Merge pull request #236 from netbox-community/LBegnaud-master
Permission Wildcards
This commit is contained in:
commit
3717b7469a
@ -1,3 +1,15 @@
|
||||
## To list all permissions, run:
|
||||
##
|
||||
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||
## $ ./manage.py migrate
|
||||
## $ ./manage.py shell
|
||||
## > from django.contrib.auth.models import Permission
|
||||
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||
##
|
||||
## Permission lists support wildcards. See the examples below.
|
||||
##
|
||||
## Examples:
|
||||
|
||||
# applications:
|
||||
# users:
|
||||
# - technical_user
|
||||
@ -8,9 +20,16 @@
|
||||
# users:
|
||||
# - writer
|
||||
# permissions:
|
||||
# - add_device
|
||||
# - change_device
|
||||
# - delete_device
|
||||
# - add_virtualmachine
|
||||
# - change_virtualmachine
|
||||
# - delete_virtualmachine
|
||||
# - add_*
|
||||
# - change_*
|
||||
# vm_managers:
|
||||
# permissions:
|
||||
# - '*_virtualmachine'
|
||||
# device_managers:
|
||||
# permissions:
|
||||
# - '*device*'
|
||||
# creators:
|
||||
# permissions:
|
||||
# - add_*
|
||||
|
@ -1,3 +1,15 @@
|
||||
## To list all permissions, run:
|
||||
##
|
||||
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||
## $ ./manage.py migrate
|
||||
## $ ./manage.py shell
|
||||
## > from django.contrib.auth.models import Permission
|
||||
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||
##
|
||||
## Permission lists support wildcards. See the examples below.
|
||||
##
|
||||
## Examples:
|
||||
|
||||
# technical_user:
|
||||
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
|
||||
# reader:
|
||||
@ -5,9 +17,7 @@
|
||||
# writer:
|
||||
# password: writer
|
||||
# permissions:
|
||||
# - add_device
|
||||
# - change_device
|
||||
# - delete_device
|
||||
# - add_virtualmachine
|
||||
# - change_virtualmachine
|
||||
# - delete_virtualmachine
|
||||
# - add_*
|
||||
# - change_*
|
||||
|
@ -20,15 +20,23 @@ with file.open('r') as stream:
|
||||
username = username,
|
||||
password = user_details.get('password', 0) or User.objects.make_random_password)
|
||||
|
||||
print("👤 Created user ",username)
|
||||
print("👤 Created user",username)
|
||||
|
||||
if user_details.get('api_token', 0):
|
||||
Token.objects.create(user=user, key=user_details['api_token'])
|
||||
|
||||
user_permissions = user_details.get('permissions', [])
|
||||
if user_permissions:
|
||||
user.user_permissions.clear()
|
||||
for permission_codename in user_details.get('permissions', []):
|
||||
for permission in Permission.objects.filter(codename=permission_codename):
|
||||
user.user_permissions.add(permission)
|
||||
user.save()
|
||||
yaml_permissions = user_details.get('permissions', [])
|
||||
if yaml_permissions:
|
||||
subject = user.user_permissions
|
||||
subject.clear()
|
||||
for yaml_permission in yaml_permissions:
|
||||
if '*' in yaml_permission:
|
||||
permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
|
||||
permissions = Permission.objects.filter(codename__iregex=permission_filter)
|
||||
print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
|
||||
else:
|
||||
permissions = Permission.objects.filter(codename=yaml_permission)
|
||||
print(" ⚿ Granting permission", yaml_permission)
|
||||
|
||||
for permission in permissions:
|
||||
subject.add(permission)
|
||||
|
@ -24,9 +24,18 @@ with file.open('r') as stream:
|
||||
if user:
|
||||
user.groups.add(group)
|
||||
|
||||
group_permissions = group_details.get('permissions', [])
|
||||
if group_permissions:
|
||||
group.permissions.clear()
|
||||
for permission_codename in group_details.get('permissions', []):
|
||||
for permission in Permission.objects.filter(codename=permission_codename):
|
||||
group.permissions.add(permission)
|
||||
yaml_permissions = group_details.get('permissions', [])
|
||||
if yaml_permissions:
|
||||
subject = group.permissions
|
||||
subject.clear()
|
||||
for yaml_permission in yaml_permissions:
|
||||
if '*' in yaml_permission:
|
||||
permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
|
||||
permissions = Permission.objects.filter(codename__iregex=permission_filter)
|
||||
print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
|
||||
else:
|
||||
permissions = Permission.objects.filter(codename=yaml_permission)
|
||||
print(" ⚿ Granting permission", yaml_permission)
|
||||
|
||||
for permission in permissions:
|
||||
subject.add(permission)
|
||||
|
@ -7,12 +7,12 @@ from os.path import dirname, abspath
|
||||
this_dir = dirname(abspath(__file__))
|
||||
|
||||
def filename(f):
|
||||
return f.name
|
||||
return f.name
|
||||
|
||||
with scandir(dirname(abspath(__file__))) as it:
|
||||
for f in sorted(it, key = filename):
|
||||
if f.name.startswith('__') or not f.is_file():
|
||||
continue
|
||||
|
||||
print(f"Running {f.path}")
|
||||
runpy.run_path(f.path)
|
||||
for f in sorted(it, key = filename):
|
||||
if f.name.startswith('__') or not f.is_file():
|
||||
continue
|
||||
|
||||
print(f"Running {f.path}")
|
||||
runpy.run_path(f.path)
|
||||
|
Loading…
Reference in New Issue
Block a user