Skip to content

Commit

Permalink
Bind session to insert_module_available_permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@amandine-sahl
amandine-sahl committed Nov 6, 2023
1 parent fd4ed16 commit dfb69c9
Show file tree
Hide file tree
Showing 3 changed files with 107 additions and 98 deletions.
10 changes: 7 additions & 3 deletions backend/gn_module_monitoring/command/cmd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,8 @@ def cmd_install_monitoring_module(module_code):
DB.session.commit()

# Ajouter les permissions disponibles
process_available_permissions(module_code)
process_available_permissions(module_code, session=DB.session)
DB.session.commit()

#  run specific sql
if (module_config_dir_path / "synthese.sql").exists:
Expand Down Expand Up @@ -196,10 +197,13 @@ def cmd_process_available_permission_module(module_code):
"""

if module_code:
return process_available_permissions(module_code)
process_available_permissions(module_code, session=DB.session)
DB.session.commit()
return

for module in installed_modules():
process_available_permissions(module["module_code"])
process_available_permissions(module["module_code"], session=DB.session)
DB.session.commit()


@click.command("remove")
Expand Down
29 changes: 16 additions & 13 deletions backend/gn_module_monitoring/command/utils.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ def process_export_csv(module_code=None):
print("{} - export csv erreur dans le script {} : {}".format(module_code, f, e))


def process_available_permissions(module_code):
def process_available_permissions(module_code, session):
try:
module = get_module("module_code", module_code)
except Exception:
Expand All @@ -107,25 +107,27 @@ def process_available_permissions(module_code):
# Insert permission object
for permission_object_code in module_objects:
print(f"Création des permissions pour {module_code} : {permission_object_code}")
insert_module_available_permissions(module_code, permission_level[permission_object_code])
insert_module_available_permissions(
module_code, permission_level[permission_object_code], session=session
)


def insert_module_available_permissions(module_code, perm_object_code):
def insert_module_available_permissions(module_code, perm_object_code, session):
object_label = PERMISSION_LABEL.get(perm_object_code)["label"]

if not object_label:
print(f"L'object {perm_object_code} n'est pas traité")

try:
module = TModules.query.filter_by(module_code=module_code).one()
module = session.query(TModules).filter_by(module_code=module_code).one()
except NoResultFound:
print(f"Le module {module_code} n'est pas présent")
return

try:
perm_object = PermObject.query.filter_by(code_object=perm_object_code).one()
perm_object = session.query(PermObject).filter_by(code_object=perm_object_code).one()
except NoResultFound:
print(f"L'object de permission {module_code} n'est pas présent")
print(f"L'object de permission {perm_object_code} n'est pas présent")
return

txt_cor_object_module = f"""
Expand All @@ -136,16 +138,18 @@ def insert_module_available_permissions(module_code, perm_object_code):
VALUES({module.id_module}, {perm_object.id_object})
ON CONFLICT DO NOTHING
"""
DB.engine.execution_options(autocommit=True).execute(txt_cor_object_module)
session.execute(txt_cor_object_module)

# Création d'une permission disponible pour chaque action
object_actions = PERMISSION_LABEL.get(perm_object_code)["actions"]
for action in object_actions:
permaction = PermAction.query.filter_by(code_action=action).one()
permaction = session.query(PermAction).filter_by(code_action=action).one()
try:
perm = PermissionAvailable.query.filter_by(
module=module, object=perm_object, action=permaction
).one()
perm = (
session.query(PermissionAvailable)
.filter_by(module=module, object=perm_object, action=permaction)
.one()
)
except NoResultFound:
perm = PermissionAvailable(
module=module,
Expand All @@ -154,8 +158,7 @@ def insert_module_available_permissions(module_code, perm_object_code):
label=f"{ACTION_LABEL[action]} {object_label}",
scope_filter=True,
)
DB.session.add(perm)
DB.session.commit()
session.add(perm)


def remove_monitoring_module(module_code):
Expand Down
166 changes: 84 additions & 82 deletions backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,98 +21,100 @@


def upgrade():
with op.get_context().autocommit_block():
# Création des permissions disponibles pour chaque module
for module in installed_modules():
process_available_permissions(module["module_code"])
bind = op.get_bind()
session = sa.orm.Session(bind=bind)

# ########
# Mise à jour des permissions existantes vers les sous objets
# Création des permission des sous-objets à partir des permissions contenus dans l'objet ALL
op.execute(
"""
WITH ap AS (
SELECT o.code_object,o.id_object, tpa.id_module
FROM gn_permissions.t_permissions_available AS tpa
# Création des permissions disponibles pour chaque module
for module in installed_modules():
process_available_permissions(module["module_code"], session=session)

# ########
# Mise à jour des permissions existantes vers les sous objets
# Création des permission des sous-objets à partir des permissions contenus dans l'objet ALL
op.execute(
"""
WITH ap AS (
SELECT o.code_object,o.id_object, tpa.id_module
FROM gn_permissions.t_permissions_available AS tpa
JOIN gn_permissions.t_objects AS o
ON o.id_object = tpa.id_object AND NOT code_object = 'ALL'
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module'
JOIN gn_permissions.bib_actions AS ba
ON tpa.id_action = ba.id_action
WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U')
), ep AS (
SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter
FROM gn_permissions.t_permissions AS tp
JOIN gn_permissions.t_objects AS o
ON o.id_object = tpa.id_object AND NOT code_object = 'ALL'
ON o.id_object = tp.id_object AND code_object = 'ALL'
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module'
JOIN gn_permissions.bib_actions AS ba
ON tpa.id_action = ba.id_action
WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U')
), ep AS (
SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter
FROM gn_permissions.t_permissions AS tp
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object AND code_object = 'ALL'
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
), new_p AS (
SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter
FROM ep
JOIN ap
ON ep.id_module = ap.id_module
LEFT OUTER JOIN gn_permissions.t_permissions AS p
ON p.id_role = ep.id_role
AND p.id_action = ep.id_action
AND p.id_module = ep.id_module
AND p.id_object = ap.id_object
WHERE p.id_permission IS NULL
)
INSERT INTO gn_permissions.t_permissions
(id_role, id_action, id_module, id_object, scope_value, sensitivity_filter)
SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter
FROM new_p;
"""
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
), new_p AS (
SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter
FROM ep
JOIN ap
ON ep.id_module = ap.id_module
LEFT OUTER JOIN gn_permissions.t_permissions AS p
ON p.id_role = ep.id_role
AND p.id_action = ep.id_action
AND p.id_module = ep.id_module
AND p.id_object = ap.id_object
WHERE p.id_permission IS NULL
)
INSERT INTO gn_permissions.t_permissions
(id_role, id_action, id_module, id_object, scope_value, sensitivity_filter)
SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter
FROM new_p;
"""
)

# Suppression des permissions available inutile
# on conserve POUR all
# R : accès au module
# U : modification des paramètres du module
# E : Exporter les données du module
op.execute(
"""
WITH to_del AS (
SELECT tp.*
FROM gn_permissions.t_permissions_available AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object AND code_object = 'ALL'
JOIN gn_permissions.bib_actions AS ba
ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U')
)
DELETE FROM gn_permissions.t_permissions_available AS tp
USING to_del td
WHERE tp.id_module = td.id_module
AND tp.id_object = td.id_object
AND tp.id_action = td.id_action
AND tp."label" = td."label"
AND tp.scope_filter = td.scope_filter
AND tp.sensitivity_filter = td.sensitivity_filter;
# Suppression des permissions available inutile
# on conserve POUR all
# R : accès au module
# U : modification des paramètres du module
# E : Exporter les données du module
op.execute(
"""
WITH to_del AS (
SELECT tp.*
FROM gn_permissions.t_permissions_available AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object AND code_object = 'ALL'
JOIN gn_permissions.bib_actions AS ba
ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U')
)
DELETE FROM gn_permissions.t_permissions_available AS tp
USING to_del td
WHERE tp.id_module = td.id_module
AND tp.id_object = td.id_object
AND tp.id_action = td.id_action
AND tp."label" = td."label"
AND tp.scope_filter = td.scope_filter
AND tp.sensitivity_filter = td.sensitivity_filter;
"""
)

# Suppression des permissions qui ne sont pas dans les permissions available
op.execute(
"""
WITH to_del AS (
SELECT tp.id_permission
FROM gn_permissions.t_permissions AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta
ON tp.id_action = ta.id_action
AND tp.id_module = ta.id_module
AND tp.id_object = ta.id_object
WHERE ta.id_module IS NULL
)
DELETE FROM gn_permissions.t_permissions AS tp
WHERE tp.id_permission IN (SELECT id_permission FROM to_del);
# Suppression des permissions qui ne sont pas dans les permissions available
op.execute(
"""
WITH to_del AS (
SELECT tp.id_permission
FROM gn_permissions.t_permissions AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta
ON tp.id_action = ta.id_action
AND tp.id_module = ta.id_module
AND tp.id_object = ta.id_object
WHERE ta.id_module IS NULL
)
DELETE FROM gn_permissions.t_permissions AS tp
WHERE tp.id_permission IN (SELECT id_permission FROM to_del);
"""
)


def downgrade():
Expand Down

0 comments on commit dfb69c9

Please sign in to comment.