From 927a545f41b6ca8490e12de63ca0d346043884e9 Mon Sep 17 00:00:00 2001
From: Les Begnaud <lbegnaud@radersolutions.com>
Date: Thu, 5 Dec 2019 09:41:11 -0600
Subject: [PATCH] adjust groups and users startup scripts to allow custom
 codename filter

---
 initializers/groups.yml       | 14 ++++++++++----
 initializers/users.yml        |  8 ++++----
 startup_scripts/000_users.py  | 27 ++++++++++++++++++++-------
 startup_scripts/010_groups.py | 24 ++++++++++++++++++------
 4 files changed, 52 insertions(+), 21 deletions(-)

diff --git a/initializers/groups.yml b/initializers/groups.yml
index 7bdd0a7..fc9ff28 100644
--- a/initializers/groups.yml
+++ b/initializers/groups.yml
@@ -7,10 +7,16 @@
 # writers:
 #   users:
 #   - writer
+## specify explicit permission codenames or codename filter functions and filters to match on
 #   permissions:
-#   - add_device
-#   - change_device
 #   - delete_device
-#   - add_virtualmachine
-#   - change_virtualmachine
 #   - delete_virtualmachine
+#   - codename__startswith:
+#     - add_
+#     - change_
+# vm_managers:
+#   - codename__endswith:
+#     - _virtualmachine
+# creators:
+#   - codename__startswith:
+#     - add_
diff --git a/initializers/users.yml b/initializers/users.yml
index 64c005c..a7a57a3 100644
--- a/initializers/users.yml
+++ b/initializers/users.yml
@@ -4,10 +4,10 @@
 #   password: reader
 # writer:
 #   password: writer
+## specify explicit permission codenames or codename filter functions and filters to match on
 #   permissions:
-#   - add_device
-#   - change_device
 #   - delete_device
-#   - add_virtualmachine
-#   - change_virtualmachine
 #   - delete_virtualmachine
+#   - codename__startswith:
+#     - add_
+#     - change_
diff --git a/startup_scripts/000_users.py b/startup_scripts/000_users.py
index a1340a1..0037ee1 100644
--- a/startup_scripts/000_users.py
+++ b/startup_scripts/000_users.py
@@ -25,10 +25,23 @@ with file.open('r') as stream:
         if user_details.get('api_token', 0):
           Token.objects.create(user=user, key=user_details['api_token'])
 
-        user_permissions = user_details.get('permissions', [])
-        if user_permissions:
-          user.user_permissions.clear()
-          for permission_codename in user_details.get('permissions', []):
-            for permission in Permission.objects.filter(codename=permission_codename):
-              user.user_permissions.add(permission)
-          user.save()
+        yaml_permissions = user_details.get('permissions', [])
+        permission_object = user
+        if yaml_permissions:
+          permission_object.permissions.clear()
+          for yaml_permission in yaml_permissions:
+            if isinstance(yaml_permission,dict):
+              # assume this is the specific codename filter function instead of an exact codename
+              permission_codename_function = list(yaml_permission.keys())[0]
+              permission_codenames = yaml_permission[permission_codename_function]
+            else:
+              permission_codename_function = 'codename'
+              permission_codenames = list({yaml_permission})
+
+            # supports either one codename from the permissions list, or multiple codenames in a codename_function dict
+            for permission_codename in permission_codenames:
+              # supports non-unique permission codenames
+              for permission in eval('Permission.objects.filter(' + permission_codename_function + '=permission_codename)'):
+                permission_object.permissions.add(permission)
+
+          permission_object.save()
diff --git a/startup_scripts/010_groups.py b/startup_scripts/010_groups.py
index e68a5f0..49b6678 100644
--- a/startup_scripts/010_groups.py
+++ b/startup_scripts/010_groups.py
@@ -24,9 +24,21 @@ with file.open('r') as stream:
         if user:
           user.groups.add(group)
 
-      group_permissions = group_details.get('permissions', [])
-      if group_permissions:
-        group.permissions.clear()
-        for permission_codename in group_details.get('permissions', []):
-          for permission in Permission.objects.filter(codename=permission_codename):
-            group.permissions.add(permission)
+      yaml_permissions = group_details.get('permissions', [])
+      permission_object = group
+      if yaml_permissions:
+        permission_object.permissions.clear()
+        for yaml_permission in yaml_permissions:
+          if isinstance(yaml_permission,dict):
+            # assume this is the specific codename filter function instead of an exact codename
+            permission_codename_function = list(yaml_permission.keys())[0]
+            permission_codenames = yaml_permission[permission_codename_function]
+          else:
+            permission_codename_function = 'codename'
+            permission_codenames = list({yaml_permission})
+
+          # supports either one codename from the permissions list, or multiple codenames in a codename_function dict
+          for permission_codename in permission_codenames:
+            # supports non-unique permission codenames
+            for permission in eval('Permission.objects.filter(' + permission_codename_function + '=permission_codename)'):
+              permission_object.permissions.add(permission)