mirror of
https://github.com/netbox-community/netbox.git
synced 2024-05-10 07:54:54 +00:00
Rename content_types to object_types
This commit is contained in:
Jeremy Stretch
@ -26,14 +26,14 @@ class ObjectPermissionBackend(ModelBackend):
|
||||
object_permissions = ObjectPermission.objects.filter(
|
||||
Q(users=user_obj) |
|
||||
Q(groups__user=user_obj)
|
||||
).prefetch_related('content_types')
|
||||
).prefetch_related('object_types')
|
||||
|
||||
# Create a dictionary mapping permissions to their attributes
|
||||
perms = dict()
|
||||
for obj_perm in object_permissions:
|
||||
for content_type in obj_perm.content_types.all():
|
||||
for object_type in obj_perm.object_types.all():
|
||||
for action in obj_perm.actions:
|
||||
perm_name = f"{content_type.app_label}.{action}_{content_type.model}"
|
||||
perm_name = f"{object_type.app_label}.{action}_{object_type.model}"
|
||||
if perm_name in perms:
|
||||
perms[perm_name].append(obj_perm.attrs)
|
||||
else:
|
||||
@ -113,12 +113,12 @@ class RemoteUserBackend(_RemoteUserBackend):
|
||||
permissions_list = []
|
||||
for permission_name, attrs in settings.REMOTE_AUTH_DEFAULT_PERMISSIONS.items():
|
||||
try:
|
||||
content_type, action = resolve_permission_ct(permission_name)
|
||||
object_type, action = resolve_permission_ct(permission_name)
|
||||
# TODO: Merge multiple actions into a single ObjectPermission per content type
|
||||
obj_perm = ObjectPermission(actions=[action], attrs=attrs)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(user)
|
||||
obj_perm.content_types.add(content_type)
|
||||
obj_perm.object_types.add(object_type)
|
||||
permissions_list.append(permission_name)
|
||||
except ValueError:
|
||||
logging.error(
|
||||
|
||||
@ -207,7 +207,7 @@ class ObjectPermissionViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Retrieve permitted object
|
||||
response = self.client.get(self.prefixes[0].get_absolute_url())
|
||||
@ -231,7 +231,7 @@ class ObjectPermissionViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Retrieve all objects. Only permitted objects should be returned.
|
||||
response = self.client.get(reverse('ipam:prefix_list'))
|
||||
@ -265,7 +265,7 @@ class ObjectPermissionViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Attempt to create a non-permitted object
|
||||
request = {
|
||||
@ -312,7 +312,7 @@ class ObjectPermissionViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Attempt to edit a non-permitted object
|
||||
request = {
|
||||
@ -355,7 +355,7 @@ class ObjectPermissionViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Delete permitted object
|
||||
request = {
|
||||
@ -403,7 +403,7 @@ class ObjectPermissionViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Attempt to create non-permitted objects
|
||||
request = {
|
||||
@ -452,7 +452,7 @@ class ObjectPermissionViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Attempt to edit non-permitted objects
|
||||
request = {
|
||||
@ -496,7 +496,7 @@ class ObjectPermissionViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Attempt to delete non-permitted object
|
||||
request = {
|
||||
@ -567,7 +567,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Retrieve permitted object
|
||||
url = reverse('ipam-api:prefix-detail', kwargs={'pk': self.prefixes[0].pk})
|
||||
@ -594,7 +594,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Retrieve all objects. Only permitted objects should be returned.
