Merge pull request #236 from netbox-community/LBegnaud-master
Permission Wildcards
This commit is contained in:
Christian Mäder
GitHub
commit
3717b7469a
@ -1,3 +1,15 @@
|
|||||||
|
## To list all permissions, run:
|
||||||
|
##
|
||||||
|
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||||
|
## $ ./manage.py migrate
|
||||||
|
## $ ./manage.py shell
|
||||||
|
## > from django.contrib.auth.models import Permission
|
||||||
|
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||||
|
##
|
||||||
|
## Permission lists support wildcards. See the examples below.
|
||||||
|
##
|
||||||
|
## Examples:
|
||||||
|
|
||||||
# applications:
|
# applications:
|
||||||
# users:
|
# users:
|
||||||
# - technical_user
|
# - technical_user
|
||||||
@ -8,9 +20,16 @@
|
|||||||
# users:
|
# users:
|
||||||
# - writer
|
# - writer
|
||||||
# permissions:
|
# permissions:
|
||||||
# - add_device
|
|
||||||
# - change_device
|
|
||||||
# - delete_device
|
# - delete_device
|
||||||
# - add_virtualmachine
|
|
||||||
# - change_virtualmachine
|
|
||||||
# - delete_virtualmachine
|
# - delete_virtualmachine
|
||||||
|
# - add_*
|
||||||
|
# - change_*
|
||||||
|
# vm_managers:
|
||||||
|
# permissions:
|
||||||
|
# - '*_virtualmachine'
|
||||||
|
# device_managers:
|
||||||
|
# permissions:
|
||||||
|
# - '*device*'
|
||||||
|
# creators:
|
||||||
|
# permissions:
|
||||||
|
# - add_*
|
||||||
|
|||||||
@ -1,3 +1,15 @@
|
|||||||
|
## To list all permissions, run:
|
||||||
|
##
|
||||||
|
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||||
|
## $ ./manage.py migrate
|
||||||
|
## $ ./manage.py shell
|
||||||
|
## > from django.contrib.auth.models import Permission
|
||||||
|
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||||
|
##
|
||||||
|
## Permission lists support wildcards. See the examples below.
|
||||||
|
##
|
||||||
|
## Examples:
|
||||||
|
|
||||||
# technical_user:
|
# technical_user:
|
||||||
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
|
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
|
||||||
# reader:
|
# reader:
|
||||||
@ -5,9 +17,7 @@
|
|||||||
# writer:
|
# writer:
|
||||||
# password: writer
|
# password: writer
|
||||||
# permissions:
|
# permissions:
|
||||||
# - add_device
|
|
||||||
# - change_device
|
|
||||||
# - delete_device
|
# - delete_device
|
||||||
# - add_virtualmachine
|
|
||||||
# - change_virtualmachine
|
|
||||||
# - delete_virtualmachine
|
# - delete_virtualmachine
|
||||||
|
# - add_*
|
||||||
|
# - change_*
|
||||||
|
|||||||
@ -25,10 +25,18 @@ with file.open('r') as stream:
|
|||||||
if user_details.get('api_token', 0):
|
if user_details.get('api_token', 0):
|
||||||
Token.objects.create(user=user, key=user_details['api_token'])
|
Token.objects.create(user=user, key=user_details['api_token'])
|
||||||
|
|
||||||
user_permissions = user_details.get('permissions', [])
|
yaml_permissions = user_details.get('permissions', [])
|
||||||
if user_permissions:
|
if yaml_permissions:
|
||||||
user.user_permissions.clear()
|
subject = user.user_permissions
|
||||||
for permission_codename in user_details.get('permissions', []):
|
subject.clear()
|
||||||
for permission in Permission.objects.filter(codename=permission_codename):
|
for yaml_permission in yaml_permissions:
|
||||||
user.user_permissions.add(permission)
|
if '*' in yaml_permission:
|
||||||
user.save()
|
permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
|
||||||
|
permissions = Permission.objects.filter(codename__iregex=permission_filter)
|
||||||
|
print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
|
||||||
|
else:
|
||||||
|
permissions = Permission.objects.filter(codename=yaml_permission)
|
||||||
|
print(" ⚿ Granting permission", yaml_permission)
|
||||||
|
|
||||||
|
for permission in permissions:
|
||||||
|
subject.add(permission)
|
||||||
|
|||||||
@ -24,9 +24,18 @@ with file.open('r') as stream:
|
|||||||
if user:
|
if user:
|
||||||
user.groups.add(group)
|
user.groups.add(group)
|
||||||
|
|
||||||
group_permissions = group_details.get('permissions', [])
|
yaml_permissions = group_details.get('permissions', [])
|
||||||
if group_permissions:
|
if yaml_permissions:
|
||||||
group.permissions.clear()
|
subject = group.permissions
|
||||||
for permission_codename in group_details.get('permissions', []):
|
subject.clear()
|
||||||
for permission in Permission.objects.filter(codename=permission_codename):
|
for yaml_permission in yaml_permissions:
|
||||||
group.permissions.add(permission)
|
if '*' in yaml_permission:
|
||||||
|
permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
|
||||||
|
permissions = Permission.objects.filter(codename__iregex=permission_filter)
|
||||||
|
print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
|
||||||
|
else:
|
||||||
|
permissions = Permission.objects.filter(codename=yaml_permission)
|
||||||
|
print(" ⚿ Granting permission", yaml_permission)
|
||||||
|
|
||||||
|
for permission in permissions:
|
||||||
|
subject.add(permission)
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user