"Managed Records" Permission delegation

[kollross]

I'm trying to figure out what permission knobs I need to turn to to allow non admin users to create DNS records for the "managed records" portion of the plugin.

Under the old way, I had created a custom field called "Company_org" which allowed me to limit that group to only view prefixes and vlan that also had that custom field applied (using constraints) . For IP addresses, same idea applied but I added the permission to edit along with view (they couldn't create IP's or delete them but could update the "DNS Name" field.

Obviously there is a lot more going on now with "managed records". I was able to craft a contrail to allow the zone to be selected from the list in the custom field. However saving produces a "You do not have permission to access this page.", even with full permissions granted to Netbox DNS -> zones and Netbox DNS -> records.

Logs looks like this: Note for IPAM->IP-Address I have it set to "can edit, view, change".

2023-11-15 12:47:38,672 django.request WARNING: Forbidden (Permission denied): /ipam/ip-addresses/41570/edit/
Traceback (most recent call last):
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/core/handlers/exception.py", line 55, in inner
    response = get_response(request)
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/core/handlers/base.py", line 197, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/views/generic/base.py", line 104, in view
    return self.dispatch(request, *args, **kwargs)
  File "/opt/netbox/netbox/netbox/views/generic/object_views.py", line 170, in dispatch
    return super().dispatch(request, *args, **kwargs)
  File "/opt/netbox/netbox/netbox/views/generic/base.py", line 26, in dispatch
    return super().dispatch(request, *args, **kwargs)
  File "/opt/netbox/netbox/utilities/views.py", line 99, in dispatch
    return super().dispatch(request, *args, **kwargs)
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/views/generic/base.py", line 143, in dispatch
    return handler(request, *args, **kwargs)
  File "/opt/netbox/netbox/netbox/views/generic/object_views.py", line 258, in post
    if form.is_valid():
  File "/opt/netbox/netbox/utilities/forms/mixins.py", line 55, in is_valid
    is_valid = super().is_valid()
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/forms/forms.py", line 201, in is_valid
    return self.is_bound and not self.errors
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/forms/forms.py", line 196, in errors
    self.full_clean()
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/forms/forms.py", line 435, in full_clean
    self._post_clean()
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/forms/models.py", line 486, in _post_clean
    self.instance.full_clean(exclude=exclude, validate_unique=False)
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/db/models/base.py", line 1477, in full_clean
    self.clean()
  File "/opt/netbox/netbox/ipam/models/ip.py", line 829, in clean
    super().clean()
  File "/opt/netbox/netbox/netbox/models/__init__.py", line 71, in clean
    super().clean()
  File "/opt/netbox/netbox/netbox/models/features.py", line 256, in clean
    super().clean()
  File "/opt/netbox/netbox/netbox/models/features.py", line 301, in clean
    post_clean.send(sender=self.__class__, instance=self)
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/dispatch/dispatcher.py", line 176, in send
    return [
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/django/dispatch/dispatcher.py", line 177, in <listcomp>
    (receiver, receiver(signal=self, sender=sender, **named))
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/netbox_dns/middleware.py", line 132, in post_clean
    check_address_record(user, record, "netbox_dns.add_record")
  File "/opt/netbox-3.6.5/venv/lib/python3.10/site-packages/netbox_dns/middleware.py", line 76, in check_address_record
    raise PermissionDenied()
django.core.exceptions.PermissionDenied

[peteeckel]

Hi @kollross, sorry for taking so long to answer, November was quire a busy month and and it just slipped my attention.

For all practical purposes, managed records are records, and permissions are not an exception.

Regarding the experimental "IPAM Coupling" feature, I released a new version containing quite a lot of fixes especially concerning exception handling and model-level operations for this, so probably it's best for you to re-test and open an issue should you find anything not working as it should (which is, to be honest, quite probable).