netbox
netbox copied to clipboard
netbox-community
Fixes: #14634 - Bypass Write permissions for render endpoint
Fixes: #14634 - Bypass Write permissions for render endpoint
- Bypass permission for render endpoint by swapping the permissions map and overriding the restrict() action.
Yes, sorry, I will get back on it. Trying to find an elegant way to do this.
This PR has been automatically marked as stale because it has not had recent activity. It will be closed automatically if no further action is taken.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@DanSheps can you address the CI failures please?
I had to make some changes, mainly going back to overriding the permissions map as I couldn't cleanly reslolve certain issues without overriding a number of methods to return view-only permissions.
Reason being is DJango checks to make sure the method has permissions before proceeding to check the more specific permissions and before hitting inital() within the ViewSet.
I found myself overriding get_required_permissions as well as a few others just to get where I needed to be and it wouldn't be what I would deem "clean". (FWIW, I tried to alter the perms_map in __init__(), but it looks like unless it is a local variable to that specific class any changes to it within __init__() trickles down to the parent class as well)
Thanks for all your work on this @DanSheps; sorry it turned out to be more trouble than it's worth. I'm going to close this PR as #14634 has been superseded by #16681 per our discussion yesterday. Thanks again!
Thanks for all your work on this @DanSheps; sorry it turned out to be more trouble than it's worth. I'm going to close this PR as https://github.com/netbox-community/netbox/issues/14634 has been superseded by https://github.com/netbox-community/netbox/issues/16681 per our discussion yesterday. Thanks again!
It was a fun learning exercise with the Django permissions framework so it isn't all bad.