NetBoxGroupBulkImportView(generic.BulkImportView): - queryset = NetBoxGroup.objects.all() + queryset = RestrictedQuerySet(model=NetBoxGroup).all() model_form = forms.GroupImportForm @@ -440,7 +441,7 @@ class NetBoxGroupBulkImportView(generic.BulkImportView): class NetBoxGroupBulkDeleteView(generic.BulkDeleteView): - queryset = NetBoxGroup.objects.all() + queryset = RestrictedQuerySet(model=NetBoxGroup).all() filterset = filtersets.GroupFilterSet table = tables.GroupTable From 4332ba0beb935d4a1cc730f8adb36a56b75930f8 Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 13 Jun 2023 11:12:06 -0700 Subject: [PATCH 17/72] 12589 user RestrictedQuerySet for permission --- netbox/users/models.py | 12 ++++++++++++ netbox/users/views.py | 22 +++++++++++----------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/netbox/users/models.py b/netbox/users/models.py index 7bb0377e49e..220e9372417 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -9,6 +9,7 @@ from django.db import models from django.db.models.signals import post_save from django.dispatch import receiver +from django.urls import reverse from django.utils import timezone from django.utils.translation import gettext as _ from netaddr import IPNetwork @@ -55,19 +56,30 @@ class NetBoxUser(User): """ Proxy contrib.auth.models.User for the UI """ + objects = RestrictedQuerySet.as_manager() + class Meta: verbose_name = 'User' proxy = True + def get_absolute_url(self): + return reverse('users:netboxuser', args=[self.pk]) + class NetBoxGroup(Group): """ Proxy contrib.auth.models.User for the UI """ + objects = RestrictedQuerySet.as_manager() + class Meta: verbose_name = 'Group' proxy = True + def get_absolute_url(self): + return reverse('users:netboxgroup', args=[self.pk]) + + # # User preferences # diff --git a/netbox/users/views.py b/netbox/users/views.py index 15f2698ba52..aa82d4cbe20 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -368,29 +368,29 @@ def get_extra_context(self, request, instance): @register_model_view(NetBoxUser, 'edit') class NetBoxUserEditView(generic.ObjectEditView): - queryset = RestrictedQuerySet(model=NetBoxUser).all() + queryset = NetBoxUser.objects.all() form = forms.UserForm @register_model_view(NetBoxUser, 'delete') class NetBoxUserDeleteView(generic.ObjectDeleteView): - queryset = RestrictedQuerySet(model=NetBoxUser).all() + queryset = NetBoxUser.objects.all() class NetBoxUserBulkImportView(generic.BulkImportView): - queryset = RestrictedQuerySet(model=NetBoxUser).all() + queryset = NetBoxUser.objects.all() model_form = forms.UserImportForm class NetBoxUserBulkEditView(generic.BulkEditView): - queryset = RestrictedQuerySet(model=NetBoxUser).all() + queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet table = tables.UserTable form = forms.UserBulkEditForm class NetBoxUserBulkDeleteView(generic.BulkDeleteView): - queryset = RestrictedQuerySet(model=NetBoxUser).all() + queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet table = tables.UserTable @@ -400,7 +400,7 @@ class NetBoxUserBulkDeleteView(generic.BulkDeleteView): class NetBoxGroupListView(generic.ObjectListView): - queryset = RestrictedQuerySet(model=NetBoxGroup).all().annotate(users_count=Count('user')) + queryset = NetBoxGroup.objects.all().annotate(users_count=Count('user')) filterset = filtersets.GroupFilterSet filterset_form = forms.GroupFilterForm table = tables.GroupTable @@ -408,7 +408,7 @@ class NetBoxGroupListView(generic.ObjectListView): @register_model_view(NetBoxGroup) class NetBoxGroupView(generic.ObjectView): - queryset = RestrictedQuerySet(model=NetBoxGroup).all() + queryset = NetBoxGroup.objects.all() template_name = 'users/group.html' def get_extra_context(self, request, instance): @@ -419,17 +419,17 @@ def get_extra_context(self, request, instance): @register_model_view(NetBoxGroup, 'edit') class NetBoxGroupEditView(generic.ObjectEditView): - queryset = RestrictedQuerySet(model=NetBoxGroup).all() + queryset = NetBoxGroup.objects.all() form = forms.GroupForm @register_model_view(NetBoxGroup, 'delete') class NetBoxGroupDeleteView(generic.ObjectDeleteView): - queryset = RestrictedQuerySet(model=NetBoxGroup).all() + queryset = NetBoxGroup.objects.all() class NetBoxGroupBulkImportView(generic.BulkImportView): - queryset = RestrictedQuerySet(model=NetBoxGroup).all() + queryset = NetBoxGroup.objects.all() model_form = forms.GroupImportForm @@ -441,7 +441,7 @@ class NetBoxGroupBulkImportView(generic.BulkImportView): class NetBoxGroupBulkDeleteView(generic.BulkDeleteView): - queryset = RestrictedQuerySet(model=NetBoxGroup).all() + queryset = NetBoxGroup.objects.all() filterset = filtersets.GroupFilterSet table = tables.GroupTable From 540339683cabb4cf2ec794d9aeb271e5d8fcfab7 Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 13 Jun 2023 14:33:41 -0700 Subject: [PATCH 18/72] 12589 add user group manager --- netbox/users/models.py | 8 ++++++-- netbox/users/views.py | 27 ++++++++++++++++++++++++++- netbox/utilities/querysets.py | 6 ++++-- 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/netbox/users/models.py b/netbox/users/models.py index 220e9372417..b90ec901bb2 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -2,7 +2,7 @@ import os from django.conf import settings -from django.contrib.auth.models import Group, User +from django.contrib.auth.models import Group, GroupManager, User, UserManager from django.contrib.contenttypes.models import ContentType from django.contrib.postgres.fields import ArrayField from django.core.validators import MinLengthValidator @@ -52,11 +52,15 @@ class Meta: proxy = True +class NetBoxUserManager(UserManager.from_queryset(RestrictedQuerySet)): + pass + + class NetBoxUser(User): """ Proxy contrib.auth.models.User for the UI """ - objects = RestrictedQuerySet.as_manager() + objects = NetBoxUserManager() class Meta: verbose_name = 'User' diff --git a/netbox/users/views.py b/netbox/users/views.py index aa82d4cbe20..16e355fc56f 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -4,7 +4,7 @@ from django.contrib import messages from django.contrib.auth import login as auth_login, logout as auth_logout, update_session_auth_hash, get_user_model from django.contrib.auth.mixins import LoginRequiredMixin -from django.contrib.auth.models import update_last_login +from django.contrib.auth.models import Group, User, update_last_login from django.contrib.auth.signals import user_logged_in from django.db.models import Count from django.http import HttpResponseRedirect @@ -22,6 +22,7 @@ from netbox.config import get_config from netbox.views import generic from utilities.forms import ConfirmationForm +from utilities.permissions import get_permission_for_model from utilities.querysets import RestrictedQuerySet from utilities.views import register_model_view from . import filtersets, forms, tables @@ -347,12 +348,18 @@ class NetBoxUserListView(generic.ObjectListView): filterset_form = forms.UserFilterForm table = tables.UserTable + def get_required_permission(self): + return get_permission_for_model(User, 'view') + @register_model_view(NetBoxUser) class NetBoxUserView(generic.ObjectView): queryset = NetBoxUser.objects.all() template_name = 'users/user.html' + def get_required_permission(self): + return get_permission_for_model(User, 'view') + def get_extra_context(self, request, instance): # Compile changelog table changelog = ObjectChange.objects.restrict(request.user, 'view').filter(user=request.user).prefetch_related( @@ -371,16 +378,27 @@ class NetBoxUserEditView(generic.ObjectEditView): queryset = NetBoxUser.objects.all() form = forms.UserForm + def get_required_permission(self): + # self._permission_action is set by dispatch() to either "add" or "change" depending on whether + # we are modifying an existing object or creating a new one. + return get_permission_for_model(User, self._permission_action) + @register_model_view(NetBoxUser, 'delete') class NetBoxUserDeleteView(generic.ObjectDeleteView): queryset = NetBoxUser.objects.all() + def get_required_permission(self): + return get_permission_for_model(User, 'delete') + class NetBoxUserBulkImportView(generic.BulkImportView): queryset = NetBoxUser.objects.all() model_form = forms.UserImportForm + def get_required_permission(self): + return get_permission_for_model(User, 'add') + class NetBoxUserBulkEditView(generic.BulkEditView): queryset = NetBoxUser.objects.all() @@ -388,12 +406,19 @@ class NetBoxUserBulkEditView(generic.BulkEditView): table = tables.UserTable form = forms.UserBulkEditForm + def get_required_permission(self): + return get_permission_for_model(User, 'change') + class NetBoxUserBulkDeleteView(generic.BulkDeleteView): queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet table = tables.UserTable + def get_required_permission(self): + return get_permission_for_model(User, 'delete') + + # # Groups # diff --git a/netbox/utilities/querysets.py b/netbox/utilities/querysets.py index ba4b284186f..e5cbe38945c 100644 --- a/netbox/utilities/querysets.py +++ b/netbox/utilities/querysets.py @@ -1,3 +1,4 @@ +from django.contrib.contenttypes.models import ContentType from django.db.models import Prefetch, QuerySet from users.constants import CONSTRAINT_TOKEN_USER @@ -46,8 +47,9 @@ def restrict(self, user, action='view'): :param action: The action which must be permitted (e.g. "view" for "dcim.view_site"); default is 'view' """ # Resolve the full name of the required permission - app_label = self.model._meta.app_label - model_name = self.model._meta.model_name + ct = ContentType.objects.get_for_model(self.model) + app_label = ct.app_label + model_name = ct.model permission_required = f'{app_label}.{action}_{model_name}' # Bypass restriction for superusers and exempt views From d0d74c98ad4b09aced9a746df841e5a39dd6bd9f Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 15 Jun 2023 17:02:58 -0700 Subject: [PATCH 19/72] 12589 update comments --- netbox/users/views.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/netbox/users/views.py b/netbox/users/views.py index 16e355fc56f..8fffcc96c25 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -358,6 +358,9 @@ class NetBoxUserView(generic.ObjectView): template_name = 'users/user.html' def get_required_permission(self): + # Need to override as ObjectView will query for NetBoxUser as the model + # but the model we need to check perms for is User + breakpoint() return get_permission_for_model(User, 'view') def get_extra_context(self, request, instance): @@ -379,8 +382,8 @@ class NetBoxUserEditView(generic.ObjectEditView): form = forms.UserForm def get_required_permission(self): - # self._permission_action is set by dispatch() to either "add" or "change" depending on whether - # we are modifying an existing object or creating a new one. + # Need to override as ObjectView will query for NetBoxUser as the model + # but the model we need to check perms for is User return get_permission_for_model(User, self._permission_action) From bdfcb939f11337dba91d84d1688d27f086201a23 Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 20 Jun 2023 10:16:15 -0700 Subject: [PATCH 20/72] 12589 fix permission model check --- netbox/users/views.py | 1 - netbox/utilities/permissions.py | 6 ++++-- netbox/utilities/views.py | 7 ++++--- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/netbox/users/views.py b/netbox/users/views.py index 8fffcc96c25..5412e8dcbdf 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -360,7 +360,6 @@ class NetBoxUserView(generic.ObjectView): def get_required_permission(self): # Need to override as ObjectView will query for NetBoxUser as the model # but the model we need to check perms for is User - breakpoint() return get_permission_for_model(User, 'view') def get_extra_context(self, request, instance): diff --git a/netbox/utilities/permissions.py b/netbox/utilities/permissions.py index b20aafce0bb..58a6130d8ba 100644 --- a/netbox/utilities/permissions.py +++ b/netbox/utilities/permissions.py @@ -18,10 +18,12 @@ def get_permission_for_model(model, action): :param model: A model or instance :param action: View, add, change, or delete (string) """ + # breakpoint() + ct = ContentType.objects.get_for_model(model) return '{}.{}_{}'.format( - model._meta.app_label, + ct.app_label, action, - model._meta.model_name + ct.model ) diff --git a/netbox/utilities/views.py b/netbox/utilities/views.py index a45e149c779..951595cb703 100644 --- a/netbox/utilities/views.py +++ b/netbox/utilities/views.py @@ -79,8 +79,9 @@ def has_permission(self): if user.has_perms((permission_required, *self.additional_permissions)): # Update the view's QuerySet to filter only the permitted objects - action = resolve_permission(permission_required)[1] - self.queryset = self.queryset.restrict(user, action) + if isinstance(self.queryset, RestrictedQuerySet): + action = resolve_permission(permission_required)[1] + self.queryset = self.queryset.restrict(user, action) return True @@ -94,7 +95,7 @@ def dispatch(self, request, *args, **kwargs): 'a base queryset'.format(self.__class__.__name__) ) - if isinstance(self.queryset, RestrictedQuerySet) and not self.has_permission(): + if not self.has_permission(): return self.handle_no_permission() return super().dispatch(request, *args, **kwargs) From 39608f6d837bb333cba65acb95b5077319ae2d48 Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 20 Jun 2023 13:04:08 -0700 Subject: [PATCH 21/72] 12589 fixes for add/edit user form --- netbox/users/forms/model_forms.py | 37 ++++++++++++++++++++++++++++++- netbox/users/views.py | 20 +++++------------ 2 files changed, 41 insertions(+), 16 deletions(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 9346481bee8..6a2921b60d6 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -147,6 +147,15 @@ def __init__(self, *args, **kwargs): class UserForm(BootstrapMixin, forms.ModelForm): + password = forms.CharField( + widget=forms.PasswordInput(), + required=True, + ) + confirm_password = forms.CharField( + widget=forms.PasswordInput(), + required=True, + help_text=_("Enter the same password as before, for verification."), + ) groups = DynamicModelMultipleChoiceField( required=False, queryset=Group.objects.all() @@ -159,7 +168,7 @@ class UserForm(BootstrapMixin, forms.ModelForm): ) fieldsets = ( - ('User', ('username', 'first_name', 'last_name', 'email', )), + ('User', ('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email', )), ('Groups', ('groups', )), ('Status', ('is_active', 'is_staff', 'is_superuser', )), ('Important Dates', ('last_login', 'date_joined', )), @@ -175,14 +184,40 @@ class Meta: def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) + + # Adjust form fields depending if Add or Edit if self.instance.pk: self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) + self.fields['password'].disabled = True + self.fields['password'].required = False + self.fields['password'].help_text = _( + "Raw passwords are not stored, so there is no way to see this " + "user’s password, but you can change the password using " + 'this form.' + ) + + del self.fields['confirm_password'] + else: + del self.fields['date_joined'] + del self.fields['last_login'] def save(self, *args, **kwargs): instance = super().save(*args, **kwargs) instance.object_permissions.set(self.cleaned_data['object_permissions']) return instance + def clean(self): + cleaned_data = super().clean() + instance = getattr(self, 'instance', None) + if not instance: + password = cleaned_data.get("password") + confirm_password = cleaned_data.get("confirm_password") + + if password != confirm_password: + raise forms.ValidationError( + "password and confirm_password does not match" + ) + class GroupForm(BootstrapMixin, forms.ModelForm): users = DynamicModelMultipleChoiceField( diff --git a/netbox/users/views.py b/netbox/users/views.py index 5412e8dcbdf..329fe335510 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -348,20 +348,12 @@ class NetBoxUserListView(generic.ObjectListView): filterset_form = forms.UserFilterForm table = tables.UserTable - def get_required_permission(self): - return get_permission_for_model(User, 'view') - @register_model_view(NetBoxUser) class NetBoxUserView(generic.ObjectView): queryset = NetBoxUser.objects.all() template_name = 'users/user.html' - def get_required_permission(self): - # Need to override as ObjectView will query for NetBoxUser as the model - # but the model we need to check perms for is User - return get_permission_for_model(User, 'view') - def get_extra_context(self, request, instance): # Compile changelog table changelog = ObjectChange.objects.restrict(request.user, 'view').filter(user=request.user).prefetch_related( @@ -380,10 +372,11 @@ class NetBoxUserEditView(generic.ObjectEditView): queryset = NetBoxUser.objects.all() form = forms.UserForm - def get_required_permission(self): - # Need to override as ObjectView will query for NetBoxUser as the model - # but the model we need to check perms for is User - return get_permission_for_model(User, self._permission_action) + def get(self, request, *args, **kwargs): + return super().get(request, *args, **kwargs) + + def post(self, request, *args, **kwargs): + return super().post(request, *args, **kwargs) @register_model_view(NetBoxUser, 'delete') @@ -408,9 +401,6 @@ class NetBoxUserBulkEditView(generic.BulkEditView): table = tables.UserTable form = forms.UserBulkEditForm - def get_required_permission(self): - return get_permission_for_model(User, 'change') - class NetBoxUserBulkDeleteView(generic.BulkDeleteView): queryset = NetBoxUser.objects.all() From 8267ca58408e90c0eb25784733a9c7ce4f75f5df Mon Sep 17 00:00:00 2001 From: Arthur Date: Tue, 20 Jun 2023 17:12:43 -0700 Subject: [PATCH 22/72] 12589 fix for Objectchange --- netbox/users/forms/model_forms.py | 25 ++++++++++++++++++++++++- netbox/utilities/testing/views.py | 30 ++++++++++++++++-------------- 2 files changed, 40 insertions(+), 15 deletions(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 6a2921b60d6..fef10cfe221 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -201,6 +201,11 @@ def __init__(self, *args, **kwargs): del self.fields['date_joined'] del self.fields['last_login'] + # def is_valid(self): + # ret = super().is_valid() + # breakpoint() + # return ret + def save(self, *args, **kwargs): instance = super().save(*args, **kwargs) instance.object_permissions.set(self.cleaned_data['object_permissions']) @@ -215,9 +220,27 @@ def clean(self): if password != confirm_password: raise forms.ValidationError( - "password and confirm_password does not match" + _("password and confirm_password does not match") ) + def clean_username(self): + """Reject usernames that differ only in case.""" + instance = getattr(self, 'instance', None) + if instance: + qs = self._meta.model.objects.exclude(pk=instance.pk) + else: + qs = self._meta.model.objects.all() + + username = self.cleaned_data.get("username") + if ( + username and qs.filter(username__iexact=username).exists() + ): + raise forms.ValidationError( + _("user with this username already exists") + ) + + return username + class GroupForm(BootstrapMixin, forms.ModelForm): users = DynamicModelMultipleChoiceField( diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index dc17548a265..d073b8db6cd 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -170,13 +170,14 @@ def test_create_object_with_permission(self): instance = self._get_queryset().order_by('pk').last() self.assertInstanceEqual(instance, self.form_data) - # Verify ObjectChange creation - objectchanges = ObjectChange.objects.filter( - changed_object_type=ContentType.objects.get_for_model(instance), - changed_object_id=instance.pk - ) - self.assertEqual(len(objectchanges), 1) - self.assertEqual(objectchanges[0].action, ObjectChangeActionChoices.ACTION_CREATE) + if hasattr(self.model, "to_objectchange"): + # Verify ObjectChange creation + objectchanges = ObjectChange.objects.filter( + changed_object_type=ContentType.objects.get_for_model(instance), + changed_object_id=instance.pk + ) + self.assertEqual(len(objectchanges), 1) + self.assertEqual(objectchanges[0].action, ObjectChangeActionChoices.ACTION_CREATE) @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_create_object_with_constrained_permission(self): @@ -263,13 +264,14 @@ def test_edit_object_with_permission(self): self.assertHttpStatus(self.client.post(**request), 302) self.assertInstanceEqual(self._get_queryset().get(pk=instance.pk), self.form_data) - # Verify ObjectChange creation - objectchanges = ObjectChange.objects.filter( - changed_object_type=ContentType.objects.get_for_model(instance), - changed_object_id=instance.pk - ) - self.assertEqual(len(objectchanges), 1) - self.assertEqual(objectchanges[0].action, ObjectChangeActionChoices.ACTION_UPDATE) + if hasattr(self.model, "to_objectchange"): + # Verify ObjectChange creation + objectchanges = ObjectChange.objects.filter( + changed_object_type=ContentType.objects.get_for_model(instance), + changed_object_id=instance.pk + ) + self.assertEqual(len(objectchanges), 1) + self.assertEqual(objectchanges[0].action, ObjectChangeActionChoices.ACTION_UPDATE) @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_edit_object_with_constrained_permission(self): From bce8672a850c3337c3c781bebb02a8aacdd616ae Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 22 Jun 2023 10:31:28 -0700 Subject: [PATCH 23/72] 12589 test fixes --- netbox/utilities/testing/views.