Merge branch 'master' into migrate-away-from-ci-fields

terjekv · May 16, 2024 · f9b4426 · f9b4426
2 parents 33d0178 + aec618a
commit f9b4426
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 19 deletions.
diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml
@@ -4,8 +4,6 @@ on:
     paths-ignore:
       - 'ci/**'
       - 'README.md'
-  schedule:
-    - cron: '40 08 * * 1'  # Run every week to get updated dependencies.
   pull_request:
     types: [opened, reopened, synchronize]
   workflow_dispatch:
@@ -16,13 +14,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Docker build
       run: docker build -t mreg .
     - name: Save image
       run: docker save mreg | gzip > mreg.tgz
     - name: Upload artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: mreg
         path: mreg.tgz
@@ -47,10 +45,8 @@ jobs:
           # Map the containerized port to localhost.
           - 5432:5432
     steps:
-    - name: Checkout
-      uses: actions/checkout@v3
     - name: Download artifact
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: mreg
     - name: Load image
@@ -67,7 +63,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Download artifact
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: mreg
     - name: Load container image
@@ -77,7 +73,7 @@ jobs:
       # but we want to use the newly built custom image
       run: docker tag mreg ghcr.io/unioslo/mreg:latest
     - name: Setup Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: 3.11
     - name: Install mreg-cli
@@ -90,7 +86,7 @@ jobs:
     - name: Run the tests
       run: mreg-cli-master/ci/run_testsuite_and_record.sh
     - name: Upload the log as an artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: new_testsuite_log.json
         path: mreg-cli-master/ci/new_testsuite_log.json
@@ -116,7 +112,7 @@ jobs:
           - 5432:5432
     steps:
     - name: Download artifact
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: mreg
     - name: Load container image
@@ -148,16 +144,16 @@ jobs:
 
   publish:
     name: Publish
-    # only publish the image if this event was triggered on the master branch, and not by a pull request
-    if: ${{ github.ref == 'refs/heads/master' && github.event_name != 'pull_request' }}
+    # only publish the image if this event was triggered by a version tag
+    if: startsWith(github.ref, 'refs/tags/v')
     needs: [test, mreg-cli, test-with-curl]
     runs-on: ubuntu-latest
     permissions:
       packages: write
       contents: read
     steps:
     - name: Download artifact
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: mreg
     - name: Load image

diff --git a/hostpolicy/api/permissions.py b/hostpolicy/api/permissions.py
@@ -30,24 +30,30 @@ def has_permission(self, request, view):
         if is_super_or_hostpolicy_admin(request.user):
             return True
 
+        # Handle the (possible) absence of 'name' during schema generation
+        name = view.kwargs.get('name')
+        if name is None: # pragma: no cover
+            return False
+
         # Is this request about atoms or something else that isn't a role?
         # In that case, non-admin-users shouldn't have access anyway, and we can deny the request.
         if not (view.__class__.__name__ == 'HostPolicyRoleHostsDetail' or
                 view.__class__.__name__ == 'HostPolicyRoleHostsList'):
             return False
 
         # Find out which labels are attached to this role
-        role_labels = HostPolicyRole.objects.filter(name=view.kwargs['name']).values_list('labels__name', flat=True)
+        role_labels = HostPolicyRole.objects.filter(name=name).values_list('labels__name', flat=True)
         if not any(role_labels):
             # if the role doesn't have any labels, there's no possibility of access at this point
             return False
 
         # Find all the NetGroupRegexPermission objects that correspond with
         # the ipaddress, hostname, and the groups that the user is a member of
-        if 'host' in view.kwargs:
-            hostname = view.kwargs['host']
-        else:
-            hostname = request.data.get("name")
+        # Also, ensure that the hostname is not empty.
+        hostname = view.kwargs.get('host', request.data.get("name"))
+        if not hostname: # pragma: no cover
+            return False
+
         ips = list(Host.objects.filter(
                         name=hostname
                     ).exclude(