mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

Fixes #10719: Prevent user without sufficient permission from creating an IP address via FHRP group creation

Browse Source
This commit is contained in:
jeremystretch
2022-10-26 08:44:20 -04:00
parent 2a62b628cf
commit 7b3ef2ade5
3 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
docs/release-notes/version-3.3.md
View File

@ -21,6 +21,7 @@
* [#10655](https://github.com/netbox-community/netbox/issues/10655) - Correct display of assigned contacts in object tables * [#10655](https://github.com/netbox-community/netbox/issues/10655) - Correct display of assigned contacts in object tables
* [#10712](https://github.com/netbox-community/netbox/issues/10712) - Fix ModuleNotFoundError exception when generating API schema under Python 3.9+ * [#10712](https://github.com/netbox-community/netbox/issues/10712) - Fix ModuleNotFoundError exception when generating API schema under Python 3.9+
* [#10716](https://github.com/netbox-community/netbox/issues/10716) - Add left/right page plugin content embeds for tag view * [#10716](https://github.com/netbox-community/netbox/issues/10716) - Add left/right page plugin content embeds for tag view
* [#10719](https://github.com/netbox-community/netbox/issues/10719) - Prevent user without sufficient permission from creating an IP address via FHRP group creation
* [#10723](https://github.com/netbox-community/netbox/issues/10723) - Distinguish between inside/outside NAT assignments for device/VM primary IPs * [#10723](https://github.com/netbox-community/netbox/issues/10723) - Distinguish between inside/outside NAT assignments for device/VM primary IPs
* [#10745](https://github.com/netbox-community/netbox/issues/10745) - Correct display of status field in clusters list * [#10745](https://github.com/netbox-community/netbox/issues/10745) - Correct display of status field in clusters list
* [#10746](https://github.com/netbox-community/netbox/issues/10746) - Add missing status attribute to cluster view * [#10746](https://github.com/netbox-community/netbox/issues/10746) - Add missing status attribute to cluster view

3
netbox/ipam/forms/models.py
View File

@ -552,6 +552,7 @@ class FHRPGroupForm(NetBoxModelForm):
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
instance = super().save(*args, **kwargs) instance = super().save(*args, **kwargs)
user = getattr(instance, '_user', None) # Set under FHRPGroupEditView.alter_object()
# Check if we need to create a new IPAddress for the group # Check if we need to create a new IPAddress for the group
if self.cleaned_data.get('ip_address'): if self.cleaned_data.get('ip_address'):
@ -565,7 +566,7 @@ class FHRPGroupForm(NetBoxModelForm):
ipaddress.save() ipaddress.save()
# Check that the new IPAddress conforms with any assigned object-level permissions # Check that the new IPAddress conforms with any assigned object-level permissions
if not IPAddress.objects.filter(pk=ipaddress.pk).first(): if not IPAddress.objects.restrict(user, 'add').filter(pk=ipaddress.pk).first():
raise PermissionsViolation() raise PermissionsViolation()
return instance return instance

6
netbox/ipam/views.py
View File

@ -930,6 +930,12 @@ class FHRPGroupEditView(generic.ObjectEditView):
return return_url return return_url
def alter_object(self, obj, request, url_args, url_kwargs):
# Workaround to solve #10719. Capture the current user on the FHRPGroup instance so that
# we can evaluate permissions during the creation of a new IPAddress within the form.
obj._user = request.user
return obj
class FHRPGroupDeleteView(generic.ObjectDeleteView): class FHRPGroupDeleteView(generic.ObjectDeleteView):
queryset = FHRPGroup.objects.all() queryset = FHRPGroup.objects.all()