PyPI - nautobot - Versions diffs - 2.3.14__py3-none-any.whl → 2.3.15b1__py3-none-any.whl - Mend

nautobot 2.3.14py3-none-any.whl → 2.3.15b1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of nautobot might be problematic. Click here for more details.

Files changed (13) hide show

nautobot/core/testing/mixins.py CHANGED Viewed

@@ -144,13 +144,18 @@ class NautobotTestCaseMixin:
     # Permissions management
     #
-    def add_permissions(self, *names):
+    def add_permissions(self, *names, **kwargs):
         """
         Assign a set of permissions to the test user. Accepts permission names in the form <app>.<action>_<model>.
+        Additional keyword arguments will be passed to the ObjectPermission constructor to allow creating more detailed permissions.
+        Examples:
+            >>> add_permissions("ipam.add_vlangroup", "ipam.view_vlangroup")
+            >>> add_permissions("ipam.add_vlangroup", "ipam.view_vlangroup", constraints={"pk": "uuid-1234"})
         """
         for name in names:
             ct, action = permissions.resolve_permission_ct(name)
-            obj_perm = users_models.ObjectPermission(name=name, actions=[action])
+            obj_perm = users_models.ObjectPermission(name=name, actions=[action], **kwargs)
             obj_perm.save()
             obj_perm.users.add(self.user)
             obj_perm.object_types.add(ct)

nautobot/ipam/api/views.py CHANGED Viewed

@@ -227,7 +227,8 @@ class PrefixViewSet(NautobotModelViewSet):
                 # Create the new Prefix(es)
                 serializer.is_valid(raise_exception=True)
-                serializer.save()
+                self.perform_create(serializer)
                 return Response(serializer.data, status=status.HTTP_201_CREATED)
         else:
@@ -318,7 +319,8 @@ class PrefixViewSet(NautobotModelViewSet):
                 # Create the new IP address(es)
                 serializer.is_valid(raise_exception=True)
-                serializer.save()
+                self.perform_create(serializer)
                 return Response(serializer.data, status=status.HTTP_201_CREATED)
         # Determine the maximum number of IPs to return
@@ -396,21 +398,20 @@ class VLANGroupViewSet(NautobotModelViewSet):
     serializer_class = serializers.VLANGroupSerializer
     filterset_class = filters.VLANGroupFilterSet
-    def restrict_queryset(self, request, *args, **kwargs):
-        """
-        Apply "view" permissions on the POST /available-vlans/ endpoint, otherwise as ModelViewSetMixin.
-        """
-        if request.user.is_authenticated and self.action == "available_vlans":
-            self.queryset = self.queryset.restrict(request.user, "view")
-        else:
-            super().restrict_queryset(request, *args, **kwargs)
+    @staticmethod
+    def vlan_group_queryset():
+        return (
+            VLANGroup.objects.select_related("location")
+            .prefetch_related("tags")
+            .annotate(vlan_count=count_related(VLAN, "vlan_group"))
+        )
     class AvailableVLANPermissions(TokenPermissions):
-        """As nautobot.core.api.authentication.TokenPermissions, but enforcing add_vlan permission."""
+        """As nautobot.core.api.authentication.TokenPermissions, but enforcing `add_vlan` and `view_vlan` permission."""
         perms_map = {
-            "GET": ["ipam.view_vlangroup"],
-            "POST": ["ipam.view_vlangroup", "ipam.add_vlan"],
+            "GET": ["ipam.view_vlangroup", "ipam.view_vlan"],
+            "POST": ["ipam.view_vlangroup", "ipam.view_vlan", "ipam.add_vlan"],
         }
     @extend_schema(methods=["get"], responses={200: ListSerializer(child=IntegerField())})
@@ -426,6 +427,7 @@ class VLANGroupViewSet(NautobotModelViewSet):
         methods=["get", "post"],
         permission_classes=[AvailableVLANPermissions],
         filterset_class=None,
+        queryset=VLAN.objects.all(),
     )
     def available_vlans(self, request, pk=None):
         """
@@ -433,7 +435,7 @@ class VLANGroupViewSet(NautobotModelViewSet):
         By default, the number of VIDs returned will be equivalent to PAGINATE_COUNT.
         An arbitrary limit (up to MAX_PAGE_SIZE, if set) may be passed, however results will not be paginated.
         """
-        vlan_group = get_object_or_404(self.queryset, pk=pk)
+        vlan_group = get_object_or_404(self.vlan_group_queryset().restrict(user=request.user), pk=pk)
         if request.method == "POST":
             with cache.lock(
@@ -509,7 +511,7 @@ class VLANGroupViewSet(NautobotModelViewSet):
                 # Create the new VLANs
                 serializer.is_valid(raise_exception=True)
-                serializer.save()
+                self.perform_create(serializer)
                 data = serializer.data

