1
0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00

Transition BulkCreateView to use ObjectPermissionRequiredMixin

This commit is contained in:
Jeremy Stretch
2020-05-21 15:53:50 -04:00
parent e61fc1f709
commit 91362b0f82
2 changed files with 21 additions and 7 deletions

View File

@ -468,20 +468,25 @@ class ObjectDeleteView(GetReturnURLMixin, ObjectPermissionRequiredMixin, View):
})
class BulkCreateView(GetReturnURLMixin, View):
class BulkCreateView(GetReturnURLMixin, ObjectPermissionRequiredMixin, View):
"""
Create new objects in bulk.
form: Form class which provides the `pattern` field
model_form: The ModelForm used to create individual objects
pattern_target: Name of the field to be evaluated as a pattern (if any)
template_name: The name of the template
:param queryset: Base queryset for the objects being created
:param form: Form class which provides the `pattern` field
:param model_form: The ModelForm used to create individual objects
:param pattern_target: Name of the field to be evaluated as a pattern (if any)
:param template_name: The name of the template
"""
queryset = None
form = None
model_form = None
pattern_target = ''
template_name = None
def get_required_permission(self):
return get_permission_for_model(self.queryset.model, 'add')
def get(self, request):
# Set initial values for visible form fields from query args
initial = {}
@ -501,7 +506,7 @@ class BulkCreateView(GetReturnURLMixin, View):
def post(self, request):
logger = logging.getLogger('netbox.views.BulkCreateView')
model = self.model_form._meta.model
model = self.queryset.model
form = self.form(request.POST)
model_form = self.model_form(request.POST)
@ -534,6 +539,10 @@ class BulkCreateView(GetReturnURLMixin, View):
# Raise an IntegrityError to break the for loop and abort the transaction.
raise IntegrityError()
# Enforce object-level permissions
if self.queryset.filter(pk__in=[obj.pk for obj in new_objs]).count() != len(new_objs):
raise ObjectDoesNotExist
# If we make it to this point, validation has succeeded on all new objects.
msg = "Added {} {}".format(len(new_objs), model._meta.verbose_name_plural)
logger.info(msg)
@ -546,6 +555,11 @@ class BulkCreateView(GetReturnURLMixin, View):
except IntegrityError:
pass
except ObjectDoesNotExist:
msg = "Object creation failed due to object-level permissions violation"
logger.debug(msg)
form.add_error(None, msg)
else:
logger.debug("Form validation failed")