Merge pull request #183 from smk4664/permission_based_help

Add option to limit Help prompt based on user Access Grants.
nautobot · Mar 11, 2023 · 814a869 · 814a869
2 parents 7054d18 + d3901f6
commit 814a869
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 5 deletions.
diff --git a/changes/182.added b/changes/182.added
@@ -0,0 +1 @@
+Add option to limit Help prompt based on user Access Grants.
diff --git a/development/nautobot_config.py b/development/nautobot_config.py
@@ -137,5 +137,6 @@
         "enable_mattermost": True,
         "mattermost_api_token": os.environ.get("MATTERMOST_API_TOKEN"),
         "mattermost_url": os.environ.get("MATTERMOST_URL"),
+        "restrict_help": True,
     },
 }
diff --git a/docs/admin/install/index.md b/docs/admin/install/index.md
@@ -72,6 +72,7 @@ The plugin behavior can be controlled with the following list of settings:
 | Configuration Setting        | Description | Mandatory? | Default |
 | ---------------------------- | ----------- | ---------- | ------- |
 | `delete_input_on_submission` | After prompting the user for additional inputs, delete the input prompt from the chat history | No | `False` |
+| `restrict_help` | Only show Help prompt for users based on their Access Grants | No | `False` |
 
 ## Grant Access to the Chatbot
 

diff --git a/nautobot_chatops/__init__.py b/nautobot_chatops/__init__.py
@@ -59,6 +59,7 @@ class NautobotChatOpsConfig(PluginConfig):
         # sending all messages as an ephemeral message, meaning only the person interacting with the bot will see the
         # responses.
         "send_all_messages_private": False,
+        "restrict_help": False,
     }
 
     max_version = "1.999"

diff --git a/nautobot_chatops/workers/__init__.py b/nautobot_chatops/workers/__init__.py
@@ -13,8 +13,11 @@
 import shlex
 import pkg_resources
 
-from nautobot_chatops.choices import CommandStatusChoices
-from nautobot_chatops.models import CommandLog
+from django.conf import settings
+from django.db.models import Q
+
+from nautobot_chatops.choices import AccessGrantTypeChoices, CommandStatusChoices
+from nautobot_chatops.models import AccessGrant
 from nautobot_chatops.utils import create_command_log
 from nautobot_chatops.metrics import request_command_cntr, command_histogram
 
@@ -267,6 +270,10 @@ def second_subcommand(dispatcher, arg_1):
     if subcommand == "help" or not subcommand:
         message = f"I know the following `{dispatcher.command_prefix}{command}` subcommands:\n"
         for subcmd, entry in registry[command].get("subcommands", {}).items():
+            if settings.PLUGINS_CONFIG["nautobot_chatops"].get("restrict_help") and not AccessGrant.objects.filter(
+                Q(command="*") | Q(command=command, subcommand="*") | Q(command=command, subcommand=subcmd),
+            ).filter(grant_type=AccessGrantTypeChoices.TYPE_USER).filter(Q(value="*") | Q(value=context["user_id"])):
+                continue
             message += (
                 f"- `{dispatcher.command_prefix}{command} {subcmd} "
                 f"{' '.join(f'[{param}]' for param in entry['params'])}`\t{entry['doc']}\n"
@@ -298,15 +305,14 @@ def second_subcommand(dispatcher, arg_1):
         result = registry[command]["subcommands"][subcommand]["worker"](dispatcher, *params)
         if result is not False:
             command_log.runtime = datetime.now(timezone.utc) - command_log.start_time
+            status = result
+            details = ""
             # For backward compatibility, a return value of True is considered a "success" status.
             if result is True:
                 status = CommandStatusChoices.STATUS_SUCCEEDED
                 details = ""
             elif isinstance(result, (list, tuple)):
                 status, details = result[:2]
-            else:
-                status = result
-                details = ""
 
             if status not in CommandStatusChoices.values():
                 if not details: