Skip to content

GraphQL related objects are not properly restricted #17310

New issue
New issue
Closed
#17312
Closed
GraphQL related objects are not properly restricted#17310
#17312
Assignees
DanSheps
Labels
severity: highCompletely breaks certain functions, or substantially degrades performance application-widestatus: acceptedThis issue has been accepted for implementationtype: bugA confirmed report of unexpected behavior in the application
@DanSheps

Description

@DanSheps
DanSheps
opened on Aug 29, 2024

Deployment Type

NetBox Cloud

NetBox Version

v4.0.10

Python Version

3.12

Steps to Reproduce

  1. Create a site
  2. Create an ASN in the site (Ex: 64511, pk=1)
  3. Create a user with permissions to only view ASN's (not sites)
  4. Run the following GQL: { asn(id: 1) { id, sites {} } }

Expected Behavior

Will show the ASN but not the related site

Observed Behavior

Related site is shown

Metadata

Metadata

Assignees

Labels

severity: highCompletely breaks certain functions, or substantially degrades performance application-widestatus: acceptedThis issue has been accepted for implementationtype: bugA confirmed report of unexpected behavior in the application

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions