comunatec/controles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- inits centralizados, READMEs atualizados

Browse Source 
- padronizando o nome de get_db_connection e session para get_db_session, para não confundir com session do Flask ou sessoes web

- corrigindo potenciais erros

-- has_permission nao consegue com lazy load carregar permission depois de load_user fechar a conexao, entao joinedLoad com Permission antes de fechar

-- db.rollback não existe caso db = get_db_session() apareça muito depois dentro do try, padronizando antes de try

--- comparar role por nivel (Role.SECRETARIO_GERAL) e nao por nome ("Secretario Geral")

- unificacao de get_otp_qr_code

- mudança de nowutc() para now(UTC) conforme novo padrão
This commit is contained in:
Mateus Tavares
2026-02-20 17:19:15 -03:00
parent 6882b57081
commit 2b1668206d
38 changed files with 1250 additions and 1187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
functions/rbac.py
View File

@@ -133,183 +133,183 @@ class Permission(Base):
def init_rbac():
"""Inicializa o sistema RBAC com roles e permissões básicas"""
from .database import Usuario, get_db_connection
session = get_db_connection()
from .database import Usuario, get_db_session
db = get_db_session()
try:
# Criar role de administrador primeiro
admin_role = session.query(Role).filter_by(nome="Administrador").first()
admin_role = db.query(Role).filter_by(nome="Administrador").first()
if not admin_role:
admin_role = Role(nome="Administrador", nivel=Role.SECRETARIO_GERAL)
session.add(admin_role)
session.commit()
db.add(admin_role)
db.commit()
# Criar outras roles
for nivel, nome in Role.get_roles_list():
if nome != "Administrador": # Pular Administrador pois já foi criado
role = session.query(Role).filter_by(nivel=nivel).first()
role = db.query(Role).filter_by(nivel=nivel).first()
if not role:
role = Role(nome=nome, nivel=nivel)
session.add(role)
db.add(role)
# Criar permissões
for nome, descricao in Permission.get_permissions_list():
permission = session.query(Permission).filter_by(nome=nome).first()
permission = db.query(Permission).filter_by(nome=nome).first()
if not permission:
permission = Permission(nome=nome, descricao=descricao)
session.add(permission)
db.add(permission)
session.commit()
db.commit()
# Dar todas as permissões para o admin
all_permissions = session.query(Permission).all()
all_permissions = db.query(Permission).all()
admin_role.permissions = all_permissions
session.commit()
db.commit()
# Buscar usuário admin e atribuir role de administrador
admin_user = session.query(Usuario).filter_by(username="admin").first()
admin_user = db.query(Usuario).filter_by(username="admin").first()
if admin_user:
if admin_role not in admin_user.roles:
admin_user.roles = [admin_role] # Substituir roles existentes
session.commit()
db.commit()
# Mapear permissões para outros roles
for role in session.query(Role).filter(Role.nome != "Administrador").all():
for role in db.query(Role).filter(Role.nome != "Administrador").all():
# Militante Básico
if role.nivel == Role.MILITANTE_BASICO:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first()
]
# Secretário de Célula
elif role.nivel == Role.SECRETARIO_CELULA:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CELL_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CELL_PAYMENT).first()
]
# Membro de Setor
elif role.nivel == Role.MEMBRO_SETOR:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_SECTOR_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_SECTOR_PAYMENT).first()
]
# Secretário de Setor
elif role.nivel == Role.SECRETARIO_SETOR:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_SECTOR_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_SECTOR_PAYMENT).first()
]
# Membro de CR
elif role.nivel == Role.MEMBRO_CR:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CR_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CR_PAYMENT).first()
]
# Secretário de CR
elif role.nivel == Role.SECRETARIO_CR:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CR_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CR_PAYMENT).first()
]
# Membro do CC
elif role.nivel == Role.MEMBRO_CC:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CC_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CC_PAYMENT).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CC_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CC_PAYMENT).first()
]
# Secretário Geral
elif role.nivel == Role.SECRETARIO_GERAL:
role.permissions = [
session.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
session.query(Permission).filter_by(nome=Permission.VIEW_CC_REPORTS).first(),
session.query(Permission).filter_by(nome=Permission.MANAGE_CC_CRS).first(),
session.query(Permission).filter_by(nome=Permission.CREATE_CC_CR).first(),
session.query(Permission).filter_by(nome=Permission.REGISTER_CC_PAYMENT).first(),
session.query(Permission).filter_by(nome=Permission.SYSTEM_CONFIG).first()
db.query(Permission).filter_by(nome=Permission.VIEW_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.EDIT_OWN_DATA).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_DATA).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_MEMBERS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CELL_MEMBER).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CELL_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_SECTOR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_SECTOR_CELLS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_SECTOR_CELL).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CR_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CR_SECTORS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CR_SECTOR).first(),
db.query(Permission).filter_by(nome=Permission.VIEW_CC_REPORTS).first(),
db.query(Permission).filter_by(nome=Permission.MANAGE_CC_CRS).first(),
db.query(Permission).filter_by(nome=Permission.CREATE_CC_CR).first(),
db.query(Permission).filter_by(nome=Permission.REGISTER_CC_PAYMENT).first(),
db.query(Permission).filter_by(nome=Permission.SYSTEM_CONFIG).first()
]
session.commit()
db.commit()
except Exception as e:
print(f"Erro ao inicializar RBAC: {e}")
session.rollback()
db.rollback()
raise
finally:
session.close()
db.close()