From eb71241991f29f68dd6114b7e861ee3151131054 Mon Sep 17 00:00:00 2001 From: amandine-sahl Date: Mon, 23 Oct 2023 17:55:56 +0200 Subject: [PATCH 1/6] Correction migration permission --- .../migrations/c1528c94d350_upgrade_existing_permissions.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py b/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py index ea8aa207f..648a99c98 100644 --- a/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py +++ b/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py @@ -37,6 +37,8 @@ def upgrade(): ON o.id_object = tpa.id_object AND NOT code_object = 'ALL' JOIN gn_commons.t_modules AS tm ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module' + JOIN gn_permissions.bib_actions AS ba + ON tpa.id_action = ba.id_action WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U') ), ep AS ( SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter From 12687d2b662ed9d824d00df6d61c1f3454aed2ed Mon Sep 17 00:00:00 2001 From: amandine-sahl Date: Thu, 26 Oct 2023 17:00:38 +0200 Subject: [PATCH 2/6] Correction message erreur --- backend/gn_module_monitoring/command/utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/gn_module_monitoring/command/utils.py b/backend/gn_module_monitoring/command/utils.py index aeed99333..b91b700fd 100644 --- a/backend/gn_module_monitoring/command/utils.py +++ b/backend/gn_module_monitoring/command/utils.py @@ -119,13 +119,13 @@ def insert_module_available_permissions(module_code, perm_object_code): try: module = TModules.query.filter_by(module_code=module_code).one() except NoResultFound: - print("Le module {module_code} n'est pas présent") + print(f"Le module {module_code} n'est pas présent") return try: perm_object = PermObject.query.filter_by(code_object=perm_object_code).one() except NoResultFound: - print("L'object de permission {module_code} n'est pas présent") + print(f"L'object de permission {module_code} n'est pas présent") return txt_cor_object_module = f""" From 65e935f0524c7e294394f6b6f59e6ab2a41f8212 Mon Sep 17 00:00:00 2001 From: amandine-sahl Date: Thu, 26 Oct 2023 17:01:38 +0200 Subject: [PATCH 3/6] Use autocommit_block --- ...528c94d350_upgrade_existing_permissions.py | 163 +++++++++--------- 1 file changed, 82 insertions(+), 81 deletions(-) diff --git a/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py b/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py index 648a99c98..9e160cd33 100644 --- a/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py +++ b/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py @@ -21,97 +21,98 @@ def upgrade(): - # Création des permissions disponibles pour chaque module - for module in installed_modules(): - process_available_permissions(module["module_code"]) + with op.get_context().autocommit_block(): + # Création des permissions disponibles pour chaque module + for module in installed_modules(): + process_available_permissions(module["module_code"]) - # ######## - # Mise à jour des permissions existantes vers les sous objets - # Création des permission des sous-objets à partir des permissions contenus dans l'objet ALL - op.execute( - """ - WITH ap AS ( - SELECT o.code_object,o.id_object, tpa.id_module - FROM gn_permissions.t_permissions_available AS tpa - JOIN gn_permissions.t_objects AS o - ON o.id_object = tpa.id_object AND NOT code_object = 'ALL' - JOIN gn_commons.t_modules AS tm - ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module' - JOIN gn_permissions.bib_actions AS ba - ON tpa.id_action = ba.id_action - WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U') - ), ep AS ( - SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter - FROM gn_permissions.t_permissions AS tp + # ######## + # Mise à jour des permissions existantes vers les sous objets + # Création des permission des sous-objets à partir des permissions contenus dans l'objet ALL + op.execute( + """ + WITH ap AS ( + SELECT o.code_object,o.id_object, tpa.id_module + FROM gn_permissions.t_permissions_available AS tpa JOIN gn_permissions.t_objects AS o - ON o.id_object = tp.id_object AND code_object = 'ALL' + ON o.id_object = tpa.id_object AND NOT code_object = 'ALL' JOIN gn_commons.t_modules AS tm - ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' - ), new_p AS ( - SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter - FROM ep - JOIN ap - ON ep.id_module = ap.id_module - LEFT OUTER JOIN gn_permissions.t_permissions AS p - ON p.id_role = ep.id_role - AND p.id_action = ep.id_action - AND p.id_module = ep.id_module - AND p.id_object = ap.id_object - WHERE p.id_permission IS NULL + ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module' + JOIN gn_permissions.bib_actions AS ba + ON tpa.id_action = ba.id_action + WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U') + ), ep AS ( + SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter + FROM gn_permissions.t_permissions AS tp + JOIN gn_permissions.t_objects AS o + ON o.id_object = tp.id_object AND code_object = 'ALL' + JOIN gn_commons.t_modules AS tm + ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' + ), new_p AS ( + SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter + FROM ep + JOIN ap + ON ep.id_module = ap.id_module + LEFT OUTER JOIN gn_permissions.t_permissions AS p + ON p.id_role = ep.id_role + AND p.id_action = ep.id_action + AND p.id_module = ep.id_module + AND p.id_object = ap.id_object + WHERE p.id_permission IS NULL + ) + INSERT INTO gn_permissions.t_permissions + (id_role, id_action, id_module, id_object, scope_value, sensitivity_filter) + SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter + FROM new_p; + """ ) - INSERT INTO gn_permissions.t_permissions - (id_role, id_action, id_module, id_object, scope_value, sensitivity_filter) - SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter - FROM new_p; - """ - ) - # Suppression des permissions available inutile - # on conserve POUR all - # R : accès au module - # U : modification des paramètres du module - # E : Exporter les données du module - op.execute( + # Suppression des permissions available inutile + # on conserve POUR all + # R : accès au module + # U : modification des paramètres du module + # E : Exporter les données du module + op.execute( + """ + WITH to_del AS ( + SELECT tp.* + FROM gn_permissions.t_permissions_available AS tp + JOIN gn_commons.t_modules AS tm + ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' + JOIN gn_permissions.t_objects AS o + ON o.id_object = tp.id_object AND code_object = 'ALL' + JOIN gn_permissions.bib_actions AS ba + ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U') + ) + DELETE FROM gn_permissions.t_permissions_available AS tp + USING to_del td + WHERE tp.id_module = td.id_module + AND tp.id_object = td.id_object + AND tp.id_action = td.id_action + AND tp."label" = td."label" + AND tp.scope_filter = td.scope_filter + AND tp.sensitivity_filter = td.sensitivity_filter; """ - WITH to_del AS ( - SELECT tp.* - FROM gn_permissions.t_permissions_available AS tp - JOIN gn_commons.t_modules AS tm - ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' - JOIN gn_permissions.t_objects AS o - ON o.id_object = tp.id_object AND code_object = 'ALL' - JOIN gn_permissions.bib_actions AS ba - ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U') ) - DELETE FROM gn_permissions.t_permissions_available AS tp - USING to_del td - WHERE tp.id_module = td.id_module - AND tp.id_object = td.id_object - AND tp.id_action = td.id_action - AND tp."label" = td."label" - AND tp.scope_filter = td.scope_filter - AND tp.sensitivity_filter = td.sensitivity_filter; - """ - ) - # Suppression des permissions qui ne sont pas dans les permissions available - op.execute( + # Suppression des permissions qui ne sont pas dans les permissions available + op.execute( + """ + WITH to_del AS ( + SELECT tp.id_permission + FROM gn_permissions.t_permissions AS tp + JOIN gn_commons.t_modules AS tm + ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' + LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta + ON tp.id_action = ta.id_action + AND tp.id_module = ta.id_module + AND tp.id_object = ta.id_object + WHERE ta.id_module IS NULL + ) + DELETE FROM gn_permissions.t_permissions AS tp + WHERE tp.id_permission IN (SELECT id_permission FROM to_del); """ - WITH to_del AS ( - SELECT tp.id_permission - FROM gn_permissions.t_permissions AS tp - JOIN gn_commons.t_modules AS tm - ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' - LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta - ON tp.id_action = ta.id_action - AND tp.id_module = ta.id_module - AND tp.id_object = ta.id_object - WHERE ta.id_module IS NULL ) - DELETE FROM gn_permissions.t_permissions AS tp - WHERE tp.id_permission IN (SELECT id_permission FROM to_del); - """ - ) def downgrade(): From 238272decb80ef261dc923e6329c92adae864a03 Mon Sep 17 00:00:00 2001 From: amandine-sahl Date: Fri, 27 Oct 2023 15:48:22 +0200 Subject: [PATCH 4/6] =?UTF-8?q?Sp=C3=A9cification=20de=20object=5Fcode=20p?