Skip to content

Users can create tokens for themselves, but UI does not reflect that. #6073

New issue
New issue
Closed
Closed
Users can create tokens for themselves, but UI does not reflect that.#6073
Assignees
jeremystretch
Labels
status: acceptedThis issue has been accepted for implementationtype: bugA confirmed report of unexpected behavior in the application
@NiclasSP

Description

@NiclasSP
NiclasSP
opened on Mar 31, 2021

NetBox version

v2.10.4

Python version

3.6

Steps to Reproduce

  1. Active user(no permissions needed).

  2. Check /user/api-tokens/. Notice the missing options for creating/modifying/deleting API Tokens. (Except for Copy if you have any token already)

  3. Send post request(Login done earlier):
    URL:
    https://[URL]/user/api-tokens/add/
    Headers:
    {'Referer': 'https://[URL]/login/'}
    Data:
    {'csrfmiddlewaretoken': '[Token from login]', 'write_enabled': 'on', 'description': '[description]'}

  4. If you then check /user/api-tokens/, you now have a token.

Expected Behavior

I would expect to able to create/modify/delete API token for my own user, since these should only give the same access as my weblogin.

Observed Behavior

I can create a token(modify/delete not checked), using post request but the options are not available in the presented GUI.
If as a user(without token perms) go to this url(/user/api-tokens/add/) i receive an empty page.

Metadata

Metadata

Assignees

Labels

status: acceptedThis issue has been accepted for implementationtype: bugA confirmed report of unexpected behavior in the application

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions