Merge pull request #236 from netbox-community/LBegnaud-master

cimnine · web-flow · commit 3717b7469a5f · 2020-02-03T17:55:22.000+01:00
Permission Wildcards
diff --git a/initializers/groups.yml b/initializers/groups.yml
@@ -1,3 +1,15 @@
+## To list all permissions, run:
+## 
+## docker-compose run --rm --entrypoint /bin/bash netbox
+## $ ./manage.py migrate
+## $ ./manage.py shell
+## > from django.contrib.auth.models import Permission
+## > print('\n'.join([p.codename for p in Permission.objects.all()]))
+##
+## Permission lists support wildcards. See the examples below.
+##
+## Examples:
+
 # applications:
 #   users:
 #   - technical_user
@@ -8,9 +20,16 @@
 #   users:
 #   - writer
 #   permissions:
-#   - add_device
-#   - change_device
 #   - delete_device
-#   - add_virtualmachine
-#   - change_virtualmachine
 #   - delete_virtualmachine
+#   - add_*
+#   - change_*
+# vm_managers:
+#   permissions:
+#   - '*_virtualmachine'
+# device_managers:
+#   permissions:
+#   - '*device*'
+# creators:
+#   permissions:
+#   - add_*
diff --git a/initializers/users.yml b/initializers/users.yml
@@ -1,13 +1,23 @@
+## To list all permissions, run:
+## 
+## docker-compose run --rm --entrypoint /bin/bash netbox
+## $ ./manage.py migrate
+## $ ./manage.py shell
+## > from django.contrib.auth.models import Permission
+## > print('\n'.join([p.codename for p in Permission.objects.all()]))
+##
+## Permission lists support wildcards. See the examples below.
+##
+## Examples:
+
 # technical_user:
 #   api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
 # reader:
 #   password: reader
 # writer:
 #   password: writer
 #   permissions:
-#   - add_device
-#   - change_device
 #   - delete_device
-#   - add_virtualmachine
-#   - change_virtualmachine
 #   - delete_virtualmachine
+#   - add_*
+#   - change_*
diff --git a/startup_scripts/000_users.py b/startup_scripts/000_users.py
@@ -20,15 +20,23 @@
           username = username,
           password = user_details.get('password', 0) or User.objects.make_random_password)
 
-        print("👤 Created user ",username)
+        print("👤 Created user",username)
 
         if user_details.get('api_token', 0):
           Token.objects.create(user=user, key=user_details['api_token'])
 
-        user_permissions = user_details.get('permissions', [])
-        if user_permissions:
-          user.user_permissions.clear()
-          for permission_codename in user_details.get('permissions', []):
-            for permission in Permission.objects.filter(codename=permission_codename):
-              user.user_permissions.add(permission)
-          user.save()
+        yaml_permissions = user_details.get('permissions', [])
+        if yaml_permissions:
+          subject = user.user_permissions
+          subject.clear()
+          for yaml_permission in yaml_permissions:
+            if '*' in yaml_permission:
+              permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
+              permissions = Permission.objects.filter(codename__iregex=permission_filter)
+              print("  ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
+            else:
+              permissions = Permission.objects.filter(codename=yaml_permission)
+              print("  ⚿ Granting permission", yaml_permission)
+            
+            for permission in permissions:
+              subject.add(permission)
diff --git a/startup_scripts/010_groups.py b/startup_scripts/010_groups.py
@@ -24,9 +24,18 @@
         if user:
           user.groups.add(group)
 
-      group_permissions = group_details.get('permissions', [])
-      if group_permissions:
-        group.permissions.clear()
-        for permission_codename in group_details.get('permissions', []):
-          for permission in Permission.objects.filter(codename=permission_codename):
-            group.permissions.add(permission)
+      yaml_permissions = group_details.get('permissions', [])
+      if yaml_permissions:
+        subject = group.permissions
+        subject.clear()
+        for yaml_permission in yaml_permissions:
+          if '*' in yaml_permission:
+            permission_filter = '^' + yaml_permission.replace('*','.*') + '$'
+            permissions = Permission.objects.filter(codename__iregex=permission_filter)
+            print("  ⚿ Granting", permissions.count(), "permissions matching '" + yaml_permission + "'")
+          else:
+            permissions = Permission.objects.filter(codename=yaml_permission)
+            print("  ⚿ Granting permission", yaml_permission)
+
+          for permission in permissions:
+            subject.add(permission)
diff --git a/startup_scripts/__main__.py b/startup_scripts/__main__.py
@@ -7,12 +7,12 @@
 this_dir = dirname(abspath(__file__))
 
 def filename(f):
-    return f.name
+  return f.name
 
 with scandir(dirname(abspath(__file__))) as it:
-    for f in sorted(it, key = filename):
-        if f.name.startswith('__') or not f.is_file():
-            continue
-        
-        print(f"Running {f.path}")
-        runpy.run_path(f.path)
+  for f in sorted(it, key = filename):
+    if f.name.startswith('__') or not f.is_file():
+      continue
+      
+    print(f"Running {f.path}")
+    runpy.run_path(f.path)
