Merge pull request #236 from netbox-community/LBegnaud-master

Permission Wildcards
2020-02-03 17:55:22 +01:00 · 2020-02-03 17:55:22 +01:00 · 3717b7469a
commit 3717b7469a
parent 0574ffc571 3d80cc5a72
5 changed files with 75 additions and 29 deletions
--- a/initializers/groups.yml
+++ b/initializers/groups.yml
@ -1,3 +1,15 @@
 ## To list all permissions, run:
 ## 
 ## docker-compose run --rm --entrypoint /bin/bash netbox
 ## $ ./manage.py migrate
 ## $ ./manage.py shell
 ## > from django.contrib.auth.models import Permission
 ## > print('\n'.join([p.codename for p in Permission.objects.all()]))
 ##
 ## Permission lists support wildcards. See the examples below.
 ##
 ## Examples:
 # applications:
 #   users:
 #   - technical_user
@ -8,9 +20,16 @@
 #   users:
 #   - writer
 #   permissions:
 #   - add_device
 #   - change_device
 #   - delete_device
 #   - add_virtualmachine
 #   - change_virtualmachine
 #   - delete_virtualmachine
 #   - add_*
 #   - change_*
 # vm_managers:
 #   permissions:
 #   - '*_virtualmachine'
 # device_managers:
 #   permissions:
 #   - '*device*'
 # creators:
 #   permissions:
 #   - add_*
--- a/initializers/users.yml
+++ b/initializers/users.yml
@ -1,3 +1,15 @@
 ## To list all permissions, run:
 ## 
 ## docker-compose run --rm --entrypoint /bin/bash netbox
 ## $ ./manage.py migrate
 ## $ ./manage.py shell
 ## > from django.contrib.auth.models import Permission
 ## > print('\n'.join([p.codename for p in Permission.objects.all()]))
 ##
 ## Permission lists support wildcards. See the examples below.
 ##
 ## Examples:
 # technical_user:
 #   api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
 # reader:
@ -5,9 +17,7 @@
 # writer:
 #   password: writer
 #   permissions:
 #   - add_device
 #   - change_device
 #   - delete_device
 #   - add_virtualmachine
 #   - change_virtualmachine
 #   - delete_virtualmachine
 #   - add_*
 #   - change_*
--- a/startup_scripts/000_users.py
+++ b/startup_scripts/000_users.py
@ -20,15 +20,23 @@ with file.open('r') as stream:
          username = username,
          password = user_details.get('password', 0) or User.objects.make_random_password)
-        print("👤 Created user ",username)
+        print("👤 Created user",username)
        if user_details.get('api_token', 0):
          Token.objects.create(user=user, key=user_details['api_token'])
-        user_permissions = user_details.get('permissions', [])
+        yaml_permissions = user_details.get('permissions', [])
-        if user_permissions:
+        if yaml_permissions:
-          user.user_permissions.clear()
+          subject = user.user_permissions
-          for permission_codename in user_details.get('permissions', []):
+          subject.clear()
-            for permission in Permission.objects.filter(codename=permission_codename):
+          for yaml_permission in yaml_permissions:
-              user.user_permissions.add(permission)
+            if '*' in yaml_permission:
-          user.save()
+              permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
              permissions = Permission.objects.filter(codename__iregex=permission_filter)
              print("  ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
            else:
              permissions = Permission.objects.filter(codename=yaml_permission)
              print("  ⚿ Granting permission", yaml_permission)
            for permission in permissions:
              subject.add(permission)
--- a/startup_scripts/010_groups.py
+++ b/startup_scripts/010_groups.py
@ -24,9 +24,18 @@ with file.open('r') as stream:
        if user:
          user.groups.add(group)
-      group_permissions = group_details.get('permissions', [])
+      yaml_permissions = group_details.get('permissions', [])
-      if group_permissions:
+      if yaml_permissions:
-        group.permissions.clear()
+        subject = group.permissions
-        for permission_codename in group_details.get('permissions', []):
+        subject.clear()
-          for permission in Permission.objects.filter(codename=permission_codename):
+        for yaml_permission in yaml_permissions:
-            group.permissions.add(permission)
+          if '*' in yaml_permission:
            permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
            permissions = Permission.objects.filter(codename__iregex=permission_filter)
            print("  ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
          else:
            permissions = Permission.objects.filter(codename=yaml_permission)
            print("  ⚿ Granting permission", yaml_permission)
          for permission in permissions:
            subject.add(permission)
--- a/startup_scripts/main.py
+++ b/startup_scripts/main.py
@ -7,12 +7,12 @@ from os.path import dirname, abspath
 this_dir = dirname(abspath(__file__))
 def filename(f):
-    return f.name
+  return f.name
 with scandir(dirname(abspath(__file__))) as it:
-    for f in sorted(it, key = filename):
+  for f in sorted(it, key = filename):
-        if f.name.startswith('__') or not f.is_file():
+    if f.name.startswith('__') or not f.is_file():
-            continue
+      continue
-        
+      
-        print(f"Running {f.path}")
+    print(f"Running {f.path}")
-        runpy.run_path(f.path)
+    runpy.run_path(f.path)