comunatec/controles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- inits centralizados, READMEs atualizados

Browse Source 
- padronizando o nome de get_db_connection e session para get_db_session, para não confundir com session do Flask ou sessoes web

- corrigindo potenciais erros

-- has_permission nao consegue com lazy load carregar permission depois de load_user fechar a conexao, entao joinedLoad com Permission antes de fechar

-- db.rollback não existe caso db = get_db_session() apareça muito depois dentro do try, padronizando antes de try

--- comparar role por nivel (Role.SECRETARIO_GERAL) e nao por nome ("Secretario Geral")

- unificacao de get_otp_qr_code

- mudança de nowutc() para now(UTC) conforme novo padrão
This commit is contained in:
Mateus Tavares
2026-02-20 17:19:15 -03:00
parent 6882b57081
commit 2b1668206d
38 changed files with 1250 additions and 1187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
functions/base.py
View File

@@ -1,16 +1,17 @@
import os
from sqlalchemy import create_engine, text
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker
from pathlib import Path
# Configurar caminho do banco de dados
db_dir = Path.home() / '.local' / 'share' / 'controles'
db_dir.mkdir(parents=True, exist_ok=True)
db_path = db_dir / 'database.db'
db_path = Path(__file__).resolve().parents[1] / 'data' / 'database.db'
db_path.parent.mkdir(parents=True, exist_ok=True)
db_fallback = f'sqlite:///{db_path}'
# Configurar SQLite com opções para melhor concorrência
engine = create_engine(
f'sqlite:///{db_path}',
os.environ.get('DATABASE_URL', db_fallback),
connect_args={
'timeout': 30, # Tempo de espera em segundos
'check_same_thread': False # Permite acesso de múltiplas threads
@@ -22,15 +23,15 @@ engine = create_engine(
Session = sessionmaker(bind=engine)
Base = declarative_base()
def get_db_connection():
def get_db_session():
"""Retorna uma nova sessão do banco de dados com PRAGMAs configuradas"""
session = Session()
db_session = Session()
try:
# Configurar SQLite para melhor tratamento de concorrência
session.execute(text("PRAGMA journal_mode=WAL"))
session.execute(text("PRAGMA busy_timeout=5000"))
return session
db_session.execute(text("PRAGMA journal_mode=WAL"))
db_session.execute(text("PRAGMA busy_timeout=5000"))
return db_session
except Exception as e:
session.rollback()
session.close()
db_session.rollback()
db_session.close()
raise e

4
functions/controle.py
View File

@@ -1,10 +1,10 @@
from datetime import datetime, UTC
from sqlalchemy.exc import SQLAlchemyError
from functions.database import get_db_connection, Controle as ControleModel
from functions.database import get_db_session, Controle as ControleModel
class Controle:
def __init__(self):
self.db = get_db_connection()
self.db = get_db_session()
def registrar_controle(self, militante_id: int, tipo: str, valor: float, observacao: str = None) -> bool:
"""

