user, group, & permissions fix

2021-04-20 17:47:49 -04:00 · 2021-04-20 17:47:49 -04:00 · 5d4ecb7f9e
commit 5d4ecb7f9e
parent f2731d3fe6
7 changed files with 100 additions and 90 deletions
--- a/initializers/groups.yml
+++ b/initializers/groups.yml
@ -1,35 +1,9 @@
-## To list all permissions, run:
+# - name: applications
 ## 
 ## docker-compose run --rm --entrypoint /bin/bash netbox
 ## $ ./manage.py migrate
 ## $ ./manage.py shell
 ## > from django.contrib.auth.models import Permission
 ## > print('\n'.join([p.codename for p in Permission.objects.all()]))
 ##
 ## Permission lists support wildcards. See the examples below.
 ##
 ## Examples:
 # applications:
 #   users:
-#   - technical_user
+#     - technical_user
-# readers:
+# - name: readers
 #   users:
-#   - reader
+#     - reader
-# writers:
+# - name: writers
 #   users:
-#   - writer
+#     - writer
 #   permissions:
 #   - delete_device
 #   - delete_virtualmachine
 #   - add_*
 #   - change_*
 # vm_managers:
 #   permissions:
 #   - '*_virtualmachine'
 # device_managers:
 #   permissions:
 #   - '*device*'
 # creators:
 #   permissions:
 #   - add_*
--- a/initializers/object_permissions.yml
+++ b/initializers/object_permissions.yml
@ -0,0 +1,22 @@
 #- name: all.ro
 #  description: 'Read Only for All Objects'
 #  enabled: true
 #  # object_types: all
 #  groups:
 #    - applications
 #    - readers
 #  actions:
 #    - view
 #- name: all.rw
 #  description: 'Read/Write for All Objects'
 #  enabled: true
 #  # object_types: all
 #  groups:
 #    - writers
 #  users:
 #    - jdoe
 #  actions:
 #    - add
 #    - change
 #    - delete
 #    - view
--- a/initializers/users.yml
+++ b/initializers/users.yml
@ -1,23 +1,14 @@
-## To list all permissions, run:
+#- username: technical_user
-## 
+#  api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
-## docker-compose run --rm --entrypoint /bin/bash netbox
+#- username: reader
-## $ ./manage.py migrate
+#  password: reader
-## $ ./manage.py shell
+#- username: writer
-## > from django.contrib.auth.models import Permission
+#  password: writer
-## > print('\n'.join([p.codename for p in Permission.objects.all()]))
+#- username: jdoe
-##
+#  first_name: John
-## Permission lists support wildcards. See the examples below.
+#  last_name: Doe
-##
+#  api_token: 0123456789jdoe789abcdef01234567jdoe
-## Examples:
+#  is_active: True
-
+#  is_superuser: False
-# technical_user:
+#  is_staff: False
-#   api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
+#  email: john.doe@example.com
 # reader:
 #   password: reader
 # writer:
 #   password: writer
 #   permissions:
 #   - delete_device
 #   - delete_virtualmachine
 #   - add_*
 #   - change_*
--- a/startup_scripts/000_users.py
+++ b/startup_scripts/000_users.py
@ -1,7 +1,7 @@
 import sys
 from django.contrib.auth.models import User
-from startup_script_utils import load_yaml, set_permissions
+from startup_script_utils import load_yaml
 from users.models import Token
 users = load_yaml("/opt/netbox/initializers/users.yml")
@ -19,6 +19,3 @@ for username, user_details in users.items():
        if user_details.get("api_token", 0):
            Token.objects.create(user=user, key=user_details["api_token"])
        yaml_permissions = user_details.get("permissions", [])
        set_permissions(user.user_permissions, yaml_permissions)
--- a/startup_scripts/010_groups.py
+++ b/startup_scripts/010_groups.py
@ -1,23 +1,27 @@
 import sys
-from django.contrib.auth.models import Group, User
+from users.models import AdminGroup, AdminUser
-from startup_script_utils import load_yaml, set_permissions
+from startup_script_utils import load_yaml
 groups = load_yaml("/opt/netbox/initializers/groups.yml")
 if groups is None:
    sys.exit()
-for groupname, group_details in groups.items():
+for params in groups:
-    group, created = Group.objects.get_or_create(name=groupname)
+    groupname=params['name']
    group, created = AdminGroup.objects.get_or_create(
        name=groupname
    )
    if created:
        print("👥 Created group", groupname)
-    for username in group_details.get("users", []):
+    for username in params.get("users", []):
-        user = User.objects.get(username=username)
+        user = AdminUser.objects.get(username=username)
        if user:
-            user.groups.add(group)
+            group.user_set.add(user)
            print(" 👤 Assigned user %s to group %s" % (username, AdminGroup.name))
-    yaml_permissions = group_details.get("permissions", [])
+    group.save()
    set_permissions(group.permissions, yaml_permissions)
--- a/startup_scripts/015_object_permissions.py
+++ b/startup_scripts/015_object_permissions.py
@ -0,0 +1,44 @@
 import sys
 from users.models import ObjectPermission, AdminGroup, AdminUser
 from startup_script_utils import load_yaml
 from django.contrib.contenttypes.models import ContentType
 object_permissions = load_yaml("/opt/netbox/initializers/object_permissions.yml")
 if object_permissions is None:
    sys.exit()
 for params in object_permissions:
    object_permission, created = ObjectPermission.objects.get_or_create(
        name=params['name'],
        description=params['description'],
        enabled=params['enabled'],
        actions=params['actions']
    )
 # Need to try to pass a list of model_name and app_label for more than just the current all objects.
    #object_types = ContentType.objects.filter(app_label__in=params.pop("object_types"))
    #object_permission.object_types.set(ContentType.objects.filter(app_label__in=params.pop("object_types")))
    object_permission.object_types.set(ContentType.objects.all())
    object_permission.save()
    print("🔓 Created object permission", object_permission.name)
    for groupname in params.get("groups", []):
        group = AdminGroup.objects.get(name=groupname)
        if group:
            object_permission.groups.add(group)
            print(" 👥 Assigned group %s object permission of %s" % (groupname, object_permission.name))
    for username in params.get("users", []):
        user = AdminUser.objects.get(username=username)
        if user:
            object_permission.users.add(user)
            print(" 👤 Assigned user %s object permission of %s" % (username, object_permission.name))
    object_permission.save()
--- a/startup_scripts/startup_script_utils/permissions.py
+++ b/startup_scripts/startup_script_utils/permissions.py
@ -1,22 +0,0 @@
 from django.contrib.auth.models import Permission
 def set_permissions(subject, permission_filters):
    if subject is None or permission_filters is None:
        return
    subject.clear()
    for permission_filter in permission_filters:
        if "*" in permission_filter:
            permission_filter_regex = "^" + permission_filter.replace("*", ".*") + "$"
            permissions = Permission.objects.filter(codename__iregex=permission_filter_regex)
            print(
                "  ⚿ Granting",
                permissions.count(),
                "permissions matching '" + permission_filter + "'",
            )
        else:
            permissions = Permission.objects.filter(codename=permission_filter)
            print("  ⚿ Granting permission", permission_filter)
        for permission in permissions:
            subject.add(permission)