diff --git a/backend/gn_module_monitoring/command/cmd.py b/backend/gn_module_monitoring/command/cmd.py index 5a5a82909..0d40a3df8 100644 --- a/backend/gn_module_monitoring/command/cmd.py +++ b/backend/gn_module_monitoring/command/cmd.py @@ -138,7 +138,8 @@ def cmd_install_monitoring_module(module_code): DB.session.commit() # Ajouter les permissions disponibles - process_available_permissions(module_code) + process_available_permissions(module_code, session=DB.session) + DB.session.commit() #  run specific sql if (module_config_dir_path / "synthese.sql").exists: @@ -196,10 +197,13 @@ def cmd_process_available_permission_module(module_code): """ if module_code: - return process_available_permissions(module_code) + process_available_permissions(module_code, session=DB.session) + DB.session.commit() + return for module in installed_modules(): - process_available_permissions(module["module_code"]) + process_available_permissions(module["module_code"], session=DB.session) + DB.session.commit() @click.command("remove") diff --git a/backend/gn_module_monitoring/command/utils.py b/backend/gn_module_monitoring/command/utils.py index b91b700fd..f661ebc3f 100644 --- a/backend/gn_module_monitoring/command/utils.py +++ b/backend/gn_module_monitoring/command/utils.py @@ -86,7 +86,7 @@ def process_export_csv(module_code=None): print("{} - export csv erreur dans le script {} : {}".format(module_code, f, e)) -def process_available_permissions(module_code): +def process_available_permissions(module_code, session): try: module = get_module("module_code", module_code) except Exception: @@ -107,25 +107,27 @@ def process_available_permissions(module_code): # Insert permission object for permission_object_code in module_objects: print(f"Création des permissions pour {module_code} : {permission_object_code}") - insert_module_available_permissions(module_code, permission_level[permission_object_code]) + insert_module_available_permissions( + module_code, permission_level[permission_object_code], session=session + ) -def insert_module_available_permissions(module_code, perm_object_code): +def insert_module_available_permissions(module_code, perm_object_code, session): object_label = PERMISSION_LABEL.get(perm_object_code)["label"] if not object_label: print(f"L'object {perm_object_code} n'est pas traité") try: - module = TModules.query.filter_by(module_code=module_code).one() + module = session.query(TModules).filter_by(module_code=module_code).one() except NoResultFound: print(f"Le module {module_code} n'est pas présent") return try: - perm_object = PermObject.query.filter_by(code_object=perm_object_code).one() + perm_object = session.query(PermObject).filter_by(code_object=perm_object_code).one() except NoResultFound: - print(f"L'object de permission {module_code} n'est pas présent") + print(f"L'object de permission {perm_object_code} n'est pas présent") return txt_cor_object_module = f""" @@ -136,16 +138,18 @@ def insert_module_available_permissions(module_code, perm_object_code): VALUES({module.id_module}, {perm_object.id_object}) ON CONFLICT DO NOTHING """ - DB.engine.execution_options(autocommit=True).execute(txt_cor_object_module) + session.execute(txt_cor_object_module) # Création d'une permission disponible pour chaque action object_actions = PERMISSION_LABEL.get(perm_object_code)["actions"] for action in object_actions: - permaction = PermAction.query.filter_by(code_action=action).one() + permaction = session.query(PermAction).filter_by(code_action=action).one() try: - perm = PermissionAvailable.query.filter_by( - module=module, object=perm_object, action=permaction - ).one() + perm = ( + session.query(PermissionAvailable) + .filter_by(module=module, object=perm_object, action=permaction) + .one() + ) except NoResultFound: perm = PermissionAvailable( module=module, @@ -154,8 +158,7 @@ def insert_module_available_permissions(module_code, perm_object_code): label=f"{ACTION_LABEL[action]} {object_label}", scope_filter=True, ) - DB.session.add(perm) - DB.session.commit() + session.add(perm) def remove_monitoring_module(module_code): diff --git a/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py b/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py index 9e160cd33..46afca08e 100644 --- a/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py +++ b/backend/gn_module_monitoring/migrations/c1528c94d350_upgrade_existing_permissions.py @@ -21,98 +21,100 @@ def upgrade(): - with op.get_context().autocommit_block(): - # Création des permissions disponibles pour chaque module - for module in installed_modules(): - process_available_permissions(module["module_code"]) + bind = op.get_bind() + session = sa.orm.Session(bind=bind) - # ######## - # Mise à jour des permissions existantes vers les sous objets - # Création des permission des sous-objets à partir des permissions contenus dans l'objet ALL - op.execute( - """ - WITH ap AS ( - SELECT o.code_object,o.id_object, tpa.id_module - FROM gn_permissions.t_permissions_available AS tpa + # Création des permissions disponibles pour chaque module + for module in installed_modules(): + process_available_permissions(module["module_code"], session=session) + + # ######## + # Mise à jour des permissions existantes vers les sous objets + # Création des permission des sous-objets à partir des permissions contenus dans l'objet ALL + op.execute( + """ + WITH ap AS ( + SELECT o.code_object,o.id_object, tpa.id_module + FROM gn_permissions.t_permissions_available AS tpa + JOIN gn_permissions.t_objects AS o + ON o.id_object = tpa.id_object AND NOT code_object = 'ALL' + JOIN gn_commons.t_modules AS tm + ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module' + JOIN gn_permissions.bib_actions AS ba + ON tpa.id_action = ba.id_action + WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U') + ), ep AS ( + SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter + FROM gn_permissions.t_permissions AS tp JOIN gn_permissions.t_objects AS o - ON o.id_object = tpa.id_object AND NOT code_object = 'ALL' + ON o.id_object = tp.id_object AND code_object = 'ALL' JOIN gn_commons.t_modules AS tm - ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module' - JOIN gn_permissions.bib_actions AS ba - ON tpa.id_action = ba.id_action - WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U') - ), ep AS ( - SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter - FROM gn_permissions.t_permissions AS tp - JOIN gn_permissions.t_objects AS o - ON o.id_object = tp.id_object AND code_object = 'ALL' - JOIN gn_commons.t_modules AS tm - ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' - ), new_p AS ( - SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter - FROM ep - JOIN ap - ON ep.id_module = ap.id_module - LEFT OUTER JOIN gn_permissions.t_permissions AS p - ON p.id_role = ep.id_role - AND p.id_action = ep.id_action - AND p.id_module = ep.id_module - AND p.id_object = ap.id_object - WHERE p.id_permission IS NULL - ) - INSERT INTO gn_permissions.t_permissions - (id_role, id_action, id_module, id_object, scope_value, sensitivity_filter) - SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter - FROM new_p; - """ + ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' + ), new_p AS ( + SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter + FROM ep + JOIN ap + ON ep.id_module = ap.id_module + LEFT OUTER JOIN gn_permissions.t_permissions AS p + ON p.id_role = ep.id_role + AND p.id_action = ep.id_action + AND p.id_module = ep.id_module + AND p.id_object = ap.id_object + WHERE p.id_permission IS NULL ) + INSERT INTO gn_permissions.t_permissions + (id_role, id_action, id_module, id_object, scope_value, sensitivity_filter) + SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter + FROM new_p; + """ + ) - # Suppression des permissions available inutile - # on conserve POUR all - # R : accès au module - # U : modification des paramètres du module - # E : Exporter les données du module - op.execute( - """ - WITH to_del AS ( - SELECT tp.* - FROM gn_permissions.t_permissions_available AS tp - JOIN gn_commons.t_modules AS tm - ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' - JOIN gn_permissions.t_objects AS o - ON o.id_object = tp.id_object AND code_object = 'ALL' - JOIN gn_permissions.bib_actions AS ba - ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U') - ) - DELETE FROM gn_permissions.t_permissions_available AS tp - USING to_del td - WHERE tp.id_module = td.id_module - AND tp.id_object = td.id_object - AND tp.id_action = td.id_action - AND tp."label" = td."label" - AND tp.scope_filter = td.scope_filter - AND tp.sensitivity_filter = td.sensitivity_filter; + # Suppression des permissions available inutile + # on conserve POUR all + # R : accès au module + # U : modification des paramètres du module + # E : Exporter les données du module + op.execute( """ + WITH to_del AS ( + SELECT tp.* + FROM gn_permissions.t_permissions_available AS tp + JOIN gn_commons.t_modules AS tm + ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' + JOIN gn_permissions.t_objects AS o + ON o.id_object = tp.id_object AND code_object = 'ALL' + JOIN gn_permissions.bib_actions AS ba + ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U') ) + DELETE FROM gn_permissions.t_permissions_available AS tp + USING to_del td + WHERE tp.id_module = td.id_module + AND tp.id_object = td.id_object + AND tp.id_action = td.id_action + AND tp."label" = td."label" + AND tp.scope_filter = td.scope_filter + AND tp.sensitivity_filter = td.sensitivity_filter; + """ + ) - # Suppression des permissions qui ne sont pas dans les permissions available - op.execute( - """ - WITH to_del AS ( - SELECT tp.id_permission - FROM gn_permissions.t_permissions AS tp - JOIN gn_commons.t_modules AS tm - ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' - LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta - ON tp.id_action = ta.id_action - AND tp.id_module = ta.id_module - AND tp.id_object = ta.id_object - WHERE ta.id_module IS NULL - ) - DELETE FROM gn_permissions.t_permissions AS tp - WHERE tp.id_permission IN (SELECT id_permission FROM to_del); + # Suppression des permissions qui ne sont pas dans les permissions available + op.execute( """ + WITH to_del AS ( + SELECT tp.id_permission + FROM gn_permissions.t_permissions AS tp + JOIN gn_commons.t_modules AS tm + ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module' + LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta + ON tp.id_action = ta.id_action + AND tp.id_module = ta.id_module + AND tp.id_object = ta.id_object + WHERE ta.id_module IS NULL ) + DELETE FROM gn_permissions.t_permissions AS tp + WHERE tp.id_permission IN (SELECT id_permission FROM to_del); + """ + ) def downgrade():