[fix] Validate organization membership when importing subnets #77 #97
Conversation
purhan
added this to In progress
in OpenWISP Priorities for next releases
via automation
purhan
moved this from In progress
to Ready for review/testing
in OpenWISP Priorities for next releases
There was a problem hiding this comment.
The CSV file format in the README needs to be updated as well.
openwisp_ipam/admin.py
Outdated
| @@ -145,6 +161,11 @@ def import_view(self, request): | |||
| return redirect('/admin/{0}/subnet'.format(self.app_label)) | |||
| return render(request, form_template, context) | |||
|
|
|||
| def get_csv_organization(self, request): | |||
| data = Subnet._get_csv_reader(self, deepcopy(request.FILES['csvfile'])) | |||
| org = Organization.objects.get(name=list(data)[2][0].strip()) | |||
There was a problem hiding this comment.
The name of the organization is not unique. We can use organization slug or secret instead.
But this is not the only such occurrence, I will open a separate issue for this.
There was a problem hiding this comment.
So should I leave it here, and take care of this separately in #99?
There was a problem hiding this comment.
@purhan sorry I forgot to reply! Definitely change this one here, since we're adding it, there's no reason to keep adding it in the wrong way 😊
Please could you ping me when ready so I don't forget? Thanks!
purhan
force-pushed
the
fix-admin-subnet-import
branch
2 times, most recently
from
a83d1d0
to
0f76ca9
Compare
openwisp_ipam/admin.py
Outdated
| @@ -145,6 +161,11 @@ def import_view(self, request): | |||
| return redirect('/admin/{0}/subnet'.format(self.app_label)) | |||
| return render(request, form_template, context) | |||
|
|
|||
| def get_csv_organization(self, request): | |||
| data = Subnet._get_csv_reader(self, deepcopy(request.FILES['csvfile'])) | |||
| org = Organization.objects.get(name=list(data)[2][0].strip()) | |||
purhan
moved this from In progress
to Ready for review/testing
in OpenWISP Priorities for next releases
openwisp_ipam/admin.py
Outdated
| @@ -145,6 +161,11 @@ def import_view(self, request): | |||
| return redirect('/admin/{0}/subnet'.format(self.app_label)) | |||
| return render(request, form_template, context) | |||
|
|
|||
| def get_csv_organization(self, request): | |||
| data = Subnet._get_csv_reader(self, deepcopy(request.FILES['csvfile'])) | |||
| org = Organization.objects.get(name=list(data)[2][0].strip()) | |||
There was a problem hiding this comment.
@purhan sorry I forgot to reply! Definitely change this one here, since we're adding it, there's no reason to keep adding it in the wrong way 😊
Please could you ping me when ready so I don't forget? Thanks!
There was a problem hiding this comment.
@purhan the build failure should be fixed in the latest master, can you merge again? For some reason the button to merge does not appear to me.
nemesifier
changed the title
openwisp_ipam/api/utils.py
Outdated
| organization = self.get_csv_organization() | ||
| if str(organization.pk) in self.get_user_organizations(): | ||
| organization = self.get_csv_organization(request) | ||
| if str(organization.pk) in self.get_user_organizations(request): | ||
| return |
There was a problem hiding this comment.
I think the code in this file could be simplified and moved directly to the view which inherits this class, since it seems to me is only used in one place.
The code below which checks permission to create an org should not be relevant anymore and can be removed.
There was a problem hiding this comment.
It is used in two places:
openwisp_ipam/api/views.py
openwisp_ipam/admin.py
There was a problem hiding this comment.
ah ok didn't see it was used in admin.py, let's leave it here, but please double check if the code below which checks permission to create an org still makes sense.
codesankalp
force-pushed
the
fix-admin-subnet-import
branch
from
09bda63
to
921582f
Compare
codesankalp
force-pushed
the
fix-admin-subnet-import
branch
from
921582f
to
7d51798
Compare
Closes #77