mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

Introduce resolve_permission() utility function

Browse Source
This commit is contained in:
Jeremy Stretch
2020-05-28 10:35:59 -04:00
parent ca199cdefe
commit dc56e49410
4 changed files with 30 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
netbox/users/models.py
View File

@ -12,6 +12,7 @@ from django.db.models.signals import post_save
from django.dispatch import receiver from django.dispatch import receiver
from django.utils import timezone from django.utils import timezone
from utilities.permissions import resolve_permission
from utilities.utils import flatten_dict from utilities.utils import flatten_dict
@ -202,11 +203,9 @@ class ObjectPermissionManager(models.Manager):
Compile all ObjectPermission attributes applicable to a specific combination of user, model, and action. Returns Compile all ObjectPermission attributes applicable to a specific combination of user, model, and action. Returns
a dictionary that can be passed directly to .filter() on a QuerySet. a dictionary that can be passed directly to .filter() on a QuerySet.
""" """
app_label, codename = perm.split('.') content_type, action = resolve_permission(perm)
action, model_name = codename.split('_')
assert action in ['view', 'add', 'change', 'delete'], f"Invalid action: {action}" assert action in ['view', 'add', 'change', 'delete'], f"Invalid action: {action}"
content_type = ContentType.objects.get(app_label=app_label, model=model_name)
qs = self.get_queryset().filter( qs = self.get_queryset().filter(
Q(users=user) | Q(groups__user=user), Q(users=user) | Q(groups__user=user),
model=content_type, model=content_type,

7
netbox/utilities/auth_backends.py
View File

@ -7,6 +7,7 @@ from django.contrib.contenttypes.models import ContentType
from django.db.models import Q from django.db.models import Q
from users.models import ObjectPermission from users.models import ObjectPermission
from utilities.permissions import resolve_permission
class ObjectPermissionBackend(ModelBackend): class ObjectPermissionBackend(ModelBackend):
@ -40,7 +41,6 @@ class ObjectPermissionBackend(ModelBackend):
return user_obj._object_perm_cache return user_obj._object_perm_cache
def has_perm(self, user_obj, perm, obj=None): def has_perm(self, user_obj, perm, obj=None):
# print(f'has_perm({perm})')
app_label, codename = perm.split('.') app_label, codename = perm.split('.')
action, model_name = codename.split('_') action, model_name = codename.split('_')
@ -120,10 +120,9 @@ class RemoteUserBackend(_RemoteUserBackend):
permissions_list = [] permissions_list = []
for permission_name in settings.REMOTE_AUTH_DEFAULT_PERMISSIONS: for permission_name in settings.REMOTE_AUTH_DEFAULT_PERMISSIONS:
try: try:
app_label, codename = permission_name.split('.') content_type, action = resolve_permission(permission_name)
action, model_name = codename.split('_')
user.object_permissions.create(**{ user.object_permissions.create(**{
'model': ContentType.objects.get(app_label=app_label, model=model_name), 'model': content_type,
f'can_{action}': True f'can_{action}': True
}) })
permissions_list.append(permission_name) permissions_list.append(permission_name)

20
netbox/utilities/permissions.py
View File

@ -1,3 +1,6 @@
from django.contrib.contenttypes.models import ContentType
def get_permission_for_model(model, action): def get_permission_for_model(model, action):
""" """
Resolve the named permission for a given model (or instance) and action (e.g. view or add). Resolve the named permission for a given model (or instance) and action (e.g. view or add).
@ -13,3 +16,20 @@ def get_permission_for_model(model, action):
action, action,
model._meta.model_name model._meta.model_name
) )
def resolve_permission(name):
"""
Given a permission name, return the relevant ContentType and action. For example, "dcim.view_site" returns
(Site, "view").
:param name: Permission name in the format <app>.<action>_<model>
"""
app_label, codename = name.split('.')
action, model_name = codename.split('_')
try:
content_type = ContentType.objects.get(app_label=app_label, model=model_name)
except ContentType.DoesNotExist:
raise ValueError(f"Unknown app/model for {name}")
return content_type, action

13
netbox/utilities/testing/testcases.py
View File

@ -7,6 +7,7 @@ from django.urls import reverse, NoReverseMatch
from rest_framework.test import APIClient from rest_framework.test import APIClient
from users.models import ObjectPermission, Token from users.models import ObjectPermission, Token
from utilities.permissions import resolve_permission
from .utils import disable_warnings, post_data from .utils import disable_warnings, post_data
@ -32,11 +33,9 @@ class TestCase(_TestCase):
Assign a set of permissions to the test user. Accepts permission names in the form <app>.<action>_<model>. Assign a set of permissions to the test user. Accepts permission names in the form <app>.<action>_<model>.
""" """
for name in names: for name in names:
app_label, codename = name.split('.') ct, action = resolve_permission(name)
action, model_name = codename.split('_')
self.user.object_permissions.create(**{ self.user.object_permissions.create(**{
'model': ContentType.objects.get(app_label=app_label, model=model_name), 'model': ct,
f'can_{action}': True f'can_{action}': True
}) })
@ -45,11 +44,9 @@ class TestCase(_TestCase):
Remove a set of permissions from the test user, if assigned. Remove a set of permissions from the test user, if assigned.
""" """
for name in names: for name in names:
app_label, codename = name.split('.') ct, action = resolve_permission(name)
action, model_name = codename.split('_')
self.user.object_permissions.filter(**{ self.user.object_permissions.filter(**{
'model': ContentType.objects.get(app_label=app_label, model=model_name), 'model': ct,
f'can_{action}': True f'can_{action}': True
}).delete() }).delete()