mattieserver
commented
6 months ago A lot of those are from older code and can indeed be cleaned up. I will create a PR to cleanup some of those.
Open dreng opened 10 months ago
mattieserver
commented
6 months ago A lot of those are from older code and can indeed be cleaned up. I will create a PR to cleanup some of those.
NetBox version
v3.6.4
Topology Views version
v3.8.1
Steps to Reproduce
Check permissions in the following files:
Expected Behavior
Permission should make sense.
Observed Behavior
navigation.py:
The entry for plugins:netbox_topology_views:images wants these permissions:
This entry is for making the menu item visible. Why should this item make use of Sites or Device Roles? The correct permission should be imho:
views.py
The class TopologyImagesView wants:
The Images View does not need any Site information. I think this was just copy-pasted from the Topology View (where it is needed indeed). In addition, the view only displays something in the first step. Write permissions are only required when saving images. However, the permission to display the view should be controlled via the "Role Image" permission. This seems to be reasonable and sufficient:
api/views.py
This is the one I don't understand. The class SaveRoleImagesViewSet wants:
Here, too, the authorisation should be controlled via "Role Image" and being able to read the Device Role model should be sufficient. But why does it need the other permissions? Nothing will be written to Device Role model. Instead, Role Image model must be writable. When I tried to remove these permissions and set view permissions instead (in both, source code and admin panel), saving didn't work anymore. In my opinion it should be:
But as stated before, that didn't work for me. @mattieserver Hope you can contribute here.