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index d073b8db6cd..ca3d26564e8 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -117,9 +117,10 @@ class GetObjectChangelogViewTestCase(ModelViewTestCase): """ @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_get_object_changelog(self): - url = self._get_url('changelog', self._get_queryset().first()) - response = self.client.get(url) - self.assertHttpStatus(response, 200) + if hasattr(self.model, "to_objectchange"): + url = self._get_url('changelog', self._get_queryset().first()) + response = self.client.get(url) + self.assertHttpStatus(response, 200) class CreateObjectViewTestCase(ModelViewTestCase): """ @@ -168,7 +169,7 @@ def test_create_object_with_permission(self): self.assertHttpStatus(self.client.post(**request), 302) self.assertEqual(initial_count + 1, self._get_queryset().count()) instance = self._get_queryset().order_by('pk').last() - self.assertInstanceEqual(instance, self.form_data) + self.assertInstanceEqual(instance, self.form_data, exclude=['password']) if hasattr(self.model, "to_objectchange"): # Verify ObjectChange creation From 98ac45ec3cd29f80210ce8e7700dbd53fb813c78 Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 22 Jun 2023 16:34:55 -0700 Subject: [PATCH 24/72] 12589 fix tests --- netbox/netbox/views/generic/bulk_views.py | 1 + netbox/users/forms/bulk_edit.py | 3 +++ netbox/users/forms/model_forms.py | 6 +---- netbox/users/views.py | 27 ++++++++++++++++++----- 4 files changed, 26 insertions(+), 11 deletions(-) diff --git a/netbox/netbox/views/generic/bulk_views.py b/netbox/netbox/views/generic/bulk_views.py index e66e79a7a44..7bed7c4e911 100644 --- a/netbox/netbox/views/generic/bulk_views.py +++ b/netbox/netbox/views/generic/bulk_views.py @@ -626,6 +626,7 @@ def post(self, request, **kwargs): clear_webhooks.send(sender=self) else: + print(f"form errors: {form.errors}") logger.debug("Form validation failed") else: diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index 9fe16db7bc1..0bdc65b7700 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -50,6 +50,9 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.fields['pk'].queryset = self.model.objects.all() + qs = self.fields['pk'].queryset + for i in qs: + print(f"pk: {i.pk}") class GroupBulkEditForm(BootstrapMixin, forms.Form): diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index fef10cfe221..c237ab0d8bc 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -171,7 +171,6 @@ class UserForm(BootstrapMixin, forms.ModelForm): ('User', ('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email', )), ('Groups', ('groups', )), ('Status', ('is_active', 'is_staff', 'is_superuser', )), - ('Important Dates', ('last_login', 'date_joined', )), ('Permissions', ('object_permissions', )), ) @@ -179,7 +178,7 @@ class Meta: model = NetBoxUser fields = [ 'username', 'first_name', 'last_name', 'email', 'groups', 'object_permissions', - 'is_active', 'is_staff', 'is_superuser', 'last_login', 'date_joined', + 'is_active', 'is_staff', 'is_superuser', ] def __init__(self, *args, **kwargs): @@ -197,9 +196,6 @@ def __init__(self, *args, **kwargs): ) del self.fields['confirm_password'] - else: - del self.fields['date_joined'] - del self.fields['last_login'] # def is_valid(self): # ret = super().is_valid() diff --git a/netbox/users/views.py b/netbox/users/views.py index 329fe335510..72989e369fc 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -348,6 +348,15 @@ class NetBoxUserListView(generic.ObjectListView): filterset_form = forms.UserFilterForm table = tables.UserTable + def dispatch(self, request, *args, **kwargs): + return super().dispatch(request, *args, **kwargs) + + def get(self, request, *args, **kwargs): + return super().get(request, *args, **kwargs) + + def post(self, request, *args, **kwargs): + return super().post(request, *args, **kwargs) + @register_model_view(NetBoxUser) class NetBoxUserView(generic.ObjectView): @@ -372,12 +381,6 @@ class NetBoxUserEditView(generic.ObjectEditView): queryset = NetBoxUser.objects.all() form = forms.UserForm - def get(self, request, *args, **kwargs): - return super().get(request, *args, **kwargs) - - def post(self, request, *args, **kwargs): - return super().post(request, *args, **kwargs) - @register_model_view(NetBoxUser, 'delete') class NetBoxUserDeleteView(generic.ObjectDeleteView): @@ -401,6 +404,18 @@ class NetBoxUserBulkEditView(generic.BulkEditView): table = tables.UserTable form = forms.UserBulkEditForm + def dispatch(self, request, *args, **kwargs): + # breakpoint() + return super().dispatch(request, *args, **kwargs) + + def get(self, request, *args, **kwargs): + # breakpoint() + return super().get(request, *args, **kwargs) + + def post(self, request, *args, **kwargs): + # breakpoint() + return super().post(request, *args, **kwargs) + class NetBoxUserBulkDeleteView(generic.BulkDeleteView): queryset = NetBoxUser.objects.all() From 53b19980a1ade42c1f18e07ba5f4a678cf750ca9 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 23 Jun 2023 08:26:31 -0700 Subject: [PATCH 25/72] 12589 fix tests --- netbox/netbox/authentication.py | 1 + netbox/users/views.py | 9 +++++++++ netbox/utilities/testing/views.py | 23 +++++++++++++++++++---- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/netbox/netbox/authentication.py b/netbox/netbox/authentication.py index 61dfe2fdbdc..b5f5746fa04 100644 --- a/netbox/netbox/authentication.py +++ b/netbox/netbox/authentication.py @@ -94,6 +94,7 @@ def get_object_permissions(self, user_obj): def has_perm(self, user_obj, perm, obj=None): app_label, action, model_name = resolve_permission(perm) + # breakpoint() # Superusers implicitly have all permissions if user_obj.is_active and user_obj.is_superuser: diff --git a/netbox/users/views.py b/netbox/users/views.py index 72989e369fc..1dc6eb0e7ae 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -375,6 +375,15 @@ def get_extra_context(self, request, instance): 'active_tab': 'user', } + def dispatch(self, request, *args, **kwargs): + return super().dispatch(request, *args, **kwargs) + + def get(self, request, *args, **kwargs): + return super().get(request, *args, **kwargs) + + def post(self, request, *args, **kwargs): + return super().post(request, *args, **kwargs) + @register_model_view(NetBoxUser, 'edit') class NetBoxUserEditView(generic.ObjectEditView): diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index ca3d26564e8..cfe44ba4d3c 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -1,5 +1,6 @@ import csv +from django.conf import settings from django.contrib.contenttypes.models import ContentType from django.core.exceptions import ObjectDoesNotExist from django.db.models import ForeignKey @@ -64,8 +65,15 @@ class GetObjectViewTestCase(ModelViewTestCase): def test_get_object_anonymous(self): # Make the request as an unauthenticated user self.client.logout() - response = self.client.get(self._get_queryset().first().get_absolute_url()) - self.assertHttpStatus(response, 200) + ct = ContentType.objects.get_for_model(self.model) + if (ct.app_label, ct.model) in settings.EXEMPT_EXCLUDE_MODELS: + # Models listed in EXEMPT_EXCLUDE_MODELS should not be accessible to anonymous users + with disable_warnings('django.request'): + response = self.client.get(self._get_queryset().first().get_absolute_url()) + self.assertHttpStatus(response, 302) + else: + response = self.client.get(self._get_queryset().first().get_absolute_url()) + self.assertHttpStatus(response, 200) @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) def test_get_object_without_permission(self): @@ -407,8 +415,15 @@ class ListObjectsViewTestCase(ModelViewTestCase): def test_list_objects_anonymous(self): # Make the request as an unauthenticated user self.client.logout() - response = self.client.get(self._get_url('list')) - self.assertHttpStatus(response, 200) + ct = ContentType.objects.get_for_model(self.model) + if (ct.app_label, ct.model) in settings.EXEMPT_EXCLUDE_MODELS: + # Models listed in EXEMPT_EXCLUDE_MODELS should not be accessible to anonymous users + with disable_warnings('django.request'): + response = self.client.get(self._get_url('list')) + self.assertHttpStatus(response, 302) + else: + response = self.client.get(self._get_url('list')) + self.assertHttpStatus(response, 200) @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) def test_list_objects_without_permission(self): From 923afae23df7acb68e0a837d7c53a71ed3aa678b Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 23 Jun 2023 08:41:27 -0700 Subject: [PATCH 26/72] 12589 fix tests --- netbox/utilities/testing/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index cfe44ba4d3c..9d0f0584dea 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -224,7 +224,7 @@ def test_create_object_with_constrained_permission(self): } self.assertHttpStatus(self.client.post(**request), 302) self.assertEqual(initial_count + 1, self._get_queryset().count()) - self.assertInstanceEqual(self._get_queryset().order_by('pk').last(), self.form_data) + self.assertInstanceEqual(self._get_queryset().order_by('pk').last(), self.form_data, exclude=['password']) class EditObjectViewTestCase(ModelViewTestCase): """ From 0fee7b71fff9525343db277ed2ce40367b0f7fb6 Mon Sep 17 00:00:00 2001 From: Arthur Date: Sat, 24 Jun 2023 20:16:41 -0700 Subject: [PATCH 27/72] 12589 bulk edit test fixes --- netbox/netbox/authentication.py | 1 - netbox/netbox/views/generic/bulk_views.py | 1 - netbox/users/forms/bulk_edit.py | 3 --- netbox/users/forms/model_forms.py | 5 ----- netbox/users/views.py | 20 ++++++++++---------- netbox/utilities/permissions.py | 3 +-- netbox/utilities/testing/views.py | 6 +++--- 7 files changed, 14 insertions(+), 25 deletions(-) diff --git a/netbox/netbox/authentication.py b/netbox/netbox/authentication.py index b5f5746fa04..61dfe2fdbdc 100644 --- a/netbox/netbox/authentication.py +++ b/netbox/netbox/authentication.py @@ -94,7 +94,6 @@ def get_object_permissions(self, user_obj): def has_perm(self, user_obj, perm, obj=None): app_label, action, model_name = resolve_permission(perm) - # breakpoint() # Superusers implicitly have all permissions if user_obj.is_active and user_obj.is_superuser: diff --git a/netbox/netbox/views/generic/bulk_views.py b/netbox/netbox/views/generic/bulk_views.py index 7bed7c4e911..e66e79a7a44 100644 --- a/netbox/netbox/views/generic/bulk_views.py +++ b/netbox/netbox/views/generic/bulk_views.py @@ -626,7 +626,6 @@ def post(self, request, **kwargs): clear_webhooks.send(sender=self) else: - print(f"form errors: {form.errors}") logger.debug("Form validation failed") else: diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index 0bdc65b7700..9fe16db7bc1 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -50,9 +50,6 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.fields['pk'].queryset = self.model.objects.all() - qs = self.fields['pk'].queryset - for i in qs: - print(f"pk: {i.pk}") class GroupBulkEditForm(BootstrapMixin, forms.Form): diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index c237ab0d8bc..ed5c7f6c810 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -197,11 +197,6 @@ def __init__(self, *args, **kwargs): del self.fields['confirm_password'] - # def is_valid(self): - # ret = super().is_valid() - # breakpoint() - # return ret - def save(self, *args, **kwargs): instance = super().save(*args, **kwargs) instance.object_permissions.set(self.cleaned_data['object_permissions']) diff --git a/netbox/users/views.py b/netbox/users/views.py index 1dc6eb0e7ae..53ff0912299 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -406,26 +406,26 @@ class NetBoxUserBulkImportView(generic.BulkImportView): def get_required_permission(self): return get_permission_for_model(User, 'add') - -class NetBoxUserBulkEditView(generic.BulkEditView): - queryset = NetBoxUser.objects.all() - filterset = filtersets.UserFilterSet - table = tables.UserTable - form = forms.UserBulkEditForm - def dispatch(self, request, *args, **kwargs): - # breakpoint() + breakpoint() return super().dispatch(request, *args, **kwargs) def get(self, request, *args, **kwargs): - # breakpoint() + breakpoint() return super().get(request, *args, **kwargs) def post(self, request, *args, **kwargs): - # breakpoint() + breakpoint() return super().post(request, *args, **kwargs) +class NetBoxUserBulkEditView(generic.BulkEditView): + queryset = NetBoxUser.objects.all() + filterset = filtersets.UserFilterSet + table = tables.UserTable + form = forms.UserBulkEditForm + + class NetBoxUserBulkDeleteView(generic.BulkDeleteView): queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet diff --git a/netbox/utilities/permissions.py b/netbox/utilities/permissions.py index 58a6130d8ba..5590adbc723 100644 --- a/netbox/utilities/permissions.py +++ b/netbox/utilities/permissions.py @@ -18,7 +18,6 @@ def get_permission_for_model(model, action): :param model: A model or instance :param action: View, add, change, or delete (string) """ - # breakpoint() ct = ContentType.objects.get_for_model(model) return '{}.{}_{}'.format( ct.app_label, @@ -72,7 +71,7 @@ def permission_is_exempt(name): if action == 'view': if ( # All models (excluding those in EXEMPT_EXCLUDE_MODELS) are exempt from view permission enforcement - '*' in settings.EXEMPT_VIEW_PERMISSIONS and (app_label, model_name) not in settings.EXEMPT_EXCLUDE_MODELS + '*' in settings.EXEMPT_VIEW_PERMISSIONS and (f'{app_label}.{model_name}' in settings.EXEMPT_VIEW_PERMISSIONS or (app_label, model_name) not in settings.EXEMPT_EXCLUDE_MODELS) ) or ( # This specific model is exempt from view permission enforcement f'{app_label}.{model_name}' in settings.EXEMPT_VIEW_PERMISSIONS diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index 9d0f0584dea..75a14f7953f 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -650,7 +650,7 @@ def test_bulk_update_objects_with_permission(self): if value is not None and not isinstance(field, ForeignKey): self.assertEqual(value, value) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*',]) def test_bulk_import_objects_with_constrained_permission(self): initial_count = self._get_queryset().count() data = { @@ -704,7 +704,7 @@ def test_bulk_edit_objects_without_permission(self): with disable_warnings('django.request'): self.assertHttpStatus(self.client.post(self._get_url('bulk_edit'), data), 403) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group']) def test_bulk_edit_objects_with_permission(self): pk_list = list(self._get_queryset().values_list('pk', flat=True)[:3]) data = { @@ -729,7 +729,7 @@ def test_bulk_edit_objects_with_permission(self): for i, instance in enumerate(self._get_queryset().filter(pk__in=pk_list)): self.assertInstanceEqual(instance, self.bulk_edit_data) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group']) def test_bulk_edit_objects_with_constrained_permission(self): pk_list = list(self._get_queryset().values_list('pk', flat=True)[:3]) data = { From ef4e9bd0d82498632e375a618ef74342c8236239 Mon Sep 17 00:00:00 2001 From: Arthur Date: Sat, 24 Jun 2023 20:25:44 -0700 Subject: [PATCH 28/72] 12589 export objects test fixes --- netbox/users/views.py | 6 +++--- netbox/utilities/testing/views.py | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/netbox/users/views.py b/netbox/users/views.py index 53ff0912299..403f66ab733 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -407,15 +407,15 @@ def get_required_permission(self): return get_permission_for_model(User, 'add') def dispatch(self, request, *args, **kwargs): - breakpoint() + # breakpoint() return super().dispatch(request, *args, **kwargs) def get(self, request, *args, **kwargs): - breakpoint() + # breakpoint() return super().get(request, *args, **kwargs) def post(self, request, *args, **kwargs): - breakpoint() + # breakpoint() return super().post(request, *args, **kwargs) diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index 75a14f7953f..b5ea5a17e10 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -468,7 +468,7 @@ def test_list_objects_with_constrained_permission(self): self.assertIn(instance1.get_absolute_url(), content) self.assertNotIn(instance2.get_absolute_url(), content) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group']) def test_export_objects(self): url = self._get_url('list') From 53fe4495e382fdb7c24391b3500cf49b89036caf Mon Sep 17 00:00:00 2001 From: Arthur Date: Sat, 24 Jun 2023 20:48:07 -0700 Subject: [PATCH 29/72] 12589 group test fixes --- netbox/users/forms/bulk_import.py | 12 ------------ netbox/users/urls.py | 2 -- netbox/users/views.py | 20 -------------------- netbox/utilities/testing/views.py | 30 ++++++++++++++++++++++++++++++ 4 files changed, 30 insertions(+), 34 deletions(-) diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py index 060d771ee3d..08b9b91fd9e 100644 --- a/netbox/users/forms/bulk_import.py +++ b/netbox/users/forms/bulk_import.py @@ -9,22 +9,10 @@ __all__ = ( 'GroupImportForm', 'ObjectPermissionImportForm', - 'UserImportForm', ) -class UserImportForm(NetBoxModelImportForm): - slug = SlugField() - - class Meta: - model = NetBoxUser - fields = ( - 'email', - ) - - class GroupImportForm(NetBoxModelImportForm): - slug = SlugField() class Meta: model = NetBoxGroup diff --git a/netbox/users/urls.py b/netbox/users/urls.py index fd248993acc..9edecd8c03c 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -14,7 +14,6 @@ # Users path('users/', views.NetBoxUserListView.as_view(), name='netboxuser_list'), path('users/add/', views.NetBoxUserEditView.as_view(), name='netboxuser_add'), - path('users/import/', views.NetBoxUserBulkImportView.as_view(), name='netboxuser_import'), path('users/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxuser_bulk_edit'), path('users/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxuser_bulk_delete'), path('users//', include(get_model_urls('users', 'netboxuser'))), @@ -23,7 +22,6 @@ path('groups/', views.NetBoxGroupListView.as_view(), name='netboxgroup_list'), path('groups/add/', views.NetBoxGroupEditView.as_view(), name='netboxgroup_add'), path('groups/import/', views.NetBoxGroupBulkImportView.as_view(), name='netboxgroup_import'), - # path('groups/edit/', views.NetBoxGroupBulkEditView.as_view(), name='netboxgroup_bulk_edit'), path('groups/delete/', views.NetBoxGroupBulkDeleteView.as_view(), name='netboxgroup_bulk_delete'), path('groups//', include(get_model_urls('users', 'netboxgroup'))), diff --git a/netbox/users/views.py b/netbox/users/views.py index 403f66ab733..26e4895eee2 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -399,26 +399,6 @@ def get_required_permission(self): return get_permission_for_model(User, 'delete') -class NetBoxUserBulkImportView(generic.BulkImportView): - queryset = NetBoxUser.objects.all() - model_form = forms.UserImportForm - - def get_required_permission(self): - return get_permission_for_model(User, 'add') - - def dispatch(self, request, *args, **kwargs): - # breakpoint() - return super().dispatch(request, *args, **kwargs) - - def get(self, request, *args, **kwargs): - # breakpoint() - return super().get(request, *args, **kwargs) - - def post(self, request, *args, **kwargs): - # breakpoint() - return super().post(request, *args, **kwargs) - - class NetBoxUserBulkEditView(generic.BulkEditView): queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index b5ea5a17e10..fd7ffb757e0 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -987,3 +987,33 @@ class DeviceComponentViewTestCase( TestCase suitable for testing device component models (ConsolePorts, Interfaces, etc.) """ maxDiff = None + + class UserViewTestCase( + GetObjectViewTestCase, + GetObjectChangelogViewTestCase, + CreateObjectViewTestCase, + EditObjectViewTestCase, + DeleteObjectViewTestCase, + ListObjectsViewTestCase, + BulkEditObjectsViewTestCase, + BulkDeleteObjectsViewTestCase, + ): + """ + TestCase suitable for testing all standard View functions for auth.user objects + """ + maxDiff = None + + class GroupViewTestCase( + GetObjectViewTestCase, + GetObjectChangelogViewTestCase, + CreateObjectViewTestCase, + EditObjectViewTestCase, + DeleteObjectViewTestCase, + ListObjectsViewTestCase, + BulkImportObjectsViewTestCase, + BulkDeleteObjectsViewTestCase, + ): + """ + TestCase suitable for testing all standard View functions for auth.group objects + """ + maxDiff = None From ee29b2762d77ef0676befb33bd6223c0c39062cd Mon Sep 17 00:00:00 2001 From: Arthur Date: Sat, 24 Jun 2023 20:54:36 -0700 Subject: [PATCH 30/72] 12589 cleanup --- netbox/users/views.py | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/netbox/users/views.py b/netbox/users/views.py index 26e4895eee2..026bdb4e993 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -348,15 +348,6 @@ class NetBoxUserListView(generic.ObjectListView): filterset_form = forms.UserFilterForm table = tables.UserTable - def dispatch(self, request, *args, **kwargs): - return super().dispatch(request, *args, **kwargs) - - def get(self, request, *args, **kwargs): - return super().get(request, *args, **kwargs) - - def post(self, request, *args, **kwargs): - return super().post(request, *args, **kwargs) - @register_model_view(NetBoxUser) class NetBoxUserView(generic.ObjectView): @@ -375,15 +366,6 @@ def get_extra_context(self, request, instance): 'active_tab': 'user', } - def dispatch(self, request, *args, **kwargs): - return super().dispatch(request, *args, **kwargs) - - def get(self, request, *args, **kwargs): - return super().get(request, *args, **kwargs) - - def post(self, request, *args, **kwargs): - return super().post(request, *args, **kwargs) - @register_model_view(NetBoxUser, 'edit') class NetBoxUserEditView(generic.ObjectEditView): @@ -454,13 +436,6 @@ class NetBoxGroupBulkImportView(generic.BulkImportView): model_form = forms.GroupImportForm -# class NetBoxGroupBulkEditView(generic.BulkEditView): -# queryset = NetBoxGroup.objects.all() -# filterset = filtersets.GroupFilterSet -# table = tables.GroupTable -# form = forms.GroupBulkEditForm - - class NetBoxGroupBulkDeleteView(generic.BulkDeleteView): queryset = NetBoxGroup.objects.all() filterset = filtersets.GroupFilterSet From b3b59a2e49c6da91059aa9b55d431dde3ab47029 Mon Sep 17 00:00:00 2001 From: Arthur Date: Sun, 25 Jun 2023 12:00:14 -0700 Subject: [PATCH 31/72] 12589 objectpermission get_absolute_url --- netbox/users/models.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/netbox/users/models.py b/netbox/users/models.py index b90ec901bb2..ffafb8c9c6d 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -369,3 +369,6 @@ def list_constraints(self): if type(self.constraints) is not list: return [self.constraints] return self.constraints + + def get_absolute_url(self): + return reverse('users:objectpermission', args=[self.pk]) From e7b21549b277e35e4ee3fe1a65819583b11dec56 Mon Sep 17 00:00:00 2001 From: Arthur Date: Sun, 25 Jun 2023 12:02:21 -0700 Subject: [PATCH 32/72] 12589 validation error --- netbox/users/forms/model_forms.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index ed5c7f6c810..a96d08cc15f 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -349,7 +349,7 @@ def clean(self): # At least one action must be specified if not self.cleaned_data['actions']: - raise ValidationError("At least one action must be selected.") + raise forms.ValidationError("At least one action must be selected.") # Validate the specified model constraints by attempting to execute a query. We don't care whether the query # returns anything; we just want to make sure the specified constraints are valid. From 93ba0c0177b1ca10ae8aa8f37aa069dee068284e Mon Sep 17 00:00:00 2001 From: Arthur Date: Sun, 25 Jun 2023 12:02:53 -0700 Subject: [PATCH 33/72] 12589 validation error --- netbox/users/forms/model_forms.