Fixes #15977: Hide all admin menu items for non-authenticated users (#15978)

jeremystretch · web-flow · commit acc2add84586 · 2024-05-07T10:37:42.000-04:00
* Fixes #15977: Hide all admin menu items for non-authenticated users * Account for absence of auth_required on PluginMenuItem
diff --git a/netbox/netbox/navigation/__init__.py b/netbox/netbox/navigation/__init__.py
@@ -32,6 +32,7 @@ class MenuItem:
     link: str
     link_text: str
     permissions: Optional[Sequence[str]] = ()
+    auth_required: Optional[bool] = False
     staff_only: Optional[bool] = False
     buttons: Optional[Sequence[MenuItemButton]] = ()
 
diff --git a/netbox/netbox/navigation/menu.py b/netbox/netbox/navigation/menu.py
@@ -371,6 +371,7 @@
                 MenuItem(
                     link=f'users:user_list',
                     link_text=_('Users'),
+                    auth_required=True,
                     permissions=[f'auth.view_user'],
                     buttons=(
                         MenuItemButton(
@@ -390,6 +391,7 @@
                 MenuItem(
                     link=f'users:group_list',
                     link_text=_('Groups'),
+                    auth_required=True,
                     permissions=[f'auth.view_group'],
                     buttons=(
                         MenuItemButton(
@@ -409,12 +411,14 @@
                 MenuItem(
                     link=f'users:token_list',
                     link_text=_('API Tokens'),
+                    auth_required=True,
                     permissions=[f'users.view_token'],
                     buttons=get_model_buttons('users', 'token')
                 ),
                 MenuItem(
                     link=f'users:objectpermission_list',
                     link_text=_('Permissions'),
+                    auth_required=True,
                     permissions=[f'users.view_objectpermission'],
                     buttons=get_model_buttons('users', 'objectpermission', actions=['add'])
                 ),
@@ -425,16 +429,19 @@
             items=(
                 MenuItem(
                     link='core:system',
-                    link_text=_('System')
+                    link_text=_('System'),
+                    auth_required=True
                 ),
                 MenuItem(
                     link='core:configrevision_list',
                     link_text=_('Configuration History'),
+                    auth_required=True,
                     permissions=['core.view_configrevision']
                 ),
                 MenuItem(
                     link='core:background_queue_list',
-                    link_text=_('Background Tasks')
+                    link_text=_('Background Tasks'),
+                    auth_required=True
                 ),
             ),
         ),
diff --git a/netbox/utilities/templatetags/navigation.py b/netbox/utilities/templatetags/navigation.py
@@ -26,6 +26,8 @@ def nav(context):
         for group in menu.groups:
             items = []
             for item in group.items:
+                if getattr(item, 'auth_required', False) and not user.is_authenticated:
+                    continue
                 if not user.has_perms(item.permissions):
                     continue
                 if item.staff_only and not user.is_staff:
