diff --git a/Netdisco/Changes b/Netdisco/Changes index d0600dd7..558d2445 100644 --- a/Netdisco/Changes +++ b/Netdisco/Changes @@ -1,5 +1,9 @@ 2.028001 + [ENHANCEMENTS] + + * portctl_nameonly to limit port control to name only (F. Schiavarelli) + [BUG FIXES] * [ND1#117] unknown devices missing from inventory diff --git a/Netdisco/lib/App/Netdisco/Manual/Configuration.pod b/Netdisco/lib/App/Netdisco/Manual/Configuration.pod index 8407d3ab..7857e593 100644 --- a/Netdisco/lib/App/Netdisco/Manual/Configuration.pod +++ b/Netdisco/lib/App/Netdisco/Manual/Configuration.pod @@ -782,6 +782,14 @@ field to use as the management IP address for a device. Value: Boolean. Default: C. Set to false to prevent users from changing the default VLAN on an interface. +This setting has no effect when C below is set to true. + +=head3 C + +Value: Boolean. Default: C. + +Set to true to limit port control action to only changing the interface name +(description). =head3 C diff --git a/Netdisco/lib/App/Netdisco/Util/Port.pm b/Netdisco/lib/App/Netdisco/Util/Port.pm index eabea8af..a9a990d0 100644 --- a/Netdisco/lib/App/Netdisco/Util/Port.pm +++ b/Netdisco/lib/App/Netdisco/Util/Port.pm @@ -68,6 +68,10 @@ sub vlan_reconfig_check { =item * +Permission check that C is false in Netdisco config. + +=item * + Permission check that C is true in Netdisco config, if C<$port> is an uplink. @@ -95,6 +99,10 @@ sub port_reconfig_check { my $has_phone = port_has_phone($port); my $is_vlan = is_vlan_interface($port); + # only permitted to change interface name + return "forbidden: not permitted to change port configuration" + if setting('portctl_nameonly'); + # uplink check return "forbidden: port [$name] on [$ip] is an uplink" if $port->remote_type and not $has_phone and not setting('portctl_uplinks'); diff --git a/Netdisco/share/config.yml b/Netdisco/share/config.yml index e21eee9d..61609a56 100644 --- a/Netdisco/share/config.yml +++ b/Netdisco/share/config.yml @@ -144,6 +144,7 @@ ignore_interfaces: ignore_private_nets: false reverse_sysname: false vlanctl: true +portctl_nameonly: false portctl_nophones: false portctl_vlans: false portctl_uplinks: false