diff --git a/netbox/extras/api/views.py b/netbox/extras/api/views.py index 6aaa8ba4b..216ea42a0 100644 --- a/netbox/extras/api/views.py +++ b/netbox/extras/api/views.py @@ -1,6 +1,7 @@ from __future__ import unicode_literals from rest_framework.decorators import detail_route +from rest_framework.exceptions import PermissionDenied from rest_framework.response import Response from rest_framework.viewsets import ModelViewSet, ReadOnlyModelViewSet, ViewSet @@ -148,6 +149,10 @@ class ReportViewSet(ViewSet): Run a Report and create a new ReportResult, overwriting any previous result for the Report. """ + # Check that the user has permission to run reports. + if not request.user.has_perm('extras.add_reportresult'): + raise PermissionDenied("This user does not have permission to run reports.") + # Retrieve and run the Report. report = self._retrieve_report(pk) result = report.run() diff --git a/netbox/extras/migrations/0008_reports.py b/netbox/extras/migrations/0008_reports.py index 0cfe48ba5..c9fc16cc3 100644 --- a/netbox/extras/migrations/0008_reports.py +++ b/netbox/extras/migrations/0008_reports.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Generated by Django 1.11.4 on 2017-09-22 15:21 +# Generated by Django 1.11.4 on 2017-09-26 21:25 from __future__ import unicode_literals from django.conf import settings @@ -28,7 +28,6 @@ class Migration(migrations.Migration): ], options={ 'ordering': ['report'], - 'permissions': (('run_report', 'Run a report and save the results'),), }, ), ] diff --git a/netbox/extras/models.py b/netbox/extras/models.py index d1eee12cb..5181e88e9 100644 --- a/netbox/extras/models.py +++ b/netbox/extras/models.py @@ -405,9 +405,6 @@ class ReportResult(models.Model): class Meta: ordering = ['report'] - permissions = ( - ('run_report', 'Run a report and save the results'), - ) #