admin/dog_training
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Permissions.

Browse Source
This commit is contained in:
Teddy Middleton-Smith
2025-08-08 12:50:21 +01:00
parent e87490c3de
commit d5e5e1a111
10 changed files with 681 additions and 450 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
business_objects/dog/role.py
View File

@@ -65,7 +65,7 @@ class Role(SQLAlchemy_ABC, Base):
def from_json(cls, json):
_m = f'{cls.__qualname__}.from_json'
role = cls()
if json is None: return Role
if json is None: return role
role.id_role = json.get(cls.ATTR_ID_ROLE, -1)
role.name = json[cls.FLAG_NAME]
role.code = json.get(cls.FLAG_CODE, role.name.upper().replace(" ", "_"))

6
business_objects/dog/user.py
View File

@@ -197,18 +197,18 @@ class User_Temp(db.Model, Base):
super().__init__()
@classmethod
def from_user(cls, role):
def from_user(cls, user):
_m = f'{cls.__qualname__}.from_user'
temp = cls()
temp.id_user = user.id_user
temp.id_role = user.role.id_role
temp.id_role = user.id_role
temp.id_user_auth0 = user.id_user_auth0
temp.firstname = user.firstname
temp.surname = user.surname
temp.email = user.email
temp.is_email_verified = user.is_email_verified
temp.is_super_user = user.is_super_user
temp.active = role.active
temp.active = user.active
return temp

4
datastores/datastore_user.py
View File

@@ -98,8 +98,8 @@ class DataStore_User(DataStore_Base):
Helper_App.console_log(f'saving users: {users}')
rows = []
for user in users:
row = User_Temp.from_user(user)
for obj_user in users:
row = User_Temp.from_user(obj_user)
row.guid = guid
rows.append(row)