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index a96d08cc15f..1a91a239ff0 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -365,6 +365,6 @@ def clean(self): } model.objects.filter(qs_filter_from_constraints(constraints, tokens)).exists() except FieldError as e: - raise ValidationError({ + raise forms.ValidationError({ 'constraints': f'Invalid filter for {model}: {e}' }) From c4131af496cc46b0e5f5fbfc895cc1ca6cc5637b Mon Sep 17 00:00:00 2001 From: Arthur Date: Sun, 25 Jun 2023 17:11:31 -0700 Subject: [PATCH 34/72] 12589 objectpermission bulk edit --- netbox/users/forms/bulk_edit.py | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index 9fe16db7bc1..a3a2c7a1a02 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -9,7 +9,6 @@ from utilities.forms.widgets import DatePicker, NumberWithOptions __all__ = ( - 'GroupBulkEditForm', 'ObjectPermissionBulkEditForm', 'UserBulkEditForm', ) @@ -52,34 +51,25 @@ def __init__(self, *args, **kwargs): self.fields['pk'].queryset = self.model.objects.all() -class GroupBulkEditForm(BootstrapMixin, forms.Form): +class ObjectPermissionBulkEditForm(BootstrapMixin, forms.Form): pk = forms.ModelMultipleChoiceField( queryset=None, # Set from self.model on init widget=forms.MultipleHiddenInput ) - first_name = forms.CharField( - max_length=150, + description = forms.CharField( + max_length=200, required=False ) + enabled = forms.BooleanField( + required=False, + ) - model = NetBoxGroup + model = ObjectPermission fieldsets = ( - (None, ('asns', 'description')), - ) - nullable_fields = ( - 'asns', 'description', 'comments', + (None, ('description', 'enabled')), ) + nullable_fields = () def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.fields['pk'].queryset = self.model.objects.all() - - -class ObjectPermissionBulkEditForm(NetBoxModelBulkEditForm): - model = ObjectPermission - fieldsets = ( - (None, ('description')), - ) - nullable_fields = ( - 'description', - ) From c25fee93154aed3eac77f48535e41e689bde2134 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 26 Jun 2023 08:43:26 -0700 Subject: [PATCH 35/72] 12589 objectpermission test fixes --- netbox/users/forms/bulk_import.py | 3 +-- netbox/utilities/testing/views.py | 6 +++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py index 08b9b91fd9e..a465e4406f9 100644 --- a/netbox/users/forms/bulk_import.py +++ b/netbox/users/forms/bulk_import.py @@ -22,10 +22,9 @@ class Meta: class ObjectPermissionImportForm(NetBoxModelImportForm): - slug = SlugField() class Meta: model = ObjectPermission fields = ( - 'name', + 'name', 'enabled', ) diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index fd7ffb757e0..c4b642450be 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -468,7 +468,7 @@ def test_list_objects_with_constrained_permission(self): self.assertIn(instance1.get_absolute_url(), content) self.assertNotIn(instance2.get_absolute_url(), content) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group', 'users.objectpermission']) def test_export_objects(self): url = self._get_url('list') @@ -704,7 +704,7 @@ def test_bulk_edit_objects_without_permission(self): with disable_warnings('django.request'): self.assertHttpStatus(self.client.post(self._get_url('bulk_edit'), data), 403) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group', 'users.objectpermission']) def test_bulk_edit_objects_with_permission(self): pk_list = list(self._get_queryset().values_list('pk', flat=True)[:3]) data = { @@ -729,7 +729,7 @@ def test_bulk_edit_objects_with_permission(self): for i, instance in enumerate(self._get_queryset().filter(pk__in=pk_list)): self.assertInstanceEqual(instance, self.bulk_edit_data) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group', 'users.objectpermission']) def test_bulk_edit_objects_with_constrained_permission(self): pk_list = list(self._get_queryset().values_list('pk', flat=True)[:3]) data = { From 8e57521f3e651be5f0d13c2700e80e5ffc5c8405 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 26 Jun 2023 09:32:47 -0700 Subject: [PATCH 36/72] 12589 objectpermission test fixes for create check where create new objectpermission --- netbox/utilities/testing/views.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index c4b642450be..a066d822d62 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -175,6 +175,10 @@ def test_create_object_with_permission(self): 'data': post_data(self.form_data), } self.assertHttpStatus(self.client.post(**request), 302) + + if self.model == ObjectPermission: + # if this test is for ObjectPermission we just created another one + initial_count += 1 self.assertEqual(initial_count + 1, self._get_queryset().count()) instance = self._get_queryset().order_by('pk').last() self.assertInstanceEqual(instance, self.form_data, exclude=['password']) @@ -211,6 +215,9 @@ def test_create_object_with_constrained_permission(self): 'data': post_data(self.form_data), } self.assertHttpStatus(self.client.post(**request), 200) + if self.model == ObjectPermission: + # if this test is for ObjectPermission we just created another one + initial_count += 1 self.assertEqual(initial_count, self._get_queryset().count()) # Check that no object was created # Update the ObjectPermission to allow creation From 4e418ba7f0c632cdee6a43132b606f6f9e7a76f2 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 26 Jun 2023 09:35:32 -0700 Subject: [PATCH 37/72] 12589 objectpermission test fixes for create check where create new objectpermission --- netbox/utilities/testing/views.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index a066d822d62..9ff85fe1691 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -840,6 +840,9 @@ def test_bulk_delete_objects_with_constrained_permission(self): # Attempt to bulk delete non-permitted objects self.assertHttpStatus(self.client.post(self._get_url('bulk_delete'), data), 302) + if self.model == ObjectPermission: + # if this test is for ObjectPermission we just created another one + initial_count += 1 self.assertEqual(self._get_queryset().count(), initial_count) # Update permission constraints From 171f85d8570d8d994c5bb4566eb5a27e7f2ac6ba Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 26 Jun 2023 09:52:35 -0700 Subject: [PATCH 38/72] 12589 objectpermission remove bulk import --- netbox/users/forms/bulk_import.py | 10 ---------- netbox/users/urls.py | 1 - netbox/users/views.py | 5 ----- netbox/utilities/testing/views.py | 15 +++++++++++++++ 4 files changed, 15 insertions(+), 16 deletions(-) diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py index a465e4406f9..e37e2099d44 100644 --- a/netbox/users/forms/bulk_import.py +++ b/netbox/users/forms/bulk_import.py @@ -8,7 +8,6 @@ __all__ = ( 'GroupImportForm', - 'ObjectPermissionImportForm', ) @@ -19,12 +18,3 @@ class Meta: fields = ( 'name', ) - - -class ObjectPermissionImportForm(NetBoxModelImportForm): - - class Meta: - model = ObjectPermission - fields = ( - 'name', 'enabled', - ) diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 9edecd8c03c..6b13748ba32 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -28,7 +28,6 @@ # Permissions path('permissions/', views.ObjectPermissionListView.as_view(), name='objectpermission_list'), path('permissions/add/', views.ObjectPermissionEditView.as_view(), name='objectpermission_add'), - path('permissions/import/', views.ObjectPermissionBulkImportView.as_view(), name='objectpermission_import'), path('permissions/edit/', views.ObjectPermissionBulkEditView.as_view(), name='objectpermission_bulk_edit'), path('permissions/delete/', views.ObjectPermissionBulkDeleteView.as_view(), name='objectpermission_bulk_delete'), path('permissions//', include(get_model_urls('users', 'objectpermission'))), diff --git a/netbox/users/views.py b/netbox/users/views.py index 026bdb4e993..99feeef201e 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -475,11 +475,6 @@ class ObjectPermissionDeleteView(generic.ObjectDeleteView): queryset = ObjectPermission.objects.all() -class ObjectPermissionBulkImportView(generic.BulkImportView): - queryset = ObjectPermission.objects.all() - model_form = forms.ObjectPermissionImportForm - - class ObjectPermissionBulkEditView(generic.BulkEditView): queryset = ObjectPermission.objects.all() filterset = filtersets.ObjectPermissionFilterSet diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index 9ff85fe1691..4b4644762e8 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -1027,3 +1027,18 @@ class GroupViewTestCase( TestCase suitable for testing all standard View functions for auth.group objects """ maxDiff = None + + class ObjectPermissionViewTestCase( + GetObjectViewTestCase, + GetObjectChangelogViewTestCase, + CreateObjectViewTestCase, + EditObjectViewTestCase, + DeleteObjectViewTestCase, + ListObjectsViewTestCase, + BulkEditObjectsViewTestCase, + BulkDeleteObjectsViewTestCase, + ): + """ + TestCase suitable for testing all standard View functions for auth.group objects + """ + maxDiff = None From 1f08dc6c55549c7f0352c0814e94bfc7990bb957 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 26 Jun 2023 10:26:58 -0700 Subject: [PATCH 39/72] 12589 update proflie base template --- netbox/templates/users/api_tokens.html | 2 +- netbox/templates/users/base.html | 19 ------------------- netbox/templates/users/password.html | 2 +- netbox/templates/users/preferences.html | 2 +- netbox/templates/users/profile.html | 2 +- 5 files changed, 4 insertions(+), 23 deletions(-) diff --git a/netbox/templates/users/api_tokens.html b/netbox/templates/users/api_tokens.html index e1641468ca6..aaff36a4411 100644 --- a/netbox/templates/users/api_tokens.html +++ b/netbox/templates/users/api_tokens.html @@ -1,4 +1,4 @@ -{% extends 'users/base.html' %} +{% extends 'users/base_profile.html' %} {% load helpers %} {% load render_table from django_tables2 %} diff --git a/netbox/templates/users/base.html b/netbox/templates/users/base.html index 5b5f860f779..3d09f852625 100644 --- a/netbox/templates/users/base.html +++ b/netbox/templates/users/base.html @@ -5,25 +5,6 @@ {% load plugins %} -{% block tabs %} - -{% endblock %} - {% block content-wrapper %}
      {% block content %}{% endblock %} diff --git a/netbox/templates/users/password.html b/netbox/templates/users/password.html index 02e80bb268a..77c152de847 100644 --- a/netbox/templates/users/password.html +++ b/netbox/templates/users/password.html @@ -1,4 +1,4 @@ -{% extends 'users/base.html' %} +{% extends 'users/base_profile.html' %} {% load form_helpers %} {% block title %}Change Password{% endblock %} diff --git a/netbox/templates/users/preferences.html b/netbox/templates/users/preferences.html index f2c88db3c02..3d67e7b24f4 100644 --- a/netbox/templates/users/preferences.html +++ b/netbox/templates/users/preferences.html @@ -1,4 +1,4 @@ -{% extends 'users/base.html' %} +{% extends 'users/base_profile.html' %} {% load helpers %} {% load form_helpers %} diff --git a/netbox/templates/users/profile.html b/netbox/templates/users/profile.html index 913784c9496..0922f9ddf65 100644 --- a/netbox/templates/users/profile.html +++ b/netbox/templates/users/profile.html @@ -1,4 +1,4 @@ -{% extends 'users/base.html' %} +{% extends 'users/base_profile.html' %} {% load helpers %} {% load render_table from django_tables2 %} From 54ae41809e844009bbbc4977acdd086a6a60c00b Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 26 Jun 2023 13:13:53 -0700 Subject: [PATCH 40/72] 12589 change password --- netbox/users/forms/model_forms.py | 14 ++++++--- netbox/users/urls.py | 1 + netbox/users/views.py | 47 +++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+), 4 deletions(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 1a91a239ff0..f7f026bd683 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -1,10 +1,11 @@ from django import forms from django.conf import settings from django.contrib.auth import get_user_model -from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm as DjangoPasswordChangeForm +from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm as DjangoPasswordChangeForm, SetPasswordForm as DjangoPasswordSetForm from django.contrib.auth.models import Group from django.contrib.contenttypes.models import ContentType from django.contrib.postgres.forms import SimpleArrayField +from django.urls import reverse from django.utils.html import mark_safe from django.utils.translation import gettext as _ @@ -24,6 +25,7 @@ 'LoginForm', 'ObjectPermissionForm', 'PasswordChangeForm', + 'PasswordSetForm', 'TokenForm', 'UserConfigForm', 'UserForm', @@ -38,6 +40,10 @@ class PasswordChangeForm(BootstrapMixin, DjangoPasswordChangeForm): pass +class PasswordSetForm(BootstrapMixin, DjangoPasswordSetForm): + pass + + class UserConfigFormMetaclass(forms.models.ModelFormMetaclass): def __new__(mcs, name, bases, attrs): @@ -192,9 +198,9 @@ def __init__(self, *args, **kwargs): self.fields['password'].help_text = _( "Raw passwords are not stored, so there is no way to see this " "user’s password, but you can change the password using " - 'this form.' - ) - + 'this form.' + ).format(url=reverse('users:change_user_password', args=[self.instance.pk])) + print(self.fields['password'].help_text) del self.fields['confirm_password'] def save(self, *args, **kwargs): diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 6b13748ba32..031c38c441f 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -17,6 +17,7 @@ path('users/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxuser_bulk_edit'), path('users/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxuser_bulk_delete'), path('users//', include(get_model_urls('users', 'netboxuser'))), + path('users/password//', views.NetBoxUserChangePasswordView.as_view(), name='change_user_password'), # Groups path('groups/', views.NetBoxGroupListView.as_view(), name='netboxgroup_list'), diff --git a/netbox/users/views.py b/netbox/users/views.py index 99feeef201e..a316985e94b 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -6,6 +6,7 @@ from django.contrib.auth.mixins import LoginRequiredMixin from django.contrib.auth.models import Group, User, update_last_login from django.contrib.auth.signals import user_logged_in +from django.core.exceptions import ImproperlyConfigured from django.db.models import Count from django.http import HttpResponseRedirect from django.shortcuts import get_object_or_404, redirect, render, resolve_url @@ -397,6 +398,52 @@ def get_required_permission(self): return get_permission_for_model(User, 'delete') +class NetBoxUserChangePasswordView(LoginRequiredMixin, View): + template_name = 'users/passworduser.html' + queryset = User.objects.all() + + def get_object(self, **kwargs): + """ + Return an object for editing. If no keyword arguments have been specified, this will be a new instance. + """ + if not kwargs: + # We're creating a new object + return self.queryset.model() + return get_object_or_404(self.queryset, **kwargs) + + def get(self, request, *args, **kwargs): + obj = self.get_object(**kwargs) + + # LDAP users cannot change their password here + if getattr(obj, 'ldap_username', None): + messages.warning(request, "LDAP-authenticated user credentials cannot be changed within NetBox.") + return redirect('users:netboxuser_list') + + form = forms.PasswordSetForm(user=obj) + + return render(request, self.template_name, { + 'form': form, + 'active_tab': 'password', + 'object': obj, + }) + + def post(self, request, *args, **kwargs): + obj = self.get_object(**kwargs) + + form = forms.PasswordSetForm(user=obj, data=request.POST) + if form.is_valid(): + form.save() + update_session_auth_hash(request, form.user) + messages.success(request, "The password has been changed successfully.") + return redirect('users:netboxuser_list') + + return render(request, self.template_name, { + 'form': form, + 'active_tab': 'password', + 'object': obj, + }) + + # # Groups # From 0565663e877b295e8b7959f1e3d9d4d3edd8a8b9 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 26 Jun 2023 13:17:13 -0700 Subject: [PATCH 41/72] 12589 remove from admin --- netbox/users/admin/__init__.py | 98 ---------------------------------- 1 file changed, 98 deletions(-) diff --git a/netbox/users/admin/__init__.py b/netbox/users/admin/__init__.py index 2db822cfefc..316346c5065 100644 --- a/netbox/users/admin/__init__.py +++ b/netbox/users/admin/__init__.py @@ -15,41 +15,6 @@ admin.site.unregister(User) -@admin.register(Group) -class GroupAdmin(admin.ModelAdmin): - form = forms.GroupAdminForm - list_display = ('name', 'user_count') - ordering = ('name',) - search_fields = ('name',) - inlines = [inlines.GroupObjectPermissionInline] - - @staticmethod - def user_count(obj): - return obj.user_set.count() - - -@admin.register(User) -class UserAdmin(UserAdmin_): - list_display = [ - 'username', 'email', 'first_name', 'last_name', 'is_superuser', 'is_staff', 'is_active' - ] - fieldsets = ( - (None, {'fields': ('username', 'password', 'first_name', 'last_name', 'email')}), - ('Groups', {'fields': ('groups',)}), - ('Status', { - 'fields': ('is_active', 'is_staff', 'is_superuser'), - }), - ('Important dates', {'fields': ('last_login', 'date_joined')}), - ) - filter_horizontal = ('groups',) - list_filter = ('is_active', 'is_staff', 'is_superuser', 'groups__name') - - def get_inlines(self, request, obj): - if obj is not None: - return (inlines.UserObjectPermissionInline, inlines.UserConfigInline) - return () - - # # REST API tokens # @@ -64,66 +29,3 @@ class TokenAdmin(admin.ModelAdmin): def list_allowed_ips(self, obj): return obj.allowed_ips or 'Any' list_allowed_ips.short_description = "Allowed IPs" - - -# -# Permissions -# - -@admin.register(ObjectPermission) -class ObjectPermissionAdmin(admin.ModelAdmin): - actions = ('enable', 'disable') - fieldsets = ( - (None, { - 'fields': ('name', 'description', 'enabled') - }), - ('Actions', { - 'fields': (('can_view', 'can_add', 'can_change', 'can_delete'), 'actions') - }), - ('Objects', { - 'fields': ('object_types',) - }), - ('Assignment', { - 'fields': ('groups', 'users') - }), - ('Constraints', { - 'fields': ('constraints',), - 'classes': ('monospace',) - }), - ) - filter_horizontal = ('object_types', 'groups', 'users') - form = forms.ObjectPermissionForm - list_display = [ - 'name', 'enabled', 'list_models', 'list_users', 'list_groups', 'actions', 'constraints', 'description', - ] - list_filter = [ - 'enabled', filters.ActionListFilter, filters.ObjectTypeListFilter, 'groups', 'users' - ] - search_fields = ['actions', 'constraints', 'description', 'name'] - - def get_queryset(self, request): - return super().get_queryset(request).prefetch_related('object_types', 'users', 'groups') - - def list_models(self, obj): - return ', '.join([f"{ct}" for ct in obj.object_types.all()]) - list_models.short_description = 'Models' - - def list_users(self, obj): - return ', '.join([u.username for u in obj.users.all()]) - list_users.short_description = 'Users' - - def list_groups(self, obj): - return ', '.join([g.name for g in obj.groups.all()]) - list_groups.short_description = 'Groups' - - # - # Admin actions - # - - def enable(self, request, queryset): - updated = queryset.update(enabled=True) - self.message_user(request, f"Enabled {updated} permissions") - - def disable(self, request, queryset): - updated = queryset.update(enabled=False) - self.message_user(request, f"Disabled {updated} permissions") From e2cc63fb260584f5130eda52a9e2aca1dc1f3ec7 Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 13 Jul 2023 18:49:07 +0700 Subject: [PATCH 42/72] 12589 review changes and add localization --- netbox/users/forms/bulk_edit.py | 8 +++++- netbox/users/forms/bulk_import.py | 2 +- netbox/users/forms/filtersets.py | 11 ++++---- netbox/users/forms/model_forms.py | 45 +++++++++++++++++++------------ 4 files changed, 42 insertions(+), 24 deletions(-) diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index a3a2c7a1a02..21e4d75e864 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -1,5 +1,5 @@ from django import forms -from django.utils.translation import gettext as _ +from django.utils.translation import gettext_lazy as _ from netbox.forms import NetBoxModelBulkEditForm from users.models import * @@ -16,14 +16,17 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): pk = forms.ModelMultipleChoiceField( + label=_('Pk'), queryset=None, # Set from self.model on init widget=forms.MultipleHiddenInput ) first_name = forms.CharField( + label=_('First name'), max_length=150, required=False ) last_name = forms.CharField( + label=_('Last name'), max_length=150, required=False ) @@ -53,14 +56,17 @@ def __init__(self, *args, **kwargs): class ObjectPermissionBulkEditForm(BootstrapMixin, forms.Form): pk = forms.ModelMultipleChoiceField( + label=_('Pk'), queryset=None, # Set from self.model on init widget=forms.MultipleHiddenInput ) description = forms.CharField( + label=_('Description'), max_length=200, required=False ) enabled = forms.BooleanField( + label=_('Enabled'), required=False, ) diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py index e37e2099d44..618cb46fd10 100644 --- a/netbox/users/forms/bulk_import.py +++ b/netbox/users/forms/bulk_import.py @@ -1,7 +1,7 @@ from django import forms from users.models import * -from django.utils.translation import gettext as _ +from django.utils.translation import gettext_lazy as _ from netbox.forms import NetBoxModelImportForm from utilities.forms import BootstrapMixin from utilities.forms.fields import CSVChoiceField, CSVModelChoiceField, SlugField diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py index 95746a6c822..7df50787fc6 100644 --- a/netbox/users/forms/filtersets.py +++ b/netbox/users/forms/filtersets.py @@ -1,5 +1,5 @@ from django import forms -from django.utils.translation import gettext as _ +from django.utils.translation import gettext_lazy as _ from circuits.choices import CircuitCommitRateChoices, CircuitStatusChoices from circuits.models import * @@ -23,28 +23,28 @@ class UserFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): model = NetBoxUser fieldsets = ( (None, ('q', 'filter_id',)), - ('Security', ('is_superuser', 'is_staff', 'is_active')), + (_('Security'), ('is_superuser', 'is_staff', 'is_active')), ) is_superuser = forms.NullBooleanField( required=False, widget=forms.Select( choices=BOOLEAN_WITH_BLANK_CHOICES ), - label='Is Superuser', + label=_('Is Superuser'), ) is_staff = forms.NullBooleanField( required=False, widget=forms.Select( choices=BOOLEAN_WITH_BLANK_CHOICES ), - label='Is Staff', + label=_('Is Staff'), ) is_active = forms.NullBooleanField( required=False, widget=forms.Select( choices=BOOLEAN_WITH_BLANK_CHOICES ), - label='Is Active', + label=_('Is Active'), ) @@ -62,6 +62,7 @@ class ObjectPermissionFilterForm(ContactModelFilterForm, NetBoxModelFilterSetFor (None, ('enabled',)), ) enabled = forms.NullBooleanField( + label=_('Enabled'), required=False, widget=forms.Select( choices=BOOLEAN_WITH_BLANK_CHOICES diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index f7f026bd683..15d16d052c7 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -5,9 +5,10 @@ from django.contrib.auth.models import Group from django.contrib.contenttypes.models import ContentType from django.contrib.postgres.forms import SimpleArrayField +from django.core.exceptions import FieldError from django.urls import reverse from django.utils.html import mark_safe -from django.utils.translation import gettext as _ +from django.utils.translation import gettext_lazy as _ from ipam.formfields import IPNetworkFormField from ipam.validators import prefix_validator @@ -18,7 +19,7 @@ from utilities.utils import flatten_dict from users.constants import * from users.models import * - +from utilities.permissions import qs_filter_from_constraints __all__ = ( 'GroupForm', @@ -69,17 +70,18 @@ def __new__(mcs, name, bases, attrs): class UserConfigForm(BootstrapMixin, forms.ModelForm, metaclass=UserConfigFormMetaclass): fieldsets = ( - ('User Interface', ( + (_('User Interface'), ( 'pagination.per_page', 'pagination.placement', 'ui.colormode', )), - ('Miscellaneous', ( + (_('Miscellaneous'), ( 'data_format', )), ) # List of clearable preferences pk = forms.MultipleChoiceField( + label=_('Pk'), choices=[], required=False ) @@ -124,6 +126,7 @@ def plugin_fields(self): class TokenForm(BootstrapMixin, forms.ModelForm): key = forms.CharField( + label=_('Key'), required=False, help_text=_("If no key is provided, one will be generated automatically.") ) @@ -154,15 +157,18 @@ def __init__(self, *args, **kwargs): class UserForm(BootstrapMixin, forms.ModelForm): password = forms.CharField( + label=_('Password'), widget=forms.PasswordInput(), required=True, ) confirm_password = forms.CharField( + label=_('Confirm password'), widget=forms.PasswordInput(), required=True, help_text=_("Enter the same password as before, for verification."), ) groups = DynamicModelMultipleChoiceField( + label=_('Groups'), required=False, queryset=Group.objects.all() ) @@ -174,10 +180,10 @@ class UserForm(BootstrapMixin, forms.ModelForm): ) fieldsets = ( - ('User', ('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email', )), - ('Groups', ('groups', )), - ('Status', ('is_active', 'is_staff', 'is_superuser', )), - ('Permissions', ('object_permissions', )), + (_('User'), ('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email', )), + (_('Groups'), ('groups', )), + (_('Status'), ('is_active', 'is_staff', 'is_superuser', )), + (_('Permissions'), ('object_permissions', )), ) class Meta: @@ -241,6 +247,7 @@ def clean_username(self): class GroupForm(BootstrapMixin, forms.ModelForm): users = DynamicModelMultipleChoiceField( + label=_('Users'), required=False, queryset=get_user_model().objects.all() ) @@ -253,8 +260,8 @@ class GroupForm(BootstrapMixin, forms.ModelForm): fieldsets = ( (None, ('name', )), - ('Users', ('users', )), - ('Permissions', ('object_permissions', )), + (_('Users'), ('users', )), + (_('Permissions'), ('object_permissions', )), ) class Meta: @@ -278,18 +285,22 @@ def save(self, *args, **kwargs): class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): actions = SimpleArrayField( + label=_('Actions'), base_field=forms.CharField(), required=False, ) users = DynamicModelMultipleChoiceField( + label=_('Users'), required=False, queryset=get_user_model().objects.all() ) groups = DynamicModelMultipleChoiceField( + label=_('Groups'), required=False, queryset=Group.objects.all() ) - object_types = forms.ModelMultipleChoiceField( + object_types = ContentTypeMultipleChoiceField( + label=_('Object types'), queryset=ContentType.objects.all(), limit_choices_to=OBJECTPERMISSION_OBJECT_TYPES, widget=forms.SelectMultiple(attrs={'size': 6}) @@ -302,10 +313,10 @@ class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): fieldsets = ( (None, ('name', 'description', 'enabled',)), - ('Actions', ('can_view', 'can_add', 'can_change', 'can_delete', 'actions')), - ('Objects', ('object_types', )), - ('Assignment', ('groups', 'users')), - ('Constraints', ('constraints',)) + (_('Actions'), ('can_view', 'can_add', 'can_change', 'can_delete', 'actions')), + (_('Objects'), ('object_types', )), + (_('Assignment'), ('groups', 'users')), + (_('Constraints'), ('constraints',)) ) class Meta: @@ -355,7 +366,7 @@ def clean(self): # At least one action must be specified if not self.cleaned_data['actions']: - raise forms.ValidationError("At least one action must be selected.") + raise forms.ValidationError(_("At least one action must be selected.")) # Validate the specified model constraints by attempting to execute a query. We don't care whether the query # returns anything; we just want to make sure the specified constraints are valid. @@ -372,5 +383,5 @@ def clean(self): model.objects.filter(qs_filter_from_constraints(constraints, tokens)).exists() except FieldError as e: raise forms.ValidationError({ - 'constraints': f'Invalid filter for {model}: {e}' + 'constraints': _('Invalid filter for {model}: {e}').format(model=model, e=e) }) From 2cc7e495311957876e6371fef55c09aa01fd3283 Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 13 Jul 2023 19:00:26 +0700 Subject: [PATCH 43/72] 12589 review changes for linkify column --- netbox/users/tables.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/netbox/users/tables.py b/netbox/users/tables.py index 2fcdc3a05cf..1ed66a3aebb 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -57,7 +57,7 @@ class Meta(NetBoxTable.Meta): class UserTable(NetBoxTable): - username = tables.LinkColumn('users:netboxuser', args=[A('pk')]) + username = tables.Column(linkify=True) actions = columns.ActionsColumn( actions=('edit', 'delete'), ) @@ -71,7 +71,7 @@ class Meta(NetBoxTable.Meta): class GroupTable(NetBoxTable): - name = tables.LinkColumn('users:netboxgroup', args=[A('pk')]) + name = tables.Column(linkify=True) actions = columns.ActionsColumn( actions=('edit', 'delete'), ) @@ -85,7 +85,7 @@ class Meta(NetBoxTable.Meta): class ObjectPermissionTable(NetBoxTable): - name = tables.LinkColumn('users:objectpermission', args=[A('pk')]) + name = tables.Column(linkify=True) actions = columns.ActionsColumn( actions=('edit', 'delete'), ) From 7307ee47ccac0ff91cbf908e6fc75880826d636b Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 13 Jul 2023 19:56:21 +0700 Subject: [PATCH 44/72] 12589 fix template --- netbox/templates/users/base_profile.html | 6 +++++- netbox/templates/users/bookmarks.html | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/netbox/templates/users/base_profile.html b/netbox/templates/users/base_profile.html index 76cc53b33a6..3275b859cbc 100644 --- a/netbox/templates/users/base_profile.html +++ b/netbox/templates/users/base_profile.html @@ -1,5 +1,9 @@ {% extends 'base/layout.html' %} - +{% load i18n %} +{% load buttons %} +{% load static %} +{% load helpers %} +{% load plugins %} {% block tabs %}
        diff --git a/netbox/templates/users/bookmarks.html b/netbox/templates/users/bookmarks.html index 66f367a1c99..4695f509e96 100644 --- a/netbox/templates/users/bookmarks.html +++ b/netbox/templates/users/bookmarks.html @@ -1,4 +1,4 @@ -{% extends 'users/base.html' %} +{% extends 'users/base_profile.html' %} {% load buttons %} {% load helpers %} {% load render_table from django_tables2 %} From 40c8e67c03a04f3f729301a0f1c498a5d6881718 Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 13 Jul 2023 20:34:03 +0700 Subject: [PATCH 45/72] 12589 translate templates --- netbox/templates/users/group.html | 19 ++++-------- netbox/templates/users/objectpermission.html | 19 ++++-------- netbox/templates/users/passworduser.html | 1 + netbox/templates/users/user.html | 31 ++++++++------------ 4 files changed, 25 insertions(+), 45 deletions(-) diff --git a/netbox/templates/users/group.html b/netbox/templates/users/group.html index 77e1a3f88bb..bb699468b2d 100644 --- a/netbox/templates/users/group.html +++ b/netbox/templates/users/group.html @@ -1,26 +1,19 @@ {% extends 'users/base.html' %} +{% load i18n %} {% load helpers %} {% load render_table from django_tables2 %} -{% block title %}Group Detail{% endblock %} - -{% block tabs %} - -{% endblock tabs %} +{% block title %}{% trans "Group" %} {{ object.name }}{% endblock %} {% block content %}
        -
        Account Details
        +
        {% trans "Account Details" %}
        - +
        Name{% trans "Name" %} {{ object.name }}
        @@ -29,12 +22,12 @@
        Account Details
        -
        Users
        +
        {% trans "Users" %}
          {% for user in object.user_set.all %}
        • {{ user }}
          • {% empty %} -
        • None
          • +
        • {% trans "None" %}
          • {% endfor %}
        diff --git a/netbox/templates/users/objectpermission.html b/netbox/templates/users/objectpermission.html index 4f646515a08..8c9e84ad684 100644 --- a/netbox/templates/users/objectpermission.html +++ b/netbox/templates/users/objectpermission.html @@ -1,26 +1,19 @@ {% extends 'users/base.html' %} +{% load i18n %} {% load helpers %} {% load render_table from django_tables2 %} -{% block title %}Permission Detail{% endblock %} - -{% block tabs %} - -{% endblock tabs %} +{% block title %}{% trans "Permission" %} {{ object.name }}{% endblock %} {% block content %}
        -
        Account Details
        +
        {% trans "Account Details" %}
        - +
        Name{% trans "Name" %} {{ object.name }}
        @@ -29,12 +22,12 @@
        Account Details
        -
        Assigned Users
        +
        {% trans "Assigned Users" %}
          {% for user in object.users.all %}
        • {{ user }}
          • {% empty %} -
        • None
          • +
        • {% trans "None" %}
          • {% endfor %}
        diff --git a/netbox/templates/users/passworduser.html b/netbox/templates/users/passworduser.html index d0ebc12e5da..3b50c3bc0cd 100644 --- a/netbox/templates/users/passworduser.html +++ b/netbox/templates/users/passworduser.html @@ -1,4 +1,5 @@ {% extends 'users/base_profile.html' %} +{% load i18n %} {% load form_helpers %} {% block title %}{% trans "Change Password" %}{% endblock %} diff --git a/netbox/templates/users/user.html b/netbox/templates/users/user.html index 3b514b10351..295f0f96281 100644 --- a/netbox/templates/users/user.html +++ b/netbox/templates/users/user.html @@ -1,30 +1,23 @@ {% extends 'users/base.html' %} +{% load i18n %} {% load helpers %} {% load render_table from django_tables2 %} -{% block title %}User Detail{% endblock %} - -{% block tabs %} - -{% endblock tabs %} +{% block title %}{% trans "User" %} {{ object.username }}{% endblock %} {% block content %}
        -
        Account Details
        +
        {% trans "Account Details" %}
        - + - + - + - + - + - +
        Username{% trans "Username" %} {{ object.username }}
        Full Name{% trans "Full Name" %} {% if object.first_name or object.last_name %} {{ object.first_name }} {{ object.last_name }} @@ -34,19 +27,19 @@
        Account Details
        Email{% trans "Email" %} {{ object.email|placeholder }}
        Account Created{% trans "Account Created" %} {{ object.date_joined|annotated_date }}
        Superuser{% trans "Superuser" %} {% checkmark object.is_superuser %}
        Admin Access{% trans "Admin Access" %} {% checkmark object.is_staff %}
        @@ -55,12 +48,12 @@
        Account Details
        -
        Assigned Groups
        +
        {% trans "Assigned Groups" %}
          {% for group in object.groups.all %}
        • {{ group }}
          • {% empty %} -
        • None
          • +
        • {% trans "None" %}
          • {% endfor %}
        @@ -70,7 +63,7 @@
        Assigned Groups
        -
        Recent Activity
        +
        {% trans "Recent Activity" %}
        {% render_table changelog_table 'inc/table.html' %}
        From 2871cb9f4081575d1724325bf03c441679165c82 Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 13 Jul 2023 20:48:06 +0700 Subject: [PATCH 46/72] 12589 review changes --- netbox/templates/users/objectpermission.html | 11 +++++++++++ netbox/users/forms/filtersets.py | 17 +++++------------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/netbox/templates/users/objectpermission.html b/netbox/templates/users/objectpermission.html index 8c9e84ad684..2ef6acbae08 100644 --- a/netbox/templates/users/objectpermission.html +++ b/netbox/templates/users/objectpermission.html @@ -31,6 +31,17 @@
        {% trans "Assigned Users" %}
        {% endfor %}
      + +
      +
      {% trans "Assigned Groups" %}
      +
        + {% for group in object.groups.all %} +
      • {{ group }}
        • + {% empty %} +
      • {% trans "None" %}
        • + {% endfor %} +
      +
{% endblock %} diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py index 7df50787fc6..90fb5c74565 100644 --- a/netbox/users/forms/filtersets.py +++ b/netbox/users/forms/filtersets.py @@ -1,16 +1,9 @@ from django import forms from django.utils.translation import gettext_lazy as _ +from users.models import NetBoxGroup, NetBoxUser, ObjectPermission +from utilities.forms import BOOLEAN_WITH_BLANK_CHOICES, FilterForm, add_blank_choice -from circuits.choices import CircuitCommitRateChoices, CircuitStatusChoices -from circuits.models import * -from dcim.models import Region, Site, SiteGroup -from ipam.models import ASN from netbox.forms import NetBoxModelFilterSetForm -from tenancy.forms import TenancyFilterForm, ContactModelFilterForm -from users.models import ObjectPermission, NetBoxGroup, NetBoxUser -from utilities.forms import BOOLEAN_WITH_BLANK_CHOICES, FilterForm, add_blank_choice -from utilities.forms.fields import DynamicModelMultipleChoiceField, TagFilterField -from utilities.forms.widgets import DatePicker, NumberWithOptions __all__ = ( 'GroupFilterForm', @@ -19,7 +12,7 @@ ) -class UserFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): +class UserFilterForm(NetBoxModelFilterSetForm): model = NetBoxUser fieldsets = ( (None, ('q', 'filter_id',)), @@ -48,14 +41,14 @@ class UserFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): ) -class GroupFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): +class GroupFilterForm(NetBoxModelFilterSetForm): model = NetBoxGroup fieldsets = ( (None, ('q', 'filter_id',)), ) -class ObjectPermissionFilterForm(ContactModelFilterForm, NetBoxModelFilterSetForm): +class ObjectPermissionFilterForm(NetBoxModelFilterSetForm): model = ObjectPermission fieldsets = ( (None, ('q', 'filter_id',)), From 101db0fc7bea8024847f9b6bf43b4d2d599fef26 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 14 Jul 2023 10:58:19 +0700 Subject: [PATCH 47/72] 12589 review changes --- netbox/templates/users/user.html | 12 ++++++++++++ netbox/users/forms/bulk_edit.py | 4 ---- netbox/users/forms/bulk_import.py | 5 +---- .../users/migrations/0004_netboxgroup_netboxuser.py | 8 ++++++++ netbox/users/models.py | 8 +++++++- 5 files changed, 28 insertions(+), 9 deletions(-) diff --git a/netbox/templates/users/user.html b/netbox/templates/users/user.html index 295f0f96281..64aab2d4ed0 100644 --- a/netbox/templates/users/user.html +++ b/netbox/templates/users/user.html @@ -57,7 +57,19 @@
{% trans "Assigned Groups" %}
{% endfor %}
+ +
+
{% trans "Assigned Permissions" %}
+
    + {% for perm in object.object_permissions.all %} +
  • {{ perm }}
    • + {% empty %} +
  • {% trans "None" %}
    • + {% endfor %} +
+
+ {% if perms.extras.view_objectchange %}
diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index 21e4d75e864..786d27c7d6c 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -1,12 +1,8 @@ from django import forms from django.utils.translation import gettext_lazy as _ -from netbox.forms import NetBoxModelBulkEditForm from users.models import * -from utilities.forms import add_blank_choice -from utilities.forms.fields import CommentField, DynamicModelChoiceField, DynamicModelMultipleChoiceField from utilities.forms import BootstrapMixin -from utilities.forms.widgets import DatePicker, NumberWithOptions __all__ = ( 'ObjectPermissionBulkEditForm', diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py index 618cb46fd10..ed08f03faa0 100644 --- a/netbox/users/forms/bulk_import.py +++ b/netbox/users/forms/bulk_import.py @@ -1,10 +1,7 @@ from django import forms -from users.models import * -from django.utils.translation import gettext_lazy as _ +from users.models import NetBoxGroup from netbox.forms import NetBoxModelImportForm -from utilities.forms import BootstrapMixin -from utilities.forms.fields import CSVChoiceField, CSVModelChoiceField, SlugField __all__ = ( 'GroupImportForm', diff --git a/netbox/users/migrations/0004_netboxgroup_netboxuser.py b/netbox/users/migrations/0004_netboxgroup_netboxuser.py index 7bb746bd568..afbc0eefb10 100644 --- a/netbox/users/migrations/0004_netboxgroup_netboxuser.py +++ b/netbox/users/migrations/0004_netboxgroup_netboxuser.py @@ -39,4 +39,12 @@ class Migration(migrations.Migration): ('objects', django.contrib.auth.models.UserManager()), ], ), + migrations.AlterModelOptions( + name='netboxgroup', + options={'ordering': ['name'], 'verbose_name': 'Group'}, + ), + migrations.AlterModelOptions( + name='netboxuser', + options={'ordering': ['username'], 'verbose_name': 'User'}, + ), ] diff --git a/netbox/users/models.py b/netbox/users/models.py index ffafb8c9c6d..003eefb0aac 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -56,6 +56,10 @@ class NetBoxUserManager(UserManager.from_queryset(RestrictedQuerySet)): pass +class NetBoxGroupManager(GroupManager.from_queryset(RestrictedQuerySet)): + pass + + class NetBoxUser(User): """ Proxy contrib.auth.models.User for the UI @@ -65,6 +69,7 @@ class NetBoxUser(User): class Meta: verbose_name = 'User' proxy = True + ordering = ['username',] def get_absolute_url(self): return reverse('users:netboxuser', args=[self.pk]) @@ -74,11 +79,12 @@ class NetBoxGroup(Group): """ Proxy contrib.auth.models.User for the UI """ - objects = RestrictedQuerySet.as_manager() + objects = NetBoxGroupManager() class Meta: verbose_name = 'Group' proxy = True + ordering = ['name',] def get_absolute_url(self): return reverse('users:netboxgroup', args=[self.pk]) From 002c0bf4be1b2f44d23195822739855755ad195a Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 14 Jul 2023 11:27:52 +0700 Subject: [PATCH 48/72] 12589 review changes --- netbox/users/views.py | 3 --- netbox/utilities/views.py | 5 ++--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/netbox/users/views.py b/netbox/users/views.py index 52ff091404c..1f997ca38d9 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -397,9 +397,6 @@ class NetBoxUserEditView(generic.ObjectEditView): class NetBoxUserDeleteView(generic.ObjectDeleteView): queryset = NetBoxUser.objects.all() - def get_required_permission(self): - return get_permission_for_model(User, 'delete') - class NetBoxUserBulkEditView(generic.BulkEditView): queryset = NetBoxUser.objects.all() diff --git a/netbox/utilities/views.py b/netbox/utilities/views.py index c10e8bcbd34..a639524b7e0 100644 --- a/netbox/utilities/views.py +++ b/netbox/utilities/views.py @@ -79,9 +79,8 @@ def has_permission(self): if user.has_perms((permission_required, *self.additional_permissions)): # Update the view's QuerySet to filter only the permitted objects - if isinstance(self.queryset, RestrictedQuerySet): - action = resolve_permission(permission_required)[1] - self.queryset = self.queryset.restrict(user, action) + action = resolve_permission(permission_required)[1] + self.queryset = self.queryset.restrict(user, action) return True From 6a98397626f21dd0bc2004ff28e0701fc90bbeec Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 14 Jul 2023 11:54:12 +0700 Subject: [PATCH 49/72] 12589 review changes - permission proxy --- netbox/utilities/permissions.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/netbox/utilities/permissions.py b/netbox/utilities/permissions.py index 5590adbc723..36b2295f205 100644 --- a/netbox/utilities/permissions.py +++ b/netbox/utilities/permissions.py @@ -18,11 +18,16 @@ def get_permission_for_model(model, action): :param model: A model or instance :param action: View, add, change, or delete (string) """ - ct = ContentType.objects.get_for_model(model) + + # Get non proxied model + concrete_model = model + while concrete_model._meta.proxy_for_model: + concrete_model = concrete_model._meta.proxy_for_model + return '{}.{}_{}'.format( - ct.app_label, + concrete_model._meta.app_label, action, - ct.model + concrete_model._meta.model_name ) From 8d84eec3e19f0d6af4dcabb87bf633c1b09bccd8 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 14 Jul 2023 12:43:47 +0700 Subject: [PATCH 50/72] 12589 review changes - change permission check --- netbox/utilities/permissions.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/netbox/utilities/permissions.py b/netbox/utilities/permissions.py index 36b2295f205..6bdf2b9c49d 100644 --- a/netbox/utilities/permissions.py +++ b/netbox/utilities/permissions.py @@ -75,14 +75,17 @@ def permission_is_exempt(name): if action == 'view': if ( - # All models (excluding those in EXEMPT_EXCLUDE_MODELS) are exempt from view permission enforcement - '*' in settings.EXEMPT_VIEW_PERMISSIONS and (f'{app_label}.{model_name}' in settings.EXEMPT_VIEW_PERMISSIONS or (app_label, model_name) not in settings.EXEMPT_EXCLUDE_MODELS) - ) or ( # This specific model is exempt from view permission enforcement f'{app_label}.{model_name}' in settings.EXEMPT_VIEW_PERMISSIONS ): return True + if ( + # All models (excluding those in EXEMPT_EXCLUDE_MODELS) are exempt from view permission enforcement + '*' in settings.EXEMPT_VIEW_PERMISSIONS and ((app_label, model_name) not in settings.EXEMPT_EXCLUDE_MODELS) + ): + return True + return False From f9f3899144333adc18149ace142ce7c39ab3a50c Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 14 Jul 2023 13:04:40 +0700 Subject: [PATCH 51/72] 12589 review changes - change permission check --- netbox/utilities/querysets.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/netbox/utilities/querysets.py b/netbox/utilities/querysets.py index e5cbe38945c..c6d127e6dda 100644 --- a/netbox/utilities/querysets.py +++ b/netbox/utilities/querysets.py @@ -2,7 +2,7 @@ from django.db.models import Prefetch, QuerySet from users.constants import CONSTRAINT_TOKEN_USER -from utilities.permissions import permission_is_exempt, qs_filter_from_constraints +from utilities.permissions import permission_is_exempt, qs_filter_from_constraints, get_permission_for_model __all__ = ( 'RestrictedPrefetch', @@ -47,10 +47,7 @@ def restrict(self, user, action='view'): :param action: The action which must be permitted (e.g. "view" for "dcim.view_site"); default is 'view' """ # Resolve the full name of the required permission - ct = ContentType.objects.get_for_model(self.model) - app_label = ct.app_label - model_name = ct.model - permission_required = f'{app_label}.{action}_{model_name}' + permission_required = get_permission_for_model(model, action) # Bypass restriction for superusers and exempt views if user.is_superuser or permission_is_exempt(permission_required): From 32f772d1d752a2a77d3caa34caf18d8167e22be3 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 14 Jul 2023 13:29:50 +0700 Subject: [PATCH 52/72] 12589 review changes - change permission check --- netbox/utilities/querysets.