diff --git a/backend/gn_modulator/routes/utils/repository.py b/backend/gn_modulator/routes/utils/repository.py index 416827ac..c83cc61e 100644 --- a/backend/gn_modulator/routes/utils/repository.py +++ b/backend/gn_modulator/routes/utils/repository.py @@ -13,6 +13,8 @@ def get_list_rest(module_code, object_code, additional_params={}): schema_code = ModuleMethods.schema_code(module_code, object_code) sm = SchemaMethods(schema_code) + id_role = g.current_user.id_role + # on peut redéfinir le module_code pour le choix des droits permission_module_code = object_definition.get("module_code", module_code) params = {**parse_request_args(object_definition), **additional_params} @@ -22,7 +24,11 @@ def get_list_rest(module_code, object_code, additional_params={}): {} if params.get("no_info") else sm.get_query_infos( - module_code=permission_module_code, action=action, params=params, url=request.url + module_code=permission_module_code, + action=action, + params=params, + url=request.url, + id_role=id_role, ) ) @@ -32,11 +38,12 @@ def get_list_rest(module_code, object_code, additional_params={}): action=action, params=params, query_type="select", + id_role=id_role, ) if params.get("sql"): # test si droit admin - if not has_any_permissions("R", g.current_user.id_role, "MODULATOR", "ADMIN"): + if not has_any_permissions("R", id_role, "MODULATOR", "ADMIN"): return ( "Vous n'avez pas les droit pour effectuer des actions d'admin pour le module MODULATOR", 403, @@ -70,7 +77,7 @@ def get_one_rest(module_code, object_code, value): object_definition = ModuleMethods.object_config(module_code, object_code) schema_code = ModuleMethods.schema_code(module_code, object_code) sm = SchemaMethods(schema_code) - + id_role = g.current_user.id_role params = parse_request_args(object_definition) permission_module_code = object_definition.get("module_code", module_code) @@ -82,6 +89,7 @@ def get_one_rest(module_code, object_code, value): module_code=permission_module_code, action="R", params=params, + id_role=id_role, ) m = q.one() @@ -119,6 +127,7 @@ def patch_rest(module_code, object_code, value): object_definition = ModuleMethods.object_config(module_code, object_code) schema_code = ModuleMethods.schema_code(module_code, object_code) sm = SchemaMethods(schema_code) + id_role = g.current_user.id_role permission_module_code = object_definition.get("module_code", module_code) @@ -136,6 +145,7 @@ def patch_rest(module_code, object_code, value): params=params, authorized_write_fields=authorized_write_fields, commit=True, + id_role=id_role, ) except sm.errors.SchemaUnsufficientCruvedRigth as e: @@ -150,6 +160,8 @@ def delete_rest(module_code, object_code, value): object_definition = ModuleMethods.object_config(module_code, object_code) schema_code = ModuleMethods.schema_code(module_code, object_code) sm = SchemaMethods(schema_code) + id_role = g.current_user.id_role + permission_module_code = object_definition.get("module_code", module_code) params = parse_request_args(object_definition) @@ -164,7 +176,11 @@ def delete_rest(module_code, object_code, value): try: sm.delete_row( - value, module_code=module_code, field_name=params.get("field_name"), commit=True + value, + module_code=module_code, + field_name=params.get("field_name"), + commit=True, + id_role=id_role, ) except sm.errors.SchemaUnsufficientCruvedRigth as e: @@ -172,19 +188,23 @@ def delete_rest(module_code, object_code, value): return dict_out - pass - def get_page_number_and_list(module_code, object_code, value): object_definition = ModuleMethods.object_config(module_code, object_code) schema_code = ModuleMethods.schema_code(module_code, object_code) sm = SchemaMethods(schema_code) - + id_role = g.current_user.id_role permission_module_code = object_definition.get("module_code", module_code) params = parse_request_args(object_definition) page_number = sm.get_page_number( - value, permission_module_code, params.get("action") or "R", params + value, + permission_module_code, + params.get("action") or "R", + params, + id_role=id_role, ) - return get_list_rest(module_code, object_code, additional_params={"page": page_number}) + return get_list_rest( + module_code, object_code, additional_params={"page": page_number}, id_role=id_role + ) diff --git a/backend/gn_modulator/schema/repositories.py b/backend/gn_modulator/schema/repositories.py index 6d065834..02368e08 100644 --- a/backend/gn_modulator/schema/repositories.py +++ b/backend/gn_modulator/schema/repositories.py @@ -49,6 +49,7 @@ def get_row( action="R", params={}, query_type="all", + id_role=None, ): """ return query get one row (Model. == value) @@ -76,6 +77,7 @@ def get_row( action=action, params=params_query, query_type=query_type, + id_role=id_role, ) return query @@ -173,6 +175,7 @@ def update_row( params={}, authorized_write_fields=None, commit=True, + id_role=None, ): """ update row (Model. == value) with data @@ -188,6 +191,7 @@ def update_row( action="U", params=params, query_type="update", + id_role=id_role, ) m = q.one() @@ -210,6 +214,7 @@ def delete_row( params={}, commit=True, multiple=False, + id_role=None, ): """ delete row (Model. == value) @@ -221,6 +226,7 @@ def delete_row( action="D", params=params, query_type="delete", + id_role=id_role, ) # https://stackoverflow.com/questions/49794899/flask-sqlalchemy-delete-query-failing-with-could-not-evaluate-current-criteria?noredirect=1&lq=1 @@ -233,13 +239,16 @@ def delete_row( db.session.commit() return None - def get_query_infos(self, module_code=MODULE_CODE, action="R", params={}, url=None): + def get_query_infos( + self, module_code=MODULE_CODE, action="R", params={}, url=None, id_role=None + ): subquery_count_total = query_list( self.Model(), module_code=module_code, action=action, params=params, query_type="total", + id_role=id_role, ) count_total = subquery_count_total.count() @@ -250,6 +259,7 @@ def get_query_infos(self, module_code=MODULE_CODE, action="R", params={}, url=No action=action, params=params, query_type="filtered", + id_role=id_role, ) count_filtered = subquery_count_filtered.count() @@ -301,11 +311,11 @@ def get_query_infos(self, module_code=MODULE_CODE, action="R", params={}, url=No return query_infos - def get_page_number(self, value, module_code, action, params): + def get_page_number(self, value, module_code, action, params, id_role): params["fields"] = ["row_number"] sub_query_list = query_list( - self.Model(), module_code, action, params, "page_number" + self.Model(), module_code, action, params, "page_number", id_role=id_role ).subquery() row_number = ( diff --git a/backend/gn_modulator/tests/data/commons.py b/backend/gn_modulator/tests/data/commons.py index 869d8478..d6acb6b8 100644 --- a/backend/gn_modulator/tests/data/commons.py +++ b/backend/gn_modulator/tests/data/commons.py @@ -2,6 +2,8 @@ Données exemple pour les test """ +from gn_modulator import SchemaMethods + def module(): return { @@ -18,11 +20,26 @@ def module_update(): return {"module_label": "TEST_PYTEST_UPDATE"} -def pf(): +def pf(user): + + sm_nom = SchemaMethods("ref_nom.nomenclature") + id_nomenclature_type_actor = sm_nom.get_row_as_dict( + ["PF_TYPE_ACTOR", "CON"], + ["nomenclature_type.mnemonique", "cd_nomenclature"], + fields=["id_nomenclature"], + )["id_nomenclature"] + return { "uuid_passage_faune": "f5e5dd42-dcc1-4cfd-97ec-04699d78cb9b", "nom_usuel_passage_faune": "TEST_PF", "geom": {"type": "Point", "coordinates": [0, 45]}, + "id_digitiser": user.id_role, + "actors": [ + { + "id_organism": user.id_organisme, + "id_nomenclature_type_actor": id_nomenclature_type_actor, + } + ], } diff --git a/backend/gn_modulator/tests/test_repository.py b/backend/gn_modulator/tests/test_repository.py index 54fced52..3b9ff4bf 100644 --- a/backend/gn_modulator/tests/test_repository.py +++ b/backend/gn_modulator/tests/test_repository.py @@ -377,6 +377,7 @@ def test_repo_synthese_scope(self, synthese_data, users, datasets): assert len(res[user]) == 9 assert all(r["scope"] == 2 for r in res[user]) + @pytest.mark.skip() def test_repo_synthese_permission(self, synthese_sensitive_data, users, g_permissions): for key in synthese_sensitive_data: s = synthese_sensitive_data[key] diff --git a/backend/gn_modulator/tests/test_rest_api.py b/backend/gn_modulator/tests/test_rest_api.py index 74f2c337..e472393a 100644 --- a/backend/gn_modulator/tests/test_rest_api.py +++ b/backend/gn_modulator/tests/test_rest_api.py @@ -34,13 +34,26 @@ class TestRest: # data_commons.module_update(), # ) - def test_m_sipaf_pf(self, client, users): + def test_rest_m_sipaf_pf_admin(self, client, users): + user = users["admin_user"] test_schema_rest( client, - users["admin_user"], + user, "m_sipaf", "site", - data_commons.pf(), + data_commons.pf(user), + data_commons.pf_update(), + breadcrumbs_page_code="site_details", + ) + + def test_rest_m_sipaf_pf_user(self, client, users): + user = users["user"] + test_schema_rest( + client, + user, + "m_sipaf", + "site", + data_commons.pf(user), data_commons.pf_update(), breadcrumbs_page_code="site_details", ) diff --git a/backend/gn_modulator/tests/utils/rest.py b/backend/gn_modulator/tests/utils/rest.py index 3f443281..9dd93079 100644 --- a/backend/gn_modulator/tests/utils/rest.py +++ b/backend/gn_modulator/tests/utils/rest.py @@ -5,6 +5,21 @@ from pypnusershub.tests.utils import set_logged_user_cookie, unset_logged_user_cookie +def get_fields(data_post): + """TODO à ajouter aux SchemaMethods ?""" + fields = [] + for key, value in data_post.items(): + if not isinstance(value, list): + fields.append(key) + continue + for item in value: + for item_key in item.keys(): + whole_key = f"{key}.{item_key}" + if whole_key not in fields: + fields.append(whole_key) + return fields + + @pytest.mark.skip() def test_schema_rest( client, user, module_code, object_code, data_post, data_update, breadcrumbs_page_code=None @@ -43,7 +58,7 @@ def test_schema_rest( assert r.status_code == 404, "La donnée ne devrait pas exister" # POST - fields = list(data_post.keys()) + fields = get_fields(data_post) fields.append(sm.Model().pk_field_name()) r = client.post( @@ -56,7 +71,7 @@ def test_schema_rest( data=data_post, ) - assert r.status_code == 200, "Erreur avec POST" + assert r.status_code == 200, f"Erreur avec POST : {r.status_code} {r.response}" data_from_post = r.json assert all(data_post[k] == data_from_post[k] for k in list(data_post.keys())) @@ -110,7 +125,7 @@ def test_schema_rest( "modulator.api_breadcrumbs", module_code=module_code, page_code=breadcrumbs_page_code, - **data_from_post + **data_from_post, ), data=data_update, )