Open jeremystretch opened 4 months ago
Tagging #14400 as related
could we do the same for the /api/extras/config-templates/{id}/render/
route? it seems logical since both of them basically have the same implications and similar use cases. only difference is that this API route does not require any permissions on a device, just on the template itself
NetBox version
v4.0.5
Feature type
Change to existing functionality
Proposed functionality
Rendering a configuration template for a device or virtual machine will require a new custom permission action,
render_config
.Currently, rendering a configuration template via the UI does not require any permissions beyond
view
for the relevant object type (e.g.dcim.view_device
). However, rendering a configuration template via the REST API currently requires theadd
permission (e.g.dcim.add_device
). While the requirement for write permission makes sense for API calls (because we're accepting and processing arbitrary user data), the specific permission for creating devices does not and has been captured as a bug in #14634.Use case
This new permission action can be used to allow config rendering via the REST API without needing to grant users permission to create new devices/VMs.
Database changes
None
External dependencies
None