def propagate_acl(self):
"""Propagate acl records for newly created automappings"""
if not self.automapping_ids:
return
from ggrc.models.hooks import acl
ids_query = db.session.query(Relationship.id).filter(
Relationship.automapping_id.in_(self.automapping_ids))
relationship_ids = {rel.id for rel in ids_query}
acl.add_relationships(relationship_ids)
def propagate_acl(self):
"""Propagate acl records for newly created automappings"""
if not self.automapping_ids:
return
from ggrc.models.hooks import acl
ids_query = db.session.query(
Relationship.id
).filter(
Relationship.automapping_id.in_(self.automapping_ids)
)
relationship_ids = {rel.id for rel in ids_query}
acl.add_relationships(relationship_ids)
def _create_audit_relationships(self):
"""Create relationships between snapshot objects and audits.
Generally snapshots are related to audits by default, but we also duplicate
this data in relationships table for ACL propagation.
"""
relationships_table = all_models.Relationship.__table__
snapshot_table = all_models.Snapshot.__table__
inserter = relationships_table.insert().prefix_with("IGNORE")
audit_ids = {parent.id for parent in self.parents}
if not audit_ids:
return
old_ids = self._get_audit_relationships(audit_ids)
select_statement = sa.select([
sa.literal(get_current_user_id()),
sa.func.now(),
sa.func.now(),
snapshot_table.c.parent_id,
snapshot_table.c.parent_type,
snapshot_table.c.id,
sa.literal(all_models.Snapshot.__name__),
]).select_from(
snapshot_table
).where(
snapshot_table.c.parent_id.in_(audit_ids)
)
db.session.execute(
inserter.from_select(
[
relationships_table.c.modified_by_id,
relationships_table.c.created_at,
relationships_table.c.updated_at,
relationships_table.c.source_id,
relationships_table.c.source_type,
relationships_table.c.destination_id,
relationships_table.c.destination_type,
],
select_statement
)
)
new_ids = self._get_audit_relationships(audit_ids)
created_ids = new_ids.difference(old_ids)
acl.add_relationships(created_ids)
def _create_audit_relationships(self):
"""Create relationships between snapshot objects and audits.
Generally snapshots are related to audits by default, but we also duplicate
this data in relationships table for ACL propagation.
"""
relationships_table = all_models.Relationship.__table__
snapshot_table = all_models.Snapshot.__table__
inserter = relationships_table.insert().prefix_with("IGNORE")
audit_ids = {parent.id for parent in self.parents}
if not audit_ids:
return
old_ids = self._get_audit_relationships(audit_ids)
select_statement = sa.select([
sa.literal(get_current_user_id()),
sa.func.now(),
sa.func.now(),
snapshot_table.c.parent_id,
snapshot_table.c.parent_type,
snapshot_table.c.id,
sa.literal(all_models.Snapshot.__name__),
]).select_from(
snapshot_table
).where(
snapshot_table.c.parent_id.in_(audit_ids)
)
db.session.execute(
inserter.from_select(
[
relationships_table.c.modified_by_id,
relationships_table.c.created_at,
relationships_table.c.updated_at,
relationships_table.c.source_id,
relationships_table.c.source_type,
relationships_table.c.destination_id,
relationships_table.c.destination_type,
],
select_statement
)
)
new_ids = self._get_audit_relationships(audit_ids)
created_ids = new_ids.difference(old_ids)
acl.add_relationships(created_ids)