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/utilities/querysets.py b/netbox/utilities/querysets.py index c6d127e6dda..aad16a780aa 100644 --- a/netbox/utilities/querysets.py +++ b/netbox/utilities/querysets.py @@ -47,7 +47,7 @@ def restrict(self, user, action='view'): :param action: The action which must be permitted (e.g. "view" for "dcim.view_site"); default is 'view' """ # Resolve the full name of the required permission - permission_required = get_permission_for_model(model, action) + permission_required = get_permission_for_model(self.model, action) # Bypass restriction for superusers and exempt views if user.is_superuser or permission_is_exempt(permission_required): From 1a33637e0849d831bb053ec33037efb3c34601c0 Mon Sep 17 00:00:00 2001 From: Arthur Date: Fri, 14 Jul 2023 15:40:07 +0700 Subject: [PATCH 53/72] 12589 change password in edit view --- netbox/users/forms/model_forms.py | 25 ++++++++++------- netbox/users/urls.py | 1 - netbox/users/views.py | 46 ------------------------------- 3 files changed, 15 insertions(+), 57 deletions(-) diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 15d16d052c7..8c20f53503c 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -199,25 +199,30 @@ def __init__(self, *args, **kwargs): # Adjust form fields depending if Add or Edit if self.instance.pk: self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) - self.fields['password'].disabled = True - self.fields['password'].required = False - self.fields['password'].help_text = _( - "Raw passwords are not stored, so there is no way to see this " - "user’s password, but you can change the password using " - 'this form.' - ).format(url=reverse('users:change_user_password', args=[self.instance.pk])) - print(self.fields['password'].help_text) - del self.fields['confirm_password'] + pw_field = self.fields['password'] + pwc_field = self.fields['confirm_password'] + pw_field.required = False + pw_field.widget.attrs.pop('required') + pw_field.help_text = _("Leave empty to keep the old password.") + pwc_field.required = False + pwc_field.widget.attrs.pop('required') def save(self, *args, **kwargs): + edited = getattr(self, 'instance', None) instance = super().save(*args, **kwargs) instance.object_permissions.set(self.cleaned_data['object_permissions']) + + # On edit, check if we have to save the password + if edited and self.cleaned_data.get("password"): + instance.set_password(self.cleaned_data.get("password")) + instance.save() + return instance def clean(self): cleaned_data = super().clean() instance = getattr(self, 'instance', None) - if not instance: + if not instance or cleaned_data.get("password"): password = cleaned_data.get("password") confirm_password = cleaned_data.get("confirm_password") diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 6e9f3ef701d..815a39ec89b 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -18,7 +18,6 @@ path('users/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxuser_bulk_edit'), path('users/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxuser_bulk_delete'), path('users//', include(get_model_urls('users', 'netboxuser'))), - path('users/password//', views.NetBoxUserChangePasswordView.as_view(), name='change_user_password'), # Groups path('groups/', views.NetBoxGroupListView.as_view(), name='netboxgroup_list'), diff --git a/netbox/users/views.py b/netbox/users/views.py index 1f997ca38d9..79a3d23e0b3 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -414,52 +414,6 @@ def get_required_permission(self): return get_permission_for_model(User, 'delete') -class NetBoxUserChangePasswordView(LoginRequiredMixin, View): - template_name = 'users/passworduser.html' - queryset = User.objects.all() - - def get_object(self, **kwargs): - """ - Return an object for editing. If no keyword arguments have been specified, this will be a new instance. - """ - if not kwargs: - # We're creating a new object - return self.queryset.model() - return get_object_or_404(self.queryset, **kwargs) - - def get(self, request, *args, **kwargs): - obj = self.get_object(**kwargs) - - # LDAP users cannot change their password here - if getattr(obj, 'ldap_username', None): - messages.warning(request, "LDAP-authenticated user credentials cannot be changed within NetBox.") - return redirect('users:netboxuser_list') - - form = forms.PasswordSetForm(user=obj) - - return render(request, self.template_name, { - 'form': form, - 'active_tab': 'password', - 'object': obj, - }) - - def post(self, request, *args, **kwargs): - obj = self.get_object(**kwargs) - - form = forms.PasswordSetForm(user=obj, data=request.POST) - if form.is_valid(): - form.save() - update_session_auth_hash(request, form.user) - messages.success(request, "The password has been changed successfully.") - return redirect('users:netboxuser_list') - - return render(request, self.template_name, { - 'form': form, - 'active_tab': 'password', - 'object': obj, - }) - - # # Groups # From 68cd6efca6751c80564ef29169f69bf6ebf8d2ac Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 17 Jul 2023 13:00:35 +0700 Subject: [PATCH 54/72] 12589 user bulk import --- netbox/users/forms/bulk_import.py | 28 +++++++++++++++++++++++++--- netbox/users/urls.py | 1 + netbox/users/views.py | 5 +++++ 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py index ed08f03faa0..723b121de1e 100644 --- a/netbox/users/forms/bulk_import.py +++ b/netbox/users/forms/bulk_import.py @@ -1,17 +1,39 @@ from django import forms -from users.models import NetBoxGroup -from netbox.forms import NetBoxModelImportForm +from users.models import NetBoxGroup, NetBoxUser +from utilities.forms import CSVModelForm __all__ = ( 'GroupImportForm', + 'UserImportForm', ) -class GroupImportForm(NetBoxModelImportForm): +class GroupImportForm(CSVModelForm): class Meta: model = NetBoxGroup fields = ( 'name', ) + + +class UserImportForm(CSVModelForm): + + class Meta: + model = NetBoxUser + fields = ( + 'username', 'first_name', 'last_name', 'email', 'password', 'is_staff', + 'is_active', 'is_superuser' + ) + + def save(self, *args, **kwargs): + edited = getattr(self, 'instance', None) + instance = super().save(*args, **kwargs) + + # On edit, check if we have to save the password + if edited and self.cleaned_data.get("password"): + instance.set_password(self.cleaned_data.get("password")) + instance.save() + + return instance diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 815a39ec89b..50965a16f4f 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -16,6 +16,7 @@ path('users/', views.NetBoxUserListView.as_view(), name='netboxuser_list'), path('users/add/', views.NetBoxUserEditView.as_view(), name='netboxuser_add'), path('users/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxuser_bulk_edit'), + path('users/import/', views.NetBoxUserBulkImportView.as_view(), name='netboxuser_import'), path('users/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxuser_bulk_delete'), path('users//', include(get_model_urls('users', 'netboxuser'))), diff --git a/netbox/users/views.py b/netbox/users/views.py index 79a3d23e0b3..1a29b1dcd7c 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -405,6 +405,11 @@ class NetBoxUserBulkEditView(generic.BulkEditView): form = forms.UserBulkEditForm +class NetBoxUserBulkImportView(generic.BulkImportView): + queryset = NetBoxUser.objects.all() + model_form = forms.UserImportForm + + class NetBoxUserBulkDeleteView(generic.BulkDeleteView): queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet From cc3c64c97ee2cf4e98805809efa8d7cfb0501387 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 17 Jul 2023 15:51:58 +0700 Subject: [PATCH 55/72] 12589 missing test file --- netbox/users/tests/test_views.py | 130 +++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 netbox/users/tests/test_views.py diff --git a/netbox/users/tests/test_views.py b/netbox/users/tests/test_views.py new file mode 100644 index 00000000000..6764581d784 --- /dev/null +++ b/netbox/users/tests/test_views.py @@ -0,0 +1,130 @@ +from decimal import Decimal + +import yaml +from django.contrib.auth import get_user_model +from django.contrib.auth.models import Group +from django.contrib.contenttypes.models import ContentType +from django.test import override_settings +from django.urls import reverse +from django.utils import timezone + +from dcim.choices import * +from dcim.constants import * +from users.models import * +from utilities.testing import ViewTestCases, TestCase + + +class UserTestCase(ViewTestCases.UserViewTestCase): + model = NetBoxUser + + @classmethod + def setUpTestData(cls): + + users = ( + NetBoxUser(username='username1', first_name='first1', last_name='last1', email='user1@foo.com', password='pass1xxx'), + NetBoxUser(username='username2', first_name='first2', last_name='last2', email='user2@foo.com', password='pass2xxx'), + NetBoxUser(username='username3', first_name='first3', last_name='last3', email='user3@foo.com', password='pass3xxx'), + ) + NetBoxUser.objects.bulk_create(users) + + cls.form_data = { + 'username': 'usernamex', + 'first_name': 'firstx', + 'last_name': 'lastx', + 'email': 'userx@foo.com', + 'password': 'pass1xxx', + 'confirm_password': 'pass1xxx', + } + + cls.csv_data = ( + "username,first_name,last_name,email,password", + "username4,first4,last4,email4@foo.com,pass4xxx", + "username5,first5,last5,email5@foo.com,pass5xxx", + "username6,first6,last6,email6@foo.com,pass6xxx", + ) + + cls.csv_update_data = ( + "id,first_name,last_name", + f"{users[0].pk},first7,last7", + f"{users[1].pk},first8,last8", + f"{users[2].pk},first9,last9", + ) + + cls.bulk_edit_data = { + 'last_name': 'newlastname', + } + + +class GroupTestCase(ViewTestCases.GroupViewTestCase): + model = NetBoxGroup + + @classmethod + def setUpTestData(cls): + + groups = ( + Group(name='group1', ), + Group(name='group2', ), + Group(name='group3', ), + ) + Group.objects.bulk_create(groups) + + cls.form_data = { + 'name': 'groupx', + } + + cls.csv_data = ( + "name", + "group4" + "group5" + "group6" + ) + + cls.csv_update_data = ( + "id,name", + f"{groups[0].pk},group7", + f"{groups[1].pk},group8", + f"{groups[2].pk},group9", + ) + + +class ObjectPermissionTestCase(ViewTestCases.ObjectPermissionViewTestCase): + model = ObjectPermission + + @classmethod + def setUpTestData(cls): + + from dcim.models import Site + ct = ContentType.objects.get_for_model(Site) + + # Create three Regions + permissions = ( + ObjectPermission(name='Permission 1', actions=['view', 'add', 'delete']), + ObjectPermission(name='Permission 2', actions=['view', 'add', 'delete']), + ObjectPermission(name='Permission 3', actions=['view', 'add', 'delete']), + ) + ObjectPermission.objects.bulk_create(permissions) + + cls.form_data = { + 'name': 'Permission X', + 'description': 'A new permission', + 'object_types': [ct.pk,], + 'actions': 'view,edit,delete', + } + + cls.csv_data = ( + "name", + "permission4" + "permission5" + "permission6" + ) + + cls.csv_update_data = ( + "id,name,actions", + f"{permissions[0].pk},permission7", + f"{permissions[1].pk},permission8", + f"{permissions[2].pk},permission9", + ) + + cls.bulk_edit_data = { + 'description': 'New description', + } From 55d19189f0f2e928481db74bad19ec65504c1786 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 17 Jul 2023 16:09:04 +0700 Subject: [PATCH 56/72] 12589 dont check password field for tests --- netbox/utilities/testing/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index 4b4644762e8..109dcc93273 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -278,7 +278,7 @@ def test_edit_object_with_permission(self): 'data': post_data(self.form_data), } self.assertHttpStatus(self.client.post(**request), 302) - self.assertInstanceEqual(self._get_queryset().get(pk=instance.pk), self.form_data) + self.assertInstanceEqual(self._get_queryset().get(pk=instance.pk), self.form_data, exclude=['password',]) if hasattr(self.model, "to_objectchange"): # Verify ObjectChange creation From 17b045685c35f6dcf6a70c0c71512812749a36b7 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 17 Jul 2023 16:49:22 +0700 Subject: [PATCH 57/72] 12589 dont check password field for tests --- netbox/utilities/testing/views.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index 109dcc93273..70ff543f82e 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -315,7 +315,7 @@ def test_edit_object_with_constrained_permission(self): 'data': post_data(self.form_data), } self.assertHttpStatus(self.client.post(**request), 302) - self.assertInstanceEqual(self._get_queryset().get(pk=instance1.pk), self.form_data) + self.assertInstanceEqual(self._get_queryset().get(pk=instance1.pk), self.form_data, exclude=['password',]) # Try to edit a non-permitted object request = { From a1af7f2f76723341abd953020e921e300404a509 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 17 Jul 2023 17:59:24 +0700 Subject: [PATCH 58/72] 12589 remove special perm --- netbox/users/views.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/netbox/users/views.py b/netbox/users/views.py index 1a29b1dcd7c..c272cf923ba 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -415,9 +415,6 @@ class NetBoxUserBulkDeleteView(generic.BulkDeleteView): filterset = filtersets.UserFilterSet table = tables.UserTable - def get_required_permission(self): - return get_permission_for_model(User, 'delete') - # # Groups From 2c7c3bc2dac373d2338c43f5897e3933026d70f6 Mon Sep 17 00:00:00 2001 From: Arthur Date: Mon, 17 Jul 2023 20:27:19 +0700 Subject: [PATCH 59/72] 12589 update menu permissions for auth models --- netbox/netbox/navigation/__init__.py | 20 ++++++++++++++------ netbox/netbox/navigation/menu.py | 4 ++-- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/netbox/netbox/navigation/__init__.py b/netbox/netbox/navigation/__init__.py index a05b1c495cc..61e0466db82 100644 --- a/netbox/netbox/navigation/__init__.py +++ b/netbox/netbox/navigation/__init__.py @@ -60,17 +60,25 @@ def name(self): # Utility functions # -def get_model_item(app_label, model_name, label, actions=('add', 'import')): +def get_model_item(app_label, model_name, label, actions=('add', 'import'), permission_app_label=None, permission_model_name=None): + if not permission_app_label: + permission_app_label = app_label + if not permission_model_name: + permission_model_name = model_name return MenuItem( link=f'{app_label}:{model_name}_list', link_text=label, - permissions=[f'{app_label}.view_{model_name}'], - buttons=get_model_buttons(app_label, model_name, actions) + permissions=[f'{permission_app_label}.view_{permission_model_name}'], + buttons=get_model_buttons(app_label, model_name, actions, permission_app_label, permission_model_name) ) -def get_model_buttons(app_label, model_name, actions=('add', 'import')): +def get_model_buttons(app_label, model_name, actions=('add', 'import'), permission_app_label=None, permission_model_name=None): buttons = [] + if not permission_app_label: + permission_app_label = app_label + if not permission_model_name: + permission_model_name = model_name if 'add' in actions: buttons.append( @@ -78,7 +86,7 @@ def get_model_buttons(app_label, model_name, actions=('add', 'import')): link=f'{app_label}:{model_name}_add', title='Add', icon_class='mdi mdi-plus-thick', - permissions=[f'{app_label}.add_{model_name}'], + permissions=[f'{permission_app_label}.add_{permission_model_name}'], color=ButtonColorChoices.GREEN ) ) @@ -88,7 +96,7 @@ def get_model_buttons(app_label, model_name, actions=('add', 'import')): link=f'{app_label}:{model_name}_import', title='Import', icon_class='mdi mdi-upload', - permissions=[f'{app_label}.add_{model_name}'], + permissions=[f'{permission_app_label}.add_{permission_model_name}'], color=ButtonColorChoices.CYAN ) ) diff --git a/netbox/netbox/navigation/menu.py b/netbox/netbox/navigation/menu.py index 1597512793f..d94160d34c6 100644 --- a/netbox/netbox/navigation/menu.py +++ b/netbox/netbox/navigation/menu.py @@ -353,8 +353,8 @@ MenuGroup( label=_('Users'), items=( - get_model_item('users', 'netboxuser', _('Users'), actions=['add']), - get_model_item('users', 'netboxgroup', _('Groups'), actions=['add']), + get_model_item('users', 'netboxuser', _('Users'), actions=['add'], permission_app_label='auth', permission_model_name='users'), + get_model_item('users', 'netboxgroup', _('Groups'), actions=['add'], permission_app_label='auth', permission_model_name='groups'), get_model_item('users', 'objectpermission', _('Permissions'), actions=['add']), ), ), From dd70ba9470590f4a9c451157cb24fbcbb5d7eaba Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 20 Jul 2023 15:19:07 +0700 Subject: [PATCH 60/72] 12589 fix friggin test case --- netbox/users/tests/test_views.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/netbox/users/tests/test_views.py b/netbox/users/tests/test_views.py index 6764581d784..7fd9818f4b3 100644 --- a/netbox/users/tests/test_views.py +++ b/netbox/users/tests/test_views.py @@ -17,6 +17,11 @@ class UserTestCase(ViewTestCases.UserViewTestCase): model = NetBoxUser + def setUp(self): + get_user_model().objects.create_user(username='dummyuser1') + get_user_model().objects.create_user(username='dummyuser2') + super().setUp() + @classmethod def setUpTestData(cls): From 6a5c44f237a5b63c0797d61014dfc45c02c0c640 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 09:18:38 -0400 Subject: [PATCH 61/72] Reorganize account view templates --- .../users/{ => account}/api_token.html | 0 .../users/{ => account}/api_tokens.html | 2 +- .../{base_profile.html => account/base.html} | 0 .../users/{ => account}/bookmarks.html | 2 +- .../users/{ => account}/password.html | 2 +- .../users/{ => account}/preferences.html | 2 +- .../users/{ => account}/profile.html | 2 +- netbox/templates/users/base.html | 11 -------- netbox/templates/users/group.html | 2 +- netbox/templates/users/objectpermission.html | 2 +- netbox/templates/users/passworduser.html | 28 ------------------- netbox/templates/users/user.html | 2 +- netbox/users/urls.py | 10 +++---- netbox/users/views.py | 12 ++++---- 14 files changed, 18 insertions(+), 59 deletions(-) rename netbox/templates/users/{ => account}/api_token.html (100%) rename netbox/templates/users/{ => account}/api_tokens.html (94%) rename netbox/templates/users/{base_profile.html => account/base.html} (100%) rename netbox/templates/users/{ => account}/bookmarks.html (95%) rename netbox/templates/users/{ => account}/password.html (94%) rename netbox/templates/users/{ => account}/preferences.html (98%) rename netbox/templates/users/{ => account}/profile.html (98%) delete mode 100644 netbox/templates/users/base.html delete mode 100644 netbox/templates/users/passworduser.html diff --git a/netbox/templates/users/api_token.html b/netbox/templates/users/account/api_token.html similarity index 100% rename from netbox/templates/users/api_token.html rename to netbox/templates/users/account/api_token.html diff --git a/netbox/templates/users/api_tokens.html b/netbox/templates/users/account/api_tokens.html similarity index 94% rename from netbox/templates/users/api_tokens.html rename to netbox/templates/users/account/api_tokens.html index aaff36a4411..25f5f02e6d6 100644 --- a/netbox/templates/users/api_tokens.html +++ b/netbox/templates/users/account/api_tokens.html @@ -1,4 +1,4 @@ -{% extends 'users/base_profile.html' %} +{% extends 'users/account/base.html' %} {% load helpers %} {% load render_table from django_tables2 %} diff --git a/netbox/templates/users/base_profile.html b/netbox/templates/users/account/base.html similarity index 100% rename from netbox/templates/users/base_profile.html rename to netbox/templates/users/account/base.html diff --git a/netbox/templates/users/bookmarks.html b/netbox/templates/users/account/bookmarks.html similarity index 95% rename from netbox/templates/users/bookmarks.html rename to netbox/templates/users/account/bookmarks.html index 4695f509e96..fa3c28c7c30 100644 --- a/netbox/templates/users/bookmarks.html +++ b/netbox/templates/users/account/bookmarks.html @@ -1,4 +1,4 @@ -{% extends 'users/base_profile.html' %} +{% extends 'users/account/base.html' %} {% load buttons %} {% load helpers %} {% load render_table from django_tables2 %} diff --git a/netbox/templates/users/password.html b/netbox/templates/users/account/password.html similarity index 94% rename from netbox/templates/users/password.html rename to netbox/templates/users/account/password.html index 77c152de847..dcdd19e295b 100644 --- a/netbox/templates/users/password.html +++ b/netbox/templates/users/account/password.html @@ -1,4 +1,4 @@ -{% extends 'users/base_profile.html' %} +{% extends 'users/account/base.html' %} {% load form_helpers %} {% block title %}Change Password{% endblock %} diff --git a/netbox/templates/users/preferences.html b/netbox/templates/users/account/preferences.html similarity index 98% rename from netbox/templates/users/preferences.html rename to netbox/templates/users/account/preferences.html index 3d67e7b24f4..59cca302c2b 100644 --- a/netbox/templates/users/preferences.html +++ b/netbox/templates/users/account/preferences.html @@ -1,4 +1,4 @@ -{% extends 'users/base_profile.html' %} +{% extends 'users/account/base.html' %} {% load helpers %} {% load form_helpers %} diff --git a/netbox/templates/users/profile.html b/netbox/templates/users/account/profile.html similarity index 98% rename from netbox/templates/users/profile.html rename to netbox/templates/users/account/profile.html index 0922f9ddf65..0e8ab1162df 100644 --- a/netbox/templates/users/profile.html +++ b/netbox/templates/users/account/profile.html @@ -1,4 +1,4 @@ -{% extends 'users/base_profile.html' %} +{% extends 'users/account/base.html' %} {% load helpers %} {% load render_table from django_tables2 %} diff --git a/netbox/templates/users/base.html b/netbox/templates/users/base.html deleted file mode 100644 index 9711dc79e0b..00000000000 --- a/netbox/templates/users/base.html +++ /dev/null @@ -1,11 +0,0 @@ -{% extends 'generic/object.html' %} -{% load buttons %} -{% load static %} -{% load helpers %} -{% load plugins %} - -{% block content-wrapper %} -
- {% block content %}{% endblock %} -
-{% endblock %} diff --git a/netbox/templates/users/group.html b/netbox/templates/users/group.html index bb699468b2d..dd4b1aa8ac8 100644 --- a/netbox/templates/users/group.html +++ b/netbox/templates/users/group.html @@ -1,4 +1,4 @@ -{% extends 'users/base.html' %} +{% extends 'generic/object.html' %} {% load i18n %} {% load helpers %} {% load render_table from django_tables2 %} diff --git a/netbox/templates/users/objectpermission.html b/netbox/templates/users/objectpermission.html index 2ef6acbae08..26a5d06d3d5 100644 --- a/netbox/templates/users/objectpermission.html +++ b/netbox/templates/users/objectpermission.html @@ -1,4 +1,4 @@ -{% extends 'users/base.html' %} +{% extends 'generic/object.html' %} {% load i18n %} {% load helpers %} {% load render_table from django_tables2 %} diff --git a/netbox/templates/users/passworduser.html b/netbox/templates/users/passworduser.html deleted file mode 100644 index 3b50c3bc0cd..00000000000 --- a/netbox/templates/users/passworduser.html +++ /dev/null @@ -1,28 +0,0 @@ -{% extends 'users/base_profile.html' %} -{% load i18n %} -{% load form_helpers %} - -{% block title %}{% trans "Change Password" %}{% endblock %} - -{% block tabs %} - -{% endblock tabs %} - -{% block content %} -
- {% csrf_token %} -
-
{% trans "Password" %}
- {% render_field form.new_password1 %} - {% render_field form.new_password2 %} -
-
- {% trans "Cancel" %} - -
-
