Initial django guardian integrations

app/apps/keys/admin.py

@@ -1,10 +1,11 @@
 from django.contrib import admin
+from guardian.admin import GuardedModelAdmin
 
 from .models import SSHKey
 
 
 @admin.register(SSHKey)
-class SSHKeyAdmin(admin.ModelAdmin):
+class SSHKeyAdmin(GuardedModelAdmin):
     list_display = ("id", "user", "name", "key_type", "fingerprint", "is_active", "created_at")
     list_filter = ("is_active", "key_type")
     search_fields = ("name", "user__username", "user__email", "fingerprint")

app/apps/keys/apps.py

@@ -5,3 +5,7 @@ class KeysConfig(AppConfig):
     default_auto_field = "django.db.models.BigAutoField"
     name = "apps.keys"
     verbose_name = "SSH Keys"
+
+    def ready(self) -> None:
+        from . import signals  # noqa: F401
+        return super().ready()

app/apps/keys/signals.py

@@ -0,0 +1,19 @@
+from __future__ import annotations
+
+from django.db.models.signals import post_save
+from django.dispatch import receiver
+from guardian.shortcuts import assign_perm
+
+from apps.core.rbac import assign_default_object_permissions
+from .models import SSHKey
+
+
+@receiver(post_save, sender=SSHKey)
+def assign_ssh_key_perms(sender, instance: SSHKey, created: bool, **kwargs) -> None:
+    if not created:
+        return
+    if instance.user_id:
+        user = instance.user
+        for perm in ("keys.view_sshkey", "keys.change_sshkey", "keys.delete_sshkey"):
+            assign_perm(perm, user, instance)
+    assign_default_object_permissions(instance)