Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
steering
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container Registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
AURA
steering
Commits
f3bc9744
Verified
Commit
f3bc9744
authored
8 months ago
by
Ernesto Rico Schmidt
Browse files
Options
Downloads
Patches
Plain Diff
feat: update the default set of permissions and how they’re added
parent
15304233
No related branches found
No related tags found
No related merge requests found
Pipeline
#8380
canceled
8 months ago
Stage: check
Stage: test
Stage: build
Stage: deploy
Stage: release
Changes
1
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
program/management/commands/addpermissions.py
+46
-43
46 additions, 43 deletions
program/management/commands/addpermissions.py
with
46 additions
and
43 deletions
program/management/commands/addpermissions.py
+
46
−
43
View file @
f3bc9744
from
django.conf
import
settings
from
django.conf
import
settings
from
django.contrib.auth.models
import
Group
,
Permission
from
django.contrib.auth.models
import
Group
,
Permission
from
django.core.management.base
import
BaseCommand
from
django.core.management.base
import
BaseCommand
from
django.db.models
import
QuerySet
from
django.db.models
import
Q
,
QuerySet
PERMISSIONS
=
{
settings
.
PRIVILEGED_GROUP
:
{
"
app
"
:
Permission
.
objects
.
filter
(
~
Q
(
codename__startswith
=
"
edit
"
),
content_type__app_label
=
"
program
"
,
),
"
custom_add
"
:
Permission
.
objects
.
filter
(
codename__startswith
=
"
add__
"
,
content_type__model
=
"
playlist
"
,
),
"
custom_display
"
:
Permission
.
objects
.
filter
(
codename
=
"
display__show__internal_note
"
),
"
custom_update
"
:
Permission
.
objects
.
filter
(
codename__startswith
=
"
update
"
,
content_type__model__in
=
[
"
host
"
,
"
note
"
,
"
show
"
],
),
},
settings
.
ENTITLED_GROUPS
[
0
]:
{
"
default_note_notelink
"
:
Permission
.
objects
.
filter
(
~
Q
(
codename__startswith
=
"
create
"
),
~
Q
(
codename__startswith
=
"
edit
"
),
~
Q
(
codename__startswith
=
"
update
"
),
content_type__model__in
=
[
"
note
"
,
"
notelink
"
],
),
},
settings
.
ENTITLED_GROUPS
[
1
]:
{
"
extra_change
"
:
Permission
.
objects
.
filter
(
codename__startswith
=
"
change
"
,
content_type__model__in
=
[
"
host
"
,
"
note
"
,
"
show
"
],
),
"
custom_add
"
:
Permission
.
objects
.
filter
(
~
Q
(
codename__startswith
=
"
add__m3ufile
"
),
codename__startswith
=
"
add__
"
,
content_type__model
=
"
playlist
"
,
),
"
custom_edit
"
:
Permission
.
objects
.
filter
(
codename__startswith
=
"
edit
"
,
content_type__model__in
=
[
"
host
"
,
"
note
"
,
"
show
"
],
),
},
}
class
Command
(
BaseCommand
):
class
Command
(
BaseCommand
):
...
@@ -14,46 +55,8 @@ class Command(BaseCommand):
...
@@ -14,46 +55,8 @@ class Command(BaseCommand):
self
.
stdout
.
write
(
self
.
style
.
SUCCESS
(
str
(
len
(
permissions
))))
self
.
stdout
.
write
(
self
.
style
.
SUCCESS
(
str
(
len
(
permissions
))))
def
handle
(
self
,
*
args
,
**
options
):
def
handle
(
self
,
*
args
,
**
options
):
privileged_group
=
Group
.
objects
.
get
(
name
=
settings
.
PRIVILEGED_GROUP
)
for
group_name
in
PERMISSIONS
:
host_group
=
Group
.
objects
.
get
(
name
=
settings
.
ENTITLED_GROUPS
[
0
])
group
=
Group
.
objects
.
get
(
name
=
group_name
)
host_plus_group
=
Group
.
objects
.
get
(
name
=
settings
.
ENTITLED_GROUPS
[
1
])
app_permissions
=
Permission
.
objects
.
filter
(
content_type__app_label
=
"
program
"
).
exclude
(
for
name
,
permissions
in
PERMISSIONS
[
group_name
].
items
():
codename__startswith
=
"
edit
"
self
.
add_permissions
(
group
,
permissions
,
name
)
)
default_model_permissions
=
(
Permission
.
objects
.
filter
(
content_type__model__in
=
[
"
note
"
,
"
notelink
"
])
.
exclude
(
codename__startswith
=
"
edit
"
)
.
exclude
(
codename__startswith
=
"
create
"
)
.
exclude
(
codename__startswith
=
"
update
"
)
)
change_permissions
=
Permission
.
objects
.
filter
(
codename__startswith
=
"
change
"
,
content_type__model__in
=
[
"
host
"
,
"
note
"
,
"
show
"
]
)
edit_permissions
=
Permission
.
objects
.
filter
(
codename__startswith
=
"
edit
"
,
content_type__model__in
=
[
"
host
"
,
"
note
"
,
"
show
"
]
)
create_permissions
=
Permission
.
objects
.
filter
(
codename__startswith
=
"
create
"
,
content_type__model__in
=
[
"
note
"
]
)
update_permissions
=
Permission
.
objects
.
filter
(
codename__startswith
=
"
update
"
,
content_type__model__in
=
[
"
host
"
,
"
note
"
,
"
show
"
]
)
custom_add_permissions
=
Permission
.
objects
.
filter
(
codename__startswith
=
"
add__
"
,
content_type__model
=
"
playlist
"
)
self
.
add_permissions
(
privileged_group
,
app_permissions
,
"
default app level
"
)
self
.
add_permissions
(
privileged_group
,
edit_permissions
,
"
custom edit field
"
)
self
.
add_permissions
(
privileged_group
,
create_permissions
,
"
custom create
"
)
self
.
add_permissions
(
privileged_group
,
update_permissions
,
"
custom update
"
)
self
.
add_permissions
(
privileged_group
,
custom_add_permissions
,
"
custom add
"
)
self
.
add_permissions
(
host_group
,
default_model_permissions
,
"
default model
"
)
self
.
add_permissions
(
host_plus_group
,
change_permissions
,
"
default change
"
)
self
.
add_permissions
(
host_plus_group
,
edit_permissions
,
"
custom edit field
"
)
self
.
add_permissions
(
host_plus_group
,
custom_add_permissions
.
exclude
(
codename
=
"
add__m3ufile
"
),
"
custom add
"
)
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
