* Closes#16681: Introduce render_config permission for configuration rendering
Add a new custom permission action `render_config` for rendering device and
virtual machine configurations via the REST API. This allows users to render
configurations without requiring the `add` permission.
Changes:
- Add permission check to RenderConfigMixin.render_config() for devices and VMs
- Update API tests to use render_config permission instead of add
- Add tests verifying permission enforcement (403 without render_config)
- Document new permission requirement in configuration-rendering.md
Note: Currently requires both render_config AND add permissions due to the
automatic POST='add' filter in BaseViewSet.initial(). Removing the add
requirement will be addressed in a follow-up commit.
* Correct permission denied message and enable translation
* Remove add permission requirement for render_config endpoint
Remove the add permission requirement from the render-config API endpoint
while maintaining token write_enabled enforcement as specified in #16681.
Changes:
- Add TokenWritePermission class to check token write ability without requiring
specific model permissions
- Override get_permissions() in RenderConfigMixin to use TokenWritePermission
instead of TokenPermissions for render_config action
- Replace queryset restriction: use render_config instead of add
- Remove add permissions from tests - render_config permission now sufficient
- Update tests to expect 404 when permission denied (NetBox standard pattern)
Per #16681: 'requirement for write permission makes sense for API calls
(because we're accepting and processing arbitrary user data), the specific
permission for creating devices does not'
* Add render_config permission to ConfigTemplate render endpoint
Extend render_config permission requirement to the ConfigTemplate render
endpoint per issue comments.
Changes:
- Add TokenWritePermission check via get_permissions() override in
ConfigTemplateViewSet
- Restrict queryset to render_config permission in render() method
- Add explicit render_config permission check
- Add tests for ConfigTemplate.render() with and without permission
- Update documentation to include ConfigTemplate endpoint
* Address PR feedback on render_config permissions
Remove redundant permission checks, add view permission enforcement via
chained restrict() calls, and rename ConfigTemplate permission action
from render_config to render for consistency.
* Address second round of PR feedback on render_config permissions
- Remove ConfigTemplate view permission check from render_config endpoint
- Add sanity check to TokenWritePermission for non-token auth
- Use named URL patterns instead of string concatenation in tests
- Remove extras.view_configtemplate from test permissions
- Add token write_enabled enforcement tests for all render endpoints
* Misc cleanup
---------
Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
* 8356 add virtual disk model
* 8356 add supplemental forms
* 8356 add menu
* 8356 cleanup views
* 8356 virtual machine tab
* 8356 migrations
* 8356 vm disk tables
* 8356 cleanup
* 8356 graphql
* 8356 graphql
* 8356 add components button
* 8356 bulk add on virtualmachine
* 8356 bulk add fixes
* 8356 api tests
* 8356 news tests add rename
* 8356 VirtualDiskCreateForm
* 8356 fix test
* 8356 add todo to remove disk from vm
* 8356 review changes
* 8356 fix test
* 8356 deprecate disk field
* 8356 review changes
* 8356 fix test
* 8356 fix test
* Simplify view actions
* 8356 review changes
* 8356 split trans tag
* 8356 add total virtual disk size to api
* 8356 add virtual disk list to virtual machine detail view
* 8356 move virtual disk size to property
* 8356 revert property
* Tweak display of deprecated disk field
* 8356 render single disk field
* 8356 update serializer
* 8356 model property
* 8356 fix test
* 8356 review changes
* Revert disk space annotation
* Use existing disk field to store aggregate virtual disk size
* Introduce abstract ComponentModel for VM components
* Add search index for VirtualDisk
* Misc cleanup
---------
Co-authored-by: Jeremy Stretch <jstretch@netboxlabs.com>
* Closes#12135: Prevent the deletion of interfaces with children
* Change PROTECT to RESTRICT
* Extend handle_protectederror() to also handle RestrictedError
* Fix string translation
* Update migrations
* Support bulk removal of parent interfaces via UI if all children are included
* Add support for the bulk deletion of restricted objects via REST API