nautobot/ipam/tests/test_api.py CHANGED Viewed

@@ -571,6 +571,126 @@ class PrefixTest(APIViewTestCases.APIViewTestCase):
         self.assertIn("prefixcf", response.data[0]["custom_fields"])
         self.assertEqual("value 1", response.data[0]["custom_fields"]["prefixcf"])
+    def test_create_available_prefixes_with_permissions_constraint(self):
+        # Prepare prefix and permissions
+        prefix = Prefix.objects.create(
+            prefix="10.2.3.0/24",
+            type=choices.PrefixTypeChoices.TYPE_POOL,
+            namespace=self.namespace,
+            status=self.status,
+            description="This is the Prefix created for whole network.",
+        )
+        url = reverse("ipam-api:prefix-available-prefixes", kwargs={"pk": prefix.pk})
+        self.add_permissions("ipam.view_prefix")
+        self.add_permissions(
+            "ipam.add_prefix", constraints={"description__startswith": "This is the Prefix created for"}
+        )
+        # Test invalid request
+        data = {
+            "prefix_length": 26,
+            "status": self.status.pk,
+        }
+        invalid_data_list = [
+            data,
+            {**data, "description": ""},
+            {**data, "description": "Some description"},
+            {**data, "description": "Some description. This is the IP created for"},
+        ]
+        for invalid_data in invalid_data_list:
+            with self.subTest(case=invalid_data):
+                response = self.client.post(url, invalid_data, format="json", **self.header)
+                self.assertHttpStatus(response, status.HTTP_403_FORBIDDEN)
+                self.assertIn("detail", response.data)
+                self.assertEqual(response.data["detail"], "You do not have permission to perform this action.")
+                # Verify that no prefixes were created (the entire prefix is still available)
+                response = self.client.get(url, **self.header)
+                self.assertHttpStatus(response, status.HTTP_200_OK)
+                self.assertEqual(len(response.data), 1)
+                self.assertEqual(response.data[0]["prefix"], prefix.cidr_str)
+        # Test valid request
+        valid_data = {
+            "prefix_length": 26,
+            "status": self.status.pk,
+            "description": "This is the Prefix created for my local network",
+        }
+        response = self.client.post(url, valid_data, format="json", **self.header)
+        self.assertHttpStatus(response, status.HTTP_201_CREATED)
+        self.assertEqual(response.data["prefix"], "10.2.3.0/26")
+        # Verify that prefix is created
+        response = self.client.get(url, **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+        self.assertEqual(len(response.data), 2)
+        self.assertEqual(response.data[0]["prefix"], "10.2.3.64/26")
+        self.assertEqual(response.data[1]["prefix"], "10.2.3.128/25")
+    def test_create_multiple_available_prefixes_with_permissions_constraint(self):
+        # Prepare prefix and permissions
+        prefix = Prefix.objects.create(
+            prefix="10.2.3.0/24",
+            type=choices.PrefixTypeChoices.TYPE_POOL,
+            namespace=self.namespace,
+            status=self.status,
+            description="This is the Prefix created for whole network.",
+        )
+        url = reverse("ipam-api:prefix-available-prefixes", kwargs={"pk": prefix.pk})
+        self.add_permissions("ipam.view_prefix")
+        self.add_permissions(
+            "ipam.add_prefix", constraints={"description__startswith": "This is the Prefix created for"}
+        )
+        # Test invalid request
+        data = [
+            {
+                "prefix_length": 26,
+                "status": self.status.pk,
+                "description": "This is the Prefix created for my local network",
+            },
+            {
+                "prefix_length": 26,
+                "status": self.status.pk,
+            },
+        ]
+        response = self.client.post(url, data, format="json", **self.header)
+        self.assertHttpStatus(response, status.HTTP_403_FORBIDDEN)
+        self.assertIn("detail", response.data)
+        self.assertEqual(response.data["detail"], "You do not have permission to perform this action.")
+        # Verify that no prefixes were created (the entire prefix is still available)
+        response = self.client.get(url, **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+        self.assertEqual(len(response.data), 1)
+        self.assertEqual(response.data[0]["prefix"], prefix.cidr_str)
+        # Test valid request
+        data = [
+            {
+                "prefix_length": 26,
+                "status": self.status.pk,
+                "description": "This is the Prefix created for my local network",
+            },
+            {
+                "prefix_length": 26,
+                "status": self.status.pk,
+                "description": "This is the Prefix created for my guest house network",
+            },
+        ]
+        response = self.client.post(url, data, format="json", **self.header)
+        self.assertHttpStatus(response, status.HTTP_201_CREATED)
+        self.assertEqual(len(response.data), 2)
+        self.assertEqual(response.data[0]["prefix"], "10.2.3.0/26")
+        self.assertEqual(response.data[1]["prefix"], "10.2.3.64/26")
+        # Verify that prefixes were created
+        response = self.client.get(url, **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+        self.assertEqual(len(response.data), 1)
+        self.assertEqual(response.data[0]["prefix"], "10.2.3.128/25")
     def test_list_available_ips(self):
         """
         Test retrieval of all available IP addresses within a parent prefix.
@@ -731,6 +851,116 @@ class PrefixTest(APIViewTestCases.APIViewTestCase):
         self.assertIn("ipcf", response.data[0]["custom_fields"])
         self.assertEqual("1", response.data[0]["custom_fields"]["ipcf"])
+    def test_create_available_ips_with_permissions_constraint(self):
+        # Prepare prefix and permissions
+        prefix = Prefix.objects.create(
+            prefix="192.168.0.0/30",
+            type=choices.PrefixTypeChoices.TYPE_NETWORK,
+            namespace=self.namespace,
+            status=self.status,
+            description="This is the Prefix created for whole network.",
+        )
+        url = reverse("ipam-api:prefix-available-ips", kwargs={"pk": prefix.pk})
+        self.add_permissions("ipam.view_prefix", "ipam.view_ipaddress")
+        self.add_permissions(
+            "ipam.add_ipaddress", constraints={"description__startswith": "This is the IP created for"}
+        )
+        # Test invalid request
+        data = {
+            "status": self.status.pk,
+        }
+        invalid_data_list = [
+            data,
+            {**data, "description": ""},
+            {**data, "description": "Some description"},
+            {**data, "description": "Some description. This is the IP created for"},
+        ]
+        for invalid_data in invalid_data_list:
+            with self.subTest(case=invalid_data):
+                response = self.client.post(url, invalid_data, format="json", **self.header)
+                self.assertHttpStatus(response, status.HTTP_403_FORBIDDEN)
+                self.assertIn("detail", response.data)
+                self.assertEqual(response.data["detail"], "You do not have permission to perform this action.")
+                # Verify that no IPs were created (the entire prefix pool is still available)
+                response = self.client.get(url, **self.header)
+                self.assertHttpStatus(response, status.HTTP_200_OK)
+                self.assertEqual(len(response.data), 2)
+        # Test valid request
+        valid_data = {
+            "status": self.status.pk,
+            "description": "This is the IP created for my private laptop",
+        }
+        response = self.client.post(url, valid_data, format="json", **self.header)
+        self.assertHttpStatus(response, status.HTTP_201_CREATED)
+        self.assertEqual(response.data["address"], "192.168.0.1/30")
+        # Verify that IP is created
+        response = self.client.get(url, **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+        self.assertEqual(len(response.data), 1)
+        self.assertEqual(response.data[0]["address"], "192.168.0.2/30")
+    def test_create_multiple_available_ips_with_permissions_constraint(self):
+        # Prepare prefix and permissions
+        prefix = Prefix.objects.create(
+            prefix="192.168.0.0/30",
+            type=choices.PrefixTypeChoices.TYPE_NETWORK,
+            namespace=self.namespace,
+            status=self.status,
+            description="This is a Prefix created for whole network.",
+        )
+        url = reverse("ipam-api:prefix-available-ips", kwargs={"pk": prefix.pk})
+        self.add_permissions("ipam.view_prefix", "ipam.view_ipaddress")
+        self.add_permissions(
+            "ipam.add_ipaddress", constraints={"description__startswith": "This is the IP created for"}
+        )
+        # Test invalid request
+        data = [
+            {
+                "status": self.status.pk,
+            },
+            {
+                "status": self.status.pk,
+                "description": "This is an IP created for my private laptop",
+            },
+        ]
+        response = self.client.post(url, data, format="json", **self.header)
+        self.assertHttpStatus(response, status.HTTP_403_FORBIDDEN)
+        self.assertIn("detail", response.data)
+        self.assertEqual(response.data["detail"], "You do not have permission to perform this action.")
+        # Verify that no IPs were created (the entire prefix pool is still available)
+        response = self.client.get(url, **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+        self.assertEqual(len(response.data), 2)
+        # Test valid request
+        valid_data = [
+            {
+                "status": self.status.pk,
+                "description": "This is the IP created for my private laptop",
+            },
+            {
+                "status": self.status.pk,
+                "description": "This is the IP created for my gaming laptop",
+            },
+        ]
+        response = self.client.post(url, valid_data, format="json", **self.header)
+        self.assertHttpStatus(response, status.HTTP_201_CREATED)
+        self.assertEqual(len(response.data), 2)
+        self.assertEqual(response.data[0]["address"], "192.168.0.1/30")
+        self.assertEqual(response.data[1]["address"], "192.168.0.2/30")
+        # Verify that IPs are created
+        response = self.client.get(url, **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+        self.assertEqual(len(response.data), 0)
 class PrefixLocationAssignmentTest(APIViewTestCases.APIViewTestCase):
     model = PrefixLocationAssignment
@@ -1089,7 +1319,7 @@ class VLANGroupTest(APIViewTestCases.APIViewTestCase):
         Test retrieval of all available VLAN IDs within a VLANGroup.
         """
         url = reverse("ipam-api:vlangroup-available-vlans", kwargs={"pk": self.vlan_group.pk})
-        self.add_permissions("ipam.view_vlangroup")
+        self.add_permissions("ipam.view_vlangroup", "ipam.view_vlan")
         # Retrieve all available VLAN IDs
         response = self.client.get(url, **self.header)
@@ -1106,6 +1336,7 @@ class VLANGroupTest(APIViewTestCases.APIViewTestCase):
         url = reverse("ipam-api:vlangroup-available-vlans", kwargs={"pk": self.vlan_group.pk})
         self.add_permissions(
             "ipam.view_vlangroup",
+            "ipam.view_vlan",
             "ipam.add_vlan",
         )
@@ -1147,6 +1378,7 @@ class VLANGroupTest(APIViewTestCases.APIViewTestCase):
         url = reverse("ipam-api:vlangroup-available-vlans", kwargs={"pk": self.vlan_group.pk})
         self.add_permissions(
             "ipam.view_vlangroup",
+            "ipam.view_vlan",
             "ipam.add_vlan",
         )
@@ -1193,6 +1425,7 @@ class VLANGroupTest(APIViewTestCases.APIViewTestCase):
         url = reverse("ipam-api:vlangroup-available-vlans", kwargs={"pk": self.vlan_group.pk})
         self.add_permissions(
             "ipam.view_vlangroup",
+            "ipam.view_vlan",
             "ipam.add_vlan",
         )
@@ -1222,6 +1455,7 @@ class VLANGroupTest(APIViewTestCases.APIViewTestCase):
         url = reverse("ipam-api:vlangroup-available-vlans", kwargs={"pk": self.vlan_group.pk})
         self.add_permissions(
             "ipam.view_vlangroup",
+            "ipam.view_vlan",
             "ipam.add_vlan",
         )
@@ -1249,6 +1483,105 @@ class VLANGroupTest(APIViewTestCases.APIViewTestCase):
             response.data["detail"],
         )
+    def test_create_available_vlans_with_permissions_constraint(self):
+        url = reverse("ipam-api:vlangroup-available-vlans", kwargs={"pk": self.vlan_group.pk})
+        self.add_permissions(
+            "ipam.view_vlangroup",
+            "ipam.view_vlan",
+        )
+        self.add_permissions("ipam.add_vlan", constraints={"description__startswith": "This is the VLAN created for"})
+        data = {"name": "VLAN_6", "status": self.default_status.pk, "vid": 6}
