Add endpoint to reset an access policy

fixes #9606
pulp · Dec 8, 2021 · 259d41c · 259d41c
1 parent da66e58
commit 259d41c
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 0 deletions.
diff --git a/CHANGES/9606.feature b/CHANGES/9606.feature
@@ -0,0 +1 @@
+Added a ``reset`` endpoint to the access policy viewset to revert to the provided default uncustomized access policy.
diff --git a/pulpcore/app/viewsets/access_policy.py b/pulpcore/app/viewsets/access_policy.py
@@ -1,10 +1,15 @@
 from django_filters.rest_framework import filters
 from rest_framework import mixins
+from rest_framework.decorators import action
+from rest_framework.response import Response
+from drf_spectacular.utils import extend_schema
 
+from pulpcore.app.apps import pulp_plugin_configs
 from pulpcore.app.models import AccessPolicy
 from pulpcore.app.serializers import AccessPolicySerializer
 from pulpcore.app.viewsets import BaseFilterSet, NamedModelViewSet
 from pulpcore.app.viewsets.base import NAME_FILTER_OPTIONS
+from pulpcore.app.util import get_view_urlpattern
 
 
 class AccessPolicyFilter(BaseFilterSet):
@@ -34,3 +39,28 @@ class AccessPolicyViewSet(
     endpoint_name = "access_policies"
     ordering = "viewset_name"
     filterset_class = AccessPolicyFilter
+
+    @extend_schema(request=None)
+    @action(detail=True, methods=["post"])
+    def reset(self, request, pk=None):
+        """
+        Reset the access policy to its uncustomized default value.
+        """
+
+        access_policy = self.get_object()
+        for plugin_config in pulp_plugin_configs():
+            for viewset_batch in plugin_config.named_viewsets.values():
+                for viewset in viewset_batch:
+                    if get_view_urlpattern(viewset) == access_policy.viewset_name:
+                        default_access_policy = viewset.DEFAULT_ACCESS_POLICY
+                        access_policy.statements = default_access_policy["statements"]
+                        access_policy.creation_hooks = default_access_policy.get(
+                            "creation_hooks"
+                        ) or default_access_policy.get("permissions_assignment")
+                        access_policy.customized = False
+                        access_policy.save()
+                        serializer = AccessPolicySerializer(
+                            access_policy, context={"request": request}
+                        )
+                        return Response(serializer.data)
+        raise RuntimeError("Viewset for access policy was not found.")