make safe the api calls with potential for demo site damage

2023-06-05 17:28:34 +01:00
parent 65a908dcd3
commit 195f98dff1
3 changed files with 4 additions and 3 deletions
--- a/lib/App/Netdisco/Web/API/Objects.pm
+++ b/lib/App/Netdisco/Web/API/Objects.pm
@@ -240,7 +240,7 @@ swagger_path {
    },
  ],
  responses => { default => {} },
-}, put '/api/v1/object/device/:ip/nodes' => require_role api_admin => sub {
+}, put '/api/v1/object/device/:ip/nodes' => require_role setting('defanged_api_admin') => sub {

  jq_insert([{
    action => 'macsuck',
@@ -317,7 +317,7 @@ swagger_path {
    },
  ],
  responses => { default => {} },
-}, put '/api/v1/object/device/:ip/arps' => require_role api_admin => sub {
+}, put '/api/v1/object/device/:ip/arps' => require_role setting('defanged_api_admin') => sub {

  jq_insert([{
    action => 'arpnip',