Merge pull request #255 from PnX-SI/fix/permissions_migration

Fix/permissions migration
PnX-SI · Nov 9, 2023 · 74bf498 · 74bf498
2 parents a6f3d8a + dfb69c9
commit 74bf498
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 23 deletions.
diff --git a/backend/gn_module_monitoring/command/cmd.py b/backend/gn_module_monitoring/command/cmd.py
@@ -138,7 +138,8 @@ def cmd_install_monitoring_module(module_code):
     DB.session.commit()
 
     # Ajouter les permissions disponibles
-    process_available_permissions(module_code)
+    process_available_permissions(module_code, session=DB.session)
+    DB.session.commit()
 
     #  run specific sql
     if (module_config_dir_path / "synthese.sql").exists:
@@ -196,10 +197,13 @@ def cmd_process_available_permission_module(module_code):
     """
 
     if module_code:
-        return process_available_permissions(module_code)
+        process_available_permissions(module_code, session=DB.session)
+        DB.session.commit()
+        return
 
     for module in installed_modules():
-        process_available_permissions(module["module_code"])
+        process_available_permissions(module["module_code"], session=DB.session)
+    DB.session.commit()
 
 
 @click.command("remove")

diff --git a/backend/gn_module_monitoring/command/utils.py b/backend/gn_module_monitoring/command/utils.py
@@ -86,7 +86,7 @@ def process_export_csv(module_code=None):
                 print("{} - export csv erreur dans le script {} : {}".format(module_code, f, e))
 
 
-def process_available_permissions(module_code):
+def process_available_permissions(module_code, session):
     try:
         module = get_module("module_code", module_code)
     except Exception:
@@ -107,25 +107,27 @@ def process_available_permissions(module_code):
     # Insert permission object
     for permission_object_code in module_objects:
         print(f"Création des permissions pour {module_code} : {permission_object_code}")
-        insert_module_available_permissions(module_code, permission_level[permission_object_code])
+        insert_module_available_permissions(
+            module_code, permission_level[permission_object_code], session=session
+        )
 
 
-def insert_module_available_permissions(module_code, perm_object_code):
+def insert_module_available_permissions(module_code, perm_object_code, session):
     object_label = PERMISSION_LABEL.get(perm_object_code)["label"]
 
     if not object_label:
         print(f"L'object {perm_object_code} n'est pas traité")
 
     try:
-        module = TModules.query.filter_by(module_code=module_code).one()
+        module = session.query(TModules).filter_by(module_code=module_code).one()
     except NoResultFound:
-        print("Le module {module_code} n'est pas présent")
+        print(f"Le module {module_code} n'est pas présent")
         return
 
     try:
-        perm_object = PermObject.query.filter_by(code_object=perm_object_code).one()
+        perm_object = session.query(PermObject).filter_by(code_object=perm_object_code).one()
     except NoResultFound:
-        print("L'object de permission {module_code} n'est pas présent")
+        print(f"L'object de permission {perm_object_code} n'est pas présent")
         return
 
     txt_cor_object_module = f"""
@@ -136,16 +138,18 @@ def insert_module_available_permissions(module_code, perm_object_code):
         VALUES({module.id_module}, {perm_object.id_object})
         ON CONFLICT DO NOTHING
     """
-    DB.engine.execution_options(autocommit=True).execute(txt_cor_object_module)
+    session.execute(txt_cor_object_module)
 
     # Création d'une permission disponible pour chaque action
     object_actions = PERMISSION_LABEL.get(perm_object_code)["actions"]
     for action in object_actions:
-        permaction = PermAction.query.filter_by(code_action=action).one()
+        permaction = session.query(PermAction).filter_by(code_action=action).one()
         try:
-            perm = PermissionAvailable.query.filter_by(
-                module=module, object=perm_object, action=permaction
-            ).one()
+            perm = (
+                session.query(PermissionAvailable)
+                .filter_by(module=module, object=perm_object, action=permaction)
+                .one()
+            )
         except NoResultFound:
             perm = PermissionAvailable(
                 module=module,
@@ -154,8 +158,7 @@ def insert_module_available_permissions(module_code, perm_object_code):
                 label=f"{ACTION_LABEL[action]} {object_label}",
                 scope_filter=True,
             )
-            DB.session.add(perm)
-    DB.session.commit()
+            session.add(perm)
 
 
 def remove_monitoring_module(module_code):

diff --git a/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py b/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py
@@ -21,9 +21,12 @@
 
 
 def upgrade():
+    bind = op.get_bind()
+    session = sa.orm.Session(bind=bind)
+
     # Création des permissions disponibles pour chaque module
     for module in installed_modules():
-        process_available_permissions(module["module_code"])
+        process_available_permissions(module["module_code"], session=session)
 
     # ########
     # Mise à jour des permissions existantes vers les sous objets
@@ -37,6 +40,8 @@ def upgrade():
             ON o.id_object = tpa.id_object AND NOT code_object = 'ALL'
             JOIN gn_commons.t_modules AS tm
             ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module'
+            JOIN gn_permissions.bib_actions AS ba
+            ON tpa.id_action = ba.id_action
             WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U')
         ), ep AS (
                 SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter

diff --git a/backend/gn_module_monitoring/monitoring/models.py b/backend/gn_module_monitoring/monitoring/models.py
@@ -83,9 +83,6 @@ class TMonitoringObservations(TObservations):
     )
 
 
-TBaseVisits.dataset = DB.relationship(TDatasets)
-
-
 @serializable
 class TMonitoringVisits(TBaseVisits):
     __tablename__ = "t_visit_complements"

diff --git a/backend/gn_module_monitoring/routes/monitoring.py b/backend/gn_module_monitoring/routes/monitoring.py
@@ -224,7 +224,7 @@ def list_object_api(module_code, object_type):
 
 # mise à jour de la synthèse
 @blueprint.route("synthese/<string:module_code>", methods=["POST"])
-@check_cruved_scope("E")
+@check_cruved_scope("U", object_code="MONITORINGS_MODULES")
 @json_resp
 def update_synthese_api(module_code):
     get_config(module_code, force=True)
@@ -239,7 +239,7 @@ def update_synthese_api(module_code):
 # export add mje
 # export all observations
 @blueprint.route("/exports/csv/<module_code>/<method>", methods=["GET"])
-@check_cruved_scope("R")
+@check_cruved_scope("E", object_code="MONITORINGS_MODULES")
 def export_all_observations(module_code, method):
     """
     Export all data in csv of a custom module view
@@ -280,6 +280,7 @@ def export_all_observations(module_code, method):
 
 
 @blueprint.route("/exports/pdf/<module_code>/<object_type>/<int:id>", methods=["POST"])
+@check_cruved_scope("E", object_code="MONITORINGS_MODULES")
 def post_export_pdf(module_code, object_type, id):
     """
     Export the fiche individu as a PDF file.