Skip to content

Commit

Permalink
Utilisation d'une commande plutôt qu'une migration pour transferer le…
Browse files Browse the repository at this point in the history
…s données de permissions
  • Loading branch information
amandine-sahl committed Jan 19, 2024
1 parent af94d17 commit 8f7d439
Show file tree
Hide file tree
Showing 4 changed files with 158 additions and 130 deletions.
25 changes: 25 additions & 0 deletions backend/gn_module_monitoring/command/cmd.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
add_nomenclature,
available_modules,
installed_modules,
clean_existing_permissions,
)


Expand Down Expand Up @@ -183,6 +184,29 @@ def cmd_install_monitoring_module(module_code):
return


@click.command("clean_existing_permissions")
@click.argument("module_code", required=False, default="")
@with_appcontext
def cmd_clean_existing_permissions(module_code):
"""
Nettoyage des permissions disponibles
Mise à jour des objets permissions associés au module
Transfert des droits pour les utilisateurs
Nettoyages des permissions et des permissions disponibles
"""
if module_code:
process_available_permissions(module_code, session=DB.session)
clean_existing_permissions(module_code, session=DB.session)
DB.session.commit()
return

for module in installed_modules():
process_available_permissions(module["module_code"], session=DB.session)
clean_existing_permissions(module["module_code"], session=DB.session)
DB.session.commit()


@click.command("update_module_available_permissions")
@click.argument("module_code", required=False, default="")
@with_appcontext
Expand Down Expand Up @@ -260,4 +284,5 @@ def synchronize_synthese(module_code, offset):
cmd_add_module_nomenclature_cli,
cmd_process_all,
synchronize_synthese,
cmd_clean_existing_permissions,
]
131 changes: 131 additions & 0 deletions backend/gn_module_monitoring/command/utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -116,6 +116,137 @@ def process_available_permissions(module_code, session):
)


def clean_existing_permissions(module_code, session):
try:
module = session.scalars(select(TModules).where(TModules.module_code == module_code)).one()
except NoResultFound:
print(f"Le module {module_code} n'est pas présent")
return
print(f" Reprise des permissions du module {module_code}")
# ########
# Mise à jour des permissions existantes vers les sous objets
# Création des permissions des sous-objets à partir des permissions contenus dans l'objet ALL
print(
" Création des permissions des sous-objets à partir des permissions contenus dans l'objet ALL"
)
session.execute(
text(
"""
WITH ap AS (
SELECT o.code_object,o.id_object, tpa.id_module
FROM gn_permissions.t_permissions_available AS tpa
JOIN gn_permissions.t_objects AS o
ON o.id_object = tpa.id_object AND NOT code_object = 'ALL'
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tpa.id_module AND tm.module_code = :module_code
JOIN gn_permissions.bib_actions AS ba
ON tpa.id_action = ba.id_action
WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U')
), ep AS (
SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter
FROM gn_permissions.t_permissions AS tp
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm.module_code = :module_code
), new_p AS (
SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter
FROM ep
JOIN ap
ON ep.id_module = ap.id_module
LEFT OUTER JOIN gn_permissions.t_permissions AS p
ON p.id_role = ep.id_role
AND p.id_action = ep.id_action
AND p.id_module = ep.id_module
AND p.id_object = ap.id_object
WHERE p.id_permission IS NULL
)
INSERT INTO gn_permissions.t_permissions
(id_role, id_action, id_module, id_object, scope_value, sensitivity_filter)
SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter
FROM new_p;
"""
).bindparams(module_code=module_code)
)

# Suppression des permissions available inutile
# on conserve POUR all
# R : accès au module
# U : modification des paramètres du module
# E : Exporter les données du module
print(" Suppression des permissions available inutile")
session.execute(
text(
"""
WITH to_del AS (
SELECT tp.*
FROM gn_permissions.t_permissions_available AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = :module_code
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object AND code_object = 'ALL'
JOIN gn_permissions.bib_actions AS ba
ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U')
)
DELETE FROM gn_permissions.t_permissions_available AS tp
USING to_del td
WHERE tp.id_module = td.id_module
AND tp.id_object = td.id_object
AND tp.id_action = td.id_action
AND tp."label" = td."label"
AND tp.scope_filter = td.scope_filter
AND tp.sensitivity_filter = td.sensitivity_filter;
"""
).bindparams(module_code=module_code)
)
# Suppression des objects ALL
print(" Suppression des objects ALL")
session.execute(
text(
"""
WITH to_del AS (
SELECT tp.*
FROM gn_permissions.t_permissions_available AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm.module_code = :module_code
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object AND code_object = 'ALL'
)
DELETE FROM gn_permissions.t_permissions_available AS tp
USING to_del td
WHERE tp.id_module = td.id_module
AND tp.id_object = td.id_object
AND tp.id_action = td.id_action
AND tp."label" = td."label"
AND tp.scope_filter = td.scope_filter
AND tp.sensitivity_filter = td.sensitivity_filter;
"""
).bindparams(module_code=module_code)
)

