From 5d4ecb7f9e1de18d201afb3969f4499a5639168b Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Tue, 20 Apr 2021 17:47:49 -0400 Subject: [PATCH 01/11] user, group, & permissions fix --- initializers/groups.yml | 38 +++------------- initializers/object_permissions.yml | 22 ++++++++++ initializers/users.yml | 37 ++++++---------- startup_scripts/000_users.py | 5 +-- startup_scripts/010_groups.py | 22 ++++++---- startup_scripts/015_object_permissions.py | 44 +++++++++++++++++++ .../startup_script_utils/permissions.py | 22 ---------- 7 files changed, 100 insertions(+), 90 deletions(-) create mode 100644 initializers/object_permissions.yml create mode 100644 startup_scripts/015_object_permissions.py delete mode 100644 startup_scripts/startup_script_utils/permissions.py diff --git a/initializers/groups.yml b/initializers/groups.yml index b91ef39..45f4703 100644 --- a/initializers/groups.yml +++ b/initializers/groups.yml @@ -1,35 +1,9 @@ -## To list all permissions, run: -## -## docker-compose run --rm --entrypoint /bin/bash netbox -## $ ./manage.py migrate -## $ ./manage.py shell -## > from django.contrib.auth.models import Permission -## > print('\n'.join([p.codename for p in Permission.objects.all()])) -## -## Permission lists support wildcards. See the examples below. -## -## Examples: - -# applications: +# - name: applications # users: -# - technical_user -# readers: +# - technical_user +# - name: readers # users: -# - reader -# writers: +# - reader +# - name: writers # users: -# - writer -# permissions: -# - delete_device -# - delete_virtualmachine -# - add_* -# - change_* -# vm_managers: -# permissions: -# - '*_virtualmachine' -# device_managers: -# permissions: -# - '*device*' -# creators: -# permissions: -# - add_* +# - writer diff --git a/initializers/object_permissions.yml b/initializers/object_permissions.yml new file mode 100644 index 0000000..5daa981 --- /dev/null +++ b/initializers/object_permissions.yml @@ -0,0 +1,22 @@ +#- name: all.ro +# description: 'Read Only for All Objects' +# enabled: true +# # object_types: all +# groups: +# - applications +# - readers +# actions: +# - view +#- name: all.rw +# description: 'Read/Write for All Objects' +# enabled: true +# # object_types: all +# groups: +# - writers +# users: +# - jdoe +# actions: +# - add +# - change +# - delete +# - view diff --git a/initializers/users.yml b/initializers/users.yml index 2aea62e..5e0168d 100644 --- a/initializers/users.yml +++ b/initializers/users.yml @@ -1,23 +1,14 @@ -## To list all permissions, run: -## -## docker-compose run --rm --entrypoint /bin/bash netbox -## $ ./manage.py migrate -## $ ./manage.py shell -## > from django.contrib.auth.models import Permission -## > print('\n'.join([p.codename for p in Permission.objects.all()])) -## -## Permission lists support wildcards. See the examples below. -## -## Examples: - -# technical_user: -# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong! -# reader: -# password: reader -# writer: -# password: writer -# permissions: -# - delete_device -# - delete_virtualmachine -# - add_* -# - change_* +#- username: technical_user +# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong! +#- username: reader +# password: reader +#- username: writer +# password: writer +#- username: jdoe +# first_name: John +# last_name: Doe +# api_token: 0123456789jdoe789abcdef01234567jdoe +# is_active: True +# is_superuser: False +# is_staff: False +# email: john.doe@example.com diff --git a/startup_scripts/000_users.py b/startup_scripts/000_users.py index 66b8519..1435d81 100644 --- a/startup_scripts/000_users.py +++ b/startup_scripts/000_users.py @@ -1,7 +1,7 @@ import sys from django.contrib.auth.models import User -from startup_script_utils import load_yaml, set_permissions +from startup_script_utils import load_yaml from users.models import Token users = load_yaml("/opt/netbox/initializers/users.yml") @@ -19,6 +19,3 @@ for username, user_details in users.items(): if user_details.get("api_token", 0): Token.objects.create(user=user, key=user_details["api_token"]) - - yaml_permissions = user_details.get("permissions", []) - set_permissions(user.user_permissions, yaml_permissions) diff --git a/startup_scripts/010_groups.py b/startup_scripts/010_groups.py index 6726868..a17d004 100644 --- a/startup_scripts/010_groups.py +++ b/startup_scripts/010_groups.py @@ -1,23 +1,27 @@ import sys -from django.contrib.auth.models import Group, User -from startup_script_utils import load_yaml, set_permissions +from users.models import AdminGroup, AdminUser +from startup_script_utils import load_yaml groups = load_yaml("/opt/netbox/initializers/groups.yml") if groups is None: sys.exit() -for groupname, group_details in groups.items(): - group, created = Group.objects.get_or_create(name=groupname) +for params in groups: + groupname=params['name'] + + group, created = AdminGroup.objects.get_or_create( + name=groupname + ) if created: print("👥 Created group", groupname) - for username in group_details.get("users", []): - user = User.objects.get(username=username) + for username in params.get("users", []): + user = AdminUser.objects.get(username=username) if user: - user.groups.add(group) + group.user_set.add(user) + print(" 👤 Assigned user %s to group %s" % (username, AdminGroup.name)) - yaml_permissions = group_details.get("permissions", []) - set_permissions(group.permissions, yaml_permissions) + group.save() diff --git a/startup_scripts/015_object_permissions.py b/startup_scripts/015_object_permissions.py new file mode 100644 index 0000000..f2de75c --- /dev/null +++ b/startup_scripts/015_object_permissions.py @@ -0,0 +1,44 @@ +import sys + +from users.models import ObjectPermission, AdminGroup, AdminUser +from startup_script_utils import load_yaml +from django.contrib.contenttypes.models import ContentType + +object_permissions = load_yaml("/opt/netbox/initializers/object_permissions.yml") + +if object_permissions is None: + sys.exit() + + +for params in object_permissions: + + object_permission, created = ObjectPermission.objects.get_or_create( + name=params['name'], + description=params['description'], + enabled=params['enabled'], + actions=params['actions'] + ) + +# Need to try to pass a list of model_name and app_label for more than just the current all objects. + #object_types = ContentType.objects.filter(app_label__in=params.pop("object_types")) + #object_permission.object_types.set(ContentType.objects.filter(app_label__in=params.pop("object_types"))) + object_permission.object_types.set(ContentType.objects.all()) + object_permission.save() + + print("🔓 Created object permission", object_permission.name) + + for groupname in params.get("groups", []): + group = AdminGroup.objects.get(name=groupname) + + if group: + object_permission.groups.add(group) + print(" 👥 Assigned group %s object permission of %s" % (groupname, object_permission.name)) + + for username in params.get("users", []): + user = AdminUser.objects.get(username=username) + + if user: + object_permission.users.add(user) + print(" 👤 Assigned user %s object permission of %s" % (username, object_permission.name)) + + object_permission.save() diff --git a/startup_scripts/startup_script_utils/permissions.py b/startup_scripts/startup_script_utils/permissions.py deleted file mode 100644 index 021b0b5..0000000 --- a/startup_scripts/startup_script_utils/permissions.py +++ /dev/null @@ -1,22 +0,0 @@ -from django.contrib.auth.models import Permission - - -def set_permissions(subject, permission_filters): - if subject is None or permission_filters is None: - return - subject.clear() - for permission_filter in permission_filters: - if "*" in permission_filter: - permission_filter_regex = "^" + permission_filter.replace("*", ".*") + "$" - permissions = Permission.objects.filter(codename__iregex=permission_filter_regex) - print( - " ⚿ Granting", - permissions.count(), - "permissions matching '" + permission_filter + "'", - ) - else: - permissions = Permission.objects.filter(codename=permission_filter) - print(" ⚿ Granting permission", permission_filter) - - for permission in permissions: - subject.add(permission) From a7a5d1363763987d8c7bdcba5c3c13275593f1ba Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Tue, 20 Apr 2021 18:05:47 -0400 Subject: [PATCH 02/11] updated given linting feedback --- startup_scripts/010_groups.py | 6 ++---- startup_scripts/015_object_permissions.py | 22 +++++++++++++--------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/startup_scripts/010_groups.py b/startup_scripts/010_groups.py index a17d004..19bc2da 100644 --- a/startup_scripts/010_groups.py +++ b/startup_scripts/010_groups.py @@ -8,11 +8,9 @@ if groups is