1
0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00

Closes #9074: Enable referencing the current user when evaluating permission constraints

This commit is contained in:
jeremystretch
2022-07-01 13:34:10 -04:00
parent c6dfdf10e5
commit 12c138b341
8 changed files with 48 additions and 8 deletions

View File

@ -1,5 +1,6 @@
from django.db.models import QuerySet
from users.constants import CONSTRAINT_TOKEN_USER
from utilities.permissions import permission_is_exempt, qs_filter_from_constraints
@ -28,7 +29,10 @@ class RestrictedQuerySet(QuerySet):
# Filter the queryset to include only objects with allowed attributes
else:
attrs = qs_filter_from_constraints(user._object_perm_cache[permission_required])
tokens = {
CONSTRAINT_TOKEN_USER: user,
}
attrs = qs_filter_from_constraints(user._object_perm_cache[permission_required], tokens)
# #8715: Avoid duplicates when JOIN on many-to-many fields without using DISTINCT.
# DISTINCT acts globally on the entire request, which may not be desirable.
allowed_objects = self.model.objects.filter(attrs)