+        invalid_data_list = [
+            data,
+            {**data, "description": ""},
+            {**data, "description": "Some description"},
+            {**data, "description": "Some description. This is the VLAN created for"},
+        ]
+        # Test invalid request
+        for invalid_data in invalid_data_list:
+            with self.subTest(case=invalid_data):
+                response = self.client.post(url, data, format="json", **self.header)
+                self.assertHttpStatus(response, status.HTTP_403_FORBIDDEN)
+                self.assertIn("detail", response.data)
+                self.assertEqual(response.data["detail"], "You do not have permission to perform this action.")
+                # Verify that no VLANs were created (number of VLANs is the same as on the beginning of the test)
+                response = self.client.get(url, **self.header)
+                self.assertHttpStatus(response, status.HTTP_200_OK)
+                self.assertEqual(len(response.data["results"]), len(self.unused_vids))
+        # Test valid request
+        valid_data = {
+            "name": "VLAN_6",
+            "status": self.default_status.pk,
+            "vid": 6,
+            "description": "This is the VLAN created for home automation.",
+        }
+        response = self.client.post(url, valid_data, format="json", **self.header)
+        self.assertHttpStatus(response, status.HTTP_201_CREATED)
+        self.assertEqual(response.data["results"]["name"], valid_data["name"])
+        # Verify that VLAN is created
+        response = self.client.get(url, **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+        self.assertEqual(
+            len(response.data["results"]), len(self.unused_vids) - 1
+        )  # initial unsued vids minus one created
+    def test_create_multiple_available_vlans_with_permissions_constraint(self):
+        url = reverse("ipam-api:vlangroup-available-vlans", kwargs={"pk": self.vlan_group.pk})
+        self.add_permissions(
+            "ipam.view_vlangroup",
+            "ipam.view_vlan",
+        )
+        self.add_permissions("ipam.add_vlan", constraints={"description__startswith": "This is the VLAN created for"})
+        # Test invalid request
+        data = [
+            {"name": "VLAN_6", "status": self.default_status.pk},
+            {"name": "VLAN_7", "status": self.default_status.pk},
+            {"name": "VLAN_8", "status": self.default_status.pk},
+        ]
+        response = self.client.post(url, data, format="json", **self.header)
+        self.assertHttpStatus(response, status.HTTP_403_FORBIDDEN)
+        self.assertIn("detail", response.data)
+        self.assertEqual(response.data["detail"], "You do not have permission to perform this action.")
+        # Verify that no VLANs were created (number of VLANs is the same as on the beginning of the test)
+        response = self.client.get(url, **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+        self.assertEqual(len(response.data["results"]), len(self.unused_vids))
+        # Test valid request
+        valid_data = [
+            {
+                "name": "VLAN_6",
+                "status": self.default_status.pk,
+                "description": "This is the VLAN created for home automation.",
+            },
+            {
+                "name": "VLAN_7",
+                "status": self.default_status.pk,
+                "description": "This is the VLAN created for IP cameras.",
+            },
+            {"name": "VLAN_8", "status": self.default_status.pk, "description": "This is the VLAN created for guests."},
+        ]
+        response = self.client.post(url, valid_data, format="json", **self.header)
+        self.assertHttpStatus(response, status.HTTP_201_CREATED)
+        self.assertHttpStatus(response, status.HTTP_201_CREATED)
+        self.assertEqual(len(response.data["results"]), 3)
+        for i, vlan_data in enumerate(data):
+            self.assertEqual(response.data["results"][i]["name"], vlan_data["name"])
+        # Verify that VLANs are created
+        response = self.client.get(url, **self.header)
+        self.assertHttpStatus(response, status.HTTP_200_OK)
+        self.assertEqual(
+            len(response.data["results"]), len(self.unused_vids) - 3
+        )  # initial unsued vids minus three created
 class VLANTest(APIViewTestCases.APIViewTestCase):
     model = VLAN

