fully working object permissions

initializers/object_permissions.yml

@@ -1,22 +1,48 @@
-#- name: all.ro
+# all.ro:
-#  description: 'Read Only for All Objects'
+#   actions:
-#  enabled: true
+#     - view
-#  # object_types: all
+#   description: 'Read Only for All Objects'
-#  groups:
+#   enabled: true
-#    - applications
+#   groups:
-#    - readers
+#     - applications
-#  actions:
+#     - readers
-#    - view
+#   object_types: all
-#- name: all.rw
+#   users:
-#  description: 'Read/Write for All Objects'
+#     - jdoe
-#  enabled: true
+# all.rw:
-#  # object_types: all
+#   actions:
-#  groups:
+#     - add
-#    - writers
+#     - change
-#  users:
+#     - delete
-#    - jdoe
+#     - view
-#  actions:
+#   description: 'Read/Write for All Objects'
-#    - add
+#   enabled: true
-#    - change
+#   groups:
-#    - delete
+#     - writers
-#    - view
+#   object_types: all
+# network_team.rw:
+#   actions:
+#     - add
+#     - change
+#     - delete
+#     - view
+#   description: "Network Team Permissions"
+#   enabled: true
+#   object_types:
+#     circuits:
+#       - circuit
+#       - circuittermination
+#       - circuittype
+#       - provider
+#     dcim: all
+#     ipam:
+#       - aggregate
+#       - ipaddress
+#       - prefix
+#       - rir
+#       - role
+#       - routetarget
+#       - service
+#       - vlan
+#       - vlangroup
+#       - vrf

startup_scripts/015_object_permissions.py

@@ -19,11 +19,25 @@ for permission_name, permission_details in object_permissions.items():
         actions=permission_details["actions"],
     )
 
-    # Need to try to pass a list of model_name and app_label for more than the current ALL
+    if permission_details.get("object_types", 0):
-    # object_types = ContentType.objects.filter(app_label__in=permission_details["object_types"])
+        object_types = permission_details["object_types"]
-    # object_permission.object_types.set(ContentType.objects.filter(app_label__in=permission_details"object_types"]))
+
-    object_permission.object_types.set(ContentType.objects.all())
+        if object_types == "all":
-    object_permission.save()
+            object_permission.object_types.set(ContentType.objects.all())
+
+        else:
+            for app_label, models in object_types.items():
+                if models == "all":
+                    app_models = ContentType.objects.filter(app_label=app_label)
+
+                    for app_model in app_models:
+                        object_permission.object_types.add(app_model.id)
+                else:
+                    # There is
+                    for model in models:
+                        object_permission.object_types.add(
+                            ContentType.objects.get(app_label=app_label, model=model)
+                        )
 
     print("🔓 Created object permission", object_permission.name)