Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(permissions): declare available permissions #232

Merged
merged 1 commit into from
Jun 27, 2023
Merged

feat(permissions): declare available permissions #232

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 92 additions & 0 deletions backend/gn_module_monitoring/migrations/fc90d31c677f_declare_available_permissions.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
"""declare available permissions

Revision ID: fc90d31c677f
Revises: e78003460441
Create Date: 2023-06-09 10:32:21.008918

"""
from alembic import op
import sqlalchemy as sa


# revision identifiers, used by Alembic.
revision = "fc90d31c677f"
down_revision = "e78003460441"
branch_labels = None
depends_on = ("f051b88a57fd",)


def upgrade():
op.execute(
"""
INSERT INTO
gn_permissions.t_permissions_available (
id_module,
id_object,
id_action,
label,
scope_filter
)
SELECT
m.id_module,
o.id_object,
a.id_action,
v.label,
v.scope_filter
FROM
(
VALUES
('MONITORINGS', 'ALL', 'R', False, 'Accéder à monitoring')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A renommer "Accéder au module", en cohérence avec Modulator

) AS v (module_code, object_code, action_code, scope_filter, label)
JOIN
gn_commons.t_modules m ON m.module_code = v.module_code
JOIN
gn_permissions.t_objects o ON o.code_object = v.object_code
JOIN
gn_permissions.bib_actions a ON a.code_action = v.action_code
"""
)
op.execute(
"""
WITH bad_permissions AS (
SELECT
p.id_permission
FROM
gn_permissions.t_permissions p
JOIN gn_commons.t_modules m
USING (id_module)
WHERE
m.module_code = 'MONITORINGS'
EXCEPT
SELECT
p.id_permission
FROM
gn_permissions.t_permissions p
JOIN gn_permissions.t_permissions_available pa ON
(p.id_module = pa.id_module
AND p.id_object = pa.id_object
AND p.id_action = pa.id_action)
)
DELETE
FROM
gn_permissions.t_permissions p
USING bad_permissions bp
WHERE
bp.id_permission = p.id_permission;
"""
)


def downgrade():
op.execute(
"""
DELETE FROM
gn_permissions.t_permissions_available pa
USING
gn_commons.t_modules m
WHERE
pa.id_module = m.id_module
AND
module_code = 'MONITORINGS'
"""
)