|
||||
response = self.client.get(url, **self.header)
|
||||
@ -621,7 +621,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Attempt to create a non-permitted object
|
||||
response = self.client.post(url, data, format='json', **self.header)
|
||||
@ -650,7 +650,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Attempt to edit a non-permitted object
|
||||
data = {'site': self.sites[0].pk}
|
||||
@ -685,7 +685,7 @@ class ObjectPermissionAPIViewTestCase(TestCase):
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(Prefix))
|
||||
|
||||
# Attempt to delete a non-permitted object
|
||||
url = reverse('ipam-api:prefix-detail', kwargs={'pk': self.prefixes[3].pk})
|
||||
|
||||
@ -37,13 +37,13 @@ class UserConfigInline(admin.TabularInline):
|
||||
|
||||
class ObjectPermissionInline(admin.TabularInline):
|
||||
model = AdminUser.object_permissions.through
|
||||
fields = ['content_types', 'actions', 'attrs']
|
||||
fields = ['object_types', 'actions', 'attrs']
|
||||
readonly_fields = fields
|
||||
extra = 0
|
||||
verbose_name = 'Permission'
|
||||
|
||||
def content_types(self, instance):
|
||||
return ', '.join(instance.objectpermission.content_types.values_list('model', flat=True))
|
||||
def object_types(self, instance):
|
||||
return ', '.join(instance.objectpermission.object_types.values_list('model', flat=True))
|
||||
|
||||
def actions(self, instance):
|
||||
return ', '.join(instance.objectpermission.actions)
|
||||
@ -127,8 +127,8 @@ class ObjectPermissionForm(forms.ModelForm):
|
||||
self.fields['actions'].required = False
|
||||
|
||||
# Format ContentType choices
|
||||
order_content_types(self.fields['content_types'])
|
||||
self.fields['content_types'].choices.insert(0, ('', '---------'))
|
||||
order_content_types(self.fields['object_types'])
|
||||
self.fields['object_types'].choices.insert(0, ('', '---------'))
|
||||
|
||||
# Order group and user fields
|
||||
self.fields['groups'].queryset = self.fields['groups'].queryset.order_by('name')
|
||||
@ -142,7 +142,7 @@ class ObjectPermissionForm(forms.ModelForm):
|
||||
self.instance.actions.remove(action)
|
||||
|
||||
def clean(self):
|
||||
content_types = self.cleaned_data['content_types']
|
||||
object_types = self.cleaned_data['object_types']
|
||||
attrs = self.cleaned_data['attrs']
|
||||
|
||||
# Append any of the selected CRUD checkboxes to the actions list
|
||||
@ -159,7 +159,7 @@ class ObjectPermissionForm(forms.ModelForm):
|
||||
# Validate the specified model attributes by attempting to execute a query. We don't care whether the query
|
||||
# returns anything; we just want to make sure the specified attributes are valid.
|
||||
if attrs:
|
||||
for ct in content_types:
|
||||
for ct in object_types:
|
||||
model = ct.model_class()
|
||||
try:
|
||||
model.objects.filter(**attrs).exists()
|
||||
@ -173,7 +173,7 @@ class ObjectPermissionForm(forms.ModelForm):
|
||||
class ObjectPermissionAdmin(admin.ModelAdmin):
|
||||
fieldsets = (
|
||||
('Objects', {
|
||||
'fields': ('content_types',)
|
||||
'fields': ('object_types',)
|
||||
}),
|
||||
('Assignment', {
|
||||
'fields': ('groups', 'users')
|
||||
@ -185,7 +185,7 @@ class ObjectPermissionAdmin(admin.ModelAdmin):
|
||||
'fields': ('attrs',)
|
||||
}),
|
||||
)
|
||||
filter_horizontal = ('content_types', 'groups', 'users')
|
||||
filter_horizontal = ('object_types', 'groups', 'users')
|
||||
form = ObjectPermissionForm
|
||||
list_display = [
|
||||
'list_models', 'list_users', 'list_groups', 'actions', 'attrs',
|
||||
@ -195,10 +195,10 @@ class ObjectPermissionAdmin(admin.ModelAdmin):
|
||||
]
|
||||
|
||||
def get_queryset(self, request):
|
||||
return super().get_queryset(request).prefetch_related('content_types', 'users', 'groups')
|
||||
return super().get_queryset(request).prefetch_related('object_types', 'users', 'groups')
|
||||
|
||||
def list_models(self, obj):
|
||||
return ', '.join([f"{ct}" for ct in obj.content_types.all()])
|
||||
return ', '.join([f"{ct}" for ct in obj.object_types.all()])
|
||||
list_models.short_description = 'Models'
|
||||
|
||||
def list_users(self, obj):
|
||||
|
||||
@ -22,7 +22,7 @@ class Migration(migrations.Migration):
|
||||
('id', models.AutoField(auto_created=True, primary_key=True, serialize=False)),
|
||||
('attrs', django.contrib.postgres.fields.jsonb.JSONField(blank=True, null=True)),
|
||||
('actions', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=30), size=None)),
|
||||
('content_types', models.ManyToManyField(limit_choices_to={'app_label__in': ['circuits', 'dcim', 'extras', 'ipam', 'secrets', 'tenancy', 'virtualization']}, related_name='object_permissions', to='contenttypes.ContentType')),
|
||||
('object_types', models.ManyToManyField(limit_choices_to={'app_label__in': ['circuits', 'dcim', 'extras', 'ipam', 'secrets', 'tenancy', 'virtualization']}, related_name='object_permissions', to='contenttypes.ContentType')),
|
||||
('groups', models.ManyToManyField(blank=True, related_name='object_permissions', to='auth.Group')),
