Skip to content

Commit

Permalink
15582 check permissions on specific object when sync request (#15704)
Browse files Browse the repository at this point in the history
* 15582 check permissions on specific object when sync request

* 15582 move permission check

* Enable translation of error message

---------

Co-authored-by: Jeremy Stretch <[email protected]>
  • Loading branch information
arthanson and jeremystretch authored Apr 17, 2024
1 parent c5ae89a commit b8cedfc
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions netbox/core/api/views.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
from django.shortcuts import get_object_or_404

from django.utils.translation import gettext_lazy as _
from rest_framework.decorators import action
from rest_framework.exceptions import PermissionDenied
from rest_framework.response import Response
Expand Down Expand Up @@ -33,10 +33,11 @@ def sync(self, request, pk):
"""
Enqueue a job to synchronize the DataSource.
"""
if not request.user.has_perm('core.sync_datasource'):
raise PermissionDenied("Syncing data sources requires the core.sync_datasource permission.")

datasource = get_object_or_404(DataSource, pk=pk)

if not request.user.has_perm('core.sync_datasource', obj=datasource):
raise PermissionDenied(_("This user does not have permission to synchronize this data source."))

datasource.enqueue_sync_job(request)
serializer = serializers.DataSourceSerializer(datasource, context={'request': request})

Expand Down

0 comments on commit b8cedfc

Please sign in to comment.