= =?UTF-8?q?our=20les=20exports=20et=20la=20synthese?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/gn_module_monitoring/routes/monitoring.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/backend/gn_module_monitoring/routes/monitoring.py b/backend/gn_module_monitoring/routes/monitoring.py index c39e90248..0eca32a6b 100644 --- a/backend/gn_module_monitoring/routes/monitoring.py +++ b/backend/gn_module_monitoring/routes/monitoring.py @@ -224,7 +224,7 @@ def list_object_api(module_code, object_type): # mise à jour de la synthèse @blueprint.route("synthese/", methods=["POST"]) -@check_cruved_scope("E") +@check_cruved_scope("U", object_code="MONITORINGS_MODULES") @json_resp def update_synthese_api(module_code): get_config(module_code, force=True) @@ -239,7 +239,7 @@ def update_synthese_api(module_code): # export add mje # export all observations @blueprint.route("/exports/csv//", methods=["GET"]) -@check_cruved_scope("R") +@check_cruved_scope("E", object_code="MONITORINGS_MODULES") def export_all_observations(module_code, method): """ Export all data in csv of a custom module view @@ -280,6 +280,7 @@ def export_all_observations(module_code, method): @blueprint.route("/exports/pdf///", methods=["POST"]) +@check_cruved_scope("E", object_code="MONITORINGS_MODULES") def post_export_pdf(module_code, object_type, id): """ Export the fiche individu as a PDF file. From fd4ed16c98f01782495f3e0f50d041048902d78e Mon Sep 17 00:00:00 2001 From: amandine-sahl Date: Fri, 27 Oct 2023 16:16:26 +0200 Subject: [PATCH 5/6] Remove duplicate visits dataset --- backend/gn_module_monitoring/monitoring/models.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/backend/gn_module_monitoring/monitoring/models.py b/backend/gn_module_monitoring/monitoring/models.py index 96d11c994..d3be48a35 100644 --- a/backend/gn_module_monitoring/monitoring/models.py +++ b/backend/gn_module_monitoring/monitoring/models.py @@ -83,9 +83,6 @@ class TMonitoringObservations(TObservations): ) -TBaseVisits.dataset = DB.relationship(TDatasets) - - @serializable class TMonitoringVisits(TBaseVisits): __tablename__ = "t_visit_complements" From dfb69c94a9e7488f1f5f61c8d3403d9ce18b6d46 Mon Sep 17 00:00:00 2001 From: amandine-sahl Date: Mon, 6 Nov 2023 16:59:30 +0100 Subject: [PATCH 6/6] Bind session to insert_module_available_permissions --- backend/gn_module_monitoring/command/cmd.py | 10 +- backend/gn_module_monitoring/command/utils.py | 29 +-- ...528c94d350_upgrade_existing_permissions.py | 166 +++++++++--------- 3 files changed, 107 insertions(+), 98 deletions(-) diff --git a/backend/gn_module_monitoring/command/cmd.py b/backend/gn_module_monitoring/command/cmd.py index 5a5a82909..0d40a3df8 100644 --- a/backend/gn_module_monitoring/command/cmd.py +++ b/backend/gn_module_monitoring/command/cmd.py @@ -138,7 +138,8 @@ def cmd_install_monitoring_module(module_code): DB.session.commit() # Ajouter les permissions disponibles - process_available_permissions(module_code) + process_available_permissions(module_code, session=DB.session) + DB.session.commit() #  run specific sql if (module_config_dir_path / "synthese.sql").exists: @@ -196,10 +197,13 @@ def cmd_process_available_permission_module(module_code): """ if module_code: - return process_available_permissions(module_code) + process_available_permissions(module_code, session=DB.session) + DB.session.commit() + return for module in installed_modules(): - process_available_permissions(module["module_code"]) + process_available_permissions(module["module_code"], session=DB.session) + DB.session.commit() @click.command("remove") diff --git a/backend/gn_module_monitoring/command/utils.py b/backend/gn_module_monitoring/command/utils.py index b91b700fd..f661ebc3f 100644 --- a/backend/gn_module_monitoring/command/utils.py +++ b/backend/gn_module_monitoring/command/utils.py @@ -86,7 +86,7 @@ def process_export_csv(module_code=None): print("{} - export csv erreur dans le script {} : {}".format(module_code, f, e)) -def process_available_permissions(module_code): +def process_available_permissions(module_code, session): try: module = get_module("module_code", module_code) except Exception: @@ -107,25 +107,27 @@ def process_available_permissions(module_code): # Insert permission object for permission_object_code in module_objects: print(f"Création des permissions pour {module_code} : {permission_object_code}") - insert_module_available_permissions(module_code, permission_level[permission_object_code]) + insert_module_available_permissions( + module_code, permission_level[permission_object_code], session=session + ) -def insert_module_available_permissions(module_code, perm_object_code): +def insert_module_available_permissions(module_code, perm_object_code, session): object_label = PERMISSION_LABEL.get(perm_object_code)["label"] if not object_label: print(f"L'object {perm_object_code} n'est pas traité") try: - module = TModules.query.filter_by(module_code=module_code).one() + module = session.query(TModules).filter_by(module_code=module_code).one() except NoResultFound: print(f"Le module {module_code} n'est pas présent") return try: - perm_object = PermObject.query.filter_by(code_object=perm_object_code).one() + perm_object = session.query(PermObject).filter_by(code_object=perm_object_code).one() except NoResultFound: - print(f"L'object de permission {module_code} n'est pas présent") + print(f"L'object de permission {perm_object_code} n'est pas présent") return txt_cor_object_module = f""" @@ -136,16 +138,18 @@ def insert_module_available_permissions(module_code, perm_object_code): VALUES({module.id_module}, {perm_object.id_object}) ON CONFLICT DO NOTHING """ - DB.engine.execution_options(autocommit=True).execute(txt_cor_object_module) + session.execute(txt_cor_object_module) # Création d'une permission disponible pour chaque action object_actions = PERMISSION_LABEL.get(perm_object_code)["actions"] for action in object_actions: - permaction = PermAction.query.filter_by(code_action=action).one() + permaction = session.query(PermAction).filter_by(code_action=action).one() try: - perm = PermissionAvailable.query.filter_by( - module=module, object=perm_object, action=permaction - ).one() + perm = ( + session.query(PermissionAvailable) + .filter_by(module=module, object=perm_object, action=permaction) + .one() + ) except NoResultFound: perm = PermissionAvailable( module=module, @@ -154,8 +158,7 @@ def insert_module_available_permissions(module_code, perm_object_code): label=f"{ACTION_LABEL[action]} {object_label}", scope_filter=True, ) - DB.session.add(perm) - DB.session.commit() + session.add(perm) def remove_monitoring_module(module_code): diff --git a/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py b/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py index 9e160cd33..46afca08e 100644 --- a/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py +++ b/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py @@ -21,98 +21,100 @@ def upgrade(): - with op.get_context().autocommit_block(): - # Création des permissions disponibles pour chaque module - for module in installed_modules(): - process_available_permissions(module["module_code"]) + bind = op.get_bind() + session = sa.orm.Session(bind=bind) - # ######## - # Mise à jour des permissions existantes vers les sous objets - # Création des permission des sous-objets à partir des permissions contenus dans l'objet ALL - op.execute( - """ - WITH ap AS ( - SELECT o.code_object,o.id_object, tpa.id_module - FROM gn_permissions.t_permissions_available AS tpa + # Création des permissions disponibles pour chaque module + for module in installed_modules(): + process_available_permissions(module["module_code"], session=session) + + # ######## + # Mise à jour des permissions existantes vers les sous objets + # Création des permission des sous-objets à partir des permissions contenus dans l'objet ALL + op.execute( + """ + WITH ap AS ( + SELECT o.code_object,o.id_object, tpa.id_module + FROM gn_permissions.t_permissions_available AS tpa + JOIN gn_permissions.t_objects AS o + ON o.id_object = tpa.id_object AND NOT code_object = 'ALL' + JOIN gn_commons.t_modules AS tm + ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module' + JOIN gn_permissions.bib_actions AS ba + ON tpa.id_action = ba.id_action + WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U') + ), ep AS ( + SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter + FROM gn_permissions.t_permissions AS tp JOIN gn_permissions.t_objects AS o - ON o.id_object = tpa.id_object AND NOT code_object = 'ALL' + ON o.id_object = tp.id_object AND code_object = 'ALL' JOIN gn_commons.t_modules AS tm - ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module' - JOIN gn_permissions.bib_actions AS ba - ON tpa.id_action = ba.id_action - WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U') - ), ep AS ( - SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter - FROM gn_permissions.t_permissions AS tp - JOIN gn_permissions.t_objects AS o - ON o.id_object = tp.id_object AND code_object = 'ALL' - JOIN gn_commons.t_modules AS tm - ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' - ), new_p AS ( - SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter - FROM ep - JOIN ap - ON ep.id_module = ap.id_module - LEFT OUTER JOIN gn_permissions.t_permissions AS p - ON p.id_role = ep.id_role - AND p.id_action = ep.id_action - AND p.id_module = ep.id_module - AND p.id_object = ap.id_object - WHERE p.id_permission IS NULL - ) - INSERT INTO gn_permissions.t_permissions - (id_role, id_action, id_module, id_object, scope_value, sensitivity_filter) - SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter - FROM new_p; - """ + ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' + ), new_p AS ( + SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter + FROM ep + JOIN ap + ON ep.id_module = ap.id_module + LEFT OUTER JOIN gn_permissions.t_permissions AS p + ON p.id_role = ep.id_role + AND p.id_action = ep.id_action + AND p.id_module = ep.id_module + AND p.id_object = ap.id_object + WHERE p.id_permission IS NULL ) + INSERT INTO gn_permissions.t_permissions + (id_role, id_action, id_module, id_object, scope_value, sensitivity_filter) + SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter + FROM new_p; + """ + ) - # Suppression des permissions available inutile - # on conserve POUR all - # R : accès au module - # U : modification des paramètres du module - # E : Exporter les données du module - op.execute( - """ - WITH to_del AS ( - SELECT tp.* - FROM gn_permissions.t_permissions_available AS tp - JOIN gn_commons.t_modules AS tm - ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' - JOIN gn_permissions.t_objects AS o - ON o.id_object = tp.id_object AND code_object = 'ALL' - JOIN gn_permissions.bib_actions AS ba - ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U') - ) - DELETE FROM gn_permissions.t_permissions_available AS tp - USING to_del td - WHERE tp.id_module = td.id_module - AND tp.id_object = td.id_object - AND tp.id_action = td.id_action - AND tp."label" = td."label" - AND tp.scope_filter = td.scope_filter - AND tp.sensitivity_filter = td.sensitivity_filter; + # Suppression des permissions available inutile + # on conserve POUR all + # R : accès au module + # U : modification des paramètres du module + # E : Exporter les données du module + op.execute( """ + WITH to_del AS ( + SELECT tp.* + FROM gn_permissions.t_permissions_available AS tp + JOIN gn_commons.t_modules AS tm + ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' + JOIN gn_permissions.t_objects AS o + ON o.id_object = tp.id_object AND code_object = 'ALL' + JOIN gn_permissions.bib_actions AS ba + ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U') ) + DELETE FROM gn_permissions.t_permissions_available AS tp + USING to_del td + WHERE tp.id_module = td.id_module + AND tp.id_object = td.id_object + AND tp.id_action = td.id_action + AND tp."label" = td."label" + AND tp.scope_filter = td.scope_filter + AND tp.sensitivity_filter = td.sensitivity_filter; + """ + ) - # Suppression des permissions qui ne sont pas dans les permissions available - op.execute( - """ - WITH to_del AS ( - SELECT tp.id_permission - FROM gn_permissions.t_permissions AS tp - JOIN gn_commons.t_modules AS tm - ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' - LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta - ON tp.id_action = ta.id_action - AND tp.id_module = ta.id_module - AND tp.id_object = ta.id_object - WHERE ta.id_module IS NULL - ) - DELETE FROM gn_permissions.t_permissions AS tp - WHERE tp.id_permission IN (SELECT id_permission FROM to_del); + # Suppression des permissions qui ne sont pas dans les permissions available + op.execute( """ + WITH to_del AS ( + SELECT tp.id_permission + FROM gn_permissions.t_permissions AS tp + JOIN gn_commons.t_modules AS tm + ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' + LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta + ON tp.id_action = ta.id_action + AND tp.id_module = ta.id_module + AND tp.id_object = ta.id_object + WHERE ta.id_module IS NULL ) + DELETE FROM gn_permissions.t_permissions AS tp + WHERE tp.id_permission IN (SELECT id_permission FROM to_del); + """ + ) def downgrade():