nautobot/project-static/docs/code-reference/nautobot/apps/testing.html CHANGED Viewed

@@ -13624,14 +13624,21 @@ This expects a field named <code>devices</code> on the model and a filter named
 <h3 id="nautobot.apps.testing.NautobotTestCaseMixin.add_permissions" class="doc doc-heading">
-            <code class="highlight language-python"><span class="n">add_permissions</span><span class="p">(</span><span class="o">*</span><span class="n">names</span><span class="p">)</span></code>
+            <code class="highlight language-python"><span class="n">add_permissions</span><span class="p">(</span><span class="o">*</span><span class="n">names</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span></code>
 <a href="#nautobot.apps.testing.NautobotTestCaseMixin.add_permissions" class="headerlink" title="Permanent link">&para;</a></h3>
     <div class="doc doc-contents ">
-      <p>Assign a set of permissions to the test user. Accepts permission names in the form <app>.<action>_<model>.</p>
+      <p>Assign a set of permissions to the test user. Accepts permission names in the form <app>.<action>_<model>.
+Additional keyword arguments will be passed to the ObjectPermission constructor to allow creating more detailed permissions.</p>
+<p><span class="doc-section-title">Examples:</span></p>
+    <div class="highlight"><pre><span></span><code><a id="__codelineno-0-1" name="__codelineno-0-1" href="#__codelineno-0-1"></a><span class="gp">&gt;&gt;&gt; </span><span class="n">add_permissions</span><span class="p">(</span><span class="s2">&quot;ipam.add_vlangroup&quot;</span><span class="p">,</span> <span class="s2">&quot;ipam.view_vlangroup&quot;</span><span class="p">)</span>
+<a id="__codelineno-0-2" name="__codelineno-0-2" href="#__codelineno-0-2"></a><span class="gp">&gt;&gt;&gt; </span><span class="n">add_permissions</span><span class="p">(</span><span class="s2">&quot;ipam.add_vlangroup&quot;</span><span class="p">,</span> <span class="s2">&quot;ipam.view_vlangroup&quot;</span><span class="p">,</span> <span class="n">constraints</span><span class="o">=</span><span class="p">{</span><span class="s2">&quot;pk&quot;</span><span class="p">:</span> <span class="s2">&quot;uuid-1234&quot;</span><span class="p">})</span>
+</code></pre></div>
     </div>

nautobot 2.3.14__py3-none-any.whl → 2.3.15b1__py3-none-any.whl

Potentially problematic release.

nautobot 2.3.14py3-none-any.whl → 2.3.15b1py3-none-any.whl