Merge pull request #236 from netbox-community/LBegnaud-master
Permission Wildcards
This commit is contained in:
commit
3717b7469a
|
@ -1,3 +1,15 @@
|
||||||
|
## To list all permissions, run:
|
||||||
|
##
|
||||||
|
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||||
|
## $ ./manage.py migrate
|
||||||
|
## $ ./manage.py shell
|
||||||
|
## > from django.contrib.auth.models import Permission
|
||||||
|
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||||
|
##
|
||||||
|
## Permission lists support wildcards. See the examples below.
|
||||||
|
##
|
||||||
|
## Examples:
|
||||||
|
|
||||||
# applications:
|
# applications:
|
||||||
# users:
|
# users:
|
||||||
# - technical_user
|
# - technical_user
|
||||||
|
@ -8,9 +20,16 @@
|
||||||
# users:
|
# users:
|
||||||
# - writer
|
# - writer
|
||||||
# permissions:
|
# permissions:
|
||||||
# - add_device
|
|
||||||
# - change_device
|
|
||||||
# - delete_device
|
# - delete_device
|
||||||
# - add_virtualmachine
|
|
||||||
# - change_virtualmachine
|
|
||||||
# - delete_virtualmachine
|
# - delete_virtualmachine
|
||||||
|
# - add_*
|
||||||
|
# - change_*
|
||||||
|
# vm_managers:
|
||||||
|
# permissions:
|
||||||
|
# - '*_virtualmachine'
|
||||||
|
# device_managers:
|
||||||
|
# permissions:
|
||||||
|
# - '*device*'
|
||||||
|
# creators:
|
||||||
|
# permissions:
|
||||||
|
# - add_*
|
||||||
|
|
|
@ -1,3 +1,15 @@
|
||||||
|
## To list all permissions, run:
|
||||||
|
##
|
||||||
|
## docker-compose run --rm --entrypoint /bin/bash netbox
|
||||||
|
## $ ./manage.py migrate
|
||||||
|
## $ ./manage.py shell
|
||||||
|
## > from django.contrib.auth.models import Permission
|
||||||
|
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
|
||||||
|
##
|
||||||
|
## Permission lists support wildcards. See the examples below.
|
||||||
|
##
|
||||||
|
## Examples:
|
||||||
|
|
||||||
# technical_user:
|
# technical_user:
|
||||||
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
|
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
|
||||||
# reader:
|
# reader:
|
||||||
|
@ -5,9 +17,7 @@
|
||||||
# writer:
|
# writer:
|
||||||
# password: writer
|
# password: writer
|
||||||
# permissions:
|
# permissions:
|
||||||
# - add_device
|
|
||||||
# - change_device
|
|
||||||
# - delete_device
|
# - delete_device
|
||||||
# - add_virtualmachine
|
|
||||||
# - change_virtualmachine
|
|
||||||
# - delete_virtualmachine
|
# - delete_virtualmachine
|
||||||
|
# - add_*
|
||||||
|
# - change_*
|
||||||
|
|
|
@ -20,15 +20,23 @@ with file.open('r') as stream:
|
||||||
username = username,
|
username = username,
|
||||||
password = user_details.get('password', 0) or User.objects.make_random_password)
|
password = user_details.get('password', 0) or User.objects.make_random_password)
|
||||||
|
|
||||||
print("👤 Created user ",username)
|
print("👤 Created user",username)
|
||||||
|
|
||||||
if user_details.get('api_token', 0):
|
if user_details.get('api_token', 0):
|
||||||
Token.objects.create(user=user, key=user_details['api_token'])
|
Token.objects.create(user=user, key=user_details['api_token'])
|
||||||
|
|
||||||
user_permissions = user_details.get('permissions', [])
|
yaml_permissions = user_details.get('permissions', [])
|
||||||
if user_permissions:
|
if yaml_permissions:
|
||||||
user.user_permissions.clear()
|
subject = user.user_permissions
|
||||||
for permission_codename in user_details.get('permissions', []):
|
subject.clear()
|
||||||
for permission in Permission.objects.filter(codename=permission_codename):
|
for yaml_permission in yaml_permissions:
|
||||||
user.user_permissions.add(permission)
|
if '*' in yaml_permission:
|
||||||
user.save()
|
permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
|
||||||
|
permissions = Permission.objects.filter(codename__iregex=permission_filter)
|
||||||
|
print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
|
||||||
|
else:
|
||||||
|
permissions = Permission.objects.filter(codename=yaml_permission)
|
||||||
|
print(" ⚿ Granting permission", yaml_permission)
|
||||||
|
|
||||||
|
for permission in permissions:
|
||||||
|
subject.add(permission)
|
||||||
|
|
|
@ -24,9 +24,18 @@ with file.open('r') as stream:
|
||||||
if user:
|
if user:
|
||||||
user.groups.add(group)
|
user.groups.add(group)
|
||||||
|
|
||||||
group_permissions = group_details.get('permissions', [])
|
yaml_permissions = group_details.get('permissions', [])
|
||||||
if group_permissions:
|
if yaml_permissions:
|
||||||
group.permissions.clear()
|
subject = group.permissions
|
||||||
for permission_codename in group_details.get('permissions', []):
|
subject.clear()
|
||||||
for permission in Permission.objects.filter(codename=permission_codename):
|
for yaml_permission in yaml_permissions:
|
||||||
group.permissions.add(permission)
|
if '*' in yaml_permission:
|
||||||
|
permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
|
||||||
|
permissions = Permission.objects.filter(codename__iregex=permission_filter)
|
||||||
|
print(" ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
|
||||||
|
else:
|
||||||
|
permissions = Permission.objects.filter(codename=yaml_permission)
|
||||||
|
print(" ⚿ Granting permission", yaml_permission)
|
||||||
|
|
||||||
|
for permission in permissions:
|
||||||
|
subject.add(permission)
|
||||||
|
|
|
@ -7,12 +7,12 @@ from os.path import dirname, abspath
|
||||||
this_dir = dirname(abspath(__file__))
|
this_dir = dirname(abspath(__file__))
|
||||||
|
|
||||||
def filename(f):
|
def filename(f):
|
||||||
return f.name
|
return f.name
|
||||||
|
|
||||||
with scandir(dirname(abspath(__file__))) as it:
|
with scandir(dirname(abspath(__file__))) as it:
|
||||||
for f in sorted(it, key = filename):
|
for f in sorted(it, key = filename):
|
||||||
if f.name.startswith('__') or not f.is_file():
|
if f.name.startswith('__') or not f.is_file():
|
||||||
continue
|
continue
|
||||||
|
|
||||||
print(f"Running {f.path}")
|
print(f"Running {f.path}")
|
||||||
runpy.run_path(f.path)
|
runpy.run_path(f.path)
|
||||||
|
|
Loading…
Reference in New Issue