mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

Rename attrs to constraints

Browse Source
This commit is contained in:
Jeremy Stretch
2020-06-03 09:43:46 -04:00
parent ddcd172af1
commit d157818d7e
6 changed files with 52 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
netbox/netbox/authentication.py
View File

@ -28,16 +28,16 @@ class ObjectPermissionBackend(ModelBackend):
Q(groups__user=user_obj)
).prefetch_related('object_types')
# Create a dictionary mapping permissions to their attributes
# Create a dictionary mapping permissions to their constraints
perms = dict()
for obj_perm in object_permissions:
for object_type in obj_perm.object_types.all():
for action in obj_perm.actions:
perm_name = f"{object_type.app_label}.{action}_{object_type.model}"
if perm_name in perms:
perms[perm_name].append(obj_perm.attrs)
perms[perm_name].append(obj_perm.constraints)
else:
perms[perm_name] = [obj_perm.attrs]
perms[perm_name] = [obj_perm.constraints]
return perms
@ -71,20 +71,20 @@ class ObjectPermissionBackend(ModelBackend):
raise ValueError(f"Invalid permission {perm} for model {model}")
# Compile a query filter that matches all instances of the specified model
obj_perm_attrs = self.get_all_permissions(user_obj)[perm]
attrs = Q()
for perm_attrs in obj_perm_attrs:
if perm_attrs:
attrs |= Q(**perm_attrs)
obj_perm_constraints = self.get_all_permissions(user_obj)[perm]
constraints = Q()
for perm_constraints in obj_perm_constraints:
if perm_constraints:
constraints |= Q(**perm_constraints)
else:
# Found ObjectPermission with null attrs; allow model-level access
attrs = Q()
# Found ObjectPermission with null constraints; allow model-level access
constraints = Q()
break
# Permission to perform the requested action on the object depends on whether the specified object matches
# the specified attributes. Note that this check is made against the *database* record representing the object,
# the specified constraints. Note that this check is made against the *database* record representing the object,
# not the instance itself.
return model.objects.filter(attrs, pk=obj.pk).exists()
return model.objects.filter(constraints, pk=obj.pk).exists()
class RemoteUserBackend(_RemoteUserBackend):
@ -111,11 +111,11 @@ class RemoteUserBackend(_RemoteUserBackend):
# Assign default object permissions to the user
permissions_list = []
for permission_name, attrs in settings.REMOTE_AUTH_DEFAULT_PERMISSIONS.items():
for permission_name, constraints in settings.REMOTE_AUTH_DEFAULT_PERMISSIONS.items():
try:
object_type, action = resolve_permission_ct(permission_name)
# TODO: Merge multiple actions into a single ObjectPermission per content type
obj_perm = ObjectPermission(actions=[action], attrs=attrs)
obj_perm = ObjectPermission(actions=[action], constraints=constraints)
obj_perm.save()
obj_perm.users.add(user)
obj_perm.object_types.add(object_type)

26
netbox/netbox/tests/test_authentication.py
View File

@ -202,7 +202,7 @@ class ObjectPermissionViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['view']
)
obj_perm.save()
@ -226,7 +226,7 @@ class ObjectPermissionViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['view']
)
obj_perm.save()
@ -260,7 +260,7 @@ class ObjectPermissionViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['view', 'add']
)
obj_perm.save()
@ -307,7 +307,7 @@ class ObjectPermissionViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['view', 'change']
)
obj_perm.save()
@ -350,7 +350,7 @@ class ObjectPermissionViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['view', 'delete']
)
obj_perm.save()
@ -398,7 +398,7 @@ class ObjectPermissionViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['add']
)
obj_perm.save()
@ -447,7 +447,7 @@ class ObjectPermissionViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['change']
)
obj_perm.save()
@ -491,7 +491,7 @@ class ObjectPermissionViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['view', 'delete']
)
obj_perm.save()
@ -562,7 +562,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['view']
)
obj_perm.save()
@ -589,7 +589,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['view']
)
obj_perm.save()
@ -616,7 +616,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['add']
)
obj_perm.save()
@ -645,7 +645,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['change']
)
obj_perm.save()
@ -680,7 +680,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
# Assign object permission
obj_perm = ObjectPermission(
attrs={'site__name': 'Site 1'},
constraints={'site__name': 'Site 1'},
actions=['delete']
)
obj_perm.save()

