[admin] Disallow changing configuration backend from UI #789

Make backend readonly on admin change forms for device config inline, template, and VPN while keeping backend selection available on add forms.\n\nAdd focused admin tests to verify backend immutability on change forms and that attempted backend edits through UI change requests do not alter persisted backend values.\n\nFixes #789

Author: hypnoastic

openwisp_controller/config/admin.py

@@ -468,7 +468,9 @@ def _error_reason_field_conditional(self, obj, fields):
         return fields
 
     def get_readonly_fields(self, request, obj):
-        fields = super().get_readonly_fields(request, obj)
+        fields = list(super().get_readonly_fields(request, obj))
+        if obj and obj._has_config() and "backend" not in fields:
+            fields.append("backend")
         return self._error_reason_field_conditional(obj, fields)
 
     def get_fields(self, request, obj):
@@ -1082,6 +1084,12 @@ class TemplateAdmin(MultitenantAdminMixin, BaseConfigAdmin, SystemDefinedVariabl
     readonly_fields = ["system_context"]
     autocomplete_fields = ["vpn"]
 
+    def get_readonly_fields(self, request, obj=None):
+        fields = list(super().get_readonly_fields(request, obj))
+        if obj and "backend" not in fields:
+            fields.append("backend")
+        return fields
+
     @admin.action(permissions=["add"])
     def clone_selected_templates(self, request, queryset):
         selectable_orgs = None
@@ -1261,6 +1269,12 @@ class VpnAdmin(
         "modified",
     ]
 
+    def get_readonly_fields(self, request, obj=None):
+        fields = list(super().get_readonly_fields(request, obj))
+        if obj and "backend" not in fields:
+            fields.append("backend")
+        return fields
+
     class Media(BaseConfigAdmin):
         js = list(BaseConfigAdmin.Media.js) + [f"{prefix}js/vpn.js"]
 

openwisp_controller/config/tests/test_admin.py

@@ -1435,12 +1435,38 @@ def test_default_device_backend(self):
         response = self.client.get(path)
         self.assertContains(response, '<option value="netjsonconfig.OpenWrt" selected')
 
-    def test_existing_device_backend(self):
+    def test_device_backend_readonly_on_change(self):
         d = self._create_device()
         self._create_config(device=d, backend="netjsonconfig.OpenWisp")
         path = reverse(f"admin:{self.app_label}_device_change", args=[d.pk])
         response = self.client.get(path)
-        self.assertContains(response, '<option value="netjsonconfig.OpenWisp" selected')
+        self.assertContains(response, "field-backend")
+        self.assertNotContains(response, 'name="config-0-backend"')
+
+    def test_device_backend_cannot_be_changed_from_change_form(self):
+        template = Template.objects.first()
+        device = self._create_device()
+        config = self._create_config(
+            device=device,
+            backend=template.backend,
+            config=template.config,
+        )
+        path = reverse(f"admin:{self.app_label}_device_change", args=[device.pk])
+        params = self._get_device_params(org=device.organization)
+        params.update(
+            {
+                "name": "device-backend-unchanged",
+                "config-0-id": str(config.pk),
+                "config-0-device": str(device.pk),
+                "config-0-backend": "totally.invalid.backend",
+                "config-0-templates": str(template.pk),
+                "config-INITIAL_FORMS": 1,
+            }
+        )
+        response = self.client.post(path, params)
+        self.assertNotContains(response, "errors field-backend")
+        config.refresh_from_db()
+        self.assertEqual(config.backend, template.backend)
 
     def test_device_search(self):
         d = self._create_device(name="admin-search-test")
@@ -1502,7 +1528,7 @@ def test_default_template_backend(self):
         response = self.client.get(path)
         self.assertContains(response, '<option value="netjsonconfig.OpenWrt" selected')
 
-    def test_existing_template_backend(self):
+    def test_template_backend_readonly_on_change(self):
         t = Template.objects.first()
         t.backend = "netjsonconfig.OpenWisp"
         t.config = {
@@ -1513,7 +1539,33 @@ def test_existing_template_backend(self):
         t.save()
         path = reverse(f"admin:{self.app_label}_template_change", args=[t.pk])
         response = self.client.get(path)
-        self.assertContains(response, '<option value="netjsonconfig.OpenWisp" selected')
+        self.assertContains(response, "field-backend")
+        self.assertNotContains(response, 'name="backend"')
+
+    def test_template_backend_cannot_be_changed_from_change_form(self):
+        template = self._create_template()
+        path = reverse(f"admin:{self.app_label}_template_change", args=[template.pk])
+        params = {
+            "name": "template-backend-unchanged",
+            "organization": str(template.organization_id or ""),
+            "type": template.type,
+            "backend": "totally.invalid.backend",
+            "vpn": str(template.vpn_id or ""),
+            "tags": ",".join(template.tags.names()),
+            "default_values": json.dumps(template.default_values or {}),
+            "config": json.dumps(template.config),
+        }
+        if template.auto_cert:
+            params["auto_cert"] = "on"
+        if template.default:
+            params["default"] = "on"
+        if template.required:
+            params["required"] = "on"
+        response = self.client.post(path, params)
+        self.assertNotContains(response, "errors field-backend", status_code=302)
+        template.refresh_from_db()
+        self.assertEqual(template.backend, "netjsonconfig.OpenWrt")
+        self.assertEqual(template.name, "template-backend-unchanged")
 
     def test_preview_variables(self):
         path = reverse(f"admin:{self.app_label}_device_preview")
@@ -1626,6 +1678,38 @@ def test_add_vpn(self):
             response, 'value="openwisp_controller.vpn_backends.OpenVpn" selected'
         )
 
+    def test_vpn_backend_readonly_on_change(self):
+        vpn = self._create_vpn()
+        path = reverse(f"admin:{self.app_label}_vpn_change", args=[vpn.pk])
+        response = self.client.get(path)
+        self.assertContains(response, "field-backend")
+        self.assertNotContains(response, 'name="backend"')
+
+    def test_vpn_backend_cannot_be_changed_from_change_form(self):
+        vpn = self._create_vpn()
+        path = reverse(f"admin:{self.app_label}_vpn_change", args=[vpn.pk])
+        params = {
+            "organization": str(vpn.organization_id or ""),
+            "name": "vpn-backend-unchanged",
+            "host": vpn.host,
+            "key": vpn.key,
+            "backend": "totally.invalid.backend",
+            "ca": str(vpn.ca_id or ""),
+            "cert": str(vpn.cert_id or ""),
+            "subnet": str(vpn.subnet_id or ""),
+            "ip": str(vpn.ip_id or ""),
+            "webhook_endpoint": vpn.webhook_endpoint or "",
+            "auth_token": vpn.auth_token or "",
+            "notes": vpn.notes or "",
+            "dh": vpn.dh or "",
+            "config": json.dumps(vpn.config),
+        }
+        response = self.client.post(path, params)
+        self.assertNotContains(response, "errors field-backend", status_code=302)
+        vpn.refresh_from_db()
+        self.assertEqual(vpn.backend, "openwisp_controller.vpn_backends.OpenVpn")
+        self.assertEqual(vpn.name, "vpn-backend-unchanged")
+
     def test_vpn_clients_deleted(self):
         def _update_template(templates):
             params.update(