search

jasonyates / netbox-documents

Plugin to manage site, circuit and device diagrams and documents in Netbox
Apache License 2.0
134 stars 20 forks source link

Permissions do not work properly #25

Open julianstolp opened 1 year ago

julianstolp commented 1 year ago

Netbox 3.4.3 Plugin 0.5.0 Python 3.8

Tested this with a user who has view permissions for /dcim/sites.

Observed

  1. The documents are always visible, even when viewing them with a account who does not have any permissions for 'Document Storage'.
  2. The Edit and Delete button is always visible even with no permissions at all (but ends in 403). If setting the explicit add, change, delete permissions these are working as expected.

Expected The user is not eligible for seeing the Edit and Delete button.

Not sure if its the plugins bug or a netbox bug.

julianstolp commented 1 year ago

The first point can be ignored. It is the same behavior as Non-Racked Devices. As Netbox is showing related items for the site, even if the user has no permissions to view some of these.