8000 Invalid permissions on SoftwareImageFileUIViewSet custom action views · Issue #7304 · nautobot/nautobot · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Invalid permissions on SoftwareImageFileUIViewSet custom action views #7304

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gsnider2195 opened this issue May 14, 2025 · 2 comments
Open

Invalid permissions on SoftwareImageFileUIViewSet custom action views #7304

gsnider2195 opened this issue May 14, 2025 · 2 comments
Labels
type: bug Something isn't working as expected

Comments

@gsnider2195
Copy link
Contributor

Environment

  • Nautobot version (Docker tag too if applicable): 2.4.8
  • Python version:
  • Database platform, version:
  • Middleware(s):

Steps to Reproduce

  1. go to demo.nautobot.com
  2. click on devices->software image files nav menu
  3. click on a software image file
  4. try to navigate to the "devices", "device types", "inventory items" or "virtual machines" tabs

Expected Behavior

The tabs load

Observed Behavior

Permission error

Image
@gsnider2195 gsnider2195 added type: bug Something isn't working as expected triage This issue is new and has not been reviewed. labels May 14, 2025
@glennmatthews
Copy link
Contributor
glennmatthews commented May 14, 2025
edited
Loading

Probably an issue with all of the recently-added custom view tabs... IIRC custom UIViewSet actions default to looking for the action name as a permission verb, e.g. action devices will look for permission dcim.devices_softwareimagefile instead of dcim.view_softwareimagefile or (as it should be in this specific case) dcim.view_device. In addition to fixing the issue by adding appropriate required_permissions to these actions, we should also add generic tests that will catch this sort of problem in the future.

@gsnider2195
Copy link
Contributor Author

I think we fix this by implementing a custom get_required_permission and possibly get_action on the viewset.

Here's an example of how I did this in ModuleUIViewSet

nautobot/nautobot/dcim/views.py

Lines 2367 to 2384 in dba4fd1

def get_required_permission(self):
# TODO: standardize a pattern for permissions enforcement on custom actions
if self.component_model:
model = self.component_model
method = self.request.method.lower()
if method == "get":
component_action = "view"
permissions = [*self.get_permissions_for_model(model, [component_action]), "dcim.view_module"]
elif self.action.startswith("bulk_add"):
component_action = "add"
permissions = [*self.get_permissions_for_model(model, [component_action]), "dcim.change_module"]
else:
component_action = "change"
permissions = [*self.get_permissions_for_model(model, [component_action]), "dcim.change_module"]
return permissions
return super().get_required_permission()

@dsoftait dsoftait removed the triage This issue is new and has not been reviewed. label May 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug Something isn't working as expected
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@glennmatthews @gsnider2195 @dsoftait
0