user, group, & permissions fix
This commit is contained in:
parent
f2731d3fe6
commit
5d4ecb7f9e
@ -1,35 +1,9 @@
|
||||
## To list all permissions, run:
|
||||
##
|
||||
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||
## $ ./manage.py migrate
|
||||
## $ ./manage.py shell
|
||||
## > from django.contrib.auth.models import Permission
|
||||
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||
##
|
||||
## Permission lists support wildcards. See the examples below.
|
||||
##
|
||||
## Examples:
|
||||
|
||||
# applications:
|
||||
# - name: applications
|
||||
# users:
|
||||
# - technical_user
|
||||
# readers:
|
||||
# - name: readers
|
||||
# users:
|
||||
# - reader
|
||||
# writers:
|
||||
# - name: writers
|
||||
# users:
|
||||
# - writer
|
||||
# permissions:
|
||||
# - delete_device
|
||||
# - delete_virtualmachine
|
||||
# - add_*
|
||||
# - change_*
|
||||
# vm_managers:
|
||||
# permissions:
|
||||
# - '*_virtualmachine'
|
||||
# device_managers:
|
||||
# permissions:
|
||||
# - '*device*'
|
||||
# creators:
|
||||
# permissions:
|
||||
# - add_*
|
||||
|
22
initializers/object_permissions.yml
Normal file
22
initializers/object_permissions.yml
Normal file
@ -0,0 +1,22 @@
|
||||
#- name: all.ro
|
||||
# description: 'Read Only for All Objects'
|
||||
# enabled: true
|
||||
# # object_types: all
|
||||
# groups:
|
||||
# - applications
|
||||
# - readers
|
||||
# actions:
|
||||
# - view
|
||||
#- name: all.rw
|
||||
# description: 'Read/Write for All Objects'
|
||||
# enabled: true
|
||||
# # object_types: all
|
||||
# groups:
|
||||
# - writers
|
||||
# users:
|
||||
# - jdoe
|
||||
# actions:
|
||||
# - add
|
||||
# - change
|
||||
# - delete
|
||||
# - view
|
@ -1,23 +1,14 @@
|
||||
## To list all permissions, run:
|
||||
##
|
||||
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||
## $ ./manage.py migrate
|
||||
## $ ./manage.py shell
|
||||
## > from django.contrib.auth.models import Permission
|
||||
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||
##
|
||||
## Permission lists support wildcards. See the examples below.
|
||||
##
|
||||
## Examples:
|
||||
|
||||
# technical_user:
|
||||
#- username: technical_user
|
||||
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
|
||||
# reader:
|
||||
#- username: reader
|
||||
# password: reader
|
||||
# writer:
|
||||
#- username: writer
|
||||
# password: writer
|
||||
# permissions:
|
||||
# - delete_device
|
||||
# - delete_virtualmachine
|
||||
# - add_*
|
||||
# - change_*
|
||||
#- username: jdoe
|
||||
# first_name: John
|
||||
# last_name: Doe
|
||||
# api_token: 0123456789jdoe789abcdef01234567jdoe
|
||||
# is_active: True
|
||||
# is_superuser: False
|
||||
# is_staff: False
|
||||
# email: john.doe@example.com
|
||||
|
@ -1,7 +1,7 @@
|
||||
import sys
|
||||
|
||||
from django.contrib.auth.models import User
|
||||
from startup_script_utils import load_yaml, set_permissions
|
||||
from startup_script_utils import load_yaml
|
||||
from users.models import Token
|
||||
|
||||
users = load_yaml("/opt/netbox/initializers/users.yml")
|
||||
@ -19,6 +19,3 @@ for username, user_details in users.items():
|
||||
|
||||
if user_details.get("api_token", 0):
|
||||
Token.objects.create(user=user, key=user_details["api_token"])
|
||||
|
||||
yaml_permissions = user_details.get("permissions", [])
|
||||
set_permissions(user.user_permissions, yaml_permissions)
|
||||
|
@ -1,23 +1,27 @@
|
||||
import sys
|
||||
|
||||
from django.contrib.auth.models import Group, User
|
||||
from startup_script_utils import load_yaml, set_permissions
|
||||
from users.models import AdminGroup, AdminUser
|
||||
from startup_script_utils import load_yaml
|
||||
|
||||
groups = load_yaml("/opt/netbox/initializers/groups.yml")
