Skip to content

NetBox superuser cannot access System or Plugins pages without Staff status #19519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
markkuleinio opened this issue May 16, 2025 · 1 comment
Open

NetBox superuser cannot access System or Plugins pages without Staff status #19519

markkuleinio opened this issue May 16, 2025 · 1 comment
Labels
severity: low Does not significantly disrupt application functionality, or a workaround is available status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation type: bug A confirmed report of unexpected behavior in the application

Comments

@markkuleinio
Copy link
Contributor

Deployment Type

Self-hosted

NetBox Version

v4.3.1

Python Version

3.11

Steps to Reproduce

  1. Login with a user with superuser status
  2. Remove Staff status (if present) from the user
  3. Go to System - Plugins or System - System

Expected Behavior

Since the user is a superuser, access to the System and Plugins pages should be available.

Observed Behavior

"You do not have permission to access this page." so the superuser is not able to access System or Plugins pages.

Related issues/discussions:
#15754 Removal of staff_only=True from Admin menu items (completed)
#16137 Remove the is_staff field from the user model (open)
#17010 Hide Admin menu section for non-admins (open)
@markkuleinio markkuleinio added type: bug A confirmed report of unexpected behavior in the application status: needs triage This issue is awaiting triage by a maintainer labels May 16, 2025
@jnovinger jnovinger added status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation severity: low Does not significantly disrupt application functionality, or a workaround is available and removed status: needs triage This issue is awaiting triage by a maintainer labels May 16, 2025
@jnovinger
Copy link
Member

This is due to this check:

netbox/netbox/core/views.py

Lines 343 to 346 in b6c8502

class BaseRQView(UserPassesTestMixin, View):
def test_func(self):
return self.request.user.is_staff

Given related proposed changes in #16137 and #17010, we should discuss what check is appropriate here instead of is_staff.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
severity: low Does not significantly disrupt application functionality, or a workaround is available status: needs owner This issue is tentatively accepted pending a volunteer committed to its implementation type: bug A confirmed report of unexpected behavior in the application
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jnovinger @markkuleinio