Allow the assignment of ObjectPermissions to users, groups, and permissions

2025-07-23 04:22:01 -06:00 · 2020-07-22 15:25:06 -04:00 · 2020-07-22 15:25:06 -04:00 · 7cdb0cf560
commit 7cdb0cf560
parent 798810b3dd
2 changed files with 9 additions and 8 deletions
--- a/netbox/users/migrations/0008_objectpermission.py
+++ b/netbox/users/migrations/0008_objectpermission.py
@ -22,12 +22,12 @@ class Migration(migrations.Migration):
                ('enabled', models.BooleanField(default=True)),
                ('constraints', django.contrib.postgres.fields.jsonb.JSONField(blank=True, null=True)),
                ('actions', django.contrib.postgres.fields.ArrayField(base_field=models.CharField(max_length=30), size=None)),
-                ('object_types', models.ManyToManyField(limit_choices_to={'app_label__in': ['circuits', 'dcim', 'extras', 'ipam', 'secrets', 'tenancy', 'virtualization']}, related_name='object_permissions', to='contenttypes.ContentType')),
+                ('object_types', models.ManyToManyField(limit_choices_to=models.Q(models.Q(models.Q(_negated=True, app_label__in=['admin', 'auth', 'contenttypes', 'sessions', 'taggit', 'users']), models.Q(('app_label', 'auth'), ('model__in', ['group', 'user'])), models.Q(('app_label', 'users'), ('model__in', ['objectpermission', 'token'])), _connector='OR')), related_name='object_permissions', to='contenttypes.ContentType')),
                ('groups', models.ManyToManyField(blank=True, related_name='object_permissions', to='auth.Group')),
                ('users', models.ManyToManyField(blank=True, related_name='object_permissions', to=settings.AUTH_USER_MODEL)),
            ],
            options={
-                'verbose_name': 'Permission',
+                'verbose_name': 'permission',
            },
        ),
    ]
--- a/netbox/users/models.py
+++ b/netbox/users/models.py
@ -6,6 +6,7 @@ from django.contrib.contenttypes.models import ContentType
 from django.contrib.postgres.fields import ArrayField
 from django.core.validators import MinLengthValidator
 from django.db import models
+from django.db.models import Q
 from django.db.models.signals import post_save
 from django.dispatch import receiver
 from django.utils import timezone
@ -244,11 +245,11 @@ class ObjectPermission(models.Model):
    )
    object_types = models.ManyToManyField(
        to=ContentType,
-        limit_choices_to={
-            'app_label__in': [
-                'circuits', 'dcim', 'extras', 'ipam', 'secrets', 'tenancy', 'virtualization',
-            ],
-        },
+        limit_choices_to=Q(
+            ~Q(app_label__in=['admin', 'auth', 'contenttypes', 'sessions', 'taggit', 'users']) |
+            Q(app_label='auth', model__in=['group', 'user']) |
+            Q(app_label='users', model__in=['objectpermission', 'token'])
+        ),
        related_name='object_permissions'
    )
    groups = models.ManyToManyField(
@ -274,7 +275,7 @@ class ObjectPermission(models.Model):
    objects = RestrictedQuerySet.as_manager()

    class Meta:
-        verbose_name = "Permission"
+        verbose_name = "permission"

    def __str__(self):
        if self.name: