Comments (4)
Prefix serializer validation not pulling restricted filter query to stop the update?
Which seems referenced here as well
from nautobot.
Can you clarify, is this issue with /ipam/prefixes/
or with /api/ipam/prefixes/
or both?
from nautobot.
Hi @glennmatthews Apologies, seems to only be affecting /api/ipam/prefixes/
I checked /ipam/prefixes/
using a proxy to modify the request and the server response indicates it is preventing the action per the constraint.
I also checked other api endpoints like /api/dcim/devices/
which also appear to be affected by this bug
from nautobot.
For the constraints I also tested an additional scenario originally I should include.
Instead of applying the permission constraint to the extras/tag object directly (from the report) which would prevent access to the specific tag object. I tried applying a constraint on the ipam/prefixes permission that applies if a specific tag is tag assigned to the prefix object. From my perspective I should not also be able to assign a given tag if I cant access the object that may be containing said tag? Maybe this portion has some nuance? The result when assigned a forbidden tag to an object it will then 'disappear' from the user.
For this I used a similar whitelist test scenario:
{"tags__slug__icontains": "test-whitelist-tag"}
from nautobot.
Related Issues (20)
- API version 2.0/2.1 not honored for `available-prefixes` endpoint in v2.2 HOT 1
- A long running custom field cleanup task will fail HOT 4
- Misleading error messages when assigning choices while creating a MetadataType that fails HOT 1
- Update ModuleType yaml/json import to translate comments field
- Column role is missing under device -> interfaces (and the configure button does nothing) HOT 1
- Installed Apps Page - Provide Link to the Static Files for Docs HOT 1
- Update GitHub Templates - Plugin -> Apps
- API endpoint `prefix-location-assignments` not able to filter by prefix UUID HOT 2
- Test fixture JSON file should be named/identified by the hash of database migrations
- Make unittest `--cache-test-fixtures` and `--keepdb` arguments default-true
- Enforce that any specified `scoped_fields` actually exist on the given associated_object as a part the validation process for `ObjectMetadata` instances
- Dynamic Groups support OR filtering for Tags HOT 2
- Investigate edge case in ObjectMetadata clean() method.
- Enhance generic filter tests to include negative tests
- Consolidate list view bulk action buttons HOT 1
- Consolidate list view standard action buttons
- Consolidate detail view standard action buttons
- Cloud Service Model
- Basic celery worker status page HOT 1
- Update docs about Ubuntu 24.04 and Nautobot 2.2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nautobot.