976
static/MySQL/00000_combined.sql
View File

File diff suppressed because it is too large Load Diff

73
static/MySQL/70516_p_dog_get_many_user.sql
View File

@@ -39,6 +39,9 @@ BEGIN
DECLARE v_ids_user TEXT;
DECLARE v_is_new BIT;
DECLARE v_is_super_user BIT;
DECLARE v_priority_access_level_edit INT;
DECLARE v_priority_access_level_none INT;
DECLARE v_priority_access_level_user_view_user INT;
DECLARE v_rank_max INT;
DECLARE v_time_start TIMESTAMP(6);
@@ -91,8 +94,10 @@ BEGIN
SET v_time_start := CURRENT_TIMESTAMP(6);
SET v_guid := UUID();
SET v_id_access_level_admin := (SELECT id_access_level FROM fetchmetrics.DOG_Access_Level WHERE code = 'ADMIN' LIMIT 1);
SET v_id_access_level_view := (SELECT id_access_level FROM fetchmetrics.DOG_Access_Level WHERE code = 'VIEW' LIMIT 1);
SET v_id_access_level_admin := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE code = 'ADMIN' LIMIT 1);
SET v_id_access_level_view := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE code = 'VIEW' LIMIT 1);
SET v_priority_access_level_edit := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE code = 'EDIT' LIMIT 1);
SET v_priority_access_level_none := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE code = 'NONE' LIMIT 1);
SET v_id_permission_dog_admin := (SELECT id_permission FROM fetchmetrics.DOG_Permission WHERE code = 'DOG_ADMIN' LIMIT 1);
SET v_id_permission_user := (SELECT id_permission FROM fetchmetrics.DOG_Permission WHERE code = 'USER_VIEW' LIMIT 1);
SET v_id_permission_user_admin := (SELECT id_permission FROM fetchmetrics.DOG_Permission WHERE code = 'USER_ADMIN' LIMIT 1);
@@ -183,6 +188,7 @@ BEGIN
-- Permissions
-- Can View
IF NOT EXISTS (SELECT * FROM tmp_Msg_Error t_ERROR INNER JOIN fetchmetrics.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type WHERE ERROR_TYPE.is_breaking_error = 1 LIMIT 1) THEN
IF a_debug = 1 THEN
SELECT
@@ -202,7 +208,7 @@ BEGIN
, 0 -- a_show_errors
, 0 -- a_debug
;
SELECT * FROM fetchmetrics.DOG_Calc_User_Access_Temp;
SELECT * FROM fetchmetrics.DOG_Calc_User_Access_Temp CUA_T WHERE CUA_T.GUID = v_guid;
END IF;
CALL fetchmetrics.p_dog_calc_user_access(
@@ -271,8 +277,26 @@ BEGIN
CALL fetchmetrics.p_dog_clear_calc_user_access( v_guid, FALSE );
END IF;
SELECT
IFNULL(t_USER_ACCESS.is_super_user, 0) AS v_is_super_user
, IFNULL(t_USER_ACCESS.id_user, a_id_user) AS a_id_user
, IFNULL(t_USER_ACCESS.priority_access_level_user, v_priority_access_level_none) AS v_priority_access_level_user_view_user
INTO
v_is_super_user
, a_id_user
, v_priority_access_level_user_view_user
FROM tmp_User_Access t_USER_ACCESS
LIMIT 1
;
SET v_is_super_user := (SELECT IFNULL(t_USER_ACCESS.is_super_user, 0) FROM tmp_User_Access t_USER_ACCESS LIMIT 1);
IF a_debug = 1 THEN
SELECT
v_is_super_user AS v_is_super_user
, a_id_user AS a_id_user
, v_priority_access_level_user_view_user AS v_priority_access_level_user_view_user
