[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GraphQL related objects are not properly restricted #17310

Closed
DanSheps opened this issue Aug 29, 2024 · 1 comment · Fixed by #17312
Closed

GraphQL related objects are not properly restricted #17310

DanSheps opened this issue Aug 29, 2024 · 1 comment · Fixed by #17312
Assignees
@DanSheps
Labels
severity: high Completely breaks certain functions, or substantially degrades performance application-wide status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application

Comments

@DanSheps
Copy link
Member

Deployment Type

NetBox Cloud

NetBox Version

v4.0.10

Python Version

3.12

Steps to Reproduce

  1. Create a site
  2. Create an ASN in the site (Ex: 64511, pk=1)
  3. Create a user with permissions to only view ASN's (not sites)
  4. Run the following GQL: { asn(id: 1) { id, sites {} } }

Expected Behavior

Will show the ASN but not the related site

Observed Behavior

Related site is shown
@DanSheps DanSheps added type: bug A confirmed report of unexpected behavior in the application status: accepted This issue has been accepted for implementation severity: medium Results in substantial degraded or broken functionality for specfic workflows labels Aug 29, 2024
@DanSheps DanSheps self-assigned this Aug 29, 2024
@DanSheps
Copy link
Member Author

Credit to Jeremy for actually finding this bug when testing the GraphQL PR.

@DanSheps DanSheps added breaking change This change modifies or removes some previously documented functionality and removed breaking change This change modifies or removes some previously documented functionality labels Aug 30, 2024
DanSheps added a commit that referenced this issue Aug 30, 2024
@DanSheps
Fixes: #17310 - Properly restrict GraphQL related objects
510da04
@DanSheps DanSheps mentioned this issue Aug 30, 2024
Merged
@DanSheps DanSheps added this to the v4.1 milestone Aug 30, 2024
@jeremystretch jeremystretch removed this from the v4.1 milestone Aug 30, 2024
@DanSheps DanSheps added severity: high Completely breaks certain functions, or substantially degrades performance application-wide and removed severity: medium Results in substantial degraded or broken functionality for specfic workflows labels Aug 30, 2024
DanSheps added a commit that referenced this issue Aug 30, 2024
@DanSheps
Fixes: #17310 - Fix GraphQL restriction of related objects
950e291
@jeremystretch jeremystretch mentioned this issue Sep 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@DanSheps DanSheps

Labels
severity: high Completely breaks certain functions, or substantially degrades performance application-wide status: accepted This issue has been accepted for implementation type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixes: #17310 - Properly restrict GraphQL related object queries netbox-community/netbox
2 participants
@DanSheps @jeremystretch