|
||||
('users', models.ManyToManyField(blank=True, related_name='object_permissions', to=settings.AUTH_USER_MODEL)),
|
||||
],
|
||||
|
||||
@ -26,7 +26,7 @@ def replicate_permissions(apps, schema_editor):
|
||||
if perm.group_set.exists() or perm.user_set.exists():
|
||||
obj_perm = ObjectPermission(actions=[action])
|
||||
obj_perm.save()
|
||||
obj_perm.content_types.add(perm.content_type)
|
||||
obj_perm.object_types.add(perm.content_type)
|
||||
if perm.group_set.exists():
|
||||
obj_perm.groups.add(*list(perm.group_set.all()))
|
||||
if perm.user_set.exists():
|
||||
|
||||
@ -243,7 +243,7 @@ class ObjectPermission(models.Model):
|
||||
blank=True,
|
||||
related_name='object_permissions'
|
||||
)
|
||||
content_types = models.ManyToManyField(
|
||||
object_types = models.ManyToManyField(
|
||||
to=ContentType,
|
||||
limit_choices_to={
|
||||
'app_label__in': [
|
||||
@ -267,6 +267,6 @@ class ObjectPermission(models.Model):
|
||||
|
||||
def __str__(self):
|
||||
return '{}: {}'.format(
|
||||
', '.join(self.content_types.values_list('model', flat=True)),
|
||||
', '.join(self.object_types.values_list('model', flat=True)),
|
||||
', '.join(self.actions)
|
||||
)
|
||||
|
||||
@ -37,7 +37,7 @@ class TestCase(_TestCase):
|
||||
obj_perm = ObjectPermission(actions=[action])
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ct)
|
||||
obj_perm.object_types.add(ct)
|
||||
|
||||
#
|
||||
# Convenience methods
|
||||
@ -169,7 +169,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with model-level permission
|
||||
self.assertHttpStatus(self.client.get(instance.get_absolute_url()), 200)
|
||||
@ -185,7 +185,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET to permitted object
|
||||
self.assertHttpStatus(self.client.get(instance1.get_absolute_url()), 200)
|
||||
@ -225,7 +225,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with model-level permission
|
||||
self.assertHttpStatus(self.client.get(self._get_url('add')), 200)
|
||||
@ -250,7 +250,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with object-level permission
|
||||
self.assertHttpStatus(self.client.get(self._get_url('add')), 200)
|
||||
@ -309,7 +309,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with model-level permission
|
||||
self.assertHttpStatus(self.client.get(self._get_url('edit', instance)), 200)
|
||||
@ -333,7 +333,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with a permitted object
|
||||
self.assertHttpStatus(self.client.get(self._get_url('edit', instance1)), 200)
|
||||
@ -386,7 +386,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with model-level permission
|
||||
self.assertHttpStatus(self.client.get(self._get_url('delete', instance)), 200)
|
||||
@ -411,7 +411,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with a permitted object
|
||||
self.assertHttpStatus(self.client.get(self._get_url('delete', instance1)), 200)
|
||||
@ -463,7 +463,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with model-level permission
|
||||
self.assertHttpStatus(self.client.get(self._get_url('list')), 200)
|
||||
@ -485,7 +485,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with object-level permission
|
||||
self.assertHttpStatus(self.client.get(self._get_url('list')), 200)
|
||||
@ -515,7 +515,7 @@ class ViewTestCases:
|
||||
obj_perm = ObjectPermission(actions=['add'])
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
response = self.client.post(**request)
|
||||
self.assertHttpStatus(response, 302)
|
||||
@ -561,7 +561,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try GET with model-level permission
|
||||
self.assertHttpStatus(self.client.get(self._get_url('import')), 200)
|
||||
@ -584,7 +584,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Test import with object-level permission
|
||||
self.assertHttpStatus(self.client.post(self._get_url('import'), data), 200)
|
||||
@ -631,7 +631,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try POST with model-level permission
|
||||
self.assertHttpStatus(self.client.post(self._get_url('bulk_edit'), data), 302)
|
||||
@ -656,7 +656,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try POST with model-level permission
|
||||
self.assertHttpStatus(self.client.post(self._get_url('bulk_edit'), data), 302)
|
||||
@ -701,7 +701,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try POST with model-level permission
|
||||
self.assertHttpStatus(self.client.post(self._get_url('bulk_delete'), data), 302)
|
||||
@ -723,7 +723,7 @@ class ViewTestCases:
|
||||
)
|
||||
obj_perm.save()
|
||||
obj_perm.users.add(self.user)
|
||||
obj_perm.content_types.add(ContentType.objects.get_for_model(self.model))
|
||||
obj_perm.object_types.add(ContentType.objects.get_for_model(self.model))
|
||||
|
||||
# Try POST with object-level permission
|
||||
self.assertHttpStatus(self.client.post(self._get_url('bulk_delete'), data), 302)
|
||||
|
||||
Reference in New Issue
Block a user