#4969: Remove user and group assignment from SecretRole

2024-05-10 07:54:54 +00:00 · 2020-08-07 16:19:18 -04:00
parent aca3ca9d65
commit e6bc55af85
13 changed files with 93 additions and 117 deletions
--- a/netbox/secrets/api/views.py
+++ b/netbox/secrets/api/views.py
@ -38,7 +38,7 @@ class SecretRoleViewSet(ModelViewSet):

 class SecretViewSet(ModelViewSet):
    queryset = Secret.objects.prefetch_related(
-        'device__primary_ip4', 'device__primary_ip6', 'role', 'role__users', 'role__groups', 'tags',
+        'device__primary_ip4', 'device__primary_ip6', 'role', 'tags',
    )
    serializer_class = serializers.SecretSerializer
    filterset_class = filters.SecretFilterSet
@ -84,8 +84,8 @@ class SecretViewSet(ModelViewSet):

        secret = self.get_object()

-        # Attempt to decrypt the secret if the user is permitted and the master key is known
-        if secret.decryptable_by(request.user) and self.master_key is not None:
+        # Attempt to decrypt the secret if the master key is known
+        if self.master_key is not None:
            secret.decrypt(self.master_key)

        serializer = self.get_serializer(secret)
@ -102,9 +102,7 @@ class SecretViewSet(ModelViewSet):
            if self.master_key is not None:
                secrets = []
                for secret in page:
-                    # Enforce role permissions
-                    if secret.decryptable_by(request.user):
-                        secret.decrypt(self.master_key)
+                    secret.decrypt(self.master_key)
                    secrets.append(secret)
                serializer = self.get_serializer(secrets, many=True)
            else: