Open AlanCoding opened 1 month ago
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
92.3% Coverage on New Code
0.0% Duplication on New Code
This may no longer be necessary. Waiting to see if its needed or not.
It's not necessarily, but I might still like to do this, and take the entire project in this direction.
But we should either agree we like this, and double-down further on it, or quit.
How do we double-down? Because right now permission_registry._registry
is a set of model classes. But Django doesn't really like to do this. Instead, a more robust implementation would be that we only register the (app_label, model_name) of the models. Then whenever permission_registry
does anything, it uses Django apps to look up the model.
Why the heck would we do this? Because that would allow using apps
dynamically, meaning that we could use the permission registry with apps inside of a migration. That means we could work with a historical state.
That raises even more questions, because models will be modified and removed over time, as the state of the app changes... so does that mean you would create permission_registry
objects inside of migrations? Umm... yes, you would. But you could only do this if you saved the prior registrations. But again, yes, you should.
Big picture, then, DAB RBAC may do well to have a formalized way to record the historical state of registrations.
This is a need come up looking at @jctanner 's integration work at https://github.com/ansible/galaxy_ng/pull/2202
See the management command in particular and stuff like:
This seems to get us a list of "app_label.model_name" references of models. The current advice is to call
permission_registry.register
passing the model classes for all of those. Without getting into the technical constraints, there seems to be a pretty clear preference to just list these in a setting, which DAB RBAC can obvious handle without import-order-changing stuff.