-{% endblock %} diff --git a/netbox/templates/users/user.html b/netbox/templates/users/user.html index 64aab2d4ed0..549144336f6 100644 --- a/netbox/templates/users/user.html +++ b/netbox/templates/users/user.html @@ -1,4 +1,4 @@ -{% extends 'users/base.html' %} +{% extends 'generic/object.html' %} {% load i18n %} {% load helpers %} {% load render_table from django_tables2 %} diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 50965a16f4f..573a44224db 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -6,11 +6,14 @@ app_name = 'users' urlpatterns = [ - # User + # Account views path('profile/', views.ProfileView.as_view(), name='profile'), path('bookmarks/', views.BookmarkListView.as_view(), name='bookmarks'), path('preferences/', views.UserConfigView.as_view(), name='preferences'), path('password/', views.ChangePasswordView.as_view(), name='change_password'), + path('api-tokens/', views.TokenListView.as_view(), name='token_list'), + path('api-tokens/add/', views.TokenEditView.as_view(), name='token_add'), + path('api-tokens//', include(get_model_urls('users', 'token'))), # Users path('users/', views.NetBoxUserListView.as_view(), name='netboxuser_list'), @@ -34,9 +37,4 @@ path('permissions/delete/', views.ObjectPermissionBulkDeleteView.as_view(), name='objectpermission_bulk_delete'), path('permissions//', include(get_model_urls('users', 'objectpermission'))), - # API tokens - path('api-tokens/', views.TokenListView.as_view(), name='token_list'), - path('api-tokens/add/', views.TokenEditView.as_view(), name='token_add'), - path('api-tokens//', include(get_model_urls('users', 'token'))), - ] diff --git a/netbox/users/views.py b/netbox/users/views.py index c272cf923ba..c93b8cc82cb 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -158,7 +158,7 @@ def get(self, request): # class ProfileView(LoginRequiredMixin, View): - template_name = 'users/profile.html' + template_name = 'users/account/profile.html' def get(self, request): @@ -177,7 +177,7 @@ def get(self, request): class UserConfigView(LoginRequiredMixin, View): - template_name = 'users/preferences.html' + template_name = 'users/account/preferences.html' def get(self, request): userconfig = request.user.config @@ -205,7 +205,7 @@ def post(self, request): class ChangePasswordView(LoginRequiredMixin, View): - template_name = 'users/password.html' + template_name = 'users/account/password.html' def get(self, request): # LDAP users cannot change their password here @@ -240,7 +240,7 @@ def post(self, request): class BookmarkListView(LoginRequiredMixin, generic.ObjectListView): table = BookmarkTable - template_name = 'users/bookmarks.html' + template_name = 'users/account/bookmarks.html' def get_queryset(self, request): return Bookmark.objects.filter(user=request.user) @@ -263,7 +263,7 @@ def get(self, request): table = tables.TokenTable(tokens) table.configure(request) - return render(request, 'users/api_tokens.html', { + return render(request, 'users/account/api_tokens.html', { 'tokens': tokens, 'active_tab': 'api-tokens', 'table': table, @@ -307,7 +307,7 @@ def post(self, request, pk=None): messages.success(request, msg) if not pk and not settings.ALLOW_TOKEN_RETRIEVAL: - return render(request, 'users/api_token.html', { + return render(request, 'users/account/api_token.html', { 'object': token, 'key': token.key, 'return_url': reverse('users:token_list'), From d8ad97e4b82b6a0a9596a84d88d48a7724790c59 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 09:40:04 -0400 Subject: [PATCH 62/72] Create menu items manually for users & groups to accomodate proxy models --- netbox/netbox/navigation/__init__.py | 20 +++++------------ netbox/netbox/navigation/menu.py | 33 ++++++++++++++++++++++++++-- 2 files changed, 37 insertions(+), 16 deletions(-) diff --git a/netbox/netbox/navigation/__init__.py b/netbox/netbox/navigation/__init__.py index 61e0466db82..a05b1c495cc 100644 --- a/netbox/netbox/navigation/__init__.py +++ b/netbox/netbox/navigation/__init__.py @@ -60,25 +60,17 @@ def name(self): # Utility functions # -def get_model_item(app_label, model_name, label, actions=('add', 'import'), permission_app_label=None, permission_model_name=None): - if not permission_app_label: - permission_app_label = app_label - if not permission_model_name: - permission_model_name = model_name +def get_model_item(app_label, model_name, label, actions=('add', 'import')): return MenuItem( link=f'{app_label}:{model_name}_list', link_text=label, - permissions=[f'{permission_app_label}.view_{permission_model_name}'], - buttons=get_model_buttons(app_label, model_name, actions, permission_app_label, permission_model_name) + permissions=[f'{app_label}.view_{model_name}'], + buttons=get_model_buttons(app_label, model_name, actions) ) -def get_model_buttons(app_label, model_name, actions=('add', 'import'), permission_app_label=None, permission_model_name=None): +def get_model_buttons(app_label, model_name, actions=('add', 'import')): buttons = [] - if not permission_app_label: - permission_app_label = app_label - if not permission_model_name: - permission_model_name = model_name if 'add' in actions: buttons.append( @@ -86,7 +78,7 @@ def get_model_buttons(app_label, model_name, actions=('add', 'import'), permissi link=f'{app_label}:{model_name}_add', title='Add', icon_class='mdi mdi-plus-thick', - permissions=[f'{permission_app_label}.add_{permission_model_name}'], + permissions=[f'{app_label}.add_{model_name}'], color=ButtonColorChoices.GREEN ) ) @@ -96,7 +88,7 @@ def get_model_buttons(app_label, model_name, actions=('add', 'import'), permissi link=f'{app_label}:{model_name}_import', title='Import', icon_class='mdi mdi-upload', - permissions=[f'{permission_app_label}.add_{permission_model_name}'], + permissions=[f'{app_label}.add_{model_name}'], color=ButtonColorChoices.CYAN ) ) diff --git a/netbox/netbox/navigation/menu.py b/netbox/netbox/navigation/menu.py index 47f58bc8b5d..4b77e6816de 100644 --- a/netbox/netbox/navigation/menu.py +++ b/netbox/netbox/navigation/menu.py @@ -1,6 +1,7 @@ from django.utils.translation import gettext as _ from netbox.registry import registry +from utilities.choices import ButtonColorChoices from . import * # @@ -354,8 +355,36 @@ MenuGroup( label=_('Users'), items=( - get_model_item('users', 'netboxuser', _('Users'), actions=['add'], permission_app_label='auth', permission_model_name='users'), - get_model_item('users', 'netboxgroup', _('Groups'), actions=['add'], permission_app_label='auth', permission_model_name='groups'), + # Proxy model for auth.User + MenuItem( + link=f'users:netboxuser_list', + link_text=_('Users'), + permissions=[f'auth.view_user'], + buttons=( + MenuItemButton( + link=f'users:netboxuser_add', + title='Add', + icon_class='mdi mdi-plus-thick', + permissions=[f'auth.add_user'], + color=ButtonColorChoices.GREEN + ), + ) + ), + # Proxy model for auth.Group + MenuItem( + link=f'users:netboxgroup_list', + link_text=_('Groups'), + permissions=[f'auth.view_group'], + buttons=( + MenuItemButton( + link=f'users:netboxgroup_add', + title='Add', + icon_class='mdi mdi-plus-thick', + permissions=[f'auth.add_group'], + color=ButtonColorChoices.GREEN + ), + ) + ), get_model_item('users', 'objectpermission', _('Permissions'), actions=['add']), ), ), From 937961baa1bcc4fe1e95c9a51c5c91d8ac292e07 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 09:50:44 -0400 Subject: [PATCH 63/72] Restore bookmarks tab on account views --- netbox/templates/users/account/base.html | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/netbox/templates/users/account/base.html b/netbox/templates/users/account/base.html index 3275b859cbc..f492f89ecf4 100644 --- a/netbox/templates/users/account/base.html +++ b/netbox/templates/users/account/base.html @@ -1,15 +1,14 @@ {% extends 'base/layout.html' %} {% load i18n %} -{% load buttons %} -{% load static %} -{% load helpers %} -{% load plugins %} {% block tabs %}
    + From 30d9798bb3978a27e0cfc23a5a8e3b0492de463c Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 10:01:02 -0400 Subject: [PATCH 64/72] Clean up user bulk edit --- netbox/users/forms/bulk_edit.py | 18 +++++++++--------- netbox/users/tables.py | 7 +++++-- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index 786d27c7d6c..6754c483575 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -3,6 +3,7 @@ from users.models import * from utilities.forms import BootstrapMixin +from utilities.forms.widgets import BulkEditNullBooleanSelect __all__ = ( 'ObjectPermissionBulkEditForm', @@ -13,7 +14,7 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): pk = forms.ModelMultipleChoiceField( label=_('Pk'), - queryset=None, # Set from self.model on init + queryset=NetBoxUser.objects.all(), widget=forms.MultipleHiddenInput ) first_name = forms.CharField( @@ -26,16 +27,19 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): max_length=150, required=False ) - is_active = forms.BooleanField( + is_active = forms.NullBooleanField( required=False, + widget=BulkEditNullBooleanSelect, label=_('Active') ) - is_staff = forms.BooleanField( + is_staff = forms.NullBooleanField( required=False, + widget=BulkEditNullBooleanSelect, label=_('Staff status') ) - is_superuser = forms.BooleanField( + is_superuser = forms.NullBooleanField( required=False, + widget=BulkEditNullBooleanSelect, label=_('Superuser status') ) @@ -43,11 +47,7 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): fieldsets = ( (None, ('first_name', 'last_name', 'is_active', 'is_staff', 'is_superuser')), ) - nullable_fields = () - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - self.fields['pk'].queryset = self.model.objects.all() + nullable_fields = ('first_name', 'last_name') class ObjectPermissionBulkEditForm(BootstrapMixin, forms.Form): diff --git a/netbox/users/tables.py b/netbox/users/tables.py index 1ed66a3aebb..747a57aecbf 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -58,6 +58,9 @@ class Meta(NetBoxTable.Meta): class UserTable(NetBoxTable): username = tables.Column(linkify=True) + is_active = columns.BooleanColumn() + is_staff = columns.BooleanColumn() + is_superuser = columns.BooleanColumn() actions = columns.ActionsColumn( actions=('edit', 'delete'), ) @@ -65,9 +68,9 @@ class UserTable(NetBoxTable): class Meta(NetBoxTable.Meta): model = NetBoxUser fields = ( - 'pk', 'id', 'username', 'email', 'first_name', 'last_name', 'is_superuser', 'is_staff', 'is_active' + 'pk', 'id', 'username', 'first_name', 'last_name', 'email', 'is_active', 'is_staff', 'is_superuser', ) - default_columns = ('pk', 'username', 'email', 'first_name', 'last_name', 'is_superuser') + default_columns = ('pk', 'username', 'first_name', 'last_name', 'email', 'is_active') class GroupTable(NetBoxTable): From f49b43d5b5bdad89f60fa32b0fb4f1c25069458f Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 10:08:50 -0400 Subject: [PATCH 65/72] Remove unused form classes --- netbox/users/admin/forms.py | 117 +----------------------------------- 1 file changed, 1 insertion(+), 116 deletions(-) diff --git a/netbox/users/admin/forms.py b/netbox/users/admin/forms.py index 986ddd0aaeb..7db6a124c28 100644 --- a/netbox/users/admin/forms.py +++ b/netbox/users/admin/forms.py @@ -1,49 +1,13 @@ from django import forms -from django.contrib.auth.models import Group, User -from django.contrib.admin.widgets import FilteredSelectMultiple -from django.contrib.contenttypes.models import ContentType -from django.core.exceptions import FieldError, ValidationError from django.utils.translation import gettext as _ -from users.constants import CONSTRAINT_TOKEN_USER, OBJECTPERMISSION_OBJECT_TYPES -from users.models import ObjectPermission, Token -from utilities.forms.fields import ContentTypeMultipleChoiceField -from utilities.permissions import qs_filter_from_constraints +from users.models import Token __all__ = ( - 'GroupAdminForm', - 'ObjectPermissionForm', 'TokenAdminForm', ) -class GroupAdminForm(forms.ModelForm): - users = forms.ModelMultipleChoiceField( - queryset=User.objects.all(), - required=False, - widget=FilteredSelectMultiple('users', False) - ) - - class Meta: - model = Group - fields = ('name', 'users') - - def __init__(self, *args, **kwargs): - super(GroupAdminForm, self).__init__(*args, **kwargs) - - if self.instance.pk: - self.fields['users'].initial = self.instance.user_set.all() - - def save_m2m(self): - self.instance.user_set.set(self.cleaned_data['users']) - - def save(self, *args, **kwargs): - instance = super(GroupAdminForm, self).save() - self.save_m2m() - - return instance - - class TokenAdminForm(forms.ModelForm): key = forms.CharField( required=False, @@ -55,82 +19,3 @@ class Meta: 'user', 'key', 'write_enabled', 'expires', 'description', 'allowed_ips' ] model = Token - - -class ObjectPermissionForm(forms.ModelForm): - object_types = ContentTypeMultipleChoiceField( - queryset=ContentType.objects.all(), - limit_choices_to=OBJECTPERMISSION_OBJECT_TYPES - ) - can_view = forms.BooleanField(required=False) - can_add = forms.BooleanField(required=False) - can_change = forms.BooleanField(required=False) - can_delete = forms.BooleanField(required=False) - - class Meta: - model = ObjectPermission - exclude = [] - help_texts = { - 'actions': _('Actions granted in addition to those listed above'), - 'constraints': _('JSON expression of a queryset filter that will return only permitted objects. Leave null ' - 'to match all objects of this type. A list of multiple objects will result in a logical OR ' - 'operation.') - } - labels = { - 'actions': 'Additional actions' - } - widgets = { - 'constraints': forms.Textarea(attrs={'class': 'vLargeTextField'}) - } - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - - # Make the actions field optional since the admin form uses it only for non-CRUD actions - self.fields['actions'].required = False - - # Order group and user fields - self.fields['groups'].queryset = self.fields['groups'].queryset.order_by('name') - self.fields['users'].queryset = self.fields['users'].queryset.order_by('username') - - # Check the appropriate checkboxes when editing an existing ObjectPermission - if self.instance.pk: - for action in ['view', 'add', 'change', 'delete']: - if action in self.instance.actions: - self.fields[f'can_{action}'].initial = True - self.instance.actions.remove(action) - - def clean(self): - super().clean() - - object_types = self.cleaned_data.get('object_types') - constraints = self.cleaned_data.get('constraints') - - # Append any of the selected CRUD checkboxes to the actions list - if not self.cleaned_data.get('actions'): - self.cleaned_data['actions'] = list() - for action in ['view', 'add', 'change', 'delete']: - if self.cleaned_data[f'can_{action}'] and action not in self.cleaned_data['actions']: - self.cleaned_data['actions'].append(action) - - # At least one action must be specified - if not self.cleaned_data['actions']: - raise ValidationError("At least one action must be selected.") - - # Validate the specified model constraints by attempting to execute a query. We don't care whether the query - # returns anything; we just want to make sure the specified constraints are valid. - if object_types and constraints: - # Normalize the constraints to a list of dicts - if type(constraints) is not list: - constraints = [constraints] - for ct in object_types: - model = ct.model_class() - try: - tokens = { - CONSTRAINT_TOKEN_USER: 0, # Replace token with a null user ID - } - model.objects.filter(qs_filter_from_constraints(constraints, tokens)).exists() - except FieldError as e: - raise ValidationError({ - 'constraints': f'Invalid filter for {model}: {e}' - }) From 4702cc049f4c69554413a70887e3072e8af5b4a0 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 10:27:06 -0400 Subject: [PATCH 66/72] Clean up permissions bulk edit --- netbox/users/forms/bulk_edit.py | 17 ++++++----------- netbox/users/models.py | 16 ++++++++++++++++ netbox/users/tables.py | 22 ++++++++++++++++++---- 3 files changed, 40 insertions(+), 15 deletions(-) diff --git a/netbox/users/forms/bulk_edit.py b/netbox/users/forms/bulk_edit.py index 6754c483575..db40283ba1c 100644 --- a/netbox/users/forms/bulk_edit.py +++ b/netbox/users/forms/bulk_edit.py @@ -13,7 +13,6 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): pk = forms.ModelMultipleChoiceField( - label=_('Pk'), queryset=NetBoxUser.objects.all(), widget=forms.MultipleHiddenInput ) @@ -52,8 +51,7 @@ class UserBulkEditForm(BootstrapMixin, forms.Form): class ObjectPermissionBulkEditForm(BootstrapMixin, forms.Form): pk = forms.ModelMultipleChoiceField( - label=_('Pk'), - queryset=None, # Set from self.model on init + queryset=ObjectPermission.objects.all(), widget=forms.MultipleHiddenInput ) description = forms.CharField( @@ -61,17 +59,14 @@ class ObjectPermissionBulkEditForm(BootstrapMixin, forms.Form): max_length=200, required=False ) - enabled = forms.BooleanField( - label=_('Enabled'), + enabled = forms.NullBooleanField( required=False, + widget=BulkEditNullBooleanSelect, + label=_('Enabled') ) model = ObjectPermission fieldsets = ( - (None, ('description', 'enabled')), + (None, ('enabled', 'description')), ) - nullable_fields = () - - def __init__(self, *args, **kwargs): - super().__init__(*args, **kwargs) - self.fields['pk'].queryset = self.model.objects.all() + nullable_fields = ('description',) diff --git a/netbox/users/models.py b/netbox/users/models.py index 003eefb0aac..3a4a0b4b243 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -368,6 +368,22 @@ class Meta: def __str__(self): return self.name + @property + def can_view(self): + return 'view' in self.actions + + @property + def can_add(self): + return 'add' in self.actions + + @property + def can_change(self): + return 'change' in self.actions + + @property + def can_delete(self): + return 'delete' in self.actions + def list_constraints(self): """ Return all constraint sets as a list (even if only a single set is defined). diff --git a/netbox/users/tables.py b/netbox/users/tables.py index 747a57aecbf..1fa237309e8 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -1,8 +1,8 @@ import django_tables2 as tables -from django_tables2.utils import A -from .models import Token + from netbox.tables import NetBoxTable, columns from users.models import NetBoxGroup, NetBoxUser, ObjectPermission +from .models import Token __all__ = ( 'GroupTable', @@ -89,6 +89,17 @@ class Meta(NetBoxTable.Meta): class ObjectPermissionTable(NetBoxTable): name = tables.Column(linkify=True) + object_types = columns.ContentTypesColumn() + enabled = columns.BooleanColumn() + can_view = columns.BooleanColumn() + can_add = columns.BooleanColumn() + can_change = columns.BooleanColumn() + can_delete = columns.BooleanColumn() + custom_actions = columns.ArrayColumn( + accessor=tables.A('actions') + ) + users = tables.ManyToManyColumn() + groups = tables.ManyToManyColumn() actions = columns.ActionsColumn( actions=('edit', 'delete'), ) @@ -96,6 +107,9 @@ class ObjectPermissionTable(NetBoxTable): class Meta(NetBoxTable.Meta): model = ObjectPermission fields = ( - 'pk', 'id', 'name', 'enabled', 'actions', 'constraints', + 'pk', 'id', 'name', 'enabled', 'object_types', 'can_view', 'can_add', 'can_change', 'can_delete', + 'custom_actions', 'users', 'groups', 'constraints', 'description', + ) + default_columns = ( + 'pk', 'name', 'enabled', 'object_types', 'can_view', 'can_add', 'can_change', 'can_delete', 'description', ) - default_columns = ('pk', 'name', 'enabled', 'actions', 'constraints',) From 56cb542e1ad8d20818d3a9f9f1c9ec57ede6ae33 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 10:45:54 -0400 Subject: [PATCH 67/72] Clean up user & group import --- netbox/netbox/navigation/menu.py | 14 ++++++++++++++ netbox/users/forms/bulk_import.py | 13 +++---------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/netbox/netbox/navigation/menu.py b/netbox/netbox/navigation/menu.py index 4b77e6816de..45de28f2b06 100644 --- a/netbox/netbox/navigation/menu.py +++ b/netbox/netbox/navigation/menu.py @@ -368,6 +368,13 @@ permissions=[f'auth.add_user'], color=ButtonColorChoices.GREEN ), + MenuItemButton( + link=f'users:netboxuser_import', + title='Import', + icon_class='mdi mdi-upload', + permissions=[f'auth.add_user'], + color=ButtonColorChoices.CYAN + ) ) ), # Proxy model for auth.Group @@ -383,6 +390,13 @@ permissions=[f'auth.add_group'], color=ButtonColorChoices.GREEN ), + MenuItemButton( + link=f'users:netboxgroup_import', + title='Import', + icon_class='mdi mdi-upload', + permissions=[f'auth.add_group'], + color=ButtonColorChoices.CYAN + ) ) ), get_model_item('users', 'objectpermission', _('Permissions'), actions=['add']), diff --git a/netbox/users/forms/bulk_import.py b/netbox/users/forms/bulk_import.py index 723b121de1e..25f779044f1 100644 --- a/netbox/users/forms/bulk_import.py +++ b/netbox/users/forms/bulk_import.py @@ -1,5 +1,3 @@ -from django import forms - from users.models import NetBoxGroup, NetBoxUser from utilities.forms import CSVModelForm @@ -28,12 +26,7 @@ class Meta: ) def save(self, *args, **kwargs): - edited = getattr(self, 'instance', None) - instance = super().save(*args, **kwargs) - - # On edit, check if we have to save the password - if edited and self.cleaned_data.get("password"): - instance.set_password(self.cleaned_data.get("password")) - instance.save() + # Set the hashed password + self.instance.set_password(self.cleaned_data.get('password')) - return instance + return super().save(*args, **kwargs) From d24330f4129e0bbf713ab95de13dc18095ce1dd3 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 11:11:45 -0400 Subject: [PATCH 68/72] Clean up filtering for users, groups, and permissions --- netbox/users/filtersets.py | 24 +++++++-- netbox/users/forms/filtersets.py | 78 +++++++++++++++++++++------ netbox/users/tables.py | 4 +- netbox/users/tests/test_filtersets.py | 30 +++++++++-- 4 files changed, 112 insertions(+), 24 deletions(-) diff --git a/netbox/users/filtersets.py b/netbox/users/filtersets.py index 2bc6b012c71..a4e9a9fbc64 100644 --- a/netbox/users/filtersets.py +++ b/netbox/users/filtersets.py @@ -1,12 +1,11 @@ import django_filters -from django.conf import settings from django.contrib.auth import get_user_model -from django.contrib.auth.models import Group, User +from django.contrib.auth.models import Group from django.db.models import Q from django.utils.translation import gettext as _ from netbox.filtersets import BaseFilterSet -from users.models import ObjectPermission, Token, NetBoxUser +from users.models import ObjectPermission, Token __all__ = ( 'GroupFilterSet', @@ -116,6 +115,18 @@ class ObjectPermissionFilterSet(BaseFilterSet): method='search', label=_('Search'), ) + can_view = django_filters.BooleanFilter( + method='_check_action' + ) + can_add = django_filters.BooleanFilter( + method='_check_action' + ) + can_change = django_filters.BooleanFilter( + method='_check_action' + ) + can_delete = django_filters.BooleanFilter( + method='_check_action' + ) user_id = django_filters.ModelMultipleChoiceFilter( field_name='users', queryset=get_user_model().objects.all(), @@ -150,3 +161,10 @@ def search(self, queryset, name, value): Q(name__icontains=value) | Q(description__icontains=value) ) + + def _check_action(self, queryset, name, value): + action = name.split('_')[1] + if value: + return queryset.filter(actions__contains=[action]) + else: + return queryset.exclude(actions__contains=[action]) diff --git a/netbox/users/forms/filtersets.py b/netbox/users/forms/filtersets.py index 90fb5c74565..eca76dea4f6 100644 --- a/netbox/users/forms/filtersets.py +++ b/netbox/users/forms/filtersets.py @@ -1,9 +1,12 @@ from django import forms +from django.contrib.auth import get_user_model +from