Simplify the aggregation of constraint sets

2025-07-21 11:37:21 -06:00 · 2020-08-07 14:09:55 -04:00 · 2020-08-07 14:09:55 -04:00 · aca3ca9d65
commit aca3ca9d65
parent 1dfed14bc9
2 changed files with 12 additions and 9 deletions
--- a/netbox/netbox/authentication.py
+++ b/netbox/netbox/authentication.py
@ -1,4 +1,5 @@
 import logging
 from collections import defaultdict
 from django.conf import settings
 from django.contrib.auth.backends import ModelBackend, RemoteUserBackend as _RemoteUserBackend
@ -30,15 +31,12 @@ class ObjectPermissionBackend(ModelBackend):
        ).prefetch_related('object_types')
        # Create a dictionary mapping permissions to their constraints
-        perms = dict()
+        perms = defaultdict(list)
        for obj_perm in object_permissions:
            for object_type in obj_perm.object_types.all():
                for action in obj_perm.actions:
                    perm_name = f"{object_type.app_label}.{action}_{object_type.model}"
-                    if perm_name in perms:
+                    perms[perm_name].extend(obj_perm.list_constraints())
                        perms[perm_name].append(obj_perm.constraints)
                    else:
                        perms[perm_name] = [obj_perm.constraints]
        return perms
@ -75,10 +73,7 @@ class ObjectPermissionBackend(ModelBackend):
        obj_perm_constraints = self.get_all_permissions(user_obj)[perm]
        constraints = Q()
        for perm_constraints in obj_perm_constraints:
-            if type(perm_constraints) is list:
+            if perm_constraints:
                for c in obj_perm_constraints:
                    constraints |= Q(**c)
            elif perm_constraints:
                constraints |= Q(**perm_constraints)
            else:
                # Found ObjectPermission with null constraints; allow model-level access
--- a/netbox/users/models.py
+++ b/netbox/users/models.py
@ -285,3 +285,11 @@ class ObjectPermission(models.Model):
    def __str__(self):
        return self.name
    def list_constraints(self):
        """
        Return all constraint sets as a list (even if only a single set is defined).
        """
        if type(self.constraints) is not list:
            return [self.constraints]
        return self.constraints