|
||||
if groups is None:
|
||||
sys.exit()
|
||||
|
||||
for groupname, group_details in groups.items():
|
||||
group, created = Group.objects.get_or_create(name=groupname)
|
||||
for params in groups:
|
||||
groupname=params['name']
|
||||
|
||||
group, created = AdminGroup.objects.get_or_create(
|
||||
name=groupname
|
||||
)
|
||||
|
||||
if created:
|
||||
print("👥 Created group", groupname)
|
||||
|
||||
for username in group_details.get("users", []):
|
||||
user = User.objects.get(username=username)
|
||||
for username in params.get("users", []):
|
||||
user = AdminUser.objects.get(username=username)
|
||||
|
||||
if user:
|
||||
user.groups.add(group)
|
||||
group.user_set.add(user)
|
||||
print(" 👤 Assigned user %s to group %s" % (username, AdminGroup.name))
|
||||
|
||||
yaml_permissions = group_details.get("permissions", [])
|
||||
set_permissions(group.permissions, yaml_permissions)
|
||||
group.save()
|
||||
|
44
startup_scripts/015_object_permissions.py
Normal file
44
startup_scripts/015_object_permissions.py
Normal file
@ -0,0 +1,44 @@
|
||||
import sys
|
||||
|
||||
from users.models import ObjectPermission, AdminGroup, AdminUser
|
||||
from startup_script_utils import load_yaml
|
||||
from django.contrib.contenttypes.models import ContentType
|
||||
|
||||
object_permissions = load_yaml("/opt/netbox/initializers/object_permissions.yml")
|
||||
|
||||
if object_permissions is None:
|
||||
sys.exit()
|
||||
|
||||
|
||||
for params in object_permissions:
|
||||
|
||||
object_permission, created = ObjectPermission.objects.get_or_create(
|
||||
name=params['name'],
|
||||
description=params['description'],
|
||||
enabled=params['enabled'],
|
||||
actions=params['actions']
|
||||
)
|
||||
|
||||
# Need to try to pass a list of model_name and app_label for more than just the current all objects.
|
||||
#object_types = ContentType.objects.filter(app_label__in=params.pop("object_types"))
|
||||
#object_permission.object_types.set(ContentType.objects.filter(app_label__in=params.pop("object_types")))
|
||||
object_permission.object_types.set(ContentType.objects.all())
|
||||
object_permission.save()
|
||||
|
||||
print("🔓 Created object permission", object_permission.name)
|
||||
|
||||
for groupname in params.get("groups", []):
|
||||
group = AdminGroup.objects.get(name=groupname)
|
||||
|
||||
if group:
|
||||
object_permission.groups.add(group)
|
||||
print(" 👥 Assigned group %s object permission of %s" % (groupname, object_permission.name))
|
||||
|
||||
for username in params.get("users", []):
|
||||
user = AdminUser.objects.get(username=username)
|
||||
|
||||
if user:
|
||||
object_permission.users.add(user)
|
||||
print(" 👤 Assigned user %s object permission of %s" % (username, object_permission.name))
|
||||
|
||||
object_permission.save()
|
@ -1,22 +0,0 @@
|
||||
from django.contrib.auth.models import Permission
|
||||
|
||||
|
||||
def set_permissions(subject, permission_filters):
|
||||
if subject is None or permission_filters is None:
|
||||
return
|
||||
subject.clear()
|
||||
for permission_filter in permission_filters:
|
||||
if "*" in permission_filter:
|
||||
permission_filter_regex = "^" + permission_filter.replace("*", ".*") + "$"
|
||||
permissions = Permission.objects.filter(codename__iregex=permission_filter_regex)
|
||||
print(
|
||||
" ⚿ Granting",
|
||||
permissions.count(),
|
||||
"permissions matching '" + permission_filter + "'",
|
||||
)
|
||||
else:
|
||||
permissions = Permission.objects.filter(codename=permission_filter)
|
||||
print(" ⚿ Granting permission", permission_filter)
|
||||
|
||||
for permission in permissions:
|
||||
subject.add(permission)
|
Loading…
Reference in New Issue
Block a user