-
Notifications
You must be signed in to change notification settings - Fork 48
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[feature] Created default permissions for the default groups #55
Closes #55
- Loading branch information
1 parent
bcde169
commit 921be06
Showing
4 changed files
with
108 additions
and
0 deletions.
There are no files selected for viewing
17 changes: 17 additions & 0 deletions
17
openwisp_ipam/migrations/0005_default_groups_permissions.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
from django.db import migrations | ||
|
||
from openwisp_ipam.migrations import assign_permissions_to_groups | ||
|
||
|
||
class Migration(migrations.Migration): | ||
|
||
dependencies = [ | ||
('openwisp_users', '0004_default_groups'), | ||
('openwisp_ipam', '0004_subnet_organization_unique_together'), | ||
] | ||
|
||
operations = [ | ||
migrations.RunPython( | ||
assign_permissions_to_groups, reverse_code=migrations.RunPython.noop | ||
), | ||
] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
from django.contrib.auth.management import create_permissions | ||
from django.contrib.auth.models import Permission | ||
|
||
|
||
def create_default_permissions(apps, schema_editor): | ||
for app_config in apps.get_app_configs(): | ||
app_config.models_module = True | ||
create_permissions(app_config, apps=apps, verbosity=0) | ||
app_config.models_module = None | ||
|
||
|
||
def assign_permissions_to_groups(apps, schema_editor): | ||
create_default_permissions(apps, schema_editor) | ||
admins_can_manage = ['subnet', 'ipaddress'] | ||
operators_can_manage = ['ipaddress'] | ||
manage_operations = ['add', 'change', 'delete', 'view'] | ||
Group = apps.get_model('openwisp_users', 'Group') | ||
|
||
try: | ||
admin = Group.objects.get(name='Administrator') | ||
operator = Group.objects.get(name='Operator') | ||
except Group.DoesNotExist: | ||
return | ||
|
||
# Administrator - Can managae both ipaddress and subnet | ||
for model_name in admins_can_manage: | ||
for operation in manage_operations: | ||
permission = Permission.objects.get( | ||
codename='{}_{}'.format(operation, model_name) | ||
) | ||
admin.permissions.add(permission.pk) | ||
|
||
# Operator - Can manage ipaddress but can only `view` subnet | ||
for model_name in operators_can_manage: | ||
for operation in manage_operations: | ||
operator.permissions.add( | ||
Permission.objects.get( | ||
codename='{}_{}'.format(operation, model_name) | ||
).pk | ||
) | ||
|
||
try: | ||
permission = Permission.objects.get(codename='view_subnet') | ||
operator.permissions.add(permission.pk) | ||
except Permission.DoesNotExist: | ||
pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
tests/openwisp2/sample_ipam/migrations/0004_default_groups_permissions.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
from django.db import migrations | ||
|
||
from openwisp_ipam.migrations import assign_permissions_to_groups | ||
|
||
|
||
class Migration(migrations.Migration): | ||
dependencies = [ | ||
('sample_ipam', '0003_fix_multitenancy'), | ||
] | ||
|
||
operations = [ | ||
migrations.RunPython( | ||
assign_permissions_to_groups, reverse_code=migrations.RunPython.noop | ||
), | ||
] |