Skip to content

Commit

Permalink
Fix schema generation at /docs.
Browse files Browse the repository at this point in the history
  - Schema generation mocks views and requests, so not all data is available at all times.
  • Loading branch information
terjekv committed May 6, 2024
1 parent d45d257 commit 357bc4a
Showing 1 changed file with 11 additions and 5 deletions.
16 changes: 11 additions & 5 deletions hostpolicy/api/permissions.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,24 +30,30 @@ def has_permission(self, request, view):
if is_super_or_hostpolicy_admin(request.user):
return True

# Handle the (possible) absence of 'name' during schema generation
name = view.kwargs.get('name')
if name is None: # pragma: no cover
return False

# Is this request about atoms or something else that isn't a role?
# In that case, non-admin-users shouldn't have access anyway, and we can deny the request.
if not (view.__class__.__name__ == 'HostPolicyRoleHostsDetail' or
view.__class__.__name__ == 'HostPolicyRoleHostsList'):
return False

# Find out which labels are attached to this role
role_labels = HostPolicyRole.objects.filter(name=view.kwargs['name']).values_list('labels__name', flat=True)
role_labels = HostPolicyRole.objects.filter(name=name).values_list('labels__name', flat=True)
if not any(role_labels):
# if the role doesn't have any labels, there's no possibility of access at this point
return False

# Find all the NetGroupRegexPermission objects that correspond with
# the ipaddress, hostname, and the groups that the user is a member of
if 'host' in view.kwargs:
hostname = view.kwargs['host']
else:
hostname = request.data.get("name")
# Also, ensure that the hostname is not empty.
hostname = view.kwargs.get('host', request.data.get("name"))
if not hostname: # pragma: no cover
return False

ips = list(Host.objects.filter(
name=hostname
).exclude(
Expand Down

0 comments on commit 357bc4a

Please sign in to comment.