187
functions/database.py
View File

@@ -1,8 +1,7 @@
from datetime import datetime, timedelta
from datetime import datetime, timedelta, UTC
from werkzeug.security import generate_password_hash, check_password_hash
from sqlalchemy import Column, Integer, String, Boolean, DateTime, ForeignKey, Text, Numeric, Date, Enum
from sqlalchemy.orm import relationship, backref
import os
import pyotp
import secrets
from flask_mail import Message
@@ -10,23 +9,23 @@ from flask import url_for
import enum
from flask_login import UserMixin
from .rbac import Role
from .base import Base, engine, get_db_connection
from .base import Base, get_db_session
def execute_query(query, params=None):
"""
Executa uma query usando SQLAlchemy
"""
session = get_db_connection()
db = get_db_session()
try:
result = session.execute(query, params)
session.commit()
result = db.execute(query, params)
db.commit()
return result
except Exception as e:
session.rollback()
db.rollback()
raise e
finally:
session.close()
db.close()
class EstadoMilitante(enum.Enum):
ATIVO = 'ativo'
@@ -149,7 +148,7 @@ class Militante(Base):
quadro_orientador = Column(Boolean, default=False)
# Campos para Aspirante
aspirante = Column(Boolean, default=True) # Por padrão, todo novo militante é aspirante
data_inicio_aspirante = Column(DateTime, default=datetime.utcnow)
data_inicio_aspirante = Column(DateTime, default=datetime.now(UTC))
avaliacao_aspirante = Column(Text)
data_avaliacao_aspirante = Column(DateTime)
@@ -252,7 +251,7 @@ class Militante(Base):
def generate_username(self):
"""Gera um nome de usuário único baseado no primeiro nome e um código"""
from sqlalchemy import func
db = get_db_connection()
db = get_db_session()
try:
# Pega o primeiro nome
primeiro_nome = self.nome.split()[0].lower()
@@ -429,7 +428,7 @@ class Usuario(Base, UserMixin):
celula_id = Column(Integer, ForeignKey('celulas.id'))
session_timeout = Column(Integer, default=30)
tipo = Column(String(17), nullable=False)
ultima_atividade = Column(DateTime, default=datetime.utcnow)
ultima_atividade = Column(DateTime, default=datetime.now(UTC))
# Relacionamento com militante
militante_id = Column(Integer, ForeignKey('militantes.id'))
militante = relationship("Militante", backref=backref("usuario", uselist=False))
@@ -448,7 +447,7 @@ class Usuario(Base, UserMixin):
self.ativo = True
self.session_timeout = 30
self.tipo = "USUARIO"
self.ultima_atividade = datetime.utcnow()
self.ultima_atividade = datetime.now(UTC)
def set_password(self, password):
self.password_hash = generate_password_hash(password)
@@ -457,23 +456,24 @@ class Usuario(Base, UserMixin):
return check_password_hash(self.password_hash, password)
def update_last_activity(self):
self.ultima_atividade = datetime.utcnow()
self.ultima_atividade = datetime.now(UTC)
def is_session_expired(self):
if not self.ultima_atividade:
return True
time_diff = datetime.utcnow() - self.ultima_atividade
time_diff = datetime.now(UTC) - self.ultima_atividade
return time_diff.total_seconds() > (self.session_timeout * 60)
def check_session_timeout(self):
"""Verifica se a sessão do usuário expirou"""
if not self.ultima_atividade:
return True
time_diff = datetime.utcnow() - self.ultima_atividade
time_diff = datetime.now(UTC) - self.ultima_atividade
return time_diff.total_seconds() > (self.session_timeout * 60)
def has_permission(self, permission_name):
"""Verifica se o usuário tem uma permissão específica"""
# TODO: (talvez) remover, confirmar admin por RBAC
if self.is_admin: # Se for admin, tem todas as permissões
return True
@@ -485,54 +485,66 @@ class Usuario(Base, UserMixin):
return False
def has_role(self, role_nivel):
"""Verifica se o usuário tem um determinado nível de role"""
"""Verifica se o usuário tem um nível de role específico."""
for role in self.roles:
if role.nivel == role_nivel:
return True
return False
def get_otp_uri(self):
"""Gera a URI para autenticação em duas etapas"""
if not self.otp_secret:
self.otp_secret = pyotp.random_base32()
return pyotp.totp.TOTP(self.otp_secret).provisioning_uri(
self.username,
issuer_name="Sistema de Controles"
)
def get_highest_role(self):
"""Retorna a role de maior nível do usuário."""
if not self.roles:
return None
return max(self.roles, key=lambda role: role.nivel)
def has_minimum_role(self, min_level):
"""Verifica se o usuário possui ao menos o nível informado."""
highest_role = self.get_highest_role()
return bool(highest_role and highest_role.nivel >= min_level)
def generate_otp_secret(self):
"""Gera um novo segredo OTP para o usuário"""
self.otp_secret = pyotp.random_base32()
return self.otp_secret
def get_otp_uri(self):
"""Gera a URI para autenticação em duas etapas"""
if not self.otp_secret:
raise ValueError(f"OTP não configurado para {self.username}")
totp = pyotp.TOTP(self.otp_secret)
return totp.provisioning_uri(
name=self.username,
issuer_name="Sistema de Controles"
)
def verify_otp(self, code):
"""Verifica se um código OTP é válido"""
if not self.otp_secret:
print(f"Erro: OTP secret não configurado para o usuário {self.username}")
return False
raise ValueError(f"Erro: OTP secret não configurado para o usuário {self.username}")
print(f"Verificando OTP para usuário {self.username}")
print(f"OTP Secret: {self.otp_secret}")
print(f"Código fornecido: {code}")
totp = pyotp.totp.TOTP(self.otp_secret)
totp = pyotp.TOTP(self.otp_secret)
is_valid = totp.verify(code)
print(f"Resultado da verificação: {'Válido' if is_valid else 'Inválido'}")
print(f"Tempo atual: {datetime.utcnow()}")
print(f"Período atual: {totp.timecode(datetime.utcnow())}")
print(f"Tempo atual: {datetime.now(UTC)}")
print(f"Período atual: {totp.timecode(datetime.now(UTC))}")
return is_valid
def logout(self):
"""Registra o logout do usuário"""
self.ultimo_logout = datetime.utcnow()
self.ultimo_logout = datetime.now(UTC)
self.motivo_logout = "Logout manual"
self.ultima_atividade = None
def is_admin_user(self):
"""Verifica se o usuário é admin"""
return self.is_admin or any(role.nome == "admin" for role in self.roles)
return self.is_admin or any(role.nivel == Role.SECRETARIO_GERAL for role in self.roles)
class PagamentoCelula(Base):
__tablename__ = 'pagamentos_celula'
@@ -605,116 +617,3 @@ class TransacaoPIX(Base):
pagamento_id = Column(Integer, ForeignKey('pagamentos.id'))
pagamento = relationship("Pagamento", back_populates="transacoes_pix")
def init_database():
"""Inicializa o banco de dados com dados básicos"""
print("Inicializando banco de dados...")
session = get_db_connection()
try:
# Criar todas as tabelas
Base.metadata.drop_all(engine) # Remover todas as tabelas existentes
Base.metadata.create_all(engine)
# Criar roles padrão
roles = [
("Administrador", Role.SECRETARIO_GERAL),
("Secretário", Role.SECRETARIO_CELULA),
("Militante", Role.MILITANTE_BASICO)
]
for nome, nivel in roles:
if not session.query(Role).filter_by(nome=nome).first():
role = Role(nome=nome, nivel=nivel)
session.add(role)
session.commit()
# Criar setores padrão
setores = ["Setor 1", "Setor 2", "Setor 3"]
for nome in setores:
if not session.query(Setor).filter_by(nome=nome).first():
setor = Setor(nome=nome)
session.add(setor)
session.commit()
# Criar comitês padrão
comites = ["Comitê 1", "Comitê 2", "Comitê 3"]
for nome in comites:
if not session.query(ComiteCentral).filter_by(nome=nome).first():
comite = ComiteCentral(nome=nome)
session.add(comite)
session.commit()
# Gerar OTP para admin
admin_otp_secret = os.environ.get('ADMIN_OTP_SECRET') or pyotp.random_base32()
print(f"OTP do admin: {admin_otp_secret}")
# Criar usuário admin
admin_role = session.query(Role).filter_by(nome="Administrador").first()
setor = session.query(Setor).first()
admin = Usuario(
username="admin",
email="admin@example.com",
is_admin=True
)
admin.set_password("admin123")
admin.tipo = "ADMIN"
admin.otp_secret = admin_otp_secret
admin.roles.append(admin_role)
admin.setor = setor
session.add(admin)
session.commit()
# Gerar QR code
totp = pyotp.totp.TOTP(admin_otp_secret)
provisioning_uri = totp.provisioning_uri("admin", issuer_name="Sistema de Controles")
import qrcode
qr = qrcode.QRCode(version=1, box_size=10, border=5)
qr.add_data(provisioning_uri)
qr.make(fit=True)
img = qr.make_image(fill_color="black", back_color="white")
# Tentar salvar em diferentes locais
qr_paths = ['/tmp/admin_qr.png', 'admin_qr.png', '/app/admin_qr.png']
qr_saved = False
for qr_path in qr_paths:
try:
img.save(qr_path)
print(f"QR code salvo em {qr_path}")
qr_saved = True
break
except Exception as e:
print(f"Não foi possível salvar o QR code em {qr_path}: {e}")
continue
if not qr_saved:
print("AVISO: Não foi possível salvar o QR code em nenhum local")
print("O QR code pode ser gerado manualmente usando o URI OTP")
print("=== Usuário Admin Criado ===")
print(f"Username: admin")
print(f"Senha: admin123")
print(f"Email: {admin.email}")
print(f"OTP Secret: {admin_otp_secret}")
if qr_saved:
print(f"QR Code: {qr_path}")
print(f"URI OTP: {provisioning_uri}")
# Importar e executar o seed após criar todas as dependências
from seed_data import seed_database
print("\nPopulando banco de dados com dados de teste...")
seed_database()
print("Dados de teste criados com sucesso!")
except Exception as e:
print(f"Erro na inicialização do banco: {e}")
session.rollback()
raise
finally:
session.close()
if __name__ == "__main__":
init_database()

86
functions/decorators.py
View File

@@ -2,7 +2,7 @@ from functools import wraps
from flask import session, redirect, url_for, flash
from flask_login import current_user, login_required
from sqlalchemy.orm import joinedload
from .database import get_db_connection, Usuario, Role
from .database import get_db_session, Usuario, Role
from .rbac import Permission
def require_login(f):
@@ -26,7 +26,7 @@ def require_permission(permission_name):
flash('Você precisa estar logado para acessar esta página.', 'error')
return redirect(url_for('auth.login'))
db = get_db_connection()
db = get_db_session()
try:
# Carregar o usuário com suas roles e permissões
user = db.query(Usuario).options(
@@ -58,8 +58,11 @@ def require_permission(permission_name):
return decorated_function
return decorator
def require_role(role_name):
def require_role(role_level):
"""Decorador para verificar se o usuário tem um papel específico"""
if not isinstance(role_level, int):
raise TypeError("require_role espera um nível numérico (int), use a classe Role.")
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
@@ -67,10 +70,10 @@ def require_role(role_name):
flash('Você precisa estar logado para acessar esta página.', 'error')
return redirect(url_for('auth.login'))
db = get_db_connection()
db = get_db_session()
try:
user = db.query(Usuario).get(current_user.id)
if not user or not user.has_role(role_name):
if not user or not user.has_role(role_level):
flash('Você não tem permissão para acessar esta página.', 'error')
return redirect(url_for('index'))
@@ -86,6 +89,9 @@ def require_role(role_name):
def require_minimum_role(min_level):
"""Decorador para verificar se o usuário tem um papel com nível mínimo"""
if not isinstance(min_level, int):
raise TypeError("require_minimum_role espera um nível numérico de role (int).")
def decorator(f):
@wraps(f)
def decorated_function(*args, **kwargs):
@@ -93,15 +99,14 @@ def require_minimum_role(min_level):
flash('Você precisa estar logado para acessar esta página.', 'error')
return redirect(url_for('auth.login'))
db = get_db_connection()
db = get_db_session()
try:
user = db.query(Usuario).get(current_user.id)
if not user:
flash('Usuário não encontrado.', 'error')
return redirect(url_for('auth.login'))
highest_role = user.get_highest_role()
if not highest_role or highest_role.nivel < min_level:
if not user.has_minimum_role(min_level):
flash('Você não tem permissão para acessar esta página.', 'error')
return redirect(url_for('index'))
@@ -146,31 +151,42 @@ def require_instance_access(instance_type, instance_id):
if not current_user.is_authenticated:
flash('Por favor, faça login para acessar esta página.', 'error')
return redirect(url_for('auth.login'))
# Verificar acesso baseado na instância do usuário
if instance_type == 'celula':
if not (current_user.celula_id == instance_id or
current_user.has_permission(Permission.VIEW_SECTOR_REPORTS) or
current_user.has_permission(Permission.VIEW_CR_REPORTS) or
current_user.has_permission(Permission.VIEW_CC_REPORTS)):
flash('Você não tem acesso a esta célula.', 'error')
return redirect(url_for('index'))
elif instance_type == 'setor':
if not (current_user.setor_id == instance_id or
current_user.has_permission(Permission.VIEW_CR_REPORTS) or
current_user.has_permission(Permission.VIEW_CC_REPORTS)):
flash('Você não tem acesso a este setor.', 'error')
return redirect(url_for('index'))
elif instance_type == 'cr':
if not (current_user.cr_id == instance_id or
current_user.has_permission(Permission.VIEW_CC_REPORTS)):
flash('Você não tem acesso a este CR.', 'error')
return redirect(url_for('index'))
# Atualiza timestamp da última atividade
current_user.update_last_activity()
db_session.commit()
return f(*args, **kwargs)
db = get_db_session()
try:
user = db.query(Usuario).options(
joinedload(Usuario.roles).joinedload(Role.permissions)
).get(current_user.id)
if not user:
flash('Usuário não encontrado.', 'error')
return redirect(url_for('auth.login'))
# Verificar acesso baseado na instância do usuário
if instance_type == 'celula':
if not (user.celula_id == instance_id or
user.has_permission(Permission.VIEW_SECTOR_REPORTS) or
user.has_permission(Permission.VIEW_CR_REPORTS) or
user.has_permission(Permission.VIEW_CC_REPORTS)):
flash('Você não tem acesso a esta célula.', 'error')
return redirect(url_for('index'))
elif instance_type == 'setor':
if not (user.setor_id == instance_id or
user.has_permission(Permission.VIEW_CR_REPORTS) or
user.has_permission(Permission.VIEW_CC_REPORTS)):
flash('Você não tem acesso a este setor.', 'error')
return redirect(url_for('index'))
elif instance_type == 'cr':
if not (user.cr_id == instance_id or
user.has_permission(Permission.VIEW_CC_REPORTS)):
flash('Você não tem acesso a este CR.', 'error')
return redirect(url_for('index'))
# Atualiza timestamp da última atividade
user.update_last_activity()
db.commit()
return f(*args, **kwargs)
finally:
db.close()
return decorated_function
return decorator
return decorator

