search

Onemind-Services-LLC / netbox-secrets

Enhance your secret management with encrypted storage and flexible, user-friendly features.
Apache License 2.0
103 stars 10 forks source link

[Bug]: Users able to activate new users keys with only add permissions #152

Open pikimix opened 3 months ago

pikimix commented 3 months ago

NetBox Secrets plugin version

2.0.3

NetBox version

4.0.8

Steps to Reproduce

Create new user with only read/ add on "netbox-secrets | user key" permissions image image

Create new user key and activate using admin user image

Create new user key on second user image

Using first user, activate second users key image

Expected Behavior

First user should not be able to activate a user key without "Change" permissions, as this is an Update action in the change log

Observed Behavior

User can activate new keys without change permissions with only Add and Read

abhi1693 commented 2 months ago

@pikimix Does #153 solves your issue?

pikimix commented 1 month ago

created a new docker container using the NB-67-key-fix branch, and the issue is still apparent, users with only view/ add permissions can activate another users key