Cleaned up object perms

2026-01-26 23:55:58 +00:00
parent 9cf782ffd6
commit 56caa194ec
9 changed files with 109 additions and 26 deletions
--- a/app/apps/access/admin.py
+++ b/app/apps/access/admin.py
@@ -22,6 +22,9 @@ class AccessRequestAdmin(GuardedModelAdmin):
        "requester",
        "server",
        "status",
+        "request_shell",
+        "request_logs",
+        "request_users",
        "requested_at",
        "expires_at",
        "decided_by",
@@ -50,6 +53,9 @@ class AccessRequestAdmin(GuardedModelAdmin):
                            "server",
                            "status",
                            "reason",
+                            "request_shell",
+                            "request_logs",
+                            "request_users",
                            "expires_at",
                        )
                    },
@@ -64,6 +70,9 @@ class AccessRequestAdmin(GuardedModelAdmin):
                        "server",
                        "status",
                        "reason",
+                        "request_shell",
+                        "request_logs",
+                        "request_users",
                        "expires_at",
                    )
                },
--- a/app/apps/access/migrations/0002_remove_delete_permission.py
+++ b/app/apps/access/migrations/0002_remove_delete_permission.py
@@ -0,0 +1,37 @@
+from django.db import migrations, models
+
+
+def remove_delete_accessrequest_perm(apps, schema_editor):
+    Permission = apps.get_model("auth", "Permission")
+    ContentType = apps.get_model("contenttypes", "ContentType")
+    try:
+        content_type = ContentType.objects.get(app_label="access", model="accessrequest")
+    except ContentType.DoesNotExist:
+        return
+    Permission.objects.filter(content_type=content_type, codename="delete_accessrequest").delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("access", "0001_initial"),
+        ("auth", "__latest__"),
+        ("contenttypes", "__latest__"),
+    ]
+
+    operations = [
+        migrations.RunPython(remove_delete_accessrequest_perm, migrations.RunPython.noop),
+        migrations.AlterModelOptions(
+            name="accessrequest",
+            options={
+                "verbose_name": "Access request",
+                "verbose_name_plural": "Access requests",
+                "default_permissions": ("add", "view", "change"),
+                "indexes": [
+                    models.Index(fields=["status", "requested_at"], name="acc_req_status_req_idx"),
+                    models.Index(fields=["server", "status"], name="acc_req_server_status_idx"),
+                ],
+                "ordering": ["-requested_at"],
+            },
+        ),
+    ]
--- a/app/apps/access/migrations/0003_access_request_options.py
+++ b/app/apps/access/migrations/0003_access_request_options.py
@@ -0,0 +1,26 @@
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("access", "0002_remove_delete_permission"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="accessrequest",
+            name="request_shell",
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name="accessrequest",
+            name="request_logs",
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name="accessrequest",
+            name="request_users",
+            field=models.BooleanField(default=False),
+        ),
+    ]
--- a/app/apps/access/models.py
+++ b/app/apps/access/models.py
@@ -28,6 +28,9 @@ class AccessRequest(models.Model):
        max_length=16, choices=Status.choices, default=Status.PENDING, db_index=True
    )
    reason = models.TextField(blank=True)
+    request_shell = models.BooleanField(default=False)
+    request_logs = models.BooleanField(default=False)
+    request_users = models.BooleanField(default=False)
    requested_at = models.DateTimeField(default=timezone.now, editable=False)
    decided_at = models.DateTimeField(null=True, blank=True)
    expires_at = models.DateTimeField(null=True, blank=True)
@@ -42,6 +45,7 @@ class AccessRequest(models.Model):
    class Meta:
        verbose_name = "Access request"
        verbose_name_plural = "Access requests"
+        default_permissions = ("add", "view", "change")
        indexes = [
            models.Index(fields=["status", "requested_at"], name="acc_req_status_req_idx"),
            models.Index(fields=["server", "status"], name="acc_req_server_status_idx"),
--- a/app/apps/access/signals.py
+++ b/app/apps/access/signals.py
@@ -16,11 +16,7 @@ def assign_access_request_perms(sender, instance: AccessRequest, created: bool,
        return
    if instance.requester_id:
        user = instance.requester
-        for perm in (
-            "access.view_accessrequest",
-            "access.change_accessrequest",
-            "access.delete_accessrequest",
-        ):
+        for perm in ("access.view_accessrequest", "access.change_accessrequest"):
            assign_perm(perm, user, instance)
    assign_default_object_permissions(instance)
    sync_server_view_perm(instance)