Merge pull request #236 from netbox-community/LBegnaud-master

Permission Wildcards
2024-11-22 16:03:10 +01:00 · 2020-02-03 17:55:22 +01:00 · 2020-02-03 17:55:22 +01:00 · 3717b7469a
commit 3717b7469a
parent 0574ffc571 3d80cc5a72
5 changed files with 75 additions and 29 deletions
--- a/initializers/groups.yml
+++ b/initializers/groups.yml
@ -1,3 +1,15 @@
+## To list all permissions, run:
+## 
+## docker-compose run --rm --entrypoint /bin/bash netbox
+## $ ./manage.py migrate
+## $ ./manage.py shell
+## > from django.contrib.auth.models import Permission
+## > print('\n'.join([p.codename for p in Permission.objects.all()]))
+##
+## Permission lists support wildcards. See the examples below.
+##
+## Examples:
+
 # applications:
 #   users:
 #   - technical_user
@ -8,9 +20,16 @@
 #   users:
 #   - writer
 #   permissions:
-#   - add_device
-#   - change_device
 #   - delete_device
-#   - add_virtualmachine
-#   - change_virtualmachine
 #   - delete_virtualmachine
+#   - add_*
+#   - change_*
+# vm_managers:
+#   permissions:
+#   - '*_virtualmachine'
+# device_managers:
+#   permissions:
+#   - '*device*'
+# creators:
+#   permissions:
+#   - add_*
--- a/initializers/users.yml
+++ b/initializers/users.yml
@ -1,3 +1,15 @@
+## To list all permissions, run:
+## 
+## docker-compose run --rm --entrypoint /bin/bash netbox
+## $ ./manage.py migrate
+## $ ./manage.py shell
+## > from django.contrib.auth.models import Permission
+## > print('\n'.join([p.codename for p in Permission.objects.all()]))
+##
+## Permission lists support wildcards. See the examples below.
+##
+## Examples:
+
 # technical_user:
 #   api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
 # reader:
@ -5,9 +17,7 @@
 # writer:
 #   password: writer
 #   permissions:
-#   - add_device
-#   - change_device
 #   - delete_device
-#   - add_virtualmachine
-#   - change_virtualmachine
 #   - delete_virtualmachine
+#   - add_*
+#   - change_*
--- a/startup_scripts/000_users.py
+++ b/startup_scripts/000_users.py
@ -20,15 +20,23 @@ with file.open('r') as stream:
          username = username,
          password = user_details.get('password', 0) or User.objects.make_random_password)

-        print("👤 Created user ",username)
+        print("👤 Created user",username)

        if user_details.get('api_token', 0):
          Token.objects.create(user=user, key=user_details['api_token'])

-        user_permissions = user_details.get('permissions', [])
-        if user_permissions:
-          user.user_permissions.clear()
-          for permission_codename in user_details.get('permissions', []):
-            for permission in Permission.objects.filter(codename=permission_codename):
-              user.user_permissions.add(permission)
-          user.save()
+        yaml_permissions = user_details.get('permissions', [])
+        if yaml_permissions:
+          subject = user.user_permissions
+          subject.clear()
+          for yaml_permission in yaml_permissions:
+            if '*' in yaml_permission:
+              permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
+              permissions = Permission.objects.filter(codename__iregex=permission_filter)
+              print("  ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
+            else:
+              permissions = Permission.objects.filter(codename=yaml_permission)
+              print("  ⚿ Granting permission", yaml_permission)
+            
+            for permission in permissions:
+              subject.add(permission)
--- a/startup_scripts/010_groups.py
+++ b/startup_scripts/010_groups.py
@ -24,9 +24,18 @@ with file.open('r') as stream:
        if user:
          user.groups.add(group)

-      group_permissions = group_details.get('permissions', [])
-      if group_permissions:
-        group.permissions.clear()
-        for permission_codename in group_details.get('permissions', []):
-          for permission in Permission.objects.filter(codename=permission_codename):
-            group.permissions.add(permission)
+      yaml_permissions = group_details.get('permissions', [])
+      if yaml_permissions:
+        subject = group.permissions
+        subject.clear()
+        for yaml_permission in yaml_permissions:
+          if '*' in yaml_permission:
+            permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
+            permissions = Permission.objects.filter(codename__iregex=permission_filter)
+            print("  ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
+          else:
+            permissions = Permission.objects.filter(codename=yaml_permission)
+            print("  ⚿ Granting permission", yaml_permission)
+
+          for permission in permissions:
+            subject.add(permission)
--- a/startup_scripts/main.py
+++ b/startup_scripts/main.py
@ -7,12 +7,12 @@ from os.path import dirname, abspath
 this_dir = dirname(abspath(__file__))

 def filename(f):
-    return f.name
+  return f.name

 with scandir(dirname(abspath(__file__))) as it:
-    for f in sorted(it, key = filename):
-        if f.name.startswith('__') or not f.is_file():
-            continue
-        
-        print(f"Running {f.path}")
-        runpy.run_path(f.path)
+  for f in sorted(it, key = filename):
+    if f.name.startswith('__') or not f.is_file():
+      continue
+      
+    print(f"Running {f.path}")
+    runpy.run_path(f.path)