diff --git a/startup_scripts/000_users.py b/startup_scripts/000_users.py index 534a793..6605424 100644 --- a/startup_scripts/000_users.py +++ b/startup_scripts/000_users.py @@ -1,11 +1,10 @@ -from django.contrib.auth.models import Permission, Group, User -from users.models import Token - -from startup_script_utils import load_yaml import sys -users = load_yaml('/opt/netbox/initializers/users.yml') +from django.contrib.auth.models import Group, User +from startup_script_utils import load_yaml, set_permissions +from users.models import Token +users = load_yaml('/opt/netbox/initializers/users.yml') if users is None: sys.exit() @@ -21,17 +20,4 @@ for username, user_details in users.items(): Token.objects.create(user=user, key=user_details['api_token']) yaml_permissions = user_details.get('permissions', []) - if yaml_permissions: - subject = user.user_permissions - subject.clear() - for yaml_permission in yaml_permissions: - if '*' in yaml_permission: - permission_filter = '^' + yaml_permission.replace('*','.*') + '$' - permissions = Permission.objects.filter(codename__iregex=permission_filter) - print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'") - else: - permissions = Permission.objects.filter(codename=yaml_permission) - print(" ⚿ Granting permission", yaml_permission) - - for permission in permissions: - subject.add(permission) + set_permissions(user.user_permissions, yaml_permissions) diff --git a/startup_scripts/010_groups.py b/startup_scripts/010_groups.py index bad2a10..951ca96 100644 --- a/startup_scripts/010_groups.py +++ b/startup_scripts/010_groups.py @@ -1,7 +1,8 @@ -from django.contrib.auth.models import Permission, Group, User -from startup_script_utils import load_yaml import sys +from django.contrib.auth.models import Group, User +from startup_script_utils import load_yaml, set_permissions + groups = load_yaml('/opt/netbox/initializers/groups.yml') if groups is None: sys.exit() @@ -19,17 +20,4 @@ for groupname, group_details in groups.items(): user.groups.add(group) yaml_permissions = group_details.get('permissions', []) - if yaml_permissions: - subject = group.permissions - subject.clear() - for yaml_permission in yaml_permissions: - if '*' in yaml_permission: - permission_filter = '^' + yaml_permission.replace('*','.*') + '$' - permissions = Permission.objects.filter(codename__iregex=permission_filter) - print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'") - else: - permissions = Permission.objects.filter(codename=yaml_permission) - print(" ⚿ Granting permission", yaml_permission) - - for permission in permissions: - subject.add(permission) + set_permissions(group.permissions, yaml_permissions) diff --git a/startup_scripts/startup_script_utils/__init__.py b/startup_scripts/startup_script_utils/__init__.py index 7a37f57..c3cf28f 100644 --- a/startup_scripts/startup_script_utils/__init__.py +++ b/startup_scripts/startup_script_utils/__init__.py @@ -1 +1,2 @@ from .load_yaml import load_yaml +from .permissions import set_permissions diff --git a/startup_scripts/startup_script_utils/permissions.py b/startup_scripts/startup_script_utils/permissions.py new file mode 100644 index 0000000..add83ee --- /dev/null +++ b/startup_scripts/startup_script_utils/permissions.py @@ -0,0 +1,18 @@ +from django.contrib.auth.models import Permission + + +def set_permissions(subject, permission_filters): + if subject is None or permission_filters is None: + return + subject.clear() + for permission_filter in permission_filters: + if "*" in permission_filter: + permission_filter_regex = "^" + permission_filter.replace("*", ".*") + "$" + permissions = Permission.objects.filter(codename__iregex=permission_filter_regex) + print(" ⚿ Granting", permissions.count(), "permissions matching '" + permission_filter + "'") + else: + permissions = Permission.objects.filter(codename=permission_filter) + print(" ⚿ Granting permission", permission_filter) + + for permission in permissions: + subject.add(permission)