Coverage for sm / utils_permissions.py: 79%

24 statements  

« prev     ^ index     » next       coverage.py v7.13.5, created at 2026-04-17 13:46 +0000

1from django.contrib.auth.models import Group, Permission 

2from django.contrib.contenttypes.models import ContentType 

3from typing import List, Tuple 

4import logging 

5 

6logger = logging.getLogger(__name__) 

7 

8 

9def get_group_permissions_for_model( 

10 app_label: str, model_name: str = "model" 

11) -> List[Permission]: 

12 """ 

13 Returns the standard permissions (view, add, change, delete) for a model. 

14 """ 

15 try: 

16 ct = ContentType.objects.get(app_label=app_label, model=model_name) 

17 return list(Permission.objects.filter(content_type=ct)) 

18 except ContentType.DoesNotExist: 

19 logger.warning(f"ContentType for {app_label}.{model_name} not found.") 

20 return [] 

21 

22 

23def assign_group_permissions(group: Group, permissions: List[Permission]) -> None: 

24 """ 

25 Assigns a list of permissions to a group. 

26 """ 

27 group.permissions.add(*permissions) 

28 

29 

30def sync_group_permissions(group: Group, grant_all: bool = False) -> None: 

31 """ 

32 Ensures a group has at least basic view permissions for the core models 

33 so multi-tenancy works as expected. 

34 If grant_all is True, also grants add, change, and delete permissions. 

35 """ 

36 app_models: List[Tuple[str, str]] = [ 

37 ("server", "model"), 

38 ("cluster", "model"), 

39 ("domain", "model"), 

40 ("vendor", "model"), 

41 ("operatingsystem", "model"), 

42 ("status", "model"), 

43 ("location", "model"), 

44 ("patchtime", "model"), 

45 ("servermodel", "model"), 

46 ("clusterpackage", "model"), 

47 ("clustersoftware", "model"), 

48 ("clusterpackagetype", "model"), 

49 ] 

50 

51 for app, model in app_models: 

52 perms = get_group_permissions_for_model(app, model) 

53 if grant_all: 

54 # Grant all permissions for this model 

55 group.permissions.add(*perms) 

56 else: 

57 # By default, give view permission to every group 

58 view_perm = next((p for p in perms if p.codename.startswith("view_")), None) 

59 if view_perm: 

60 group.permissions.add(view_perm) 

61 else: 

62 logger.debug(f"View permission for {app}.{model} not found.")