;
END IF;
-- Companies
IF NOT EXISTS(SELECT * FROM tmp_Msg_Error t_ERROR INNER JOIN fetchmetrics.CORE_Msg_Error_Type ERROR_TYPE ON t_ERROR.id_type = ERROR_TYPE.id_type WHERE ERROR_TYPE.is_breaking_error = 1 LIMIT 1) THEN
@@ -283,8 +307,8 @@ BEGIN
, a_get_all_company -- a_get_all_company
, a_get_inactive_company -- a_get_inactive_company
, a_ids_company -- a_ids_company
, a_names_company -- a_names_company
, a_websites_company -- a_websites_company
, NULL -- a_names_company
, NULL -- a_websites_company
, a_require_all_id_search_filters_met -- a_require_all_id_search_filters_met
, 0 -- a_require_any_id_search_filters_met
, a_require_all_non_id_search_filters_met -- a_require_all_non_id_search_filters_met
@@ -332,6 +356,7 @@ BEGIN
;
IF a_debug = 1 THEN
SELECT 'After get permissions user companies';
SELECT * FROM tmp_Company;
END IF;
END IF;
@@ -398,8 +423,21 @@ BEGIN
, t_COMPANY.id_company
, ROW_NUMBER() OVER (PARTITION BY USER.id_user ORDER BY CASE WHEN t_COMPANY.id_company IS NOT NULL THEN 1 ELSE 0 END DESC) AS index_user_company_link_in_user
FROM fetchmetrics.DOG_User USER
LEFT JOIN fetchmetrics.DOG_User_Company_Link USER_COMPANY_LINK ON USER.id_user = USER_COMPANY_LINK.id_user
LEFT JOIN tmp_Company t_COMPANY ON USER_COMPANY_LINK.id_company = t_COMPANY.id_company
LEFT JOIN fetchmetrics.DOG_User_Company_Link USER_COMPANY_LINK
ON USER.id_user = USER_COMPANY_LINK.id_user
AND (
(
a_get_inactive_company = 1
AND a_get_inactive_user = 1
)
OR USER_COMPANY_LINK.active = 1
)
LEFT JOIN tmp_Company t_COMPANY
ON USER_COMPANY_LINK.id_company = t_COMPANY.id_company
AND (
a_get_inactive_company = 1
OR USER_COMPANY_LINK.active = 1
)
)
SELECT
CALC_USER_T.id_user
@@ -425,13 +463,16 @@ BEGIN
AND (
v_is_super_user = 1
OR (
CAN_ACCESS_USER.id_company IS NOT NULL
v_priority_access_level_user_view_user <= v_priority_access_level_edit
AND CAN_ACCESS_USER.id_company IS NOT NULL
AND CAN_ACCESS_USER.index_user_company_link_in_user = 1
)
OR CALC_USER_T.id_user = a_id_user
)
;
IF a_debug = 1 THEN
SELECT 'After get many user';
SELECT * FROM tmp_User;
END IF;
@@ -508,12 +549,12 @@ BEGIN
-- Returns
SELECT
USER.id_user
, USER.id_user_auth0
, USER.firstname
, USER.surname
, USER.email
, USER.is_email_verified
USERS.id_user
, USERS.id_user_auth0
, USERS.firstname
, USERS.surname
, USERS.email
, USERS.is_email_verified
, t_USER.id_role
, ROLES.name AS name_role
, t_USER.id_company
@@ -525,7 +566,7 @@ BEGIN
, t_USER.can_admin_user
FROM tmp_User t_USER
-- INNER JOIN tmp_User_Access t_USER_ACCESS
INNER JOIN fetchmetrics.DOG_User USER ON t_USER.id_user = USER.id_user
INNER JOIN fetchmetrics.DOG_User USERS ON t_USER.id_user = USERS.id_user
LEFT JOIN fetchmetrics.DOG_Role ROLES ON t_USER.id_role = ROLES.id_role
LEFT JOIN tmp_Company t_COMPANY ON t_USER.id_company = t_COMPANY.id_company
;

