1
0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00

Fixes #10719: Prevent user without sufficient permission from creating an IP address via FHRP group creation

This commit is contained in:
jeremystretch
2022-10-26 08:44:20 -04:00
parent 2a62b628cf
commit 7b3ef2ade5
3 changed files with 9 additions and 1 deletions

View File

@ -552,6 +552,7 @@ class FHRPGroupForm(NetBoxModelForm):
def save(self, *args, **kwargs):
instance = super().save(*args, **kwargs)
user = getattr(instance, '_user', None) # Set under FHRPGroupEditView.alter_object()
# Check if we need to create a new IPAddress for the group
if self.cleaned_data.get('ip_address'):
@ -565,7 +566,7 @@ class FHRPGroupForm(NetBoxModelForm):
ipaddress.save()
# Check that the new IPAddress conforms with any assigned object-level permissions
if not IPAddress.objects.filter(pk=ipaddress.pk).first():
if not IPAddress.objects.restrict(user, 'add').filter(pk=ipaddress.pk).first():
raise PermissionsViolation()
return instance