user, group, & permissions fix

Author: ryanmerolle

initializers/groups.yml

@@ -1,35 +1,9 @@
-## To list all permissions, run:
-## 
-## docker-compose run --rm --entrypoint /bin/bash netbox
-## $ ./manage.py migrate
-## $ ./manage.py shell
-## > from django.contrib.auth.models import Permission
-## > print('\n'.join([p.codename for p in Permission.objects.all()]))
-##
-## Permission lists support wildcards. See the examples below.
-##
-## Examples:
-
-# applications:
+# - name: applications
 #   users:
-#   - technical_user
-# readers:
+#     - technical_user
+# - name: readers
 #   users:
-#   - reader
-# writers:
+#     - reader
+# - name: writers
 #   users:
-#   - writer
-#   permissions:
-#   - delete_device
-#   - delete_virtualmachine
-#   - add_*
-#   - change_*
-# vm_managers:
-#   permissions:
-#   - '*_virtualmachine'
-# device_managers:
-#   permissions:
-#   - '*device*'
-# creators:
-#   permissions:
-#   - add_*
+#     - writer

initializers/object_permissions.yml

@@ -0,0 +1,22 @@
+#- name: all.ro
+#  description: 'Read Only for All Objects'
+#  enabled: true
+#  # object_types: all
+#  groups:
+#    - applications
+#    - readers
+#  actions:
+#    - view
+#- name: all.rw
+#  description: 'Read/Write for All Objects'
+#  enabled: true
+#  # object_types: all
+#  groups:
+#    - writers
+#  users:
+#    - jdoe
+#  actions:
+#    - add
+#    - change
+#    - delete
+#    - view

initializers/users.yml

@@ -1,23 +1,14 @@
-## To list all permissions, run:
-## 
-## docker-compose run --rm --entrypoint /bin/bash netbox
-## $ ./manage.py migrate
-## $ ./manage.py shell
-## > from django.contrib.auth.models import Permission
-## > print('\n'.join([p.codename for p in Permission.objects.all()]))
-##
-## Permission lists support wildcards. See the examples below.
-##
-## Examples:
-
-# technical_user:
-#   api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
-# reader:
-#   password: reader
-# writer:
-#   password: writer
-#   permissions:
-#   - delete_device
-#   - delete_virtualmachine
-#   - add_*
-#   - change_*
+#- username: technical_user
+#  api_token: 0123456789technicaluser789abcdef01234567 # must be looooong!
+#- username: reader
+#  password: reader
+#- username: writer
+#  password: writer
+#- username: jdoe
+#  first_name: John
+#  last_name: Doe
+#  api_token: 0123456789jdoe789abcdef01234567jdoe
+#  is_active: True
+#  is_superuser: False
+#  is_staff: False
+#  email: john.doe@example.com

startup_scripts/000_users.py

@@ -1,7 +1,7 @@
 import sys
 
 from django.contrib.auth.models import User
-from startup_script_utils import load_yaml, set_permissions
+from startup_script_utils import load_yaml
 from users.models import Token
 
 users = load_yaml("/opt/netbox/initializers/users.yml")
@@ -19,6 +19,3 @@
 
         if user_details.get("api_token", 0):
             Token.objects.create(user=user, key=user_details["api_token"])
-
-        yaml_permissions = user_details.get("permissions", [])
-        set_permissions(user.user_permissions, yaml_permissions)

startup_scripts/010_groups.py

@@ -1,23 +1,27 @@
 import sys
 
-from django.contrib.auth.models import Group, User
-from startup_script_utils import load_yaml, set_permissions
+from users.models import AdminGroup, AdminUser
+from startup_script_utils import load_yaml
 
 groups = load_yaml("/opt/netbox/initializers/groups.yml")
 if groups is None:
     sys.exit()
 
-for groupname, group_details in groups.items():
-    group, created = Group.objects.get_or_create(name=groupname)
+for params in groups:
+    groupname=params['name']
+
+    group, created = AdminGroup.objects.get_or_create(
+        name=groupname
+    )
 
     if created:
         print("👥 Created group", groupname)
 
-    for username in group_details.get("users", []):
-        user = User.objects.get(username=username)
+    for username in params.get("users", []):
+        user = AdminUser.objects.get(username=username)
 
         if user:
-            user.groups.add(group)
+            group.user_set.add(user)
+            print(" 👤 Assigned user %s to group %s" % (username, AdminGroup.name))
 
-    yaml_permissions = group_details.get("permissions", [])
-    set_permissions(group.permissions, yaml_permissions)
+    group.save()

startup_scripts/015_object_permissions.py

@@ -0,0 +1,44 @@
+import sys
+
+from users.models import ObjectPermission, AdminGroup, AdminUser
+from startup_script_utils import load_yaml
+from django.contrib.contenttypes.models import ContentType
+
+object_permissions = load_yaml("/opt/netbox/initializers/object_permissions.yml")
+
+if object_permissions is None:
+    sys.exit()
+
+
+for params in object_permissions:
+
+    object_permission, created = ObjectPermission.objects.get_or_create(
+        name=params['name'],
+        description=params['description'],
+        enabled=params['enabled'],
+        actions=params['actions']
+    )
+
+# Need to try to pass a list of model_name and app_label for more than just the current all objects.
+    #object_types = ContentType.objects.filter(app_label__in=params.pop("object_types"))
+    #object_permission.object_types.set(ContentType.objects.filter(app_label__in=params.pop("object_types")))
+    object_permission.object_types.set(ContentType.objects.all())
+    object_permission.save()
+
+    print("🔓 Created object permission", object_permission.name)
+
+    for groupname in params.get("groups", []):
+        group = AdminGroup.objects.get(name=groupname)
+
+        if group:
+            object_permission.groups.add(group)
+            print(" 👥 Assigned group %s object permission of %s" % (groupname, object_permission.name))
+
+    for username in params.get("users", []):
+        user = AdminUser.objects.get(username=username)
+
+        if user:
+            object_permission.users.add(user)
+            print(" 👤 Assigned user %s object permission of %s" % (username, object_permission.name))
+
+    object_permission.save()