Skip to content

Commit

Permalink
Add role-based access control
Browse files Browse the repository at this point in the history 
closes #331
  • Loading branch information
@lubosmj @git-hyagi
lubosmj authored and git-hyagi committed Feb 5, 2024
1 parent 720412c commit b363eaf
Show file tree
Hide file tree
Showing 5 changed files with 550 additions and 14 deletions.
1 change: 1 addition & 0 deletions CHANGES/331.feature
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Added role-based access control.
25 changes: 25 additions & 0 deletions pulp_ostree/app/migrations/0007_add_model_permissions.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Generated by Django 4.2.9 on 2024-02-02 12:14

from django.db import migrations


class Migration(migrations.Migration):

dependencies = [
('ostree', '0006_alter_pointers_to_related_models_globally'),
]

operations = [
migrations.AlterModelOptions(
name='ostreedistribution',
options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_ostreedistribution', 'Can manage roles on ostree distributions')]},
),
migrations.AlterModelOptions(
name='ostreeremote',
options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_ostreeremote', 'Can manage roles on ostree remotes')]},
),
migrations.AlterModelOptions(
name='ostreerepository',
options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('sync_ostreerepository', 'Can start a sync task'), ('modify_ostreerepository', 'Can modify content of the repository'), ('manage_roles_ostreerepository', 'Can manage roles on ostree repositories'), ('repair_ostreerepository', 'Can repair repository versions'), ('import_commits_ostreerepository', 'Can import commits into a repository')]},
),
]
20 changes: 17 additions & 3 deletions pulp_ostree/app/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from django.contrib.postgres.fields import ArrayField

from pulpcore.plugin.models import (
AutoAddObjPermsMixin,
Content,
Remote,
Repository,
Expand Down Expand Up @@ -123,7 +124,7 @@ class Meta:
unique_together = [["sha256", "relative_path"]]


class OstreeRemote(Remote):
class OstreeRemote(Remote, AutoAddObjPermsMixin):
"""A remote model for OSTree content."""

TYPE = "ostree"
Expand All @@ -134,9 +135,12 @@ class OstreeRemote(Remote):

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
permissions = [
("manage_roles_ostreeremote", "Can manage roles on ostree remotes"),
]


class OstreeRepository(Repository):
class OstreeRepository(Repository, AutoAddObjPermsMixin):
"""A repository model for OSTree content."""

TYPE = "ostree"
Expand All @@ -155,17 +159,27 @@ class OstreeRepository(Repository):

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
permissions = [
("sync_ostreerepository", "Can start a sync task"),
("modify_ostreerepository", "Can modify content of the repository"),
("manage_roles_ostreerepository", "Can manage roles on ostree repositories"),
("repair_ostreerepository", "Can repair repository versions"),
("import_commits_ostreerepository", "Can import commits into a repository"),
]

def finalize_new_version(self, new_version):
"""Handle repository duplicates."""
remove_duplicates(new_version)
validate_duplicate_content(new_version)


class OstreeDistribution(Distribution):
class OstreeDistribution(Distribution, AutoAddObjPermsMixin):
"""A distribution model for OSTree content."""

TYPE = "ostree"

class Meta:
default_related_name = "%(app_label)s_%(model_name)s"
permissions = [
("manage_roles_ostreedistribution", "Can manage roles on ostree distributions"),
]
Loading

0 comments on commit b363eaf

Please sign in to comment.