Improve logging and code cleanup

AlanCoding · AlanCoding · commit f84e04bee8e9 · 2025-09-25T11:46:01.000-04:00
diff --git a/ansible_base/rbac/migrations/_utils.py b/ansible_base/rbac/migrations/_utils.py
@@ -56,7 +56,7 @@ def cleanup_orphaned_permissions(apps):
     """
     Delete orphaned DABPermission objects for models no longer in the permission registry.
 
-    This is used during migrations to clean up permissions that were auto-created for models
+    This is used during migrations to clean up permissions for any previously-registered model
     that are no longer tracked by RBAC, but only if they are not referenced by any RoleDefinition.
 
     Args:
@@ -82,8 +82,17 @@ def cleanup_orphaned_permissions(apps):
             model_key = (permission.content_type.app_label, permission.content_type.model)
             if model_key not in registered_model_keys:
                 # Check if this permission is referenced by any RoleDefinition
-                is_referenced = role_definition_cls.objects.filter(permissions=permission).exists()
-                if not is_referenced:
+                referencing_roles = role_definition_cls.objects.filter(permissions=permission)
+                if referencing_roles.exists():
+                    # Log warning for unregistered model still referenced by role definitions
+                    role_names = list(referencing_roles.values_list('name', flat=True))
+                    logger.warning(
+                        f'Permission {permission.codename} for unregistered model '
+                        f'{permission.content_type.app_label}.{permission.content_type.model} '
+                        f'is still referenced by role definitions: {role_names}'
+                    )
+                else:
+                    logger.info(f'Deleting orphaned permission {permission.codename} for unregistered model {model_key}')
                     orphaned_permissions.append(permission)
 
     # Delete orphaned permissions
@@ -107,12 +116,12 @@ def migrate_content_type(apps, schema_editor):
         apps: Django apps registry (from migration context)
         schema_editor: Django schema editor (unused but required for migration signature)
     """
-    ct_cls = apps.get_model('dab_rbac', 'DABContentType')
-    ct_cls.objects.clear_cache()
-
     # Pre-check: Delete orphaned DABPermission objects before migration
     cleanup_orphaned_permissions(apps)
 
+    ct_cls = apps.get_model('dab_rbac', 'DABContentType')
+    ct_cls.objects.clear_cache()
+
     for model_name in ('dabpermission', 'objectrole', 'roledefinition', 'roleuserassignment', 'roleteamassignment'):
         cls = apps.get_model('dab_rbac', model_name)
         update_ct = 0