# Suppression des permissions qui ne sont pas dans les permissions available
print(" Suppression des permissions qui ne sont pas dans les permissions available")
session.execute(
text(
"""
WITH to_del AS (
SELECT tp.id_permission
FROM gn_permissions.t_permissions AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm.module_code = :module_code
LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta
ON tp.id_action = ta.id_action
AND tp.id_module = ta.id_module
AND tp.id_object = ta.id_object
WHERE ta.id_module IS NULL
)
DELETE FROM gn_permissions.t_permissions AS tp
WHERE tp.id_permission IN (SELECT id_permission FROM to_del);
"""
).bindparams(module_code=module_code)
)


def insert_module_available_permissions(module_code, perm_object_code, session):
object_label = PERMISSION_LABEL.get(perm_object_code)["label"]

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,42 +18,7 @@

def upgrade():
# Suppression des permissions available de ALL pour les modules monitorings
op.execute(
"""
WITH to_del AS (
SELECT tp.*
FROM gn_permissions.t_permissions_available AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object AND code_object = 'ALL'
)
DELETE FROM gn_permissions.t_permissions_available AS tp
USING to_del td
WHERE tp.id_module = td.id_module
AND tp.id_object = td.id_object
AND tp.id_action = td.id_action
AND tp."label" = td."label"
AND tp.scope_filter = td.scope_filter
AND tp.sensitivity_filter = td.sensitivity_filter;
"""
)

# Suppression des permissions de ALL pour les modules monitorings
op.execute(
"""
WITH to_del AS (
SELECT DISTINCT tp.id_permission
FROM gn_permissions.t_permissions AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object AND code_object = 'ALL'
)
DELETE FROM gn_permissions.t_permissions AS tp
WHERE tp.id_permission IN (SELECT id_permission FROM to_del);
"""
)
pass


def downgrade():
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,100 +21,7 @@


def upgrade():
bind = op.get_bind()
session = sa.orm.Session(bind=bind)

# Création des permissions disponibles pour chaque module
for module in installed_modules(session):
process_available_permissions(module["module_code"], session=session)

# ########
# Mise à jour des permissions existantes vers les sous objets
# Création des permission des sous-objets à partir des permissions contenus dans l'objet ALL
op.execute(
"""
WITH ap AS (
SELECT o.code_object,o.id_object, tpa.id_module
FROM gn_permissions.t_permissions_available AS tpa
JOIN gn_permissions.t_objects AS o
ON o.id_object = tpa.id_object AND NOT code_object = 'ALL'
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tpa.id_module AND tm."type" = 'monitoring_module'
JOIN gn_permissions.bib_actions AS ba
ON tpa.id_action = ba.id_action
WHERE NOT (code_object = 'MONITORINGS_MODULES' AND ba.code_action = 'U')
), ep AS (
SELECT id_role, id_action, tp.id_module , tp.id_object, scope_value, sensitivity_filter
FROM gn_permissions.t_permissions AS tp
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object AND code_object = 'ALL'
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
), new_p AS (
SELECT DISTINCT ep.id_role, ep.id_action, ep.id_module, ap.id_object, ep.scope_value, ep.sensitivity_filter
FROM ep
JOIN ap
ON ep.id_module = ap.id_module
LEFT OUTER JOIN gn_permissions.t_permissions AS p
ON p.id_role = ep.id_role
AND p.id_action = ep.id_action
AND p.id_module = ep.id_module
AND p.id_object = ap.id_object
WHERE p.id_permission IS NULL
)
INSERT INTO gn_permissions.t_permissions
(id_role, id_action, id_module, id_object, scope_value, sensitivity_filter)
SELECT id_role, id_action, id_module, id_object, scope_value, sensitivity_filter
FROM new_p;
"""
)

# Suppression des permissions available inutile
# on conserve POUR all
# R : accès au module
# U : modification des paramètres du module
# E : Exporter les données du module
op.execute(
"""
WITH to_del AS (
SELECT tp.*
FROM gn_permissions.t_permissions_available AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
JOIN gn_permissions.t_objects AS o
ON o.id_object = tp.id_object AND code_object = 'ALL'
JOIN gn_permissions.bib_actions AS ba
ON tp.id_action = ba.id_action AND NOT ba.code_action IN ('R', 'E', 'U')
)
DELETE FROM gn_permissions.t_permissions_available AS tp
USING to_del td
WHERE tp.id_module = td.id_module
AND tp.id_object = td.id_object
AND tp.id_action = td.id_action
AND tp."label" = td."label"
AND tp.scope_filter = td.scope_filter
AND tp.sensitivity_filter = td.sensitivity_filter;
"""
)

# Suppression des permissions qui ne sont pas dans les permissions available
op.execute(
"""
WITH to_del AS (
SELECT tp.id_permission
FROM gn_permissions.t_permissions AS tp
JOIN gn_commons.t_modules AS tm
ON tm.id_module = tp.id_module AND tm."type" = 'monitoring_module'
LEFT OUTER JOIN gn_permissions.t_permissions_available AS ta
ON tp.id_action = ta.id_action
AND tp.id_module = ta.id_module
AND tp.id_object = ta.id_object
WHERE ta.id_module IS NULL
)
DELETE FROM gn_permissions.t_permissions AS tp
WHERE tp.id_permission IN (SELECT id_permission FROM to_del);
"""
)
pass


def downgrade():
Expand Down

0 comments on commit 8f7d439

Please sign in to comment.