-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API access to render-config needs add permissions and write enable for the api token #14634
Comments
I would consider this as an FR rather than a bug. |
I would consider it a bug, as I assume the current behaviour is not the intended behaviour. In the UI a user with the view permission can view and download the renderd config. This is an inconsistency between the UI and the api. The netbox.api.authentication.TokenPermissions requires the add permission for all POST requests and enforces the |
This is not inconsistent behaviour at all. When you view even in the UI, it makes a |
Please note that this was raised in issue #14184 with some suggestions for ways to make the render-config API endpoint available with a read-only token. |
If viewed in the UI ist a However to get this issue a step further towards beeing resolved, what is you final verdict on this mather and shoud new FR be created or can this issue be relabeld? |
@jiuka this is going to be a low priority bug |
Would this be something I could try my hands on? My approach would be to create a |
IMO, the render config should be a get, not a post. You aren't altering the NetBox database, you are only fetching pre-existing data. This does require a API change and our stance is API changes must be done on non-patch releases. |
The request must be a POST to facilitate passing data in the body of the request (as opposed to query parameters) per the HTTP spec. |
Are we good with @jiuka's proposal then to override the permissions? |
Deployment Type
Self-hosted
NetBox Version
v3.6.8
Python Version
3.10
Steps to Reproduce
Wrire Enabled
Expected Behavior
The User with Read Access to the Device should be able to get the render config from the API. As there is no config set a
No config template found for this device
error is expected.Observed Behavior
The User with Read Access to the Device has no permission to access the render config from the API.
If the user is granted add permissions on the
DCIM > Device
Object Types and the API Token is set toWrite Enabled
the access works as expected.The text was updated successfully, but these errors were encountered: