mirror of
https://github.com/netbox-community/netbox.git
synced 2024-05-10 07:54:54 +00:00
Closes #13311: Always use get_permission_for_model() to resolve permission names
This commit is contained in:
@ -119,7 +119,7 @@ class ObjectPermissionMixin:
|
|||||||
return True
|
return True
|
||||||
|
|
||||||
# Sanity check: Ensure that the requested permission applies to the specified object
|
# Sanity check: Ensure that the requested permission applies to the specified object
|
||||||
model = obj._meta.model
|
model = obj._meta.concrete_model
|
||||||
if model._meta.label_lower != '.'.join((app_label, model_name)):
|
if model._meta.label_lower != '.'.join((app_label, model_name)):
|
||||||
raise ValueError(f"Invalid permission {perm} for model {model}")
|
raise ValueError(f"Invalid permission {perm} for model {model}")
|
||||||
|
|
||||||
|
@ -16,6 +16,7 @@ from django_tables2.columns import library
|
|||||||
from django_tables2.utils import Accessor
|
from django_tables2.utils import Accessor
|
||||||
|
|
||||||
from extras.choices import CustomFieldTypeChoices
|
from extras.choices import CustomFieldTypeChoices
|
||||||
|
from utilities.permissions import get_permission_for_model
|
||||||
from utilities.templatetags.builtins.filters import render_markdown
|
from utilities.templatetags.builtins.filters import render_markdown
|
||||||
from utilities.utils import content_type_identifier, content_type_name, get_viewname
|
from utilities.utils import content_type_identifier, content_type_name, get_viewname
|
||||||
|
|
||||||
@ -250,7 +251,7 @@ class ActionsColumn(tables.Column):
|
|||||||
dropdown_links = []
|
dropdown_links = []
|
||||||
user = getattr(request, 'user', AnonymousUser())
|
user = getattr(request, 'user', AnonymousUser())
|
||||||
for idx, (action, attrs) in enumerate(self.actions.items()):
|
for idx, (action, attrs) in enumerate(self.actions.items()):
|
||||||
permission = f'{model._meta.app_label}.{attrs.permission}_{model._meta.model_name}'
|
permission = get_permission_for_model(model, attrs.permission)
|
||||||
if attrs.permission is None or user.has_perm(permission):
|
if attrs.permission is None or user.has_perm(permission):
|
||||||
url = reverse(get_viewname(model, action), kwargs={'pk': record.pk})
|
url = reverse(get_viewname(model, action), kwargs={'pk': record.pk})
|
||||||
|
|
||||||
|
@ -1,5 +1,7 @@
|
|||||||
from django import template
|
from django import template
|
||||||
|
|
||||||
|
from utilities.permissions import get_permission_for_model
|
||||||
|
|
||||||
__all__ = (
|
__all__ = (
|
||||||
'can_add',
|
'can_add',
|
||||||
'can_change',
|
'can_change',
|
||||||
@ -12,10 +14,8 @@ register = template.Library()
|
|||||||
|
|
||||||
|
|
||||||
def _check_permission(user, instance, action):
|
def _check_permission(user, instance, action):
|
||||||
return user.has_perm(
|
permission = get_permission_for_model(instance, action)
|
||||||
perm=f'{instance._meta.app_label}.{action}_{instance._meta.model_name}',
|
return user.has_perm(perm=permission, obj=instance)
|
||||||
obj=instance
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
@register.filter()
|
@register.filter()
|
||||||
|
Reference in New Issue
Block a user