fully working object permissions

This commit is contained in:
ryanmerolle 2021-04-25 16:31:50 -04:00
parent 12401f2a3f
commit 474ca9e78f
2 changed files with 67 additions and 27 deletions

View File

@ -1,22 +1,48 @@
#- name: all.ro
# all.ro:
# actions:
# - view
# description: 'Read Only for All Objects'
# enabled: true
# # object_types: all
# groups:
# - applications
# - readers
# actions:
# - view
#- name: all.rw
# description: 'Read/Write for All Objects'
# enabled: true
# # object_types: all
# groups:
# - writers
# object_types: all
# users:
# - jdoe
# all.rw:
# actions:
# - add
# - change
# - delete
# - view
# description: 'Read/Write for All Objects'
# enabled: true
# groups:
# - writers
# object_types: all
# network_team.rw:
# actions:
# - add
# - change
# - delete
# - view
# description: "Network Team Permissions"
# enabled: true
# object_types:
# circuits:
# - circuit
# - circuittermination
# - circuittype
# - provider
# dcim: all
# ipam:
# - aggregate
# - ipaddress
# - prefix
# - rir
# - role
# - routetarget
# - service
# - vlan
# - vlangroup
# - vrf

View File

@ -19,11 +19,25 @@ for permission_name, permission_details in object_permissions.items():
actions=permission_details["actions"],
)
# Need to try to pass a list of model_name and app_label for more than the current ALL
# object_types = ContentType.objects.filter(app_label__in=permission_details["object_types"])
# object_permission.object_types.set(ContentType.objects.filter(app_label__in=permission_details"object_types"]))
if permission_details.get("object_types", 0):
object_types = permission_details["object_types"]
if object_types == "all":
object_permission.object_types.set(ContentType.objects.all())
object_permission.save()
else:
for app_label, models in object_types.items():
if models == "all":
app_models = ContentType.objects.filter(app_label=app_label)
for app_model in app_models:
object_permission.object_types.add(app_model.id)
else:
# There is
for model in models:
object_permission.object_types.add(
ContentType.objects.get(app_label=app_label, model=model)
)
print("🔓 Created object permission", object_permission.name)