From eed5c154bcc47b1dea474feabad46125ebde0aec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98yvind=20Hagberg?= <oyvind.hagberg@usit.uio.no>
Date: Fri, 3 May 2024 17:00:23 +0200
Subject: [PATCH 1/2] Modify container workflow to only publish on tags

Also update which action versions to use, and remove scheduled builds.
---
 .github/workflows/container-image.yml | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/container-image.yml b/.github/workflows/container-image.yml
index b20f9dd7..baca73f4 100644
--- a/.github/workflows/container-image.yml
+++ b/.github/workflows/container-image.yml
@@ -4,8 +4,6 @@ on:
     paths-ignore:
       - 'ci/**'
       - 'README.md'
-  schedule:
-    - cron: '40 08 * * 1'  # Run every week to get updated dependencies.
   pull_request:
     types: [opened, reopened, synchronize]
   workflow_dispatch:
@@ -16,13 +14,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Docker build
       run: docker build -t mreg .
     - name: Save image
       run: docker save mreg | gzip > mreg.tgz
     - name: Upload artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: mreg
         path: mreg.tgz
@@ -47,10 +45,8 @@ jobs:
           # Map the containerized port to localhost.
           - 5432:5432
     steps:
-    - name: Checkout
-      uses: actions/checkout@v3
     - name: Download artifact
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: mreg
     - name: Load image
@@ -67,7 +63,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Download artifact
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: mreg
     - name: Load container image
@@ -77,7 +73,7 @@ jobs:
       # but we want to use the newly built custom image
       run: docker tag mreg ghcr.io/unioslo/mreg:latest
     - name: Setup Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: 3.11
     - name: Install mreg-cli
@@ -90,7 +86,7 @@ jobs:
     - name: Run the tests
       run: mreg-cli-master/ci/run_testsuite_and_record.sh
     - name: Upload the log as an artifact
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: new_testsuite_log.json
         path: mreg-cli-master/ci/new_testsuite_log.json
@@ -116,7 +112,7 @@ jobs:
           - 5432:5432
     steps:
     - name: Download artifact
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: mreg
     - name: Load container image
@@ -148,8 +144,8 @@ jobs:
 
   publish:
     name: Publish
-    # only publish the image if this event was triggered on the master branch, and not by a pull request
-    if: ${{ github.ref == 'refs/heads/master' && github.event_name != 'pull_request' }}
+    # only publish the image if this event was triggered by a version tag
+    if: startsWith(github.ref, 'refs/tags/v')
     needs: [test, mreg-cli, test-with-curl]
     runs-on: ubuntu-latest
     permissions:
@@ -157,7 +153,7 @@ jobs:
       contents: read
     steps:
     - name: Download artifact
-      uses: actions/download-artifact@v3
+      uses: actions/download-artifact@v4
       with:
         name: mreg
     - name: Load image

From aec618ac4258a2de6339d15d1ef1b3473668e619 Mon Sep 17 00:00:00 2001
From: Terje Kvernes <terjekv@users.noreply.github.com>
Date: Thu, 16 May 2024 09:05:26 +0200
Subject: [PATCH 2/2] Fix schema generation at /docs. (#530)

- Schema generation mocks views and requests, so not all data is available at all times.
---
 hostpolicy/api/permissions.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/hostpolicy/api/permissions.py b/hostpolicy/api/permissions.py
index 4c4ce1dc..f81cda89 100644
--- a/hostpolicy/api/permissions.py
+++ b/hostpolicy/api/permissions.py
@@ -30,6 +30,11 @@ def has_permission(self, request, view):
         if is_super_or_hostpolicy_admin(request.user):
             return True
 
+        # Handle the (possible) absence of 'name' during schema generation
+        name = view.kwargs.get('name')
+        if name is None: # pragma: no cover
+            return False
+
         # Is this request about atoms or something else that isn't a role?
         # In that case, non-admin-users shouldn't have access anyway, and we can deny the request.
         if not (view.__class__.__name__ == 'HostPolicyRoleHostsDetail' or
@@ -37,17 +42,18 @@ def has_permission(self, request, view):
             return False
 
         # Find out which labels are attached to this role
-        role_labels = HostPolicyRole.objects.filter(name=view.kwargs['name']).values_list('labels__name', flat=True)
+        role_labels = HostPolicyRole.objects.filter(name=name).values_list('labels__name', flat=True)
         if not any(role_labels):
             # if the role doesn't have any labels, there's no possibility of access at this point
             return False
 
         # Find all the NetGroupRegexPermission objects that correspond with
         # the ipaddress, hostname, and the groups that the user is a member of
-        if 'host' in view.kwargs:
-            hostname = view.kwargs['host']
-        else:
-            hostname = request.data.get("name")
+        # Also, ensure that the hostname is not empty.
+        hostname = view.kwargs.get('host', request.data.get("name"))
+        if not hostname: # pragma: no cover
+            return False
+
         ips = list(Host.objects.filter(
                         name=hostname
                     ).exclude(