From 474ca9e78f3db98fc945f46291c75db3fc5e9b4d Mon Sep 17 00:00:00 2001
From: ryanmerolle <ryan.merolle@gmail.com>
Date: Sun, 25 Apr 2021 16:31:50 -0400
Subject: [PATCH] fully working object permissions

---
 initializers/object_permissions.yml       | 70 ++++++++++++++++-------
 startup_scripts/015_object_permissions.py | 24 ++++++--
 2 files changed, 67 insertions(+), 27 deletions(-)

diff --git a/initializers/object_permissions.yml b/initializers/object_permissions.yml
index 5daa981..332011f 100644
--- a/initializers/object_permissions.yml
+++ b/initializers/object_permissions.yml
@@ -1,22 +1,48 @@
-#- name: all.ro
-#  description: 'Read Only for All Objects'
-#  enabled: true
-#  # object_types: all
-#  groups:
-#    - applications
-#    - readers
-#  actions:
-#    - view
-#- name: all.rw
-#  description: 'Read/Write for All Objects'
-#  enabled: true
-#  # object_types: all
-#  groups:
-#    - writers
-#  users:
-#    - jdoe
-#  actions:
-#    - add
-#    - change
-#    - delete
-#    - view
+# all.ro:
+#   actions:
+#     - view
+#   description: 'Read Only for All Objects'
+#   enabled: true
+#   groups:
+#     - applications
+#     - readers
+#   object_types: all
+#   users:
+#     - jdoe
+# all.rw:
+#   actions:
+#     - add
+#     - change
+#     - delete
+#     - view
+#   description: 'Read/Write for All Objects'
+#   enabled: true
+#   groups:
+#     - writers
+#   object_types: all
+# network_team.rw:
+#   actions:
+#     - add
+#     - change
+#     - delete
+#     - view
+#   description: "Network Team Permissions"
+#   enabled: true
+#   object_types:
+#     circuits:
+#       - circuit
+#       - circuittermination
+#       - circuittype
+#       - provider
+#     dcim: all
+#     ipam:
+#       - aggregate
+#       - ipaddress
+#       - prefix
+#       - rir
+#       - role
+#       - routetarget
+#       - service
+#       - vlan
+#       - vlangroup
+#       - vrf
diff --git a/startup_scripts/015_object_permissions.py b/startup_scripts/015_object_permissions.py
index af9f844..c17ce84 100644
--- a/startup_scripts/015_object_permissions.py
+++ b/startup_scripts/015_object_permissions.py
@@ -19,11 +19,25 @@ for permission_name, permission_details in object_permissions.items():
         actions=permission_details["actions"],
     )
 
-    # Need to try to pass a list of model_name and app_label for more than the current ALL
-    # object_types = ContentType.objects.filter(app_label__in=permission_details["object_types"])
-    # object_permission.object_types.set(ContentType.objects.filter(app_label__in=permission_details"object_types"]))
-    object_permission.object_types.set(ContentType.objects.all())
-    object_permission.save()
+    if permission_details.get("object_types", 0):
+        object_types = permission_details["object_types"]
+
+        if object_types == "all":
+            object_permission.object_types.set(ContentType.objects.all())
+
+        else:
+            for app_label, models in object_types.items():
+                if models == "all":
+                    app_models = ContentType.objects.filter(app_label=app_label)
+
+                    for app_model in app_models:
+                        object_permission.object_types.add(app_model.id)
+                else:
+                    # There is
+                    for model in models:
+                        object_permission.object_types.add(
+                            ContentType.objects.get(app_label=app_label, model=model)
+                        )
 
     print("🔓 Created object permission", object_permission.name)