From 29a4d61e902aa1d33210cabecb13d07590ebf148 Mon Sep 17 00:00:00 2001 From: wh1te909 <7434746+wh1te909@users.noreply.github.com> Date: Tue, 2 Jul 2024 00:17:32 +0000 Subject: [PATCH] fix auditing/perms for webhook testing --- api/tacticalrmm/core/permissions.py | 2 ++ api/tacticalrmm/logs/models.py | 10 ++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/api/tacticalrmm/core/permissions.py b/api/tacticalrmm/core/permissions.py index 01095bd5..83bb9750 100644 --- a/api/tacticalrmm/core/permissions.py +++ b/api/tacticalrmm/core/permissions.py @@ -15,6 +15,8 @@ class URLActionPerms(permissions.BasePermission): def has_permission(self, r, view) -> bool: if r.method in {"GET", "PATCH"}: return _has_perm(r, "can_run_urlactions") + elif r.path == "/core/urlaction/run/test/" and r.method == "POST": + return _has_perm(r, "can_run_urlactions") # TODO make a manage url action perm instead? return _has_perm(r, "can_edit_core_settings") diff --git a/api/tacticalrmm/logs/models.py b/api/tacticalrmm/logs/models.py index 8be31cd3..1fced9b6 100644 --- a/api/tacticalrmm/logs/models.py +++ b/api/tacticalrmm/logs/models.py @@ -245,20 +245,26 @@ class AuditLog(models.Model): debug_info: Dict[Any, Any] = {}, ) -> None: from agents.models import Agent + from clients.models import Client, Site debug_info["body"] = body debug_info["headers"] = headers if instance_type == "agent": - instance = Agent.objects.get(pk=instance_id) + instance = Agent.objects.get(agent_id=instance_id) elif instance_type == "site": instance = Site.objects.get(pk=instance_id) elif instance_type == "client": instance = Client.objects.get(pk=instance_id) + else: + instance = None - name = instance.hostname if isinstance(instance, Agent) else instance.name + if instance is not None: + name = instance.hostname if isinstance(instance, Agent) else instance.name + else: + name = "None" classname = type(instance).__name__ AuditLog.objects.create( username=username,