diff --git a/docs/configuration/data-validation.md b/docs/configuration/data-validation.md
index 9ff71758f..1b8263de3 100644
--- a/docs/configuration/data-validation.md
+++ b/docs/configuration/data-validation.md
@@ -87,3 +87,24 @@ The following colors are supported:
* `gray`
* `black`
* `white`
+
+---
+
+## PROTECTION_RULES
+
+!!! tip "Dynamic Configuration Parameter"
+
+This is a mapping of models to [custom validators](../customization/custom-validation.md) against which an object is evaluated immediately prior to its deletion. If validation fails, the object is not deleted. An example is provided below:
+
+```python
+PROTECTION_RULES = {
+ "dcim.site": [
+ {
+ "status": {
+ "eq": "decommissioning"
+ }
+ },
+ "my_plugin.validators.Validator1",
+ ]
+}
+```
diff --git a/docs/customization/custom-validation.md b/docs/customization/custom-validation.md
index 30198117f..79aa82bc9 100644
--- a/docs/customization/custom-validation.md
+++ b/docs/customization/custom-validation.md
@@ -26,6 +26,8 @@ The `CustomValidator` class supports several validation types:
* `regex`: Application of a [regular expression](https://en.wikipedia.org/wiki/Regular_expression)
* `required`: A value must be specified
* `prohibited`: A value must _not_ be specified
+* `eq`: A value must be equal to the specified value
+* `neq`: A value must _not_ be equal to the specified value
The `min` and `max` types should be defined for numeric values, whereas `min_length`, `max_length`, and `regex` are suitable for character strings (text values). The `required` and `prohibited` validators may be used for any field, and should be passed a value of `True`.
diff --git a/netbox/extras/forms/model_forms.py b/netbox/extras/forms/model_forms.py
index 83a346420..fd2ce8f2d 100644
--- a/netbox/extras/forms/model_forms.py
+++ b/netbox/extras/forms/model_forms.py
@@ -491,7 +491,7 @@ class ConfigRevisionForm(BootstrapMixin, forms.ModelForm, metaclass=ConfigFormMe
(_('Security'), ('ALLOWED_URL_SCHEMES',)),
(_('Banners'), ('BANNER_LOGIN', 'BANNER_MAINTENANCE', 'BANNER_TOP', 'BANNER_BOTTOM')),
(_('Pagination'), ('PAGINATE_COUNT', 'MAX_PAGE_SIZE')),
- (_('Validation'), ('CUSTOM_VALIDATORS',)),
+ (_('Validation'), ('CUSTOM_VALIDATORS', 'PROTECTION_RULES')),
(_('User Preferences'), ('DEFAULT_USER_PREFERENCES',)),
(_('Miscellaneous'), (
'MAINTENANCE_MODE', 'GRAPHQL_ENABLED', 'CHANGELOG_RETENTION', 'JOB_RETENTION', 'MAPS_URL',
@@ -508,6 +508,7 @@ class ConfigRevisionForm(BootstrapMixin, forms.ModelForm, metaclass=ConfigFormMe
'BANNER_TOP': forms.Textarea(attrs={'class': 'font-monospace'}),
'BANNER_BOTTOM': forms.Textarea(attrs={'class': 'font-monospace'}),
'CUSTOM_VALIDATORS': forms.Textarea(attrs={'class': 'font-monospace'}),
+ 'PROTECTION_RULES': forms.Textarea(attrs={'class': 'font-monospace'}),
'comment': forms.Textarea(),
}
diff --git a/netbox/extras/signals.py b/netbox/extras/signals.py
index d6550309f..8bdaf523c 100644
--- a/netbox/extras/signals.py
+++ b/netbox/extras/signals.py
@@ -2,8 +2,10 @@ import importlib
import logging
from django.contrib.contenttypes.models import ContentType
+from django.core.exceptions import ValidationError
from django.db.models.signals import m2m_changed, post_save, pre_delete
from django.dispatch import receiver, Signal
+from django.utils.translation import gettext_lazy as _
from django_prometheus.models import model_deletes, model_inserts, model_updates
from extras.validators import CustomValidator
@@ -178,11 +180,7 @@ m2m_changed.connect(handle_cf_removed_obj_types, sender=CustomField.content_type
# Custom validation
#
-@receiver(post_clean)
-def run_custom_validators(sender, instance, **kwargs):
- config = get_config()
- model_name = f'{sender._meta.app_label}.{sender._meta.model_name}'
- validators = config.CUSTOM_VALIDATORS.get(model_name, [])
+def run_validators(instance, validators):
for validator in validators:
@@ -198,6 +196,29 @@ def run_custom_validators(sender, instance, **kwargs):