216
functions/rbac.py
View File

@@ -133,183 +133,183 @@ class Permission(Base):
def init_rbac():
"""Inicializa o sistema RBAC com roles e permissões básicas"""
from .database import Usuario, get_db_connection
session = get_db_connection()
from .database import Usuario, get_db_session
db = get_db_session()
try:
# Criar role de administrador primeiro
admin_role = session.query(Role).filter_by(nome="Administrador").first()
admin_role = db.query(Role).filter_by(nome="Administrador").first()
if not admin_role:
admin_role = Role(nome="Administrador", nivel=Role.SECRETARIO_GERAL)
session.add(admin_role)
session.commit()
db.add(admin_role)
db.commit()
# Criar outras roles
for nivel, nome in Role.get_roles_list():
if nome != "Administrador": # Pular Administrador pois já foi criado
role = session.query(Role).filter_by(nivel=nivel).first()
role = db.query(Role).filter_by(nivel=nivel).first()
if not role:
role = Role(nome=nome, nivel=nivel)
session.add(role)
db.add(role)
# Criar permissões
for nome, descricao in Permission.get_permissions_list():
permission = session.query(Permission).filter_by(nome=nome).first()
permission = db.query(Permission).filter_by(nome=nome).first()
if not permission:
permission = Permission(nome=nome, descricao=descricao)
session.add(permission)
db.add(permission)
session.commit()
db.commit()
# Dar todas as permissões para o admin
all_permissions = session.query(Permission).all()
all_permissions = db.query(Permission).all()
admin_role.permissions = all_permissions
session.commit()
db.commit()
# Buscar usuário admin e atribuir role de administrador
admin_user = session.query(Usuario).filter_by(username="admin").first()
admin_user = db.query(Usuario).filter_by(username="admin").first()
if admin_user:
if admin_role not in admin_user.roles:
admin_user.roles = [admin_role] # Substituir roles existentes
session.commit()
db.commit()
# Mapear permissões para outros roles
for role in session.query(Role).filter(Role.nome != "Administrador").all():
for role in db.query(Role).filter(Role.nome != "Administrador").all():
# Militante Básico
if role.nivel == Role.MILITANTE_BASICO:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first()
]
# Secretário de Célula
elif role.nivel == Role.SECRETARIO_CELULA:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CELL_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CELL_PAYMENT).first()
]
# Membro de Setor
elif role.nivel == Role.MEMBRO_SETOR:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_SECTOR_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_SECTOR_PAYMENT).first()
]
# Secretário de Setor
elif role.nivel == Role.SECRETARIO_SETOR:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_SECTOR_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_SECTOR_PAYMENT).first()
]
# Membro de CR
elif role.nivel == Role.MEMBRO_CR:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CR_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CR_PAYMENT).first()
]
# Secretário de CR
elif role.nivel == Role.SECRETARIO_CR:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CR_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CR_PAYMENT).first()
]
# Membro do CC
elif role.nivel == Role.MEMBRO_CC:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CC_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CC_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CC_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CC_PAYMENT).first()
]
# Secretário Geral
elif role.nivel == Role.SECRETARIO_GERAL:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CC_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CC_CRS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CC_CR).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CC_PAYMENT).first(),
session.query(Permission).filter_by(nome=Permission.SYSTEM_CONFIG).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CC_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CC_CRS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CC_CR).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CC_PAYMENT).first(),
db.query(Permission).filter_by(nome=Permission.SYSTEM_CONFIG).first()
]
session.commit()
db.commit()
except Exception as e:
print(f"Erro ao inicializar RBAC: {e}")
session.rollback()
db.rollback()
raise
finally:
session.close()
db.close()