12589 add user group manager

2025-08-25 16:56:10 -06:00 · 2023-06-13 14:33:41 -07:00 · 2023-06-13 14:33:41 -07:00 · 540339683c
commit 540339683c
parent 4332ba0beb
3 changed files with 36 additions and 5 deletions
--- a/netbox/users/models.py
+++ b/netbox/users/models.py
@ -2,7 +2,7 @@ import binascii
 import os

 from django.conf import settings
-from django.contrib.auth.models import Group, User
+from django.contrib.auth.models import Group, GroupManager, User, UserManager
 from django.contrib.contenttypes.models import ContentType
 from django.contrib.postgres.fields import ArrayField
 from django.core.validators import MinLengthValidator
@ -52,11 +52,15 @@ class AdminUser(User):
        proxy = True


+class NetBoxUserManager(UserManager.from_queryset(RestrictedQuerySet)):
+    pass
+
+
 class NetBoxUser(User):
    """
    Proxy contrib.auth.models.User for the UI
    """
-    objects = RestrictedQuerySet.as_manager()
+    objects = NetBoxUserManager()

    class Meta:
        verbose_name = 'User'
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@ -4,7 +4,7 @@ from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import login as auth_login, logout as auth_logout, update_session_auth_hash, get_user_model
 from django.contrib.auth.mixins import LoginRequiredMixin
-from django.contrib.auth.models import update_last_login
+from django.contrib.auth.models import Group, User, update_last_login
 from django.contrib.auth.signals import user_logged_in
 from django.db.models import Count
 from django.http import HttpResponseRedirect
@ -22,6 +22,7 @@ from netbox.authentication import get_auth_backend_display, get_saml_idps
 from netbox.config import get_config
 from netbox.views import generic
 from utilities.forms import ConfirmationForm
+from utilities.permissions import get_permission_for_model
 from utilities.querysets import RestrictedQuerySet
 from utilities.views import register_model_view
 from . import filtersets, forms, tables
@ -347,12 +348,18 @@ class NetBoxUserListView(generic.ObjectListView):
    filterset_form = forms.UserFilterForm
    table = tables.UserTable

+    def get_required_permission(self):
+        return get_permission_for_model(User, 'view')
+

@register_model_view(NetBoxUser)
 class NetBoxUserView(generic.ObjectView):
    queryset = NetBoxUser.objects.all()
    template_name = 'users/user.html'

+    def get_required_permission(self):
+        return get_permission_for_model(User, 'view')
+
    def get_extra_context(self, request, instance):
        # Compile changelog table
        changelog = ObjectChange.objects.restrict(request.user, 'view').filter(user=request.user).prefetch_related(
@ -371,16 +378,27 @@ class NetBoxUserEditView(generic.ObjectEditView):
    queryset = NetBoxUser.objects.all()
    form = forms.UserForm

+    def get_required_permission(self):
+        # self._permission_action is set by dispatch() to either "add" or "change" depending on whether
+        # we are modifying an existing object or creating a new one.
+        return get_permission_for_model(User, self._permission_action)
+

@register_model_view(NetBoxUser, 'delete')
 class NetBoxUserDeleteView(generic.ObjectDeleteView):
    queryset = NetBoxUser.objects.all()

+    def get_required_permission(self):
+        return get_permission_for_model(User, 'delete')
+

 class NetBoxUserBulkImportView(generic.BulkImportView):
    queryset = NetBoxUser.objects.all()
    model_form = forms.UserImportForm

+    def get_required_permission(self):
+        return get_permission_for_model(User, 'add')
+

 class NetBoxUserBulkEditView(generic.BulkEditView):
    queryset = NetBoxUser.objects.all()
@ -388,12 +406,19 @@ class NetBoxUserBulkEditView(generic.BulkEditView):
    table = tables.UserTable
    form = forms.UserBulkEditForm

+    def get_required_permission(self):
+        return get_permission_for_model(User, 'change')
+

 class NetBoxUserBulkDeleteView(generic.BulkDeleteView):
    queryset = NetBoxUser.objects.all()
    filterset = filtersets.UserFilterSet
    table = tables.UserTable

+    def get_required_permission(self):
+        return get_permission_for_model(User, 'delete')
+
+
 #
 # Groups
 #
--- a/netbox/utilities/querysets.py
+++ b/netbox/utilities/querysets.py
@ -1,3 +1,4 @@
+from django.contrib.contenttypes.models import ContentType
 from django.db.models import Prefetch, QuerySet

 from users.constants import CONSTRAINT_TOKEN_USER
@ -46,8 +47,9 @@ class RestrictedQuerySet(QuerySet):
        :param action: The action which must be permitted (e.g. "view" for "dcim.view_site"); default is 'view'
        """
        # Resolve the full name of the required permission
-        app_label = self.model._meta.app_label
-        model_name = self.model._meta.model_name
+        ct = ContentType.objects.get_for_model(self.model)
+        app_label = ct.app_label
+        model_name = ct.model
        permission_required = f'{app_label}.{action}_{model_name}'

        # Bypass restriction for superusers and exempt views