Skip to content

Omit non-permitted item groups in views #15294

New issue
New issue
Closed as not planned
Closed as not planned
Omit non-permitted item groups in views#15294
Labels
complexity: mediumRequires a substantial but not unusual amount of effort to implementpending closureRequires immediate attention to avoid being closed for inactivitystatus: needs ownerThis issue is tentatively accepted pending a volunteer committed to its implementationtype: featureIntroduction of new functionality to the application
@markkuleinio

Description

@markkuleinio
markkuleinio
opened on Feb 28, 2024

NetBox version

v3.7.3

Feature type

Change to existing functionality

Proposed functionality

Currently the menu items for which the user doesn't have permission are not shown in the main menu.

I'm proposing also omitting the related item groups in the views.

Example: user does not have permission to view IPAM>Services. When the user views a device, there is an empty Services box:

image

I'm proposing that the empty box is omitted.

At the same time (when viewing the device) a Django warning is logged (provided that django logger is configured):

2024-02-28 09:35:40,339 django.request WARNING: Forbidden (Permission denied): /ipam/services/
Traceback (most recent call last):
...
  File "/opt/netbox/netbox/netbox/views/generic/base.py", line 77, in dispatch
    return super().dispatch(request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox/netbox/utilities/views.py", line 104, in dispatch
    return self.handle_no_permission()
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/opt/netbox/venv/lib/python3.11/site-packages/django/contrib/auth/mixins.py", line 48, in handle_no_permission
    raise PermissionDenied(self.get_permission_denied_message())
django.core.exceptions.PermissionDenied

I'd expect there would be no PermissionDenied errors in the logs when the users themselves are accessing the views they are permitted to (it's the app that generates the non-permitted attempts in the background, not the user). But this is a side note.

Use case

One major use case for removing the View permissions for models is to improve the user experience for non-admin users: don't show the models (menu items) that are not accessible anyway, or used at all in the specific NetBox implementation. This proposal extends the same idea to the model views (= don't show the boxes that won't be populated anyway, preventing questions like "what does Services mean in our devices, there aren't any").

I believe quite many model views are concerned, examples (potentially non-permitted boxes mentioned):

  • Site view (Images, Locations, Non-Racked Devices)
  • Location view (Images, Non-Racked Devices)
  • Rack view (Images)
  • Device view (Services, Images, Virtual Device Contexts)
  • VLAN view (Prefixes)
  • and so on

Database changes

None I think

External dependencies

None

Metadata

Metadata

Assignees

No one assigned

    Labels

    complexity: mediumRequires a substantial but not unusual amount of effort to implementpending closureRequires immediate attention to avoid being closed for inactivitystatus: needs ownerThis issue is tentatively accepted pending a volunteer committed to its implementationtype: featureIntroduction of new functionality to the application

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions