Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Non Staff User Unable to delete devices #522

Closed
dsolson1 opened this issue Aug 31, 2016 · 3 comments
Closed

Non Staff User Unable to delete devices #522

dsolson1 opened this issue Aug 31, 2016 · 3 comments
Labels
type: bug A confirmed report of unexpected behavior in the application

Comments

@dsolson1
Copy link

dsolson1 commented Aug 31, 2016
edited by jeremystretch
Loading

I have a user configured with security configured as "Active" and "Superuser Status" but not "Staff Status".

When this user tries to delete a device they get an error:
"You are authenticated as <username>, but are not authorized to access this page. Would you like to login to a different account?"

I have also tried to assign all user permissions without checking the "Staff Status"box and that still fails.

My goal is to have operational users accounts that can perform all of the functions but not access the Admin site.

Any suggestions?
@jeremystretch
Copy link
Member

Superusers have all permissions implicitly. Staff status merely controls access to the admin UI. How are you attempting to delete a device?

@dsolson1
Copy link
Author

dsolson1 commented Sep 1, 2016

From the main page,
Devices -> check box in front of desired device -> Press "Delete Selected" at bottom of page -> Check Confirm box and "Confirm" button.

Then Error msg comes up.

I'm not sure why by not having the "Staff Status" checked this error would come up. Like you said, "Superuser Status" should imply all permissions within the app.

Forgot to mention that I'm running 1.5.2.

@jeremystretch jeremystretch added the type: bug A confirmed report of unexpected behavior in the application label Sep 12, 2016
@jeremystretch
Copy link
Member

The cause of this bug was a bit of old code that's no longer needed:

@method_decorator(staff_member_required)
def dispatch(self, *args, **kwargs):
    return super(BulkDeleteView, self).dispatch(*args, **kwargs)

staff_member_required was used at some point in early development, prior to the introduction of PermissionRequiredMixin in Django 1.9, which all views now use.

@jeremystretch jeremystretch mentioned this issue Sep 13, 2016
Merged
if-fi pushed a commit to if-fi/netbox that referenced this issue Oct 1, 2016
@jeremystretch
Fixes netbox-community#522: Remove obsolete check for staff status wh…
7ff8af9 
…en bulk deleting objects
@lock lock bot locked as resolved and limited conversation to collaborators Jan 19, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jeremystretch @dsolson1