def sg_add_edge(u_id, v_id):
u = structure_repo.get_by_id(StructureId(u_id))
v = structure_repo.get_by_id(StructureId(v_id))
check_permission(u, "P3")
u.add_child(v)
db.session.commit()
cache.evict("structures")
def update_roles(structure_id: str, data: dict[str, JSON]):
structure = structure_repo.get_by_id(StructureId(structure_id))
check_can_edit_roles(structure)
for role_name in data:
role = getattr(Role, role_name)
users = role_service.get_users_with_given_role(role, structure)
for user in users:
role_service.ungrant_role(user, role, structure)
values = data[role_name]
if isinstance(values, dict):
values = [values]
if not values:
continue
for user_id in glom(values, ["id"]):
user = profile_repo.get_by_id(ProfileId(user_id))
role_service.grant_role(user, role, structure)
# Cf. https://trello.com/c/bGR53cB9/33
signataire_dto = cast(Dict[str, str], data.get(Role.SIGNATAIRE.name, {}))
if signataire_dto:
signataire_id: str = signataire_dto["id"]
signataire = profile_repo.get_by_id(ProfileId(signataire_id))
role_service.grant_role(signataire, Role.RESPONSABLE, structure)
db.session.commit()
cache.evict("users")
cache.evict("structures")
def get_roles(structure_id: str) -> list[dict[str, Any]]:
structure = structure_repo.get_by_id(StructureId(structure_id))
assert structure
role_to_users = role_service.get_users_with_role_on(structure)
if structure.type in {DE, EQ}:
roles = [
Role.RESPONSABLE,
]
else:
roles = [
Role.SIGNATAIRE,
Role.RESPONSABLE,
Role.ADMIN_LOCAL,
Role.GESTIONNAIRE,
Role.PORTEUR,
]
result: list[dict[str, Any]] = []
for role in roles:
role_dto = {
"key": role.name,
"label": role.value,
"users": convert_users_to_dto(role_to_users[role]),
}
result += [role_dto]
return result
def sg_update_structure(id: str, model: dict[str, JSON]):
structure = structure_repo.get_by_id(StructureId(id))
check_structure_editable(structure)
for k, v in model.items():
setattr(structure, k, v)
db.session.commit()
cache.evict("structures")
def sg_delete_structure(id: str):
structure = structure_repo.get_by_id(StructureId(id))
if not structure:
raise NotFound()
check_permission(structure, "P3")
structure.delete()
db.session.commit()
cache.evict("structures")
def sg_get_structure(structure_id) -> JSON:
structure = structure_repo.get_by_id(StructureId(structure_id))
if not structure:
raise NotFound()
ou_dto = FullStructureSchema().dump(structure).data
ou_dto["parents"] = convert_structures_to_dto(list(structure.parents))
ou_dto["children"] = convert_structures_to_dto(
sort_by_name(structure.children))
ou_dto["ancestors"] = convert_structures_to_dto(structure.ancestors)
return ou_dto
def delete_role(structure_id: str, profile_id: str, role_id: str):
structure = structure_repo.get_by_id(StructureId(structure_id))
check_can_edit_roles(structure)
profile = profile_repo.get_by_id(ProfileId(profile_id))
role = Role[role_id]
role_service.ungrant_role(profile, role, structure)
db.session.commit()
cache.evict("users")
cache.evict("structures")
def add_roles(structure_id: str, profile_ids: list[str], role_id: str):
structure = structure_repo.get_by_id(StructureId(structure_id))
check_can_edit_roles(structure)
for profile_id in profile_ids:
profile = profile_repo.get_by_id(ProfileId(profile_id))
role = Role[role_id]
role_service.grant_role(profile, role, structure)
db.session.commit()
cache.evict("users")
cache.evict("structures")
def sg_create_child_structure(id: str, model: dict[str, str]):
parent_structure = structure_repo.get_by_id(StructureId(id))
if not parent_structure:
raise NotFound()
check_permission(parent_structure, "P3")
new_structure = Structure()
new_structure.nom = model["nom"]
type_structure = get_type_structure_by_id(model["type_id"])
new_structure.type_name = type_structure.name
parent_structure.add_child(new_structure)
structure_repo.put(new_structure)
db.session.commit()
cache.evict("structures")
def get_role_selectors(structure_id: str) -> JSON:
structure = structure_repo.get_by_id(StructureId(structure_id))
assert structure
permissions = get_permissions_for_structure(structure)
if "P5" not in permissions:
return []
is_admin_central = _is_admin_central()
is_admin_local = _is_admin_local(structure)
is_admin_facultaire = _is_admin_facultaire(structure)
if not (is_admin_central or is_admin_local):
return []
if structure.type in (DE, EQ):
roles = [Role.RESPONSABLE]
elif is_admin_central or is_admin_facultaire:
roles = [
Role.SIGNATAIRE,
Role.RESPONSABLE,
Role.ADMIN_LOCAL,
Role.GESTIONNAIRE,
Role.PORTEUR,
]
else:
roles = [
Role.RESPONSABLE,
Role.ADMIN_LOCAL,
Role.GESTIONNAIRE,
Role.PORTEUR,
]
membres = get_membres(structure)
role_to_users = role_service.get_users_with_role_on(structure)
result: list[dict[str, Any]] = []
for role in roles:
users_with_role = role_to_users[role]
multiple = role != Role.SIGNATAIRE
value: JSON
if multiple:
value = [{"id": u.id, "label": u.name} for u in users_with_role]
else:
if users_with_role:
u = list(users_with_role)[0]
value = {"id": u.id, "label": u.name}
else:
value = None
if role != Role.GESTIONNAIRE or not is_admin_central:
options = [{"id": m.id, "label": m.name} for m in membres]
else:
all_users = (db.session.query(Profile).filter_by(
active=True).order_by(Profile.nom, Profile.prenom).all())
options = [{"id": m.id, "label": m.name} for m in all_users]
selector_dto = {
"key": role.name,
"label": role.value,
"value": value,
"options": options,
"multiple": multiple,
}
result += [selector_dto]
return result