None: sys.exit() for params in groups: - groupname=params['name'] + groupname = params["name"] - group, created = AdminGroup.objects.get_or_create( - name=groupname - ) + group, created = AdminGroup.objects.get_or_create(name=groupname) if created: print("👥 Created group", groupname) diff --git a/startup_scripts/015_object_permissions.py b/startup_scripts/015_object_permissions.py index f2de75c..02d5554 100644 --- a/startup_scripts/015_object_permissions.py +++ b/startup_scripts/015_object_permissions.py @@ -13,15 +13,15 @@ if object_permissions is None: for params in object_permissions: object_permission, created = ObjectPermission.objects.get_or_create( - name=params['name'], - description=params['description'], - enabled=params['enabled'], - actions=params['actions'] + name=params["name"], + description=params["description"], + enabled=params["enabled"], + actions=params["actions"], ) -# Need to try to pass a list of model_name and app_label for more than just the current all objects. - #object_types = ContentType.objects.filter(app_label__in=params.pop("object_types")) - #object_permission.object_types.set(ContentType.objects.filter(app_label__in=params.pop("object_types"))) + # Need to try to pass a list of model_name and app_label for more than the current ALL + # object_types = ContentType.objects.filter(app_label__in=params.pop("object_types")) + # object_permission.object_types.set(ContentType.objects.filter(app_label__in=params.pop("object_types"))) object_permission.object_types.set(ContentType.objects.all()) object_permission.save() @@ -32,13 +32,17 @@ for params in object_permissions: if group: object_permission.groups.add(group) - print(" 👥 Assigned group %s object permission of %s" % (groupname, object_permission.name)) + print( + " 👥 Assigned group %s object permission of %s" % (groupname, object_permission.name) + ) for username in params.get("users", []): user = AdminUser.objects.get(username=username) if user: object_permission.users.add(user) - print(" 👤 Assigned user %s object permission of %s" % (username, object_permission.name)) + print( + " 👤 Assigned user %s object permission of %s" % (username, object_permission.name) + ) object_permission.save() From b1bcfcbc4ef5963a584b7d784f70a08af6bc92c1 Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Wed, 21 Apr 2021 08:27:20 -0400 Subject: [PATCH 03/11] fix isort on groups & permissions scripts --- startup_scripts/010_groups.py | 2 +- startup_scripts/015_object_permissions.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/startup_scripts/010_groups.py b/startup_scripts/010_groups.py index 19bc2da..2abd1ba 100644 --- a/startup_scripts/010_groups.py +++ b/startup_scripts/010_groups.py @@ -1,7 +1,7 @@ import sys -from users.models import AdminGroup, AdminUser from startup_script_utils import load_yaml +from users.models import AdminGroup, AdminUser groups = load_yaml("/opt/netbox/initializers/groups.yml") if groups is None: diff --git a/startup_scripts/015_object_permissions.py b/startup_scripts/015_object_permissions.py index 02d5554..5b41e52 100644 --- a/startup_scripts/015_object_permissions.py +++ b/startup_scripts/015_object_permissions.py @@ -1,8 +1,8 @@ import sys -from users.models import ObjectPermission, AdminGroup, AdminUser -from startup_script_utils import load_yaml from django.contrib.contenttypes.models import ContentType +from startup_script_utils import load_yaml +from users.models import AdminGroup, AdminUser, ObjectPermission object_permissions = load_yaml("/opt/netbox/initializers/object_permissions.yml") From 744ed91e2a7a01d98d2b2ca928412d0938408e9e Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Wed, 21 Apr 2021 12:33:35 -0400 Subject: [PATCH 04/11] permissions script cleanup --- startup_scripts/startup_script_utils/__init__.py | 1 - 1 file changed, 1 deletion(-) diff --git a/startup_scripts/startup_script_utils/__init__.py b/startup_scripts/startup_script_utils/__init__.py index 2f92370..290b87b 100644 --- a/startup_scripts/startup_script_utils/__init__.py +++ b/startup_scripts/startup_script_utils/__init__.py @@ -1,3 +1,2 @@ from .custom_fields import pop_custom_fields, set_custom_fields_values from .load_yaml import load_yaml -from .permissions import set_permissions From 71d8ac10ac3ff7c3ca52d3f38dd50e79abd3e877 Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Wed, 