Open Azmodeszer opened 3 weeks ago
Hi, which permission is this directly related to
View/add/change/delete
Object Types
Circuits | circuit
DCIM | device
DCIM | rack
DCIM | site
IPAM | IP address
IPAM | prefix
IPAM | VLAN
DCIM | location
IPAM | IP range
DCIM | module
Wireless | wireless LAN
Constraints
{
"status": "submitted"
}
However, users falling into this permission group can still drag around devices and save new positions via the plugin, even if the status constraint is not met.
netbox-reorder-rack version
1.1.1
Python version
3.11
Steps to Reproduce
I have a permission system in place that essentially creates a special group that cannot edit existing objects per se, but can only add new data provided a certain status value is selected for the object (edits work only if that status is still present). However, I discovered that these users can still use the reordering plugin and adjust a device's position, even though that is explicitly prohibited by the permissions.
Expected Behavior
Reordering a device (i.e. changing its rack unit) as a user within the restricted group without the status required by the permissions throws an object-level permissions violation.
Alternately, the Reorder button does not appear in the first place.
Observed Behavior
The button is available to users within the restricted group and the edit is saved.