26
netbox/users/admin.py
View File

@ -37,7 +37,7 @@ class UserConfigInline(admin.TabularInline):
class ObjectPermissionInline(admin.TabularInline):
model = AdminUser.object_permissions.through
fields = ['object_types', 'actions', 'attrs']
fields = ['object_types', 'actions', 'constraints']
readonly_fields = fields
extra = 0
verbose_name = 'Permission'
@ -48,8 +48,8 @@ class ObjectPermissionInline(admin.TabularInline):
def actions(self, instance):
return ', '.join(instance.objectpermission.actions)
def attrs(self, instance):
return instance.objectpermission.attrs
def constraints(self, instance):
return instance.objectpermission.constraints
def has_add_permission(self, request, obj):
# Don't allow the creation of new ObjectPermission assignments via this form
@ -113,8 +113,8 @@ class ObjectPermissionForm(forms.ModelForm):
exclude = []
help_texts = {
'actions': 'Actions granted in addition to those listed above',
'attrs': 'JSON expression of a queryset filter that will return only permitted objects. Leave null to '
'match all objects of this type.'
'constraints': 'JSON expression of a queryset filter that will return only permitted objects. Leave null '
'to match all objects of this type.'
}
labels = {
'actions': 'Additional actions'
@ -143,7 +143,7 @@ class ObjectPermissionForm(forms.ModelForm):
def clean(self):
object_types = self.cleaned_data['object_types']
attrs = self.cleaned_data['attrs']
constraints = self.cleaned_data['constraints']
# Append any of the selected CRUD checkboxes to the actions list
if not self.cleaned_data.get('actions'):
@ -156,16 +156,16 @@ class ObjectPermissionForm(forms.ModelForm):
if not self.cleaned_data['actions']:
raise ValidationError("At least one action must be selected.")
# Validate the specified model attributes by attempting to execute a query. We don't care whether the query
# returns anything; we just want to make sure the specified attributes are valid.
if attrs:
# Validate the specified model constraints by attempting to execute a query. We don't care whether the query
# returns anything; we just want to make sure the specified constraints are valid.
if constraints:
for ct in object_types:
model = ct.model_class()
try:
model.objects.filter(**attrs).exists()
model.objects.filter(**constraints).exists()
except FieldError as e:
raise ValidationError({
'attrs': f'Invalid attributes for {model}: {e}'
'constraints': f'Invalid filter for {model}: {e}'
})
@ -182,13 +182,13 @@ class ObjectPermissionAdmin(admin.ModelAdmin):
'fields': (('can_view', 'can_add', 'can_change', 'can_delete'), 'actions')
}),
('Constraints', {
'fields': ('attrs',)
'fields': ('constraints',)
}),
)
filter_horizontal = ('object_types', 'groups', 'users')
form = ObjectPermissionForm
list_display = [
'list_models', 'list_users', 'list_groups', 'actions', 'attrs',
'list_models', 'list_users', 'list_groups', 'actions', 'constraints',
]
list_filter = [
'groups', 'users'

4
netbox/users/migrations/0008_objectpermission.py
View File

@ -1,5 +1,3 @@
# Generated by Django 3.0.6 on 2020-05-29 14:59
from django.conf import settings
import django.contrib.postgres.fields
import django.contrib.postgres.fields.jsonb
@ -20,7 +18,7 @@ class Migration(migrations.Migration):
name='ObjectPermission',
fields=[
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False)),
('attrs', django.contrib.postgres.fields.jsonb.JSONField(blank=True, null=True)),
('constraints', django.contrib.postgres.fields.jsonb.JSONField(blank=True, null=True)),
('actions', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=30), size=None)),
('object_types', models.ManyToManyField(limit_choices_to={'app_label__in': ['circuits', 'dcim', 'extras', 'ipam', 'secrets', 'tenancy', 'virtualization']}, related_name='object_permissions', to='contenttypes.ContentType')),
('groups', models.ManyToManyField(blank=True, related_name='object_permissions', to='auth.Group')),

4
netbox/users/models.py
View File

@ -252,10 +252,10 @@ class ObjectPermission(models.Model):
},
related_name='object_permissions'
)
attrs = JSONField(
constraints = JSONField(
blank=True,
null=True,
verbose_name='Attributes'
help_text="Queryset filter matching the applicable objects of the selected type(s)"
)
actions = ArrayField(
base_field=models.CharField(max_length=30),

18
netbox/utilities/testing/testcases.py
View File

@ -180,7 +180,7 @@ class ViewTestCases:
# Add object-level permission
obj_perm = ObjectPermission(
attrs={'pk': instance1.pk},
constraints={'pk': instance1.pk},
actions=['view']
)
obj_perm.save()
@ -245,7 +245,7 @@ class ViewTestCases:
# Assign object-level permission
obj_perm = ObjectPermission(
attrs={'pk__gt': 0}, # Dummy permission to allow all
constraints={'pk__gt': 0}, # Dummy permission to allow all
actions=['add']
)
obj_perm.save()
@ -265,7 +265,7 @@ class ViewTestCases:
self.assertInstanceEqual(self.model.objects.order_by('pk').last(), self.form_data)
# Nullify ObjectPermission to disallow new object creation
obj_perm.attrs = {'pk': 0}
obj_perm.constraints = {'pk': 0}
obj_perm.save()
# Try to create a non-permitted object
@ -328,7 +328,7 @@ class ViewTestCases:
# Assign object-level permission
obj_perm = ObjectPermission(
attrs={'pk': instance1.pk},
constraints={'pk': instance1.pk},
actions=['change']
)
obj_perm.save()
@ -406,7 +406,7 @@ class ViewTestCases:
# Assign object-level permission
obj_perm = ObjectPermission(
attrs={'pk': instance1.pk},
constraints={'pk': instance1.pk},
actions=['delete']
)
obj_perm.save()
@ -480,7 +480,7 @@ class ViewTestCases:
# Add object-level permission
obj_perm = ObjectPermission(
attrs={'pk': instance1.pk},
constraints={'pk': instance1.pk},
actions=['view']
)
obj_perm.save()
@ -579,7 +579,7 @@ class ViewTestCases:
# Assign object-level permission
obj_perm = ObjectPermission(
attrs={'pk__gt': 0}, # Dummy permission to allow all
constraints={'pk__gt': 0}, # Dummy permission to allow all
actions=['add']
)
obj_perm.save()
@ -651,7 +651,7 @@ class ViewTestCases:
# Assign object-level permission
obj_perm = ObjectPermission(
attrs={'pk__in': list(pk_list)},
constraints={'pk__in': list(pk_list)},
actions=['change']
)
obj_perm.save()
@ -718,7 +718,7 @@ class ViewTestCases:
# Assign object-level permission
obj_perm = ObjectPermission(
attrs={'pk__in': list(pk_list)},
constraints={'pk__in': list(pk_list)},
actions=['delete']
)
obj_perm.save()