starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-12 13:30:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Permissions for device adding is not working #1024

New Issue
Closed
opened 2025-12-29 16:28:03 +01:00 by adam · 3 comments
adam commented 2025-12-29 16:28:03 +01:00
Owner
Copy Link

Originally created by @Atoms on GitHub (Jun 13, 2017).

Issue type:

**Python version: 3.4
**NetBox version: 2.0.5

When User Group has only can add permission in menu you can see link to add device, but clicking on it it asks for login (you already are logged in)

When you add permission to change object then you can add and change object without the problems.

Originally created by @Atoms on GitHub (Jun 13, 2017). ### Issue type: **Python version: 3.4 **NetBox version: 2.0.5 When User Group has only can add permission in menu you can see link to add device, but clicking on it it asks for login (you already are logged in) When you add permission to change object then you can add and change object without the problems.
adam added the type: bug label 2025-12-29 16:28:03 +01:00
adam closed this issue 2025-12-29 16:28:03 +01:00
adam commented 2025-12-29 16:28:03 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jun 13, 2017):

This is because we're using one view to handle both creates and edits:

class DeviceEditView(PermissionRequiredMixin, ObjectEditView):
    permission_required = 'dcim.change_device'
    model = Device
    form_class = forms.DeviceForm
    template_name = 'dcim/device_edit.html'
    default_return_url = 'dcim:device_list'

(This is a common pattern for most objects in NetBox, not just devices.)

We could add a second view named DeviceAddView which inherits from the view above and merely modifies the required permission to be "add" instead of "change," but that does call into question the practicality of separating the two functions. Is there a reasonable use case where we would want to allow a user to create objects but not edit them?

@jeremystretch commented on GitHub (Jun 13, 2017): This is because we're using one view to handle both creates and edits: ``` class DeviceEditView(PermissionRequiredMixin, ObjectEditView): permission_required = 'dcim.change_device' model = Device form_class = forms.DeviceForm template_name = 'dcim/device_edit.html' default_return_url = 'dcim:device_list' ``` (This is a common pattern for most objects in NetBox, not just devices.) We could add a second view named `DeviceAddView` which inherits from the view above and merely modifies the required permission to be "add" instead of "change," but that does call into question the practicality of separating the two functions. Is there a reasonable use case where we would want to allow a user to create objects but not edit them?
adam commented 2025-12-29 16:28:03 +01:00
Author
Owner
Copy Link

@Atoms commented on GitHub (Jun 13, 2017):

I cannot see now use case where we would like to use it, this was just like big confusion and you probably labeled correctly. As we are starting to use netbox, we are trying different scenariosm and one of them was to add user which can only add devices.

Maybe this is somehow connected to API permissions (we didn't checked that) ?

If it not affects API part, then as a fix i would say remove Add permision and rename Change to Add/Change
this would be less confusing :)

@Atoms commented on GitHub (Jun 13, 2017): I cannot see now use case where we would like to use it, this was just like big confusion and you probably labeled correctly. As we are starting to use netbox, we are trying different scenariosm and one of them was to add user which can only add devices. Maybe this is somehow connected to API permissions (we didn't checked that) ? If it not affects API part, then as a fix i would say remove Add permision and rename Change to Add/Change this would be less confusing :)
adam commented 2025-12-29 16:28:04 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Jun 13, 2017):

Even if it's a rare use case, I think it makes sense to enforce the "add" and "change" permissions separately to ensure they do exactly what they sound like. It should be easy enough to tweak the ObjectEditView to apply one or the other appropriately.

Maybe this is somehow connected to API permissions

Just FYI the API utilizes the same permissions as the web UI.

@jeremystretch commented on GitHub (Jun 13, 2017): Even if it's a rare use case, I think it makes sense to enforce the "add" and "change" permissions separately to ensure they do exactly what they sound like. It should be easy enough to tweak the ObjectEditView to apply one or the other appropriately. > Maybe this is somehow connected to API permissions Just FYI the API utilizes the same permissions as the web UI.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label type: bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#1024
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?