Flip the many-to-many relationships for users & groups to object permissions #9369

New Issue

adam · 2025-12-29T20:49:03+01:00

adam commented

2025-12-29 20:49:03 +01:00

Originally created by @jeremystretch on GitHub (Mar 18, 2024).

Proposed Changes

There are currently many-to-many relationships from the ObjectPermission model to the User and Group models within the users app. These are both defined on the ObjectPermission model:

class ObjectPermission(models.Model):
    groups = models.ManyToManyField(
        to='users.Group',
        blank=True,
        related_name='object_permissions'
    )
    users = models.ManyToManyField(
        to=get_user_model(),
        blank=True,
        related_name='object_permissions'
    )

This proposal entails moving the primary M2M field definitions from ObjectPermission to the User and Group models, as such:

class Group(models.Model):
    object_permissions = models.ManyToManyField(
        to='users.ObjectPermission',
        blank=True,
        related_name='groups'
    )

class User(models.Model):
    object_permissions = models.ManyToManyField(
        to='users.ObjectPermission',
        blank=True,
        related_name='users'
    )

This is essentially a cosmetic change, as the related field names for all three models will remain the same. However, a migration will be required to effect the swap and renamed the intermediary tables accordingly. There may also be some side effects of the reversal that need to be handled; testing will be needed to identify them. (In the event any serious blockers arise, this initiative should probably be punted.)

Justification

Moving these relationships to the User & Group models feels more natural and less surprising than the current arrangement, which exists only because NetBox did not employ custom user or group models prior to v4.0.

Originally created by @jeremystretch on GitHub (Mar 18, 2024). ### Proposed Changes There are currently many-to-many relationships from the ObjectPermission model to the User and Group models within the `users` app. These are both defined on the ObjectPermission model: ```python class ObjectPermission(models.Model): groups = models.ManyToManyField( to='users.Group', blank=True, related_name='object_permissions' ) users = models.ManyToManyField( to=get_user_model(), blank=True, related_name='object_permissions' ) ``` This proposal entails moving the primary M2M field definitions from ObjectPermission to the User and Group models, as such: ```python class Group(models.Model): object_permissions = models.ManyToManyField( to='users.ObjectPermission', blank=True, related_name='groups' ) class User(models.Model): object_permissions = models.ManyToManyField( to='users.ObjectPermission', blank=True, related_name='users' ) ``` This is essentially a cosmetic change, as the related field names for all three models will remain the same. However, a migration will be required to effect the swap and renamed the intermediary tables accordingly. There may also be some side effects of the reversal that need to be handled; testing will be needed to identify them. (In the event any serious blockers arise, this initiative should probably be punted.) ### Justification Moving these relationships to the User & Group models feels more natural and less surprising than the current arrangement, which exists only because NetBox did not employ custom user or group models prior to v4.0.

adam added the status: accepted type: housekeeping labels 2025-12-29 20:49:03 +01:00

adam closed this issue

2025-12-29 20:49:03 +01:00

Sign in to join this conversation.

Branches Tags

main

update-changelog-comments-docs

feature-removal-issue-type

20911-dropdown

20239-plugin-menu-classes-mutable-state

21097-graphql-id-lookups

feature

fix_module_substitution

20923-dcim-templates

20044-elevation-stuck-lightmode

feature-ip-prefix-link

v4.5-beta1-release

20068-import-moduletype-attrs

20766-fix-german-translation-code-literals

20378-del-script

7604-filter-modifiers-v3

circuit-swap

12318-case-insensitive-uniqueness

20637-improve-device-q-filter

20660-script-load

19724-graphql

20614-update-ruff

14884-script

02496-max-page

19720-macaddress-interface-generic-relation

19408-circuit-terminations-export-templates

20203-openapi-check

fix-19669-api-image-download

7604-filter-modifiers

19275-fixes-interface-bulk-edit

fix-17794-get_field_value_return_list

11507-show-aggregate-and-rir-on-api

9583-add_column_specific_search_field_to_tables

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/netbox#9369