39
static/MySQL/70518_p_dog_save_user.sql
View File

@@ -19,6 +19,7 @@ BEGIN
DECLARE v_id_access_level_edit INT;
DECLARE v_is_super_user BIT;
DECLARE v_can_edit_user BIT;
DECLARE v_priority_access_level_admin INT;
DECLARE v_priority_access_level_none INT;
DECLARE v_priority_access_level_user INT;
DECLARE v_time_start TIMESTAMP(6);
@@ -61,6 +62,7 @@ BEGIN
SET v_id_type_error_bad_data := (SELECT ERROR_TYPE.id_type FROM fetchmetrics.CORE_Msg_Error_Type ERROR_TYPE WHERE ERROR_TYPE.code = v_code_type_error_bad_data LIMIT 1);
SET v_id_access_level_edit := (SELECT ACCESS_LEVEL.id_access_level FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE ACCESS_LEVEL.code = 'EDIT' LIMIT 1);
SET v_id_permission_user_edit := (SELECT GROUP_CONCAT(PERMISSION.id_permission SEPARATOR ',') FROM fetchmetrics.DOG_Permission PERMISSION WHERE PERMISSION.code = 'USER_CREATE' LIMIT 1);
SET v_priority_access_level_admin := (SELECT ACCESS_LEVEL.priority FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE ACCESS_LEVEL.code = 'ADMIN' LIMIT 1);
SET v_priority_access_level_none := (SELECT ACCESS_LEVEL.priority FROM fetchmetrics.DOG_Access_Level ACCESS_LEVEL WHERE ACCESS_LEVEL.code = 'NONE' LIMIT 1);
CALL fetchmetrics.p_core_validate_guid ( a_guid );
@@ -311,7 +313,7 @@ BEGIN
IF (
v_is_super_user = 0
AND v_priority_access_level_user > v_priority_access_level_admin
AND v_priority_access_level_user >= v_priority_access_level_admin
AND EXISTS (
SELECT *
FROM tmp_User_Save_User t_USER
@@ -519,5 +521,40 @@ CALL fetchmetrics.p_dog_clear_calc_user_access(
, 0 -- debug
);
select *
from demo.DOG_User_Change_Set
;
select *
from demo.DOG_Role
;
select *
from demo.DOG_Permission
;
-- INSERT INTO demo.DOG_User_Change_Set (comment ) VALUES ( 'Client role permissions' );
UPDATE demo.DOG_Role_Permission_Link ROLE_PERMISSION_LINK
SET
ROLE_PERMISSION_LINK.id_change_set = (SELECT UCS.id_change_set FROM demo.DOG_User_Change_Set UCS ORDER BY UCS.id_change_set DESC LIMIT 1)
, ROLE_PERMISSION_LINK.id_access_level = 2
WHERE
ROLE_PERMISSION_LINK.id_permission = 15
AND ROLE_PERMISSION_LINK.id_role <> 1
;
SELECT
USERS.email
, ROLE.name
, PERMISSION.name
, ACCESS_LEVEL.name
FROM demo.DOG_User USERS
INNER JOIN demo.DOG_User_Role_Link URL ON USERS.id_user = URL.id_user
INNER JOIN demo.DOG_Role ROLE ON URL.id_role = ROLE.id_role
INNER JOIN demo.DOG_Role_Permission_Link RPL ON URL.id_role = RPL.id_role
INNER JOIN demo.DOG_Permission PERMISSION ON RPL.id_permission = PERMISSION.id_permission
INNER JOIN demo.DOG_Access_Level ACCESS_LEVEL ON RPL.id_access_level = ACCESS_LEVEL.id_access_level
;
*/

20
static/MySQL/70530_p_dog_calc_user_access.sql
View File

@@ -741,6 +741,7 @@ BEGIN
User_Access_Level AS (
SELECT
USER.id_user
, ROLE_PERMISSION_LINK.id_permission
, MIN(IFNULL(ACCESS_LEVEL.priority, v_priority_access_level_none)) AS priority_access_level
FROM fetchmetrics.DOG_User USER -- tmp_Calc_User_Access_Calc_User_Access t_CALC_USER_ACCESS
LEFT JOIN fetchmetrics.DOG_User_Role_Link USER_ROLE_LINK
@@ -752,28 +753,37 @@ BEGIN
LEFT JOIN fetchmetrics.DOG_Access_Level ACCESS_LEVEL
ON ROLE_PERMISSION_LINK.id_access_level = ACCESS_LEVEL.id_access_level
AND ACCESS_LEVEL.active = 1
GROUP BY USER.id_user
GROUP BY
USER.id_user
, ROLE_PERMISSION_LINK.id_permission
)
, User_Role_And_Access_Level AS (
SELECT
USER_ACCESS_LEVEL.id_user
, USER_ACCESS_LEVEL.id_permission
, USER_ACCESS_LEVEL.priority_access_level
, ROLE_PERMISSION_LINK.id_role
, ROW_NUMBER() OVER (PARTITION BY USER_ACCESS_LEVEL.id_user, USER_ACCESS_LEVEL.priority_access_level) AS index_link_in_user_and_priority_access_level
, ROW_NUMBER() OVER (PARTITION BY USER_ACCESS_LEVEL.id_user, USER_ACCESS_LEVEL.id_permission ORDER BY USER_ACCESS_LEVEL.priority_access_level) AS index_link_in_user_and_permission
FROM User_Access_Level USER_ACCESS_LEVEL
LEFT JOIN fetchmetrics.DOG_User_Role_Link USER_ROLE_LINK
ON USER_ACCESS_LEVEL.id_user = USER_ROLE_LINK.id_user
AND USER_ROLE_LINK.active = 1
/*
LEFT JOIN fetchmetrics.DOG_Access_Level ACCESS_LEVEL
ON USER_ACCESS_LEVEL.priority_access_level = ACCESS_LEVEL.priority
AND ACCESS_LEVEL.active = 1
*/
LEFT JOIN fetchmetrics.DOG_Role_Permission_Link ROLE_PERMISSION_LINK
ON ACCESS_LEVEL.id_access_level = ROLE_PERMISSION_LINK.id_access_level
AND USER_ROLE_LINK.id_role = ROLE_PERMISSION_LINK.id_role
-- ON ACCESS_LEVEL.id_access_level = ROLE_PERMISSION_LINK.id_access_level
ON USER_ROLE_LINK.id_role = ROLE_PERMISSION_LINK.id_role
AND USER_ACCESS_LEVEL.id_permission = ROLE_PERMISSION_LINK.id_permission
AND ROLE_PERMISSION_LINK.active = 1
)
UPDATE tmp_Calc_User_Access_Calc_User_Access t_CALC_USER_ACCESS
INNER JOIN User_Role_And_Access_Level USER_ROLE_AND_ACCESS_LEVEL ON t_CALC_USER_ACCESS.id_user = USER_ROLE_AND_ACCESS_LEVEL.id_user
INNER JOIN User_Role_And_Access_Level USER_ROLE_AND_ACCESS_LEVEL
ON t_CALC_USER_ACCESS.id_user = USER_ROLE_AND_ACCESS_LEVEL.id_user
AND USER_ROLE_AND_ACCESS_LEVEL.id_permission = v_id_permission_required
AND USER_ROLE_AND_ACCESS_LEVEL.index_link_in_user_and_permission = 1
SET
t_CALC_USER_ACCESS.id_role = USER_ROLE_AND_ACCESS_LEVEL.id_role
, t_CALC_USER_ACCESS.priority_access_level_user = USER_ROLE_AND_ACCESS_LEVEL.priority_access_level

5
static/css/pages/user/user.css
View File

@@ -6,6 +6,9 @@
.container-input {
margin: 0 auto;
}
label {
font-weight: bold;
}
.container-input input {
width: 250px;
}
}

4
static/dist/css/user_account.bundle.css vendored
View File

@@ -73,8 +73,12 @@
.container-input {
margin: 0 auto;
}
label {
font-weight: bold;
}
.container-input input {
width: 250px;
}
/*# sourceMappingURL=user_account.bundle.css.map*/

2
static/dist/css/user_account.bundle.css.map vendored
View File

@@ -1 +1 @@
{"version":3,"file":"css/user_account.bundle.css","mappings":";;AAEA;IACI,gBAAgB;IAChB,oBAAoB;IACpB,cAAc;AAClB;;;AAGA,iBAAiB;AACjB;IACI,sBAAsB;AAC1B;;AAEA,eAAe;AACf;IACI,gBAAgB;IAChB,cAAc;IACd,SAAS;IACT,SAAS;IACT,qBAAqB;IACrB,2BAA2B;IAC3B,aAAa;IACb,sBAAsB;IACtB,uBAAuB;IACvB,gBAAgB;IAChB,kBAAkB;IAClB,kBAAkB;IAClB,WAAW;IACX,yBAAyB;AAC7B;;;AAGA,WAAW;AACX;IACI,gBAAgB;IAChB,kBAAkB;IAClB,SAAS;IACT,eAAe;IACf,gBAAgB;IAChB,sCAAsC;IACtC,kBAAkB;IAClB,SAAS;IACT,WAAW;AACf;;AAEA;IACI;QACI,eAAe;QACf,mBAAmB;QACnB,eAAe;QACf,WAAW;QACX,eAAe;IACnB;IACA;QACI,eAAe;IACnB;IACA;QACI,cAAc;IAClB;AACJ;;AAEA;IACI,UAAU;IACV,SAAS;AACb,C;;;AChEA;IACI,aAAa;AACjB;;AAEA;IACI,cAAc;AAClB;AACA;IACI,YAAY;AAChB,C","sources":["webpack://app/./static/css/sections/dog.css","webpack://app/./static/css/pages/user/user.css"],"sourcesContent":["\n\n.container-input > input {\n padding: 0vh 1vh;\n border-radius: 0.5vh;\n max-width: 7vh;\n}\n\n\n/* Right column */\n.rightcolumn {\n min-width: fit-content;\n}\n\n/* Main Table */\n#pageBody {\n max-height: 88vh;\n padding: 0 5vw;\n margin: 0;\n border: 0;\n align-content: center;\n justify-content: flex-start;\n display: flex;\n flex-direction: column;\n align-items: flex-start;\n overflow-y: auto;\n overflow-x: hidden;\n position: absolute;\n width: 90vw;\n color: var(--colour-text);\n}\n\n\n/* Footer */\n.footer {\n padding: 1vh 1vw;\n text-align: center;\n margin: 0;\n max-height: 5vh;\n overflow-y: auto;\n background-color: var(--colour-accent);\n position: absolute;\n bottom: 0;\n width: 98vw;\n}\n\n@media screen and (max-width: 400px) {\n .footer {\n max-height: 8vh;\n padding: 0.75vh 2vw;\n font-size: 10px; \n width: 96vw;\n max-width: 96vw;\n }\n .footer > h4 {\n font-size: 10px;\n }\n .footer > h5 {\n font-size: 9px;\n }\n}\n\n.footer > h4, h5 {\n padding: 0;\n margin: 0;\n}","\n#formFilters {\n display: none;\n}\n\n.container-input {\n margin: 0 auto;\n}\n.container-input input {\n width: 250px;\n}"],"names":[],"sourceRoot":""}
{"version":3,"file":"css/user_account.bundle.css","mappings":";;AAEA;IACI,gBAAgB;IAChB,oBAAoB;IACpB,cAAc;AAClB;;;AAGA,iBAAiB;AACjB;IACI,sBAAsB;AAC1B;;AAEA,eAAe;AACf;IACI,gBAAgB;IAChB,cAAc;IACd,SAAS;IACT,SAAS;IACT,qBAAqB;IACrB,2BAA2B;IAC3B,aAAa;IACb,sBAAsB;IACtB,uBAAuB;IACvB,gBAAgB;IAChB,kBAAkB;IAClB,kBAAkB;IAClB,WAAW;IACX,yBAAyB;AAC7B;;;AAGA,WAAW;AACX;IACI,gBAAgB;IAChB,kBAAkB;IAClB,SAAS;IACT,eAAe;IACf,gBAAgB;IAChB,sCAAsC;IACtC,kBAAkB;IAClB,SAAS;IACT,WAAW;AACf;;AAEA;IACI;QACI,eAAe;QACf,mBAAmB;QACnB,eAAe;QACf,WAAW;QACX,eAAe;IACnB;IACA;QACI,eAAe;IACnB;IACA;QACI,cAAc;IAClB;AACJ;;AAEA;IACI,UAAU;IACV,SAAS;AACb,C;;;AChEA;IACI,aAAa;AACjB;;AAEA;IACI,cAAc;AAClB;AACA;IACI,iBAAiB;AACrB;AACA;IACI,YAAY;AAChB","sources":["webpack://app/./static/css/sections/dog.css","webpack://app/./static/css/pages/user/user.css"],"sourcesContent":["\n\n.container-input > input {\n padding: 0vh 1vh;\n border-radius: 0.5vh;\n max-width: 7vh;\n}\n\n\n/* Right column */\n.rightcolumn {\n min-width: fit-content;\n}\n\n/* Main Table */\n#pageBody {\n max-height: 88vh;\n padding: 0 5vw;\n margin: 0;\n border: 0;\n align-content: center;\n justify-content: flex-start;\n display: flex;\n flex-direction: column;\n align-items: flex-start;\n overflow-y: auto;\n overflow-x: hidden;\n position: absolute;\n width: 90vw;\n color: var(--colour-text);\n}\n\n\n/* Footer */\n.footer {\n padding: 1vh 1vw;\n text-align: center;\n margin: 0;\n max-height: 5vh;\n overflow-y: auto;\n background-color: var(--colour-accent);\n position: absolute;\n bottom: 0;\n width: 98vw;\n}\n\n@media screen and (max-width: 400px) {\n .footer {\n max-height: 8vh;\n padding: 0.75vh 2vw;\n font-size: 10px; \n width: 96vw;\n max-width: 96vw;\n }\n .footer > h4 {\n font-size: 10px;\n }\n .footer > h5 {\n font-size: 9px;\n }\n}\n\n.footer > h4, h5 {\n padding: 0;\n margin: 0;\n}","\n#formFilters {\n display: none;\n}\n\n.container-input {\n margin: 0 auto;\n}\nlabel {\n font-weight: bold;\n}\n.container-input input {\n width: 250px;\n}\n"],"names":[],"sourceRoot":""}