From c8829b057e1bc19b47ae3de9f7d1c7cb00436d5c Mon Sep 17 00:00:00 2001 From: Jeff Bradberry Date: Tue, 7 May 2024 11:49:04 -0400 Subject: [PATCH] First cut at checking the role hierarchy Checking if parents and implicit_parents are consistent with ancestors. --- tools/scripts/ig-hotfix/role_check.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tools/scripts/ig-hotfix/role_check.py b/tools/scripts/ig-hotfix/role_check.py index d290d9c15c..95ec14d960 100644 --- a/tools/scripts/ig-hotfix/role_check.py +++ b/tools/scripts/ig-hotfix/role_check.py @@ -1,4 +1,5 @@ from collections import defaultdict +import json import sys from django.contrib.contenttypes.models import ContentType @@ -41,6 +42,18 @@ for ct in ContentType.objects.order_by('id'): sys.stderr.write('===================================\n') for r in Role.objects.exclude(role_field__startswith='system_').order_by('id'): + + # The ancestor list should be a superset of both parents and implicit_parents + parents = set(r.parents.values_list('id', flat=True)) + ancestors = set(r.ancestors.values_list('id', flat=True)) + implicit = set(json.loads(r.implicit_parents)) + + if not parents <= ancestors: + sys.stderr.write(f"Role id={r.id} has parents that are not in the ancestor list: {parents - ancestors}\n") + if not implicit <= ancestors: + sys.stderr.write(f"Role id={r.id} has implicit_parents that are not in the ancestor list: {implicit - ancestors}\n") + + # Check that the Role's generic foreign key points to a legitimate object if not r.content_object: sys.stderr.write(f"Role id={r.id} is missing a valid content_object: {r.content_type!r} {r.object_id} {r.role_field}\n") orphaned_roles.append(r.id)