django.contrib.auth.models import Group from django.utils.translation import gettext_lazy as _ -from users.models import NetBoxGroup, NetBoxUser, ObjectPermission -from utilities.forms import BOOLEAN_WITH_BLANK_CHOICES, FilterForm, add_blank_choice from netbox.forms import NetBoxModelFilterSetForm +from users.models import NetBoxGroup, NetBoxUser, ObjectPermission +from utilities.forms import BOOLEAN_WITH_BLANK_CHOICES +from utilities.forms.fields import DynamicModelMultipleChoiceField __all__ = ( 'GroupFilterForm', @@ -12,18 +15,31 @@ ) +class GroupFilterForm(NetBoxModelFilterSetForm): + model = NetBoxGroup + fieldsets = ( + (None, ('q', 'filter_id',)), + ) + + class UserFilterForm(NetBoxModelFilterSetForm): model = NetBoxUser fieldsets = ( (None, ('q', 'filter_id',)), - (_('Security'), ('is_superuser', 'is_staff', 'is_active')), + (_('Group'), ('group_id',)), + (_('Status'), ('is_active', 'is_staff', 'is_superuser')), ) - is_superuser = forms.NullBooleanField( + group_id = DynamicModelMultipleChoiceField( + queryset=Group.objects.all(), + required=False, + label=_('Group') + ) + is_active = forms.NullBooleanField( required=False, widget=forms.Select( choices=BOOLEAN_WITH_BLANK_CHOICES ), - label=_('Is Superuser'), + label=_('Is Active'), ) is_staff = forms.NullBooleanField( required=False, @@ -32,19 +48,12 @@ class UserFilterForm(NetBoxModelFilterSetForm): ), label=_('Is Staff'), ) - is_active = forms.NullBooleanField( + is_superuser = forms.NullBooleanField( required=False, widget=forms.Select( choices=BOOLEAN_WITH_BLANK_CHOICES ), - label=_('Is Active'), - ) - - -class GroupFilterForm(NetBoxModelFilterSetForm): - model = NetBoxGroup - fieldsets = ( - (None, ('q', 'filter_id',)), + label=_('Is Superuser'), ) @@ -52,7 +61,8 @@ class ObjectPermissionFilterForm(NetBoxModelFilterSetForm): model = ObjectPermission fieldsets = ( (None, ('q', 'filter_id',)), - (None, ('enabled',)), + (_('Permission'), ('enabled', 'group_id', 'user_id')), + (_('Actions'), ('can_view', 'can_add', 'can_change', 'can_delete')), ) enabled = forms.NullBooleanField( label=_('Enabled'), @@ -61,3 +71,41 @@ class ObjectPermissionFilterForm(NetBoxModelFilterSetForm): choices=BOOLEAN_WITH_BLANK_CHOICES ) ) + group_id = DynamicModelMultipleChoiceField( + queryset=Group.objects.all(), + required=False, + label=_('Group') + ) + user_id = DynamicModelMultipleChoiceField( + queryset=get_user_model().objects.all(), + required=False, + label=_('User') + ) + can_view = forms.NullBooleanField( + required=False, + widget=forms.Select( + choices=BOOLEAN_WITH_BLANK_CHOICES + ), + label=_('Can View'), + ) + can_add = forms.NullBooleanField( + required=False, + widget=forms.Select( + choices=BOOLEAN_WITH_BLANK_CHOICES + ), + label=_('Can Add'), + ) + can_change = forms.NullBooleanField( + required=False, + widget=forms.Select( + choices=BOOLEAN_WITH_BLANK_CHOICES + ), + label=_('Can Change'), + ) + can_delete = forms.NullBooleanField( + required=False, + widget=forms.Select( + choices=BOOLEAN_WITH_BLANK_CHOICES + ), + label=_('Can Delete'), + ) diff --git a/netbox/users/tables.py b/netbox/users/tables.py index 1fa237309e8..304f2c8a3e5 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -58,6 +58,7 @@ class Meta(NetBoxTable.Meta): class UserTable(NetBoxTable): username = tables.Column(linkify=True) + groups = tables.ManyToManyColumn() is_active = columns.BooleanColumn() is_staff = columns.BooleanColumn() is_superuser = columns.BooleanColumn() @@ -68,7 +69,8 @@ class UserTable(NetBoxTable): class Meta(NetBoxTable.Meta): model = NetBoxUser fields = ( - 'pk', 'id', 'username', 'first_name', 'last_name', 'email', 'is_active', 'is_staff', 'is_superuser', + 'pk', 'id', 'username', 'first_name', 'last_name', 'email', 'groups', 'is_active', 'is_staff', + 'is_superuser', ) default_columns = ('pk', 'username', 'first_name', 'last_name', 'email', 'is_active') diff --git a/netbox/users/tests/test_filtersets.py b/netbox/users/tests/test_filtersets.py index d632687ef4b..542b40b8350 100644 --- a/netbox/users/tests/test_filtersets.py +++ b/netbox/users/tests/test_filtersets.py @@ -10,7 +10,6 @@ from users.models import ObjectPermission, Token from utilities.testing import BaseFilterSetTests - User = get_user_model() @@ -34,7 +33,8 @@ def setUpTestData(cls): first_name='Hank', last_name='Hill', email='hank@stricklandpropane.com', - is_staff=True + is_staff=True, + is_superuser=True ), User( username='User2', @@ -83,13 +83,17 @@ def test_email(self): params = {'email': ['hank@stricklandpropane.com', 'dale@dalesdeadbug.com']} self.assertEqual(self.filterset(params, self.queryset).qs.count(), 2) + def test_is_active(self): + params = {'is_active': True} + self.assertEqual(self.filterset(params, self.queryset).qs.count(), 4) + def test_is_staff(self): params = {'is_staff': True} self.assertEqual(self.filterset(params, self.queryset).qs.count(), 1) - def test_is_active(self): - params = {'is_active': True} - self.assertEqual(self.filterset(params, self.queryset).qs.count(), 4) + def test_is_superuser(self): + params = {'is_superuser': True} + self.assertEqual(self.filterset(params, self.queryset).qs.count(), 1) def test_group(self): groups = Group.objects.all()[:2] @@ -191,6 +195,22 @@ def test_description(self): params = {'description': ['foobar1', 'foobar2']} self.assertEqual(self.filterset(params, self.queryset).qs.count(), 2) + def test_can_view(self): + params = {'can_view': True} + self.assertEqual(self.filterset(params, self.queryset).qs.count(), 4) + + def test_can_add(self): + params = {'can_add': True} + self.assertEqual(self.filterset(params, self.queryset).qs.count(), 4) + + def test_can_change(self): + params = {'can_change': True} + self.assertEqual(self.filterset(params, self.queryset).qs.count(), 4) + + def test_can_delete(self): + params = {'can_delete': True} + self.assertEqual(self.filterset(params, self.queryset).qs.count(), 4) + class TokenTestCase(TestCase, BaseFilterSetTests): queryset = Token.objects.all() From b5362f059c5fbc519b6ab7b2349a8b070a5da8b4 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 11:49:06 -0400 Subject: [PATCH 69/72] Clean up model forms --- netbox/users/forms/__init__.py | 1 + netbox/users/forms/authentication.py | 25 ++++++ netbox/users/forms/model_forms.py | 121 ++++++++++++--------------- 3 files changed, 81 insertions(+), 66 deletions(-) create mode 100644 netbox/users/forms/authentication.py diff --git a/netbox/users/forms/__init__.py b/netbox/users/forms/__init__.py index 1499f98b281..a545c3addec 100644 --- a/netbox/users/forms/__init__.py +++ b/netbox/users/forms/__init__.py @@ -1,3 +1,4 @@ +from .authentication import * from .bulk_edit import * from .bulk_import import * from .filtersets import * diff --git a/netbox/users/forms/authentication.py b/netbox/users/forms/authentication.py new file mode 100644 index 00000000000..2b540b7520c --- /dev/null +++ b/netbox/users/forms/authentication.py @@ -0,0 +1,25 @@ +from django.contrib.auth.forms import ( + AuthenticationForm, + PasswordChangeForm as DjangoPasswordChangeForm, +) + +from utilities.forms import BootstrapMixin + +__all__ = ( + 'LoginForm', + 'PasswordChangeForm', +) + + +class LoginForm(BootstrapMixin, AuthenticationForm): + """ + Used to authenticate a user by username and password. + """ + pass + + +class PasswordChangeForm(BootstrapMixin, DjangoPasswordChangeForm): + """ + This form enables a user to change his or her own password. + """ + pass diff --git a/netbox/users/forms/model_forms.py b/netbox/users/forms/model_forms.py index 8c20f53503c..43b95893a8f 100644 --- a/netbox/users/forms/model_forms.py +++ b/netbox/users/forms/model_forms.py @@ -1,50 +1,33 @@ from django import forms from django.conf import settings from django.contrib.auth import get_user_model -from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm as DjangoPasswordChangeForm, SetPasswordForm as DjangoPasswordSetForm from django.contrib.auth.models import Group from django.contrib.contenttypes.models import ContentType from django.contrib.postgres.forms import SimpleArrayField from django.core.exceptions import FieldError -from django.urls import reverse from django.utils.html import mark_safe from django.utils.translation import gettext_lazy as _ from ipam.formfields import IPNetworkFormField from ipam.validators import prefix_validator from netbox.preferences import PREFERENCES -from utilities.forms import BootstrapMixin -from utilities.forms.fields import ContentTypeMultipleChoiceField, DynamicModelChoiceField, DynamicModelMultipleChoiceField -from utilities.forms.widgets import DateTimePicker -from utilities.utils import flatten_dict from users.constants import * from users.models import * +from utilities.forms import BootstrapMixin +from utilities.forms.fields import ContentTypeMultipleChoiceField, DynamicModelMultipleChoiceField +from utilities.forms.widgets import DateTimePicker from utilities.permissions import qs_filter_from_constraints +from utilities.utils import flatten_dict __all__ = ( 'GroupForm', - 'LoginForm', 'ObjectPermissionForm', - 'PasswordChangeForm', - 'PasswordSetForm', 'TokenForm', 'UserConfigForm', 'UserForm', ) -class LoginForm(BootstrapMixin, AuthenticationForm): - pass - - -class PasswordChangeForm(BootstrapMixin, DjangoPasswordChangeForm): - pass - - -class PasswordSetForm(BootstrapMixin, DjangoPasswordSetForm): - pass - - class UserConfigFormMetaclass(forms.models.ModelFormMetaclass): def __new__(mcs, name, bases, attrs): @@ -180,10 +163,10 @@ class UserForm(BootstrapMixin, forms.ModelForm): ) fieldsets = ( - (_('User'), ('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email', )), + (_('User'), ('username', 'password', 'confirm_password', 'first_name', 'last_name', 'email')), (_('Groups'), ('groups', )), - (_('Status'), ('is_active', 'is_staff', 'is_superuser', )), - (_('Permissions'), ('object_permissions', )), + (_('Status'), ('is_active', 'is_staff', 'is_superuser')), + (_('Permissions'), ('object_permissions',)), ) class Meta: @@ -196,41 +179,36 @@ class Meta: def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) - # Adjust form fields depending if Add or Edit if self.instance.pk: - self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) - pw_field = self.fields['password'] - pwc_field = self.fields['confirm_password'] - pw_field.required = False - pw_field.widget.attrs.pop('required') - pw_field.help_text = _("Leave empty to keep the old password.") - pwc_field.required = False - pwc_field.widget.attrs.pop('required') + # Populate assigned permissions + self.fields['object_permissions'].initial = self.instance.object_permissions.values_list('id', flat=True) + + # Password fields are optional for existing Users + self.fields['password'].required = False + self.fields['password'].widget.attrs.pop('required') + self.fields['confirm_password'].required = False + self.fields['confirm_password'].widget.attrs.pop('required') def save(self, *args, **kwargs): - edited = getattr(self, 'instance', None) instance = super().save(*args, **kwargs) + + # Update assigned permissions instance.object_permissions.set(self.cleaned_data['object_permissions']) # On edit, check if we have to save the password - if edited and self.cleaned_data.get("password"): - instance.set_password(self.cleaned_data.get("password")) + if self.cleaned_data.get('password'): + instance.set_password(self.cleaned_data.get('password')) instance.save() return instance def clean(self): - cleaned_data = super().clean() - instance = getattr(self, 'instance', None) - if not instance or cleaned_data.get("password"): - password = cleaned_data.get("password") - confirm_password = cleaned_data.get("confirm_password") - if password != confirm_password: - raise forms.ValidationError( - _("password and confirm_password does not match") - ) + # Check that password confirmation matches if password is set + if self.cleaned_data['password'] and self.cleaned_data['password'] != self.cleaned_data['confirm_password']: + raise forms.ValidationError(_("Passwords do not match! Please check your input and try again.")) + # TODO: Move this logic to the NetBoxUser class def clean_username(self): """Reject usernames that differ only in case.""" instance = getattr(self, 'instance', None) @@ -277,22 +255,46 @@ class Meta: def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) + + # Populate assigned users and permissions if self.instance.pk: - self.fields['users'].initial = self.instance.user_set.all().values_list('id', flat=True) - self.fields['object_permissions'].initial = self.instance.object_permissions.all().values_list('id', flat=True) + self.fields['users'].initial = self.instance.user_set.values_list('id', flat=True) + self.fields['object_permissions'].initial = self.instance.object_permissions.values_list('id', flat=True) def save(self, *args, **kwargs): instance = super().save(*args, **kwargs) + + # Update assigned users and permissions instance.user_set.set(self.cleaned_data['users']) instance.object_permissions.set(self.cleaned_data['object_permissions']) + return instance class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): + object_types = ContentTypeMultipleChoiceField( + label=_('Object types'), + queryset=ContentType.objects.all(), + limit_choices_to=OBJECTPERMISSION_OBJECT_TYPES, + widget=forms.SelectMultiple(attrs={'size': 6}) + ) + can_view = forms.BooleanField( + required=False + ) + can_add = forms.BooleanField( + required=False + ) + can_change = forms.BooleanField( + required=False + ) + can_delete = forms.BooleanField( + required=False + ) actions = SimpleArrayField( - label=_('Actions'), + label=_('Additional actions'), base_field=forms.CharField(), required=False, + help_text=_('Actions granted in addition to those listed above') ) users = DynamicModelMultipleChoiceField( label=_('Users'), @@ -304,17 +306,6 @@ class ObjectPermissionForm(BootstrapMixin, forms.ModelForm): required=False, queryset=Group.objects.all() ) - object_types = ContentTypeMultipleChoiceField( - label=_('Object types'), - queryset=ContentType.objects.all(), - limit_choices_to=OBJECTPERMISSION_OBJECT_TYPES, - widget=forms.SelectMultiple(attrs={'size': 6}) - ) - - can_view = forms.BooleanField(required=False) - can_add = forms.BooleanField(required=False) - can_change = forms.BooleanField(required=False) - can_delete = forms.BooleanField(required=False) fieldsets = ( (None, ('name', 'description', 'enabled',)), @@ -330,13 +321,11 @@ class Meta: 'name', 'description', 'enabled', 'object_types', 'users', 'groups', 'constraints', 'actions', ] help_texts = { - 'actions': _('Actions granted in addition to those listed above'), - 'constraints': _('JSON expression of a queryset filter that will return only permitted objects. Leave null ' - 'to match all objects of this type. A list of multiple objects will result in a logical OR ' - 'operation.') - } - labels = { - 'actions': 'Additional actions' + 'constraints': _( + 'JSON expression of a queryset filter that will return only permitted objects. Leave null ' + 'to match all objects of this type. A list of multiple objects will result in a logical OR ' + 'operation.' + ) } def __init__(self, *args, **kwargs): From 34b8d2a0978f24af66e74f0145f4180e24bc2e37 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 14:32:25 -0400 Subject: [PATCH 70/72] Misc cleanup --- .../migrations/0004_netboxgroup_netboxuser.py | 4 +- netbox/users/models.py | 5 +- netbox/users/tables.py | 16 ++++-- netbox/users/urls.py | 18 +++---- netbox/users/views.py | 53 +++++++------------ netbox/utilities/permissions.py | 22 +++----- netbox/utilities/querysets.py | 3 +- netbox/utilities/views.py | 1 - 8 files changed, 50 insertions(+), 72 deletions(-) diff --git a/netbox/users/migrations/0004_netboxgroup_netboxuser.py b/netbox/users/migrations/0004_netboxgroup_netboxuser.py index afbc0eefb10..59d941643d1 100644 --- a/netbox/users/migrations/0004_netboxgroup_netboxuser.py +++ b/netbox/users/migrations/0004_netboxgroup_netboxuser.py @@ -41,10 +41,10 @@ class Migration(migrations.Migration): ), migrations.AlterModelOptions( name='netboxgroup', - options={'ordering': ['name'], 'verbose_name': 'Group'}, + options={'ordering': ('name',), 'verbose_name': 'Group'}, ), migrations.AlterModelOptions( name='netboxuser', - options={'ordering': ['username'], 'verbose_name': 'User'}, + options={'ordering': ('username',), 'verbose_name': 'User'}, ), ] diff --git a/netbox/users/models.py b/netbox/users/models.py index 3a4a0b4b243..a8060dd6326 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -69,7 +69,7 @@ class NetBoxUser(User): class Meta: verbose_name = 'User' proxy = True - ordering = ['username',] + ordering = ('username',) def get_absolute_url(self): return reverse('users:netboxuser', args=[self.pk]) @@ -84,7 +84,7 @@ class NetBoxGroup(Group): class Meta: verbose_name = 'Group' proxy = True - ordering = ['name',] + ordering = ('name',) def get_absolute_url(self): return reverse('users:netboxgroup', args=[self.pk]) @@ -94,7 +94,6 @@ def get_absolute_url(self): # User preferences # - class UserConfig(models.Model): """ This model stores arbitrary user-specific preferences in a JSON data structure. diff --git a/netbox/users/tables.py b/netbox/users/tables.py index 304f2c8a3e5..741a4b024e5 100644 --- a/netbox/users/tables.py +++ b/netbox/users/tables.py @@ -57,8 +57,12 @@ class Meta(NetBoxTable.Meta): class UserTable(NetBoxTable): - username = tables.Column(linkify=True) - groups = tables.ManyToManyColumn() + username = tables.Column( + linkify=True + ) + groups = columns.ManyToManyColumn( + linkify_item=('users:netboxgroup', {'pk': tables.A('pk')}) + ) is_active = columns.BooleanColumn() is_staff = columns.BooleanColumn() is_superuser = columns.BooleanColumn() @@ -100,8 +104,12 @@ class ObjectPermissionTable(NetBoxTable): custom_actions = columns.ArrayColumn( accessor=tables.A('actions') ) - users = tables.ManyToManyColumn() - groups = tables.ManyToManyColumn() + users = columns.ManyToManyColumn( + linkify_item=('users:netboxuser', {'pk': tables.A('pk')}) + ) + groups = columns.ManyToManyColumn( + linkify_item=('users:netboxgroup', {'pk': tables.A('pk')}) + ) actions = columns.ActionsColumn( actions=('edit', 'delete'), ) diff --git a/netbox/users/urls.py b/netbox/users/urls.py index 573a44224db..ca331d144b0 100644 --- a/netbox/users/urls.py +++ b/netbox/users/urls.py @@ -16,18 +16,18 @@ path('api-tokens//', include(get_model_urls('users', 'token'))), # Users - path('users/', views.NetBoxUserListView.as_view(), name='netboxuser_list'), - path('users/add/', views.NetBoxUserEditView.as_view(), name='netboxuser_add'), - path('users/edit/', views.NetBoxUserBulkEditView.as_view(), name='netboxuser_bulk_edit'), - path('users/import/', views.NetBoxUserBulkImportView.as_view(), name='netboxuser_import'), - path('users/delete/', views.NetBoxUserBulkDeleteView.as_view(), name='netboxuser_bulk_delete'), + path('users/', views.UserListView.as_view(), name='netboxuser_list'), + path('users/add/', views.UserEditView.as_view(), name='netboxuser_add'), + path('users/edit/', views.UserBulkEditView.as_view(), name='netboxuser_bulk_edit'), + path('users/import/', views.UserBulkImportView.as_view(), name='netboxuser_import'), + path('users/delete/', views.UserBulkDeleteView.as_view(), name='netboxuser_bulk_delete'), path('users//', include(get_model_urls('users', 'netboxuser'))), # Groups - path('groups/', views.NetBoxGroupListView.as_view(), name='netboxgroup_list'), - path('groups/add/', views.NetBoxGroupEditView.as_view(), name='netboxgroup_add'), - path('groups/import/', views.NetBoxGroupBulkImportView.as_view(), name='netboxgroup_import'), - path('groups/delete/', views.NetBoxGroupBulkDeleteView.as_view(), name='netboxgroup_bulk_delete'), + path('groups/', views.GroupListView.as_view(), name='netboxgroup_list'), + path('groups/add/', views.GroupEditView.as_view(), name='netboxgroup_add'), + path('groups/import/', views.GroupBulkImportView.as_view(), name='netboxgroup_import'), + path('groups/delete/', views.GroupBulkDeleteView.as_view(), name='netboxgroup_bulk_delete'), path('groups//', include(get_model_urls('users', 'netboxgroup'))), # Permissions diff --git a/netbox/users/views.py b/netbox/users/views.py index c93b8cc82cb..99635b514f5 100644 --- a/netbox/users/views.py +++ b/netbox/users/views.py @@ -2,11 +2,10 @@ from django.conf import settings from django.contrib import messages -from django.contrib.auth import login as auth_login, logout as auth_logout, update_session_auth_hash, get_user_model +from django.contrib.auth import login as auth_login, logout as auth_logout, update_session_auth_hash from django.contrib.auth.mixins import LoginRequiredMixin -from django.contrib.auth.models import Group, User, update_last_login +from django.contrib.auth.models import update_last_login from django.contrib.auth.signals import user_logged_in -from django.core.exceptions import ImproperlyConfigured from django.db.models import Count from django.http import HttpResponseRedirect from django.shortcuts import get_object_or_404, redirect, render, resolve_url @@ -23,8 +22,6 @@ from netbox.config import get_config from netbox.views import generic from utilities.forms import ConfirmationForm -from utilities.permissions import get_permission_for_model -from utilities.querysets import RestrictedQuerySet from utilities.views import register_model_view from . import filtersets, forms, tables from .models import Token, UserConfig, NetBoxGroup, NetBoxUser, ObjectPermission @@ -362,7 +359,7 @@ def post(self, request, pk): # -class NetBoxUserListView(generic.ObjectListView): +class UserListView(generic.ObjectListView): queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet filterset_form = forms.UserFilterForm @@ -370,47 +367,43 @@ class NetBoxUserListView(generic.ObjectListView): @register_model_view(NetBoxUser) -class NetBoxUserView(generic.ObjectView): +class UserView(generic.ObjectView): queryset = NetBoxUser.objects.all() template_name = 'users/user.html' def get_extra_context(self, request, instance): - # Compile changelog table - changelog = ObjectChange.objects.restrict(request.user, 'view').filter(user=request.user).prefetch_related( - 'changed_object_type' - )[:20] + changelog = ObjectChange.objects.restrict(request.user, 'view').filter(user=request.user)[:20] changelog_table = ObjectChangeTable(changelog) return { 'changelog_table': changelog_table, - 'active_tab': 'user', } @register_model_view(NetBoxUser, 'edit') -class NetBoxUserEditView(generic.ObjectEditView): +class UserEditView(generic.ObjectEditView): queryset = NetBoxUser.objects.all() form = forms.UserForm @register_model_view(NetBoxUser, 'delete') -class NetBoxUserDeleteView(generic.ObjectDeleteView): +class UserDeleteView(generic.ObjectDeleteView): queryset = NetBoxUser.objects.all() -class NetBoxUserBulkEditView(generic.BulkEditView): +class UserBulkEditView(generic.BulkEditView): queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet table = tables.UserTable form = forms.UserBulkEditForm -class NetBoxUserBulkImportView(generic.BulkImportView): +class UserBulkImportView(generic.BulkImportView): queryset = NetBoxUser.objects.all() model_form = forms.UserImportForm -class NetBoxUserBulkDeleteView(generic.BulkDeleteView): +class UserBulkDeleteView(generic.BulkDeleteView): queryset = NetBoxUser.objects.all() filterset = filtersets.UserFilterSet table = tables.UserTable @@ -421,42 +414,37 @@ class NetBoxUserBulkDeleteView(generic.BulkDeleteView): # -class NetBoxGroupListView(generic.ObjectListView): - queryset = NetBoxGroup.objects.all().annotate(users_count=Count('user')) +class GroupListView(generic.ObjectListView): + queryset = NetBoxGroup.objects.annotate(users_count=Count('user')) filterset = filtersets.GroupFilterSet filterset_form = forms.GroupFilterForm table = tables.GroupTable @register_model_view(NetBoxGroup) -class NetBoxGroupView(generic.ObjectView): +class GroupView(generic.ObjectView): queryset = NetBoxGroup.objects.all() template_name = 'users/group.html' - def get_extra_context(self, request, instance): - return { - 'active_tab': 'group', - } - @register_model_view(NetBoxGroup, 'edit') -class NetBoxGroupEditView(generic.ObjectEditView): +class GroupEditView(generic.ObjectEditView): queryset = NetBoxGroup.objects.all() form = forms.GroupForm @register_model_view(NetBoxGroup, 'delete') -class NetBoxGroupDeleteView(generic.ObjectDeleteView): +class GroupDeleteView(generic.ObjectDeleteView): queryset = NetBoxGroup.objects.all() -class NetBoxGroupBulkImportView(generic.BulkImportView): +class GroupBulkImportView(generic.BulkImportView): queryset = NetBoxGroup.objects.all() model_form = forms.GroupImportForm -class NetBoxGroupBulkDeleteView(generic.BulkDeleteView): - queryset = NetBoxGroup.objects.all() +class GroupBulkDeleteView(generic.BulkDeleteView): + queryset = NetBoxGroup.objects.annotate(users_count=Count('user')) filterset = filtersets.GroupFilterSet table = tables.GroupTable @@ -477,11 +465,6 @@ class ObjectPermissionView(generic.ObjectView): queryset = ObjectPermission.objects.all() template_name = 'users/objectpermission.html' - def get_extra_context(self, request, instance): - return { - 'active_tab': 'objectpermission', - } - @register_model_view(ObjectPermission, 'edit') class ObjectPermissionEditView(generic.ObjectEditView): diff --git a/netbox/utilities/permissions.py b/netbox/utilities/permissions.py index 6bdf2b9c49d..813a8f94401 100644 --- a/netbox/utilities/permissions.py +++ b/netbox/utilities/permissions.py @@ -18,17 +18,10 @@ def get_permission_for_model(model, action): :param model: A model or instance :param action: View, add, change, or delete (string) """ + # Resolve to the "concrete" model (for proxy models) + model = model._meta.concrete_model - # Get non proxied model - concrete_model = model - while concrete_model._meta.proxy_for_model: - concrete_model = concrete_model._meta.proxy_for_model - - return '{}.{}_{}'.format( - concrete_model._meta.app_label, - action, - concrete_model._meta.model_name - ) + return f'{model._meta.app_label}.{action}_{model._meta.model_name}' def resolve_permission(name): @@ -75,17 +68,14 @@ def permission_is_exempt(name): if action == 'view': if ( + # All models (excluding those in EXEMPT_EXCLUDE_MODELS) are exempt from view permission enforcement + '*' in settings.EXEMPT_VIEW_PERMISSIONS and (app_label, model_name) not in settings.EXEMPT_EXCLUDE_MODELS + ) or ( # This specific model is exempt from view permission enforcement f'{app_label}.{model_name}' in settings.EXEMPT_VIEW_PERMISSIONS ): return True - if ( - # All models (excluding those in EXEMPT_EXCLUDE_MODELS) are exempt from view permission enforcement - '*' in settings.EXEMPT_VIEW_PERMISSIONS and ((app_label, model_name) not in settings.EXEMPT_EXCLUDE_MODELS) - ): - return True - return False diff --git a/netbox/utilities/querysets.py b/netbox/utilities/querysets.py index aad16a780aa..50917dd0f83 100644 --- a/netbox/utilities/querysets.py +++ b/netbox/utilities/querysets.py @@ -1,8 +1,7 @@ -from django.contrib.contenttypes.models import ContentType from django.db.models import Prefetch, QuerySet from users.constants import CONSTRAINT_TOKEN_USER -from utilities.permissions import permission_is_exempt, qs_filter_from_constraints, get_permission_for_model +from utilities.permissions import get_permission_for_model, permission_is_exempt, qs_filter_from_constraints __all__ = ( 'RestrictedPrefetch', diff --git a/netbox/utilities/views.py b/netbox/utilities/views.py index a639524b7e0..589b71f5072 100644 --- a/netbox/utilities/views.py +++ b/netbox/utilities/views.py @@ -5,7 +5,6 @@ from netbox.registry import registry from .permissions import resolve_permission -from .querysets import RestrictedQuerySet __all__ = ( 'ContentTypePermissionRequiredMixin', From 5c2f0c5975e32456b85c8d13c10e24637e1f1ef6 Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 14:33:57 -0400 Subject: [PATCH 71/72] Flesh out object templates --- netbox/templates/users/group.html | 22 ++++-- netbox/templates/users/objectpermission.html | 70 +++++++++++++++++--- netbox/templates/users/user.html | 40 ++++++----- 3 files changed, 96 insertions(+), 36 deletions(-) diff --git a/netbox/templates/users/group.html b/netbox/templates/users/group.html index dd4b1aa8ac8..e4eee0812c9 100644 --- a/netbox/templates/users/group.html +++ b/netbox/templates/users/group.html @@ -5,11 +5,13 @@ {% block title %}{% trans "Group" %} {{ object.name }}{% endblock %} +{% block subtitle %}{% endblock %} + {% block content %}
    -
    {% trans "Account Details" %}
    +
    {% trans "Group" %}
    @@ -23,13 +25,23 @@
    {% trans "Account Details" %}
    {% trans "Users" %}
    -
      +
      {% for user in object.user_set.all %} -
    • {{ user }}
      • + {{ user }} {% empty %} -
    • {% trans "None" %}
      • +
      {% trans "None" %}
      {% endfor %} -
    +
    +
    +
    +
    {% trans "Assigned Permissions" %}
    +
    + {% for perm in object.object_permissions.all %} + {{ perm }} + {% empty %} +
    {% trans "None" %}
    + {% endfor %} +
    diff --git a/netbox/templates/users/objectpermission.html b/netbox/templates/users/objectpermission.html index 26a5d06d3d5..4da5a6ea572 100644 --- a/netbox/templates/users/objectpermission.html +++ b/netbox/templates/users/objectpermission.html @@ -5,42 +5,92 @@ {% block title %}{% trans "Permission" %} {{ object.name }}{% endblock %} +{% block subtitle %}{% endblock %} + {% block content %}
    -
    {% trans "Account Details" %}
    +
    {% trans "Permission" %}
    + + + + + + + + +
    {% trans "Name" %} {{ object.name }}
    {% trans "Description" %}{{ object.description|placeholder }}
    {% trans "Enabled" %}{% checkmark object.enabled %}
    +
    +
    +
    +
    {% trans "Actions" %}
    +
    + + + + + + + + + + + + + + + + +
    {% trans "View" %}{% checkmark object.can_view %}
    {% trans "Add" %}{% checkmark object.can_add %}
    {% trans "Change" %}{% checkmark object.can_change %}
    {% trans "Delete" %}{% checkmark object.can_delete %}
    +
    +
    {% trans "Constraints" %}
    +
    + {% if object.constraints %} + 
    {{ object.constraints|json }}
    + {% else %} + None + {% endif %} +
    +
    -
    {% trans "Assigned Users" %}
    +
    {% trans "Object Types" %}
      - {% for user in object.users.all %} + {% for user in object.object_types.all %}
    • {{ user }}
      • - {% empty %} -
    • {% trans "None" %}
      • {% endfor %}
    - +
    +
    {% trans "Assigned Users" %}
    +
    + {% for user in object.users.all %} + {{ user }} + {% empty %} +
    {% trans "None" %}
    + {% endfor %} +
    +
    {% trans "Assigned Groups" %}
    -
      +
      {% for group in object.groups.all %} -
    • {{ group }}
      • + {{ group }} {% empty %} -
    • {% trans "None" %}
      • +
      {% trans "None" %}
      {% endfor %} -
    +
diff --git a/netbox/templates/users/user.html b/netbox/templates/users/user.html index 549144336f6..fe03f41ed3f 100644 --- a/netbox/templates/users/user.html +++ b/netbox/templates/users/user.html @@ -5,11 +5,13 @@ {% block title %}{% trans "User" %} {{ object.username }}{% endblock %} +{% block subtitle %}{% endblock %} + {% block content %}
-
{% trans "Account Details" %}
+
{% trans "User" %}
@@ -18,13 +20,7 @@
{% trans "Account Details" %}
- + @@ -35,13 +31,17 @@
{% trans "Account Details" %}
- - + + - + + + + +
{% trans "Full Name" %} - {% if object.first_name or object.last_name %} - {{ object.first_name }} {{ object.last_name }} - {% else %} - {{ ''|placeholder }} - {% endif %} - {{ object.get_full_name|placeholder }}
{% trans "Email" %} {{ object.date_joined|annotated_date }}
{% trans "Superuser" %}{% checkmark object.is_superuser %}{% trans "Active" %}{% checkmark object.active %}
{% trans "Admin Access" %}{% trans "Staff" %} {% checkmark object.is_staff %}
{% trans "Superuser" %}{% checkmark object.is_superuser %}
@@ -49,27 +49,25 @@
{% trans "Account Details" %}
{% trans "Assigned Groups" %}
-
    +
    {% for group in object.groups.all %} -
  • {{ group }}
    • + {{ group }} {% empty %} -
  • {% trans "None" %}
    • +
    {% trans "None" %}
    {% endfor %} -
+
-
{% trans "Assigned Permissions" %}
-
    +
    {% for perm in object.object_permissions.all %} -
  • {{ perm }}
    • + {{ perm }} {% empty %} -
  • {% trans "None" %}
    • +
    {% trans "None" %}
    {% endfor %} -
+
- {% if perms.extras.view_objectchange %}
From 235da43d29e00094391944a69d425122b2a581ed Mon Sep 17 00:00:00 2001 From: Jeremy Stretch Date: Thu, 20 Jul 2023 16:04:57 -0400 Subject: [PATCH 72/72] Clean up tests --- netbox/users/tests/test_views.py | 70 +++++++++++-------- netbox/utilities/testing/views.py | 110 +++++++++--------------------- 2 files changed, 77 insertions(+), 103 deletions(-) diff --git a/netbox/users/tests/test_views.py b/netbox/users/tests/test_views.py index 7fd9818f4b3..ca62f474e53 100644 --- a/netbox/users/tests/test_views.py +++ b/netbox/users/tests/test_views.py @@ -1,26 +1,27 @@ -from decimal import Decimal - -import yaml -from django.contrib.auth import get_user_model from django.contrib.auth.models import Group from django.contrib.contenttypes.models import ContentType -from django.test import override_settings -from django.urls import reverse -from django.utils import timezone -from dcim.choices import * -from dcim.constants import * from users.models import * -from utilities.testing import ViewTestCases, TestCase - - -class UserTestCase(ViewTestCases.UserViewTestCase): +from utilities.testing import ViewTestCases + + +class UserTestCase( + ViewTestCases.GetObjectViewTestCase, + ViewTestCases.CreateObjectViewTestCase, + ViewTestCases.EditObjectViewTestCase, + ViewTestCases.DeleteObjectViewTestCase, + ViewTestCases.ListObjectsViewTestCase, + ViewTestCases.BulkImportObjectsViewTestCase, + ViewTestCases.BulkEditObjectsViewTestCase, + ViewTestCases.BulkDeleteObjectsViewTestCase, +): model = NetBoxUser + maxDiff = None + validation_excluded_fields = ['password'] - def setUp(self): - get_user_model().objects.create_user(username='dummyuser1') - get_user_model().objects.create_user(username='dummyuser2') - super().setUp() + def _get_queryset(self): + # Omit the user attached to the test client + return self.model.objects.exclude(username='testuser') @classmethod def setUpTestData(cls): @@ -60,16 +61,25 @@ def setUpTestData(cls): } -class GroupTestCase(ViewTestCases.GroupViewTestCase): +class GroupTestCase( + ViewTestCases.GetObjectViewTestCase, + ViewTestCases.CreateObjectViewTestCase, + ViewTestCases.EditObjectViewTestCase, + ViewTestCases.DeleteObjectViewTestCase, + ViewTestCases.ListObjectsViewTestCase, + ViewTestCases.BulkImportObjectsViewTestCase, + ViewTestCases.BulkDeleteObjectsViewTestCase, +): model = NetBoxGroup + maxDiff = None @classmethod def setUpTestData(cls): groups = ( - Group(name='group1', ), - Group(name='group2', ), - Group(name='group3', ), + Group(name='group1'), + Group(name='group2'), + Group(name='group3'), ) Group.objects.bulk_create(groups) @@ -92,16 +102,22 @@ def setUpTestData(cls): ) -class ObjectPermissionTestCase(ViewTestCases.ObjectPermissionViewTestCase): +class ObjectPermissionTestCase( + ViewTestCases.GetObjectViewTestCase, + ViewTestCases.CreateObjectViewTestCase, + ViewTestCases.EditObjectViewTestCase, + ViewTestCases.DeleteObjectViewTestCase, + ViewTestCases.ListObjectsViewTestCase, + ViewTestCases.BulkEditObjectsViewTestCase, + ViewTestCases.BulkDeleteObjectsViewTestCase, +): model = ObjectPermission + maxDiff = None @classmethod def setUpTestData(cls): + ct = ContentType.objects.get_by_natural_key('dcim', 'site') - from dcim.models import Site - ct = ContentType.objects.get_for_model(Site) - - # Create three Regions permissions = ( ObjectPermission(name='Permission 1', actions=['view', 'add', 'delete']), ObjectPermission(name='Permission 2', actions=['view', 'add', 'delete']), @@ -112,7 +128,7 @@ def setUpTestData(cls): cls.form_data = { 'name': 'Permission X', 'description': 'A new permission', - 'object_types': [ct.pk,], + 'object_types': [ct.pk], 'actions': 'view,edit,delete', } diff --git a/netbox/utilities/testing/views.py b/netbox/utilities/testing/views.py index 70ff543f82e..539fe30571f 100644 --- a/netbox/utilities/testing/views.py +++ b/netbox/utilities/testing/views.py @@ -125,10 +125,9 @@ class GetObjectChangelogViewTestCase(ModelViewTestCase): """ @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_get_object_changelog(self): - if hasattr(self.model, "to_objectchange"): - url = self._get_url('changelog', self._get_queryset().first()) - response = self.client.get(url) - self.assertHttpStatus(response, 200) + url = self._get_url('changelog', self._get_queryset().first()) + response = self.client.get(url) + self.assertHttpStatus(response, 200) class CreateObjectViewTestCase(ModelViewTestCase): """ @@ -137,6 +136,7 @@ class CreateObjectViewTestCase(ModelViewTestCase): :form_data: Data to be used when creating a new object. """ form_data = {} + validation_excluded_fields = [] def test_create_object_without_permission(self): @@ -155,7 +155,6 @@ def test_create_object_without_permission(self): @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_create_object_with_permission(self): - initial_count = self._get_queryset().count() # Assign unconstrained permission obj_perm = ObjectPermission( @@ -170,21 +169,18 @@ def test_create_object_with_permission(self): self.assertHttpStatus(self.client.get(self._get_url('add')), 200) # Try POST with model-level permission + initial_count = self._get_queryset().count() request = { 'path': self._get_url('add'), 'data': post_data(self.form_data), } self.assertHttpStatus(self.client.post(**request), 302) - - if self.model == ObjectPermission: - # if this test is for ObjectPermission we just created another one - initial_count += 1 self.assertEqual(initial_count + 1, self._get_queryset().count()) instance = self._get_queryset().order_by('pk').last() - self.assertInstanceEqual(instance, self.form_data, exclude=['password']) + self.assertInstanceEqual(instance, self.form_data, exclude=self.validation_excluded_fields) - if hasattr(self.model, "to_objectchange"): - # Verify ObjectChange creation + # Verify ObjectChange creation + if issubclass(instance.__class__, ChangeLoggingMixin): objectchanges = ObjectChange.objects.filter( changed_object_type=ContentType.objects.get_for_model(instance), changed_object_id=instance.pk @@ -194,7 +190,6 @@ def test_create_object_with_permission(self): @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_create_object_with_constrained_permission(self): - initial_count = self._get_queryset().count() # Assign constrained permission obj_perm = ObjectPermission( @@ -210,14 +205,12 @@ def test_create_object_with_constrained_permission(self): self.assertHttpStatus(self.client.get(self._get_url('add')), 200) # Try to create an object (not permitted) + initial_count = self._get_queryset().count() request = { 'path': self._get_url('add'), 'data': post_data(self.form_data), } self.assertHttpStatus(self.client.post(**request), 200) - if self.model == ObjectPermission: - # if this test is for ObjectPermission we just created another one - initial_count += 1 self.assertEqual(initial_count, self._get_queryset().count()) # Check that no object was created # Update the ObjectPermission to allow creation @@ -231,7 +224,8 @@ def test_create_object_with_constrained_permission(self): } self.assertHttpStatus(self.client.post(**request), 302) self.assertEqual(initial_count + 1, self._get_queryset().count()) - self.assertInstanceEqual(self._get_queryset().order_by('pk').last(), self.form_data, exclude=['password']) + instance = self._get_queryset().order_by('pk').last() + self.assertInstanceEqual(instance, self.form_data, exclude=self.validation_excluded_fields) class EditObjectViewTestCase(ModelViewTestCase): """ @@ -240,6 +234,7 @@ class EditObjectViewTestCase(ModelViewTestCase): :form_data: Data to be used when updating the first existing object. """ form_data = {} + validation_excluded_fields = [] def test_edit_object_without_permission(self): instance = self._get_queryset().first() @@ -278,10 +273,11 @@ def test_edit_object_with_permission(self): 'data': post_data(self.form_data), } self.assertHttpStatus(self.client.post(**request), 302) - self.assertInstanceEqual(self._get_queryset().get(pk=instance.pk), self.form_data, exclude=['password',]) + instance = self._get_queryset().get(pk=instance.pk) + self.assertInstanceEqual(instance, self.form_data, exclude=self.validation_excluded_fields) - if hasattr(self.model, "to_objectchange"): - # Verify ObjectChange creation + # Verify ObjectChange creation + if issubclass(instance.__class__, ChangeLoggingMixin): objectchanges = ObjectChange.objects.filter( changed_object_type=ContentType.objects.get_for_model(instance), changed_object_id=instance.pk @@ -315,7 +311,8 @@ def test_edit_object_with_constrained_permission(self): 'data': post_data(self.form_data), } self.assertHttpStatus(self.client.post(**request), 302) - self.assertInstanceEqual(self._get_queryset().get(pk=instance1.pk), self.form_data, exclude=['password',]) + instance = self._get_queryset().get(pk=instance1.pk) + self.assertInstanceEqual(instance, self.form_data, exclude=self.validation_excluded_fields) # Try to edit a non-permitted object request = { @@ -475,10 +472,19 @@ def test_list_objects_with_constrained_permission(self): self.assertIn(instance1.get_absolute_url(), content) self.assertNotIn(instance2.get_absolute_url(), content) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group', 'users.objectpermission']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) def test_export_objects(self): url = self._get_url('list') + # Add model-level permission + obj_perm = ObjectPermission( + name='Test permission', + actions=['view'] + ) + obj_perm.save() + obj_perm.users.add(self.user) + obj_perm.object_types.add(ContentType.objects.get_for_model(self.model)) + # Test default CSV export response = self.client.get(f'{url}?export') self.assertHttpStatus(response, 200) @@ -657,7 +663,7 @@ def test_bulk_update_objects_with_permission(self): if value is not None and not isinstance(field, ForeignKey): self.assertEqual(value, value) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*',]) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_bulk_import_objects_with_constrained_permission(self): initial_count = self._get_queryset().count() data = { @@ -711,7 +717,7 @@ def test_bulk_edit_objects_without_permission(self): with disable_warnings('django.request'): self.assertHttpStatus(self.client.post(self._get_url('bulk_edit'), data), 403) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group', 'users.objectpermission']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_bulk_edit_objects_with_permission(self): pk_list = list(self._get_queryset().values_list('pk', flat=True)[:3]) data = { @@ -725,7 +731,7 @@ def test_bulk_edit_objects_with_permission(self): # Assign model-level permission obj_perm = ObjectPermission( name='Test permission', - actions=['change'] + actions=['view', 'change'] ) obj_perm.save() obj_perm.users.add(self.user) @@ -736,7 +742,7 @@ def test_bulk_edit_objects_with_permission(self): for i, instance in enumerate(self._get_queryset().filter(pk__in=pk_list)): self.assertInstanceEqual(instance, self.bulk_edit_data) - @override_settings(EXEMPT_VIEW_PERMISSIONS=['*', 'auth.user', 'auth.group', 'users.objectpermission']) + @override_settings(EXEMPT_VIEW_PERMISSIONS=['*']) def test_bulk_edit_objects_with_constrained_permission(self): pk_list = list(self._get_queryset().values_list('pk', flat=True)[:3]) data = { @@ -756,7 +762,7 @@ def test_bulk_edit_objects_with_constrained_permission(self): obj_perm = ObjectPermission( name='Test permission', constraints={attr_name: value}, - actions=['change'] + actions=['view', 'change'] ) obj_perm.save() obj_perm.users.add(self.user) @@ -820,7 +826,6 @@ def test_bulk_delete_objects_with_permission(self): @override_settings(EXEMPT_VIEW_PERMISSIONS=[]) def test_bulk_delete_objects_with_constrained_permission(self): - initial_count = self._get_queryset().count() pk_list = self._get_queryset().values_list('pk', flat=True) data = { 'pk': pk_list, @@ -839,10 +844,8 @@ def test_bulk_delete_objects_with_constrained_permission(self): obj_perm.object_types.add(ContentType.objects.get_for_model(self.model)) # Attempt to bulk delete non-permitted objects + initial_count = self._get_queryset().count() self.assertHttpStatus(self.client.post(self._get_url('bulk_delete'), data), 302) - if self.model == ObjectPermission: - # if this test is for ObjectPermission we just created another one - initial_count += 1 self.assertEqual(self._get_queryset().count(), initial_count) # Update permission constraints @@ -997,48 +1000,3 @@ class DeviceComponentViewTestCase( TestCase suitable for testing device component models (ConsolePorts, Interfaces, etc.) """ maxDiff = None - - class UserViewTestCase( - GetObjectViewTestCase, - GetObjectChangelogViewTestCase, - CreateObjectViewTestCase, - EditObjectViewTestCase, - DeleteObjectViewTestCase, - ListObjectsViewTestCase, - BulkEditObjectsViewTestCase, - BulkDeleteObjectsViewTestCase, - ): - """ - TestCase suitable for testing all standard View functions for auth.user objects - """ - maxDiff = None - - class GroupViewTestCase( - GetObjectViewTestCase, - GetObjectChangelogViewTestCase, - CreateObjectViewTestCase, - EditObjectViewTestCase, - DeleteObjectViewTestCase, - ListObjectsViewTestCase, - BulkImportObjectsViewTestCase, - BulkDeleteObjectsViewTestCase, - ): - """ - TestCase suitable for testing all standard View functions for auth.group objects - """ - maxDiff = None - - class ObjectPermissionViewTestCase( - GetObjectViewTestCase, - GetObjectChangelogViewTestCase, - CreateObjectViewTestCase, - EditObjectViewTestCase, - DeleteObjectViewTestCase, - ListObjectsViewTestCase, - BulkEditObjectsViewTestCase, - BulkDeleteObjectsViewTestCase, - ): - """ - TestCase suitable for testing all standard View functions for auth.group objects - """ - maxDiff = None