validator(instance)
+@receiver(post_clean)
+def run_save_validators(sender, instance, **kwargs):
+ model_name = f'{sender._meta.app_label}.{sender._meta.model_name}'
+ validators = get_config().CUSTOM_VALIDATORS.get(model_name, [])
+
+ run_validators(instance, validators)
+
+
+@receiver(pre_delete)
+def run_delete_validators(sender, instance, **kwargs):
+ model_name = f'{sender._meta.app_label}.{sender._meta.model_name}'
+ validators = get_config().PROTECTION_RULES.get(model_name, [])
+
+ try:
+ run_validators(instance, validators)
+ except ValidationError as e:
+ raise AbortRequest(
+ _("Deletion is prevented by a protection rule: {message}").format(
+ message=e
+ )
+ )
+
+
#
# Dynamic configuration
#
diff --git a/netbox/extras/tests/test_customvalidator.py b/netbox/extras/tests/test_customvalidation.py
similarity index 64%
rename from netbox/extras/tests/test_customvalidator.py
rename to netbox/extras/tests/test_customvalidation.py
index 0fe507b67..d74ad599b 100644
--- a/netbox/extras/tests/test_customvalidator.py
+++ b/netbox/extras/tests/test_customvalidation.py
@@ -1,10 +1,13 @@
from django.conf import settings
from django.core.exceptions import ValidationError
+from django.db import transaction
from django.test import TestCase, override_settings
from ipam.models import ASN, RIR
+from dcim.choices import SiteStatusChoices
from dcim.models import Site
from extras.validators import CustomValidator
+from utilities.exceptions import AbortRequest
class MyValidator(CustomValidator):
@@ -14,6 +17,20 @@ class MyValidator(CustomValidator):
self.fail("Name must be foo!")
+eq_validator = CustomValidator({
+ 'asn': {
+ 'eq': 100
+ }
+})
+
+
+neq_validator = CustomValidator({
+ 'asn': {
+ 'neq': 100
+ }
+})
+
+
min_validator = CustomValidator({
'asn': {
'min': 65000
@@ -77,6 +94,18 @@ class CustomValidatorTest(TestCase):
validator = settings.CUSTOM_VALIDATORS['ipam.asn'][0]
self.assertIsInstance(validator, CustomValidator)
+ @override_settings(CUSTOM_VALIDATORS={'ipam.asn': [eq_validator]})
+ def test_eq(self):
+ ASN(asn=100, rir=RIR.objects.first()).clean()
+ with self.assertRaises(ValidationError):
+ ASN(asn=99, rir=RIR.objects.first()).clean()
+
+ @override_settings(CUSTOM_VALIDATORS={'ipam.asn': [neq_validator]})
+ def test_neq(self):
+ ASN(asn=99, rir=RIR.objects.first()).clean()
+ with self.assertRaises(ValidationError):
+ ASN(asn=100, rir=RIR.objects.first()).clean()
+
@override_settings(CUSTOM_VALIDATORS={'ipam.asn': [min_validator]})
def test_min(self):
with self.assertRaises(ValidationError):
@@ -147,7 +176,7 @@ class CustomValidatorConfigTest(TestCase):
@override_settings(
CUSTOM_VALIDATORS={
'dcim.site': (
- 'extras.tests.test_customvalidator.MyValidator',
+ 'extras.tests.test_customvalidation.MyValidator',
)
}
)
@@ -159,3 +188,62 @@ class CustomValidatorConfigTest(TestCase):
Site(name='foo', slug='foo').clean()
with self.assertRaises(ValidationError):
Site(name='bar', slug='bar').clean()
+
+
+class ProtectionRulesConfigTest(TestCase):
+
+ @override_settings(
+ PROTECTION_RULES={
+ 'dcim.site': [
+ {'status': {'eq': SiteStatusChoices.STATUS_DECOMMISSIONING}}
+ ]
+ }
+ )
+ def test_plain_data(self):
+ """
+ Test custom validator configuration using plain data (as opposed to a CustomValidator
+ class)
+ """
+ # Create a site with a protected status
+ site = Site(name='Site 1', slug='site-1', status=SiteStatusChoices.STATUS_ACTIVE)
+ site.save()
+
+ # Try to delete it
+ with self.assertRaises(AbortRequest):
+ with transaction.atomic():
+ site.delete()
+
+ # Change its status to an allowed value
+ site.status = SiteStatusChoices.STATUS_DECOMMISSIONING
+ site.save()
+
+ # Deletion should now succeed
+ site.delete()
+
+ @override_settings(
+ PROTECTION_RULES={
+ 'dcim.site': (
+ 'extras.tests.test_customvalidation.MyValidator',
+ )
+ }
+ )
+ def test_dotted_path(self):
+ """
+ Test custom validator configuration using a dotted path (string) reference to a
+ CustomValidator class.
