make safe the api calls with potential for demo site damage

lib/App/Netdisco/JobQueue/PostgreSQL.pm

@@ -324,7 +324,7 @@ sub jq_insert {
   $jobs = [$jobs] if ref [] ne ref $jobs;
 
   # bit of a hack for heroku hosting to avoid DB overload
-  return true if setting('defanged_admin') eq 'false_admin';
+  return true if setting('defanged_admin') ne 'admin';
 
   my $happy = false;
   try {

lib/App/Netdisco/Web/API/Objects.pm

@@ -240,7 +240,7 @@ swagger_path {
     },
   ],
   responses => { default => {} },
-}, put '/api/v1/object/device/:ip/nodes' => require_role api_admin => sub {
+}, put '/api/v1/object/device/:ip/nodes' => require_role setting('defanged_api_admin') => sub {
 
   jq_insert([{
     action => 'macsuck',
@@ -317,7 +317,7 @@ swagger_path {
     },
   ],
   responses => { default => {} },
-}, put '/api/v1/object/device/:ip/arps' => require_role api_admin => sub {
+}, put '/api/v1/object/device/:ip/arps' => require_role setting('defanged_api_admin') => sub {
 
   jq_insert([{
     action => 'arpnip',

share/config.yml

@@ -263,6 +263,7 @@ check_userlog: false
 devport_vlan_limit: 150
 login_logo: ""
 defanged_admin: 'admin'
+defanged_api_admin: 'api_admin'
 hide_deviceports: []
 
 # -------------