21 Apr 2021 12:59:30 -0400 Subject: [PATCH 05/11] correct issues with users.yml spacing --- initializers/users.yml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/initializers/users.yml b/initializers/users.yml index 5e0168d..ccf106f 100644 --- a/initializers/users.yml +++ b/initializers/users.yml @@ -1,14 +1,14 @@ -#- username: technical_user -# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong! -#- username: reader -# password: reader -#- username: writer -# password: writer -#- username: jdoe -# first_name: John -# last_name: Doe -# api_token: 0123456789jdoe789abcdef01234567jdoe -# is_active: True -# is_superuser: False -# is_staff: False -# email: john.doe@example.com +# - username: technical_user +# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong! +# - username: reader +# password: reader +# - username: writer +# password: writer +# - username: jdoe +# first_name: John +# last_name: Doe +# api_token: 0123456789jdoe789abcdef01234567jdoe +# is_active: True +# is_superuser: False +# is_staff: False +# email: john.doe@example.com From a1e0c52825870a0c47ac0f7bbf83a62a7dfb87c3 Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Sat, 24 Apr 2021 10:41:06 -0400 Subject: [PATCH 06/11] revert startup scripts to use key for object name --- initializers/groups.yml | 6 +++--- initializers/users.yml | 8 ++++---- startup_scripts/010_groups.py | 6 ++---- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/initializers/groups.yml b/initializers/groups.yml index 45f4703..15213a6 100644 --- a/initializers/groups.yml +++ b/initializers/groups.yml @@ -1,9 +1,9 @@ -# - name: applications +# applications: # users: # - technical_user -# - name: readers +# readers: # users: # - reader -# - name: writers +# writers: # users: # - writer diff --git a/initializers/users.yml b/initializers/users.yml index ccf106f..c163d50 100644 --- a/initializers/users.yml +++ b/initializers/users.yml @@ -1,10 +1,10 @@ -# - username: technical_user +# technical_user: # api_token: 0123456789technicaluser789abcdef01234567 # must be looooong! -# - username: reader +# reader: # password: reader -# - username: writer +# writer: # password: writer -# - username: jdoe +# jdoe: # first_name: John # last_name: Doe # api_token: 0123456789jdoe789abcdef01234567jdoe diff --git a/startup_scripts/010_groups.py b/startup_scripts/010_groups.py index 2abd1ba..39aca53 100644 --- a/startup_scripts/010_groups.py +++ b/startup_scripts/010_groups.py @@ -7,15 +7,13 @@ groups = load_yaml("/opt/netbox/initializers/groups.yml") if groups is None: sys.exit() -for params in groups: - groupname = params["name"] - +for groupname, group_details in groups.items(): group, created = AdminGroup.objects.get_or_create(name=groupname) if created: print("👥 Created group", groupname) - for username in params.get("users", []): + for username in group_details.get("users", []): user = AdminUser.objects.get(username=username) if user: From 4e31218ce64d3bf36ed3c8f6f16c69ad48373f23 Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Sun, 25 Apr 2021 11:15:46 -0400 Subject: [PATCH 07/11] update object permission conditionals --- startup_scripts/015_object_permissions.py | 46 ++++++++++++----------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/startup_scripts/015_object_permissions.py b/startup_scripts/015_object_permissions.py index 5b41e52..5d9cede 100644 --- a/startup_scripts/015_object_permissions.py +++ b/startup_scripts/015_object_permissions.py @@ -10,39 +10,41 @@ if object_permissions is None: sys.exit() -for params in object_permissions: +for permission_name, permission_details in object_permissions.items(): object_permission, created = ObjectPermission.objects.get_or_create( - name=params["name"], - description=params["description"], - enabled=params["enabled"], - actions=params["actions"], + name=permission_name, + description=permission_details["description"], + enabled=permission_details["enabled"], + actions=permission_details["actions"], ) # Need to try to pass a list of model_name and app_label for more than the current ALL - # object_types = ContentType.objects.filter(app_label__in=params.pop("object_types")) - # object_permission.object_types.set(ContentType.objects.filter(app_label__in=params.pop("object_types"))) + # object_types = ContentType.objects.filter(app_label__in=permission_details["object_types"]) + # object_permission.object_types.set(ContentType.objects.filter(app_label__in=permission_details"object_types"])) object_permission.object_types.set(ContentType.objects.all()) object_permission.save() print("🔓 Created object permission", object_permission.name) + + if permission_details.get("groups", 0): + for groupname in permission_details["groups"]: + group = AdminGroup.objects.get(name=groupname) - for groupname in params.get("groups", []): - group = AdminGroup.objects.get(name=groupname) + if group: + object_permission.groups.add(group) + print( + " 👥 Assigned group %s object permission of %s" % (groupname, object_permission.name) + ) - if group: - object_permission.groups.add(group) - print( - " 👥 Assigned group %s object permission of %s" % (groupname, object_permission.name) - ) + if permission_details.get("users", 0): + for username in permission_details["users"]: + user = AdminUser.objects.get(username=username) - for username in params.get("users", []): - user = AdminUser.objects.get(username=username) - - if user: - object_permission.users.add(user) - print( - " 👤 Assigned user %s object permission of %s" % (username, object_permission.name) - ) + if user: + object_permission.users.add(user) + print( + " 👤 Assigned user %s object permission of %s" % (username, object_permission.name) + ) object_permission.save() From 528bc17eb84bcabd7dc11cafabfbea9d2271267f Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Sun, 25 Apr 2021 11:59:13 -0400 Subject: [PATCH 08/11] correct flake8 in object_permissions.py --- startup_scripts/015_object_permissions.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/startup_scripts/015_object_permissions.py b/startup_scripts/015_object_permissions.py index 5d9cede..a4fc4a9 100644 --- a/startup_scripts/015_object_permissions.py +++ b/startup_scripts/015_object_permissions.py @@ -14,7 +14,7 @@ for permission_name, permission_details in object_permissions.items(): object_permission, created = ObjectPermission.objects.get_or_create( name=permission_name, - description=permission_details["description"], + description=permission_details["description"], enabled=permission_details["enabled"], actions=permission_details["actions"], ) @@ -26,7 +26,7 @@ for permission_name, permission_details in object_permissions.items(): object_permission.save() print("🔓 Created object permission", object_permission.name) - + if permission_details.get("groups", 0): for groupname in permission_details["groups"]: group = AdminGroup.objects.get(name=groupname) @@ -34,7 +34,7 @@ for permission_name, permission_details in object_permissions.items(): if group: object_permission.groups.add(group) print( - " 👥 Assigned group %s object permission of %s" % (groupname, object_permission.name) + " 👥 Assigned group %s object permission of %s" % (groupname, groupname) ) if permission_details.get("users", 0): @@ -44,7 +44,7 @@ for permission_name, permission_details in object_permissions.items(): if user: object_permission.users.add(user) print( - " 👤 Assigned user %s object permission of %s" % (username, object_permission.name) + " 👤 Assigned user %s object permission of %s" % (username, groupname) ) object_permission.save() From 12401f2a3f04087400645a5878d50a84b77b11a2 Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Sun, 25 Apr 2021 12:13:27 -0400 Subject: [PATCH 09/11] correct black formatting for object_permissions.py --- startup_scripts/015_object_permissions.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/startup_scripts/015_object_permissions.py b/startup_scripts/015_object_permissions.py index a4fc4a9..af9f844 100644 --- a/startup_scripts/015_object_permissions.py +++ b/startup_scripts/015_object_permissions.py @@ -33,9 +33,7 @@ for permission_name, permission_details in object_permissions.items(): if group: object_permission.groups.add(group) - print( - " 👥 Assigned group %s object permission of %s" % (groupname, groupname) - ) + print(" 👥 Assigned group %s object permission of %s" % (groupname, groupname)) if permission_details.get("users", 0): for username in permission_details["users"]: @@ -43,8 +41,6 @@ for permission_name, permission_details in object_permissions.items(): if user: object_permission.users.add(user) - print( - " 👤 Assigned user %s object permission of %s" % (username, groupname) - ) + print(" 