Closes #12207: Establish a permission for creating API tokens on behalf of other users (#12192)

* 11091 add permission to allow user to create api tokens for other users * 11091 update docs * 11091 fix for test * 11091 fix for test * 11091 test case for invalid token creation * 11091 add test for permission grant * Cleanup & fix serializer validation --------- Co-authored-by: jeremystretch <jstretch@netboxlabs.com>
2024-05-10 07:54:54 +00:00 · 2023-04-12 07:25:06 -07:00
parent 97ed6439ce
commit 9e305c6181
4 changed files with 39 additions and 3 deletions
--- a/netbox/users/tests/test_api.py
+++ b/netbox/users/tests/test_api.py
@ -153,6 +153,26 @@ class TokenTest(
        response = self.client.post(url, data, format='json', **self.header)
        self.assertEqual(response.status_code, 403)

+    def test_provision_token_other_user(self):
+        """
+        Test provisioning a Token for a different User with & without the grant_token permission.
+        """
+        self.add_permissions('users.add_token')
+        user2 = User.objects.create_user(username='testuser2')
+        data = {
+            'user': user2.id,
+        }
+        url = reverse('users-api:token-list')
+
+        # Attempt to create a new Token for User2 *without* the grant_token permission
+        response = self.client.post(url, data, format='json', **self.header)
+        self.assertEqual(response.status_code, 403)
+
+        # Assign grant_token permission and successfully create a new Token for User2
+        self.add_permissions('users.grant_token')
+        response = self.client.post(url, data, format='json', **self.header)
+        self.assertEqual(response.status_code, 201)
+

 class ObjectPermissionTest(
    # No GraphQL support for ObjectPermission