Evaluate policies on exclusion changes. Fixes #500

api/tacticalrmm/automation/tests.py

@@ -1,10 +1,9 @@
 from itertools import cycle
 from unittest.mock import patch
 
-from model_bakery import baker, seq
-
 from agents.models import Agent
 from core.models import CoreSettings
+from model_bakery import baker, seq
 from tacticalrmm.test import TacticalTestCase
 from winupdate.models import WinUpdatePolicy
 
@@ -124,7 +123,7 @@ class TestPolicyViews(TacticalTestCase):
         resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
 
-        # only called if active or enforced are updated
+        # only called if active, enforced, or excluded objects are updated
         generate_agent_checks_task.assert_not_called()
 
         data = {
@@ -134,6 +133,23 @@ class TestPolicyViews(TacticalTestCase):
             "enforced": False,
         }
 
+        resp = self.client.put(url, data, format="json")
+        self.assertEqual(resp.status_code, 200)
+        generate_agent_checks_task.assert_called_with(
+            policy=policy.pk, create_tasks=True  # type: ignore
+        )
+        generate_agent_checks_task.reset_mock()
+
+        # make sure policies are re-evaluated when excluded changes
+        agents = baker.make_recipe("agents.agent", _quantity=2)
+        clients = baker.make("clients.Client", _quantity=2)
+        sites = baker.make("clients.Site", _quantity=2)
+        data = {
+            "excluded_agents": [agent.pk for agent in agents],  # type: ignore
+            "excluded_sites": [site.pk for site in sites],  # type: ignore
+            "excluded_clients": [client.pk for client in clients],  # type: ignore
+        }
+
         resp = self.client.put(url, data, format="json")
         self.assertEqual(resp.status_code, 200)
         generate_agent_checks_task.assert_called_with(

api/tacticalrmm/automation/views.py

@@ -1,14 +1,13 @@
-from django.shortcuts import get_object_or_404
-from rest_framework.permissions import IsAuthenticated
-from rest_framework.response import Response
-from rest_framework.views import APIView
-
 from agents.models import Agent
 from agents.serializers import AgentHostnameSerializer
 from autotasks.models import AutomatedTask
 from checks.models import Check
 from clients.models import Client
 from clients.serializers import ClientSerializer, SiteSerializer
+from django.shortcuts import get_object_or_404
+from rest_framework.permissions import IsAuthenticated
+from rest_framework.response import Response
+from rest_framework.views import APIView
 from tacticalrmm.utils import notify_error
 from winupdate.models import WinUpdatePolicy
 from winupdate.serializers import WinUpdatePolicySerializer
@@ -64,12 +63,22 @@ class GetUpdateDeletePolicy(APIView):
         return Response(PolicySerializer(policy).data)
 
     def put(self, request, pk):
+        from .tasks import generate_agent_checks_task
+
         policy = get_object_or_404(Policy, pk=pk)
 
         serializer = PolicySerializer(instance=policy, data=request.data, partial=True)
         serializer.is_valid(raise_exception=True)
         serializer.save()
 
+        # check for excluding objects and in the request and if present generate policies
+        if (
+            "excluded_sites" in request.data.keys()
+            or "excluded_clients" in request.data.keys()
+            or "excluded_agents" in request.data.keys()
+        ):
+            generate_agent_checks_task.delay(policy=pk, create_tasks=True)
+
         return Response("ok")
 
     def delete(self, request, pk):