Coverage for sm/utils_permissions.py: 77%

1from django.contrib.auth.models import Group, Permission

2from django.contrib.contenttypes.models import ContentType

3from typing import List, Tuple

4import logging

6logger = logging.getLogger(__name__)

9def get_group_permissions_for_model(

10 app_label: str, model_name: str = "model"

11) -> List[Permission]:

12 """

13 Returns the standard permissions (view, add, change, delete) for a model.

14 """

15 try:

16 ct = ContentType.objects.get(app_label=app_label, model=model_name)

17 return list(Permission.objects.filter(content_type=ct))

18 except ContentType.DoesNotExist:

19 logger.warning(f"ContentType for {app_label}.{model_name} not found.")

20 return []

23def assign_group_permissions(group: Group, permissions: List[Permission]) -> None:

24 """

25 Assigns a list of permissions to a group.

26 """

27 group.permissions.add(*permissions)

30def sync_group_permissions(group: Group) -> None:

31 """

32 Ensures a group has at least basic view permissions for the core models

33 so multi-tenancy works as expected.

34 """

35 app_models: List[Tuple[str, str]] = [

36 ("server", "model"),

37 ("cluster", "model"),

38 ("domain", "model"),

39 ("vendor", "model"),

40 ("operatingsystem", "model"),

41 ("status", "model"),

42 ("location", "model"),

43 ("patchtime", "model"),

44 ("servermodel", "model"),

45 ("clusterpackage", "model"),

46 ("clustersoftware", "model"),

47 ("clusterpackagetype", "model"),

48 ]

50 for app, model in app_models:

51 perms = get_group_permissions_for_model(app, model)

52 # By default, give view permission to every group

53 view_perm = next((p for p in perms if p.codename.startswith("view_")), None)

54 if view_perm:

55 group.permissions.add(view_perm)

56 else:

57 logger.debug(f"View permission for {app}.{model} not found.")

Coverage for sm / utils_permissions.py: 77%

22 statements