Merge pull request #1062 from maggu/main

Add initial RBAC support
pulp · Jan 7, 2025 · 922da85 · 922da85
2 parents 65890ea + 65e911b
commit 922da85
Show file tree

Hide file tree

Showing 10 changed files with 853 additions and 13 deletions.
diff --git a/CHANGES/860.feature b/CHANGES/860.feature
@@ -0,0 +1 @@
+Added initial RBAC support.
diff --git a/pulp_deb/app/migrations/0030_rbac_permissions.py b/pulp_deb/app/migrations/0030_rbac_permissions.py
@@ -0,0 +1,33 @@
+# Generated by Django 4.2.9 on 2024-03-22 11:33
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('deb', '0029_distributedpublication'),
+    ]
+
+    operations = [
+        migrations.AlterModelOptions(
+            name='aptdistribution',
+            options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_aptdistribution', 'Can manage roles on an APT distribution')]},
+        ),
+        migrations.AlterModelOptions(
+            name='aptpublication',
+            options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_aptpublication', 'Can manage roles on an APT publication')]},
+        ),
+        migrations.AlterModelOptions(
+            name='aptremote',
+            options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_aptremote', 'Can manage roles on an APT remote')]},
+        ),
+        migrations.AlterModelOptions(
+            name='aptrepository',
+            options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_aptrepository', 'Can manage roles on APT repositories'), ('modify_content_aptrepository', 'Add content to, or remove content from a repository'), ('repair_aptrepository', 'Copy an APT repository'), ('sync_aptrepository', 'Sync an APT repository'), ('delete_aptrepository_version', 'Delete a repository version')]},
+        ),
+        migrations.AlterModelOptions(
+            name='verbatimpublication',
+            options={'default_related_name': '%(app_label)s_%(model_name)s', 'permissions': [('manage_roles_verbatimpublication', 'Can manage roles on a verbatim publication')]},
+        ),
+    ]
diff --git a/pulp_deb/app/models/publication.py b/pulp_deb/app/models/publication.py
@@ -6,6 +6,7 @@
 from django_lifecycle import hook, AFTER_CREATE, AFTER_UPDATE
 
 from pulpcore.plugin.models import (
+    AutoAddObjPermsMixin,
     BaseModel,
     Distribution,
     Publication,
@@ -37,7 +38,7 @@ def latest_publication(repo_pk):
         )
 
 
-class VerbatimPublication(Publication):
+class VerbatimPublication(Publication, AutoAddObjPermsMixin):
     """
     A verbatim Publication for Content.
 
@@ -54,9 +55,12 @@ def set_distributed_publication(self):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_verbatimpublication", "Can manage roles on a verbatim publication"),
+        ]
 
 
-class AptPublication(Publication):
+class AptPublication(Publication, AutoAddObjPermsMixin):
     """
     A Publication for DebContent.
 
@@ -79,9 +83,12 @@ def set_distributed_publication(self):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_aptpublication", "Can manage roles on an APT publication"),
+        ]
 
 
-class AptDistribution(Distribution):
+class AptDistribution(Distribution, AutoAddObjPermsMixin):
     """
     A Distribution for DebContent.
     """
@@ -120,6 +127,9 @@ def content_handler(self, path):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_aptdistribution", "Can manage roles on an APT distribution"),
+        ]
 
 
 class DistributedPublication(BaseModel):

diff --git a/pulp_deb/app/models/remote.py b/pulp_deb/app/models/remote.py
@@ -1,9 +1,9 @@
 from django.db import models
 
-from pulpcore.plugin.models import Remote
+from pulpcore.plugin.models import Remote, AutoAddObjPermsMixin
 
 
-class AptRemote(Remote):
+class AptRemote(Remote, AutoAddObjPermsMixin):
     """
     A Remote for DebContent.
     """
@@ -21,3 +21,6 @@ class AptRemote(Remote):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_aptremote", "Can manage roles on an APT remote"),
+        ]
diff --git a/pulp_deb/app/models/repository.py b/pulp_deb/app/models/repository.py
@@ -1,6 +1,11 @@
 from django.db import models
 
-from pulpcore.plugin.models import BaseModel, Content, Repository
+from pulpcore.plugin.models import (
+    AutoAddObjPermsMixin,
+    BaseModel,
+    Content,
+    Repository,
+)
 from pulpcore.plugin.repo_version_utils import (
     remove_duplicates,
     validate_version_paths,
@@ -32,7 +37,7 @@
 log = logging.getLogger(__name__)
 
 
-class AptRepository(Repository):
+class AptRepository(Repository, AutoAddObjPermsMixin):
     """
     A Repository for DebContent.
     """
@@ -66,6 +71,13 @@ class AptRepository(Repository):
 
     class Meta:
         default_related_name = "%(app_label)s_%(model_name)s"
+        permissions = [
+            ("manage_roles_aptrepository", "Can manage roles on APT repositories"),
+            ("modify_content_aptrepository", "Add content to, or remove content from a repository"),
+            ("repair_aptrepository", "Copy an APT repository"),
+            ("sync_aptrepository", "Sync an APT repository"),
+            ("delete_aptrepository_version", "Delete a repository version"),
+        ]
 
     def release_signing_service(self, release):
         """