fully working object permissions

2021-04-25 16:31:50 -04:00 · 2021-04-25 16:31:50 -04:00 · 474ca9e78f
commit 474ca9e78f
parent 12401f2a3f
2 changed files with 67 additions and 27 deletions
--- a/initializers/object_permissions.yml
+++ b/initializers/object_permissions.yml
@ -1,22 +1,48 @@
-#- name: all.ro
-#  description: 'Read Only for All Objects'
-#  enabled: true
-#  # object_types: all
-#  groups:
-#    - applications
-#    - readers
-#  actions:
-#    - view
-#- name: all.rw
-#  description: 'Read/Write for All Objects'
-#  enabled: true
-#  # object_types: all
-#  groups:
-#    - writers
-#  users:
-#    - jdoe
-#  actions:
-#    - add
-#    - change
-#    - delete
-#    - view
+# all.ro:
+#   actions:
+#     - view
+#   description: 'Read Only for All Objects'
+#   enabled: true
+#   groups:
+#     - applications
+#     - readers
+#   object_types: all
+#   users:
+#     - jdoe
+# all.rw:
+#   actions:
+#     - add
+#     - change
+#     - delete
+#     - view
+#   description: 'Read/Write for All Objects'
+#   enabled: true
+#   groups:
+#     - writers
+#   object_types: all
+# network_team.rw:
+#   actions:
+#     - add
+#     - change
+#     - delete
+#     - view
+#   description: "Network Team Permissions"
+#   enabled: true
+#   object_types:
+#     circuits:
+#       - circuit
+#       - circuittermination
+#       - circuittype
+#       - provider
+#     dcim: all
+#     ipam:
+#       - aggregate
+#       - ipaddress
+#       - prefix
+#       - rir
+#       - role
+#       - routetarget
+#       - service
+#       - vlan
+#       - vlangroup
+#       - vrf
--- a/startup_scripts/015_object_permissions.py
+++ b/startup_scripts/015_object_permissions.py
@ -19,11 +19,25 @@ for permission_name, permission_details in object_permissions.items():
        actions=permission_details["actions"],
    )

-    # Need to try to pass a list of model_name and app_label for more than the current ALL
-    # object_types = ContentType.objects.filter(app_label__in=permission_details["object_types"])
-    # object_permission.object_types.set(ContentType.objects.filter(app_label__in=permission_details"object_types"]))
-    object_permission.object_types.set(ContentType.objects.all())
-    object_permission.save()
+    if permission_details.get("object_types", 0):
+        object_types = permission_details["object_types"]
+
+        if object_types == "all":
+            object_permission.object_types.set(ContentType.objects.all())
+
+        else:
+            for app_label, models in object_types.items():
+                if models == "all":
+                    app_models = ContentType.objects.filter(app_label=app_label)
+
+                    for app_model in app_models:
+                        object_permission.object_types.add(app_model.id)
+                else:
+                    # There is
+                    for model in models:
+                        object_permission.object_types.add(
+                            ContentType.objects.get(app_label=app_label, model=model)
+                        )

    print("🔓 Created object permission", object_permission.name)