+ """
+ # Create a site with a protected name
+ site = Site(name='bar', slug='bar')
+ site.save()
+
+ # Try to delete it
+ with self.assertRaises(AbortRequest):
+ with transaction.atomic():
+ site.delete()
+
+ # Change the name to an allowed value
+ site.name = site.slug = 'foo'
+ site.save()
+
+ # Deletion should now succeed
+ site.delete()
diff --git a/netbox/extras/validators.py b/netbox/extras/validators.py
index 686c9b032..98b4fd88d 100644
--- a/netbox/extras/validators.py
+++ b/netbox/extras/validators.py
@@ -1,15 +1,38 @@
-from django.core.exceptions import ValidationError
from django.core import validators
+from django.core.exceptions import ValidationError
+from django.utils.translation import gettext_lazy as _
# NOTE: As this module may be imported by configuration.py, we cannot import
# anything from NetBox itself.
+class IsEqualValidator(validators.BaseValidator):
+ """
+ Employed by CustomValidator to require a specific value.
+ """
+ message = _("Ensure this value is equal to %(limit_value)s.")
+ code = "is_equal"
+
+ def compare(self, a, b):
+ return a != b
+
+
+class IsNotEqualValidator(validators.BaseValidator):
+ """
+ Employed by CustomValidator to exclude a specific value.
+ """
+ message = _("Ensure this value does not equal %(limit_value)s.")
+ code = "is_not_equal"
+
+ def compare(self, a, b):
+ return a == b
+
+
class IsEmptyValidator:
"""
Employed by CustomValidator to enforce required fields.
"""
- message = "This field must be empty."
+ message = _("This field must be empty.")
code = 'is_empty'
def __init__(self, enforce=True):
@@ -24,7 +47,7 @@ class IsNotEmptyValidator:
"""
Employed by CustomValidator to enforce prohibited fields.
"""
- message = "This field must not be empty."
+ message = _("This field must not be empty.")
code = 'not_empty'
def __init__(self, enforce=True):
@@ -50,6 +73,8 @@ class CustomValidator:
:param validation_rules: A dictionary mapping object attributes to validation rules
"""
VALIDATORS = {
+ 'eq': IsEqualValidator,
+ 'neq': IsNotEqualValidator,
'min': validators.MinValueValidator,
'max': validators.MaxValueValidator,
'min_length': validators.MinLengthValidator,
diff --git a/netbox/netbox/config/parameters.py b/netbox/netbox/config/parameters.py
index 31c4f693a..0cdf8a8d2 100644
--- a/netbox/netbox/config/parameters.py
+++ b/netbox/netbox/config/parameters.py
@@ -152,9 +152,17 @@ PARAMS = (
description=_("Custom validation rules (JSON)"),
field=forms.JSONField,
field_kwargs={
- 'widget': forms.Textarea(
- attrs={'class': 'vLargeTextField'}
- ),
+ 'widget': forms.Textarea(),
+ },
+ ),
+ ConfigParam(
+ name='PROTECTION_RULES',
+ label=_('Protection rules'),
+ default={},
+ description=_("Deletion protection rules (JSON)"),
+ field=forms.JSONField,
+ field_kwargs={
+ 'widget': forms.Textarea(),
},
),
diff --git a/netbox/templates/extras/configrevision.html b/netbox/templates/extras/configrevision.html
index 4f2abf30b..a880865c3 100644
--- a/netbox/templates/extras/configrevision.html
+++ b/netbox/templates/extras/configrevision.html
@@ -151,6 +151,10 @@
| {% trans "Custom validators" %} |
{{ object.data.CUSTOM_VALIDATORS|placeholder }} |
+
+ | {% trans "Protection rules" %} |
+ {{ object.data.PROTECTION_RULES|placeholder }} |
+