👤 Assigned user %s object permission of %s" % (username, groupname)) object_permission.save() From 474ca9e78f3db98fc945f46291c75db3fc5e9b4d Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Sun, 25 Apr 2021 16:31:50 -0400 Subject: [PATCH 10/11] fully working object permissions --- initializers/object_permissions.yml | 70 ++++++++++++++++------- startup_scripts/015_object_permissions.py | 24 ++++++-- 2 files changed, 67 insertions(+), 27 deletions(-) diff --git a/initializers/object_permissions.yml b/initializers/object_permissions.yml index 5daa981..332011f 100644 --- a/initializers/object_permissions.yml +++ b/initializers/object_permissions.yml @@ -1,22 +1,48 @@ -#- name: all.ro -# description: 'Read Only for All Objects' -# enabled: true -# # object_types: all -# groups: -# - applications -# - readers -# actions: -# - view -#- name: all.rw -# description: 'Read/Write for All Objects' -# enabled: true -# # object_types: all -# groups: -# - writers -# users: -# - jdoe -# actions: -# - add -# - change -# - delete -# - view +# all.ro: +# actions: +# - view +# description: 'Read Only for All Objects' +# enabled: true +# groups: +# - applications +# - readers +# object_types: all +# users: +# - jdoe +# all.rw: +# actions: +# - add +# - change +# - delete +# - view +# description: 'Read/Write for All Objects' +# enabled: true +# groups: +# - writers +# object_types: all +# network_team.rw: +# actions: +# - add +# - change +# - delete +# - view +# description: "Network Team Permissions" +# enabled: true +# object_types: +# circuits: +# - circuit +# - circuittermination +# - circuittype +# - provider +# dcim: all +# ipam: +# - aggregate +# - ipaddress +# - prefix +# - rir +# - role +# - routetarget +# - service +# - vlan +# - vlangroup +# - vrf diff --git a/startup_scripts/015_object_permissions.py b/startup_scripts/015_object_permissions.py index af9f844..c17ce84 100644 --- a/startup_scripts/015_object_permissions.py +++ b/startup_scripts/015_object_permissions.py @@ -19,11 +19,25 @@ for permission_name, permission_details in object_permissions.items(): actions=permission_details["actions"], ) - # Need to try to pass a list of model_name and app_label for more than the current ALL - # object_types = ContentType.objects.filter(app_label__in=permission_details["object_types"]) - # object_permission.object_types.set(ContentType.objects.filter(app_label__in=permission_details"object_types"])) - object_permission.object_types.set(ContentType.objects.all()) - object_permission.save() + if permission_details.get("object_types", 0): + object_types = permission_details["object_types"] + + if object_types == "all": + object_permission.object_types.set(ContentType.objects.all()) + + else: + for app_label, models in object_types.items(): + if models == "all": + app_models = ContentType.objects.filter(app_label=app_label) + + for app_model in app_models: + object_permission.object_types.add(app_model.id) + else: + # There is + for model in models: + object_permission.object_types.add( + ContentType.objects.get(app_label=app_label, model=model) + ) print("🔓 Created object permission", object_permission.name) From 8678ad92ce2e2609cb39f69d73d14c2afe40f1ec Mon Sep 17 00:00:00 2001 From: ryanmerolle Date: Mon, 26 Apr 2021 09:17:25 -0400 Subject: [PATCH 11/11] update permission user & group lookup as suggested --- startup_scripts/015_object_permissions.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/startup_scripts/015_object_permissions.py b/startup_scripts/015_object_permissions.py index c17ce84..f19b6ae 100644 --- a/startup_scripts/015_object_permissions.py +++ b/startup_scripts/015_object_permissions.py @@ -43,7 +43,7 @@ for permission_name, permission_details in object_permissions.items(): if permission_details.get("groups", 0): for groupname in permission_details["groups"]: - group = AdminGroup.objects.get(name=groupname) + group = AdminGroup.objects.filter(name=groupname).first() if group: object_permission.groups.add(group) @@ -51,7 +51,7 @@ for permission_name, permission_details in object_permissions.items(): if permission_details.get("users", 0): for username in permission_details["users"]: - user = AdminUser.objects.get(username=username) + user = AdminUser.objects.filter(username=username).first() if user: object_permission.users.add(user)