Главная Обзор Помощь
Вход
LBP
/
netbox
зеркало из https://github.com/netbox-community/netbox.git
2
0
Ответвить 0
Файлы Задачи 0 Вики
Просмотр исходного кода

Introduce resolve_permission() utility function

Jeremy Stretch 5 лет назад
Родитель
ca199cdefe
Сommit
dc56e49410
4 измененных файлов с 30 добавлено и 15 удалено
Единый вид Показать статистику Diff
  1. 2 3
      netbox/users/models.py
  2. 3 4
      netbox/utilities/auth_backends.py
  3. 20 0
      netbox/utilities/permissions.py
  4. 5 8
      netbox/utilities/testing/testcases.py

+ 2 - 3
netbox/users/models.py
Просмотреть файл 

@@ -12,6 +12,7 @@ from django.db.models.signals import post_save
 
 from django.dispatch import receiver
 
 from django.dispatch import receiver
 
 from django.utils import timezone
 
 from django.utils import timezone
 
 
 
+from utilities.permissions import resolve_permission
 
 from utilities.utils import flatten_dict
 
 from utilities.utils import flatten_dict
 
 
 
 
 
@@ -202,11 +203,9 @@ class ObjectPermissionManager(models.Manager):
 
         Compile all ObjectPermission attributes applicable to a specific combination of user, model, and action. Returns
 
         Compile all ObjectPermission attributes applicable to a specific combination of user, model, and action. Returns
 
         a dictionary that can be passed directly to .filter() on a QuerySet.
 
         a dictionary that can be passed directly to .filter() on a QuerySet.
 
         """
 
         """
 
-        app_label, codename = perm.split('.')
 
-        action, model_name = codename.split('_')
 
+        content_type, action = resolve_permission(perm)
 
         assert action in ['view', 'add', 'change', 'delete'], f"Invalid action: {action}"
 
         assert action in ['view', 'add', 'change', 'delete'], f"Invalid action: {action}"
 
 
 
-        content_type = ContentType.objects.get(app_label=app_label, model=model_name)
 
         qs = self.get_queryset().filter(
 
         qs = self.get_queryset().filter(
 
             Q(users=user) | Q(groups__user=user),
 
             Q(users=user) | Q(groups__user=user),
 
             model=content_type,
 
             model=content_type,

+ 3 - 4
netbox/utilities/auth_backends.py
Просмотреть файл 

@@ -7,6 +7,7 @@ from django.contrib.contenttypes.models import ContentType
 
 from django.db.models import Q
 
 from django.db.models import Q
 
 
 
 from users.models import ObjectPermission
 
 from users.models import ObjectPermission
 
+from utilities.permissions import resolve_permission
 
 
 
 
 
 class ObjectPermissionBackend(ModelBackend):
 
 class ObjectPermissionBackend(ModelBackend):
 
@@ -40,7 +41,6 @@ class ObjectPermissionBackend(ModelBackend):
 
         return user_obj._object_perm_cache
 
         return user_obj._object_perm_cache
 
 
 
     def has_perm(self, user_obj, perm, obj=None):
 
     def has_perm(self, user_obj, perm, obj=None):
 
-        # print(f'has_perm({perm})')
 
         app_label, codename = perm.split('.')
 
         app_label, codename = perm.split('.')
 
         action, model_name = codename.split('_')
 
         action, model_name = codename.split('_')
 
 
 
@@ -120,10 +120,9 @@ class RemoteUserBackend(_RemoteUserBackend):
 
         permissions_list = []
 
         permissions_list = []
 
         for permission_name in settings.REMOTE_AUTH_DEFAULT_PERMISSIONS:
 
         for permission_name in settings.REMOTE_AUTH_DEFAULT_PERMISSIONS:
 
             try:
 
             try:
 
-                app_label, codename = permission_name.split('.')
 
-                action, model_name = codename.split('_')
 
+                content_type, action = resolve_permission(permission_name)
 
                 user.object_permissions.create(**{
 
                 user.object_permissions.create(**{
 
-                    'model': ContentType.objects.get(app_label=app_label, model=model_name),
 
+                    'model': content_type,
 
                     f'can_{action}': True
 
                     f'can_{action}': True
 
                 })
 
                 })
 
                 permissions_list.append(permission_name)
 
                 permissions_list.append(permission_name)

+ 20 - 0
netbox/utilities/permissions.py
Просмотреть файл 

@@ -1,3 +1,6 @@
 
+from django.contrib.contenttypes.models import ContentType
 
+
 
+
 
 def get_permission_for_model(model, action):
 
 def get_permission_for_model(model, action):
 
     """
 
     """
 
     Resolve the named permission for a given model (or instance) and action (e.g. view or add).
 
     Resolve the named permission for a given model (or instance) and action (e.g. view or add).
 
@@ -13,3 +16,20 @@ def get_permission_for_model(model, action):
 
         action,
 
         action,
 
         model._meta.model_name
 
         model._meta.model_name
 
     )
 
     )
 
+
 
+
 
+def resolve_permission(name):
 
+    """
 
+    Given a permission name, return the relevant ContentType and action. For example, "dcim.view_site" returns
 
+    (Site, "view").
 
+
 
+    :param name: Permission name in the format <app>.<action>_<model>
 
+    """
 
+    app_label, codename = name.split('.')
 
+    action, model_name = codename.split('_')
 
+    try:
 
+        content_type = ContentType.objects.get(app_label=app_label, model=model_name)
 
+    except ContentType.DoesNotExist:
 
+        raise ValueError(f"Unknown app/model for {name}")
 
+
 
+    return content_type, action

+ 5 - 8
netbox/utilities/testing/testcases.py
Просмотреть файл 

@@ -7,6 +7,7 @@ from django.urls import reverse, NoReverseMatch
 
 from rest_framework.test import APIClient
 
 from rest_framework.test import APIClient
 
 
 
 from users.models import ObjectPermission, Token
 
 from users.models import ObjectPermission, Token
 
+from utilities.permissions import resolve_permission
 
 from .utils import disable_warnings, post_data
 
 from .utils import disable_warnings, post_data
 
 
 
 
 
@@ -32,11 +33,9 @@ class TestCase(_TestCase):
 
         Assign a set of permissions to the test user. Accepts permission names in the form <app>.<action>_<model>.
 
         Assign a set of permissions to the test user. Accepts permission names in the form <app>.<action>_<model>.
 
         """
 
         """
 
         for name in names:
 
         for name in names:
 
-            app_label, codename = name.split('.')
 
-            action, model_name = codename.split('_')
 
-
 
+            ct, action = resolve_permission(name)
 
             self.user.object_permissions.create(**{
 
             self.user.object_permissions.create(**{
 
-                'model': ContentType.objects.get(app_label=app_label, model=model_name),
 
+                'model': ct,
 
                 f'can_{action}': True
 
                 f'can_{action}': True
 
             })
 
             })
 
 
 
@@ -45,11 +44,9 @@ class TestCase(_TestCase):
 
         Remove a set of permissions from the test user, if assigned.
 
         Remove a set of permissions from the test user, if assigned.
 
         """
 
         """
 
         for name in names:
 
         for name in names:
 
-            app_label, codename = name.split('.')
 
-            action, model_name = codename.split('_')
 
-
 
+            ct, action = resolve_permission(name)
 
             self.user.object_permissions.filter(**{
 
             self.user.object_permissions.filter(**{
 
-                'model': ContentType.objects.get(app_label=app_label, model=model_name),
 
+                'model': ct,
 
                 f'can_{action}': True
 
                 f'can_{action}': True
 
             }).delete()
 
             }).delete()