Merge pull request #497 from ryanmerolle/startup-scripts-2.10+

user, group, & permissions fix
This commit is contained in:
Tobias Genannt 2021-04-27 09:05:14 +02:00 committed by GitHub
commit fd55ec220c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 127 additions and 80 deletions

View File

@ -1,15 +1,3 @@
## To list all permissions, run:
##
## docker-compose run --rm --entrypoint /bin/bash netbox
## $ ./manage.py migrate
## $ ./manage.py shell
## > from django.contrib.auth.models import Permission
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
##
## Permission lists support wildcards. See the examples below.
##
## Examples:
# applications: # applications:
# users: # users:
# - technical_user # - technical_user
@ -19,17 +7,3 @@
# writers: # writers:
# users: # users:
# - writer # - writer
# permissions:
# - delete_device
# - delete_virtualmachine
# - add_*
# - change_*
# vm_managers:
# permissions:
# - '*_virtualmachine'
# device_managers:
# permissions:
# - '*device*'
# creators:
# permissions:
# - add_*

View File

@ -0,0 +1,48 @@
# all.ro:
# actions:
# - view
# description: 'Read Only for All Objects'
# enabled: true
# groups:
# - applications
# - readers
# object_types: all
# users:
# - jdoe
# all.rw:
# actions:
# - add
# - change
# - delete
# - view
# description: 'Read/Write for All Objects'
# enabled: true
# groups:
# - writers
# object_types: all
# network_team.rw:
# actions:
# - add
# - change
# - delete
# - view
# description: "Network Team Permissions"
# enabled: true
# object_types:
# circuits:
# - circuit
# - circuittermination
# - circuittype
# - provider
# dcim: all
# ipam:
# - aggregate
# - ipaddress
# - prefix
# - rir
# - role
# - routetarget
# - service
# - vlan
# - vlangroup
# - vrf

View File

@ -1,23 +1,14 @@
## To list all permissions, run:
##
## docker-compose run --rm --entrypoint /bin/bash netbox
## $ ./manage.py migrate
## $ ./manage.py shell
## > from django.contrib.auth.models import Permission
## > print('\n'.join([p.codename for p in Permission.objects.all()]))
##
## Permission lists support wildcards. See the examples below.
##
## Examples:
# technical_user: # technical_user:
# api_token: 0123456789technicaluser789abcdef01234567 # must be looooong! # api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
# reader: # reader:
# password: reader # password: reader
# writer: # writer:
# password: writer # password: writer
# permissions: # jdoe:
# - delete_device # first_name: John
# - delete_virtualmachine # last_name: Doe
# - add_* # api_token: 0123456789jdoe789abcdef01234567jdoe
# - change_* # is_active: True
# is_superuser: False
# is_staff: False
# email: john.doe@example.com

View File

@ -1,7 +1,7 @@
import sys import sys
from django.contrib.auth.models import User from django.contrib.auth.models import User
from startup_script_utils import load_yaml, set_permissions from startup_script_utils import load_yaml
from users.models import Token from users.models import Token
users = load_yaml("/opt/netbox/initializers/users.yml") users = load_yaml("/opt/netbox/initializers/users.yml")
@ -19,6 +19,3 @@ for username, user_details in users.items():
if user_details.get("api_token", 0): if user_details.get("api_token", 0):
Token.objects.create(user=user, key=user_details["api_token"]) Token.objects.create(user=user, key=user_details["api_token"])
yaml_permissions = user_details.get("permissions", [])
set_permissions(user.user_permissions, yaml_permissions)

View File

@ -1,23 +1,23 @@
import sys import sys
from django.contrib.auth.models import Group, User from startup_script_utils import load_yaml
from startup_script_utils import load_yaml, set_permissions from users.models import AdminGroup, AdminUser
groups = load_yaml("/opt/netbox/initializers/groups.yml") groups = load_yaml("/opt/netbox/initializers/groups.yml")
if groups is None: if groups is None:
sys.exit() sys.exit()
for groupname, group_details in groups.items(): for groupname, group_details in groups.items():
group, created = Group.objects.get_or_create(name=groupname) group, created = AdminGroup.objects.get_or_create(name=groupname)
if created: if created:
print("👥 Created group", groupname) print("👥 Created group", groupname)
for username in group_details.get("users", []): for username in group_details.get("users", []):
user = User.objects.get(username=username) user = AdminUser.objects.get(username=username)
if user: if user:
user.groups.add(group) group.user_set.add(user)
print(" 👤 Assigned user %s to group %s" % (username, AdminGroup.name))
yaml_permissions = group_details.get("permissions", []) group.save()
set_permissions(group.permissions, yaml_permissions)

View File

@ -0,0 +1,60 @@
import sys
from django.contrib.contenttypes.models import ContentType
from startup_script_utils import load_yaml
from users.models import AdminGroup, AdminUser, ObjectPermission
object_permissions = load_yaml("/opt/netbox/initializers/object_permissions.yml")
if object_permissions is None:
sys.exit()
for permission_name, permission_details in object_permissions.items():
object_permission, created = ObjectPermission.objects.get_or_create(
name=permission_name,
description=permission_details["description"],
enabled=permission_details["enabled"],
actions=permission_details["actions"],
)
if permission_details.get("object_types", 0):
object_types = permission_details["object_types"]
if object_types == "all":
object_permission.object_types.set(ContentType.objects.all())
else:
for app_label, models in object_types.items():
if models == "all":
app_models = ContentType.objects.filter(app_label=app_label)
for app_model in app_models:
object_permission.object_types.add(app_model.id)
else:
# There is
for model in models:
object_permission.object_types.add(
ContentType.objects.get(app_label=app_label, model=model)
)
print("🔓 Created object permission", object_permission.name)
if permission_details.get("groups", 0):
for groupname in permission_details["groups"]:
group = AdminGroup.objects.filter(name=groupname).first()
if group:
object_permission.groups.add(group)
print(" 👥 Assigned group %s object permission of %s" % (groupname, groupname))
if permission_details.get("users", 0):
for username in permission_details["users"]:
user = AdminUser.objects.filter(username=username).first()
if user:
object_permission.users.add(user)
print(" 👤 Assigned user %s object permission of %s" % (username, groupname))
object_permission.save()

View File

@ -1,3 +1,2 @@
from .custom_fields import pop_custom_fields, set_custom_fields_values from .custom_fields import pop_custom_fields, set_custom_fields_values
from .load_yaml import load_yaml from .load_yaml import load_yaml
from .permissions import set_permissions

View File

@ -1,22 +0,0 @@
from django.contrib.auth.models import Permission
def set_permissions(subject, permission_filters):
if subject is None or permission_filters is None:
return
subject.clear()
for permission_filter in permission_filters:
if "*" in permission_filter:
permission_filter_regex = "^" + permission_filter.replace("*", ".*") + "$"
permissions = Permission.objects.filter(codename__iregex=permission_filter_regex)
print(
" ⚿ Granting",
permissions.count(),
"permissions matching '" + permission_filter + "'",
)
else:
permissions = Permission.objects.filter(codename=permission_filter)
print(" ⚿ Granting permission", permission_filter)
for permission in permissions:
subject.add(permission)