Benjamin_Boenisch/breakpilot-compliance
1
1
Fork 0
Code Issues 24 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
702e7a6333a1367aa4ecd3247aa44a4d641cb405
breakpilot-compliance/backend-compliance/compliance/services/_company_profile_sql.py
T
Benjamin Admin 5958b575b1
CI / detect-changes (push) Successful in 9s
Details
CI / branch-name (push) Has been skipped
Details
CI / guardrail-integrity (push) Has been skipped
Details
CI / secret-scan (push) Has been skipped
Details
CI / dep-audit (push) Has been skipped
Details
CI / sbom-scan (push) Has been skipped
Details
CI / build-sha-integrity (push) Failing after 4s
Details
CI / validate-canonical-controls (push) Successful in 10s
Details
CI / loc-budget (push) Failing after 14s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / nodejs-build (push) Has been skipped
Details
CI / test-go (push) Has been skipped
Details
CI / iace-gt-coverage (push) Has been skipped
Details
CI / test-python-backend (push) Successful in 28s
Details
CI / test-python-dsms-gateway (push) Has been skipped
Details
CI / test-python-document-crawler (push) Has been skipped
Details
fix(company-profile): replace :param::jsonb with CAST(:param AS JSONB) 
SQLAlchemy's text() parser treats `:name::jsonb` ambiguously when the
trailing `::jsonb` follows immediately — psycopg2 receives the literal
`:name::jsonb` string and raises a SyntaxError because `:` isn't a
psycopg2 placeholder syntax.

The fix uses ANSI CAST(:name AS JSONB) which is semantically identical
in PostgreSQL but lets SQLAlchemy unambiguously substitute the
parameter.

Effects: PATCH and POST/upsert on /api/v1/company-profile now actually
update the row. Before this fix both endpoints returned 500 (or 200
with stale data) and never persisted edits.

Files touched:
  - _company_profile_sql.py (build_upsert_params / execute_update /
    execute_insert): 12 JSONB columns
  - company_profile_service.py: PATCH dynamic JSONB column,
    audit log insert

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-07 00:42:16 +02:00

140 lines
6.8 KiB
Python
Raw Blame History

"""
Internal raw-SQL helpers for company_profile_service.
Separated from the service class because the INSERT/UPDATE statements are
~70 lines each; keeping them here lets the service module stay readable.
"""
import json
from typing import Any, Optional
from sqlalchemy import text
from sqlalchemy.orm import Session
from compliance.schemas.company_profile import CompanyProfileRequest
def build_upsert_params(
tid: str, pid: Optional[str], profile: CompanyProfileRequest
) -> dict[str, Any]:
return {
"tid": tid,
"pid": pid,
"company_name": profile.company_name,
"legal_form": profile.legal_form,
"industry": profile.industry,
"founded_year": profile.founded_year,
"business_model": profile.business_model,
"offerings": json.dumps(profile.offerings),
"offering_urls": json.dumps(profile.offering_urls),
"company_size": profile.company_size,
"employee_count": profile.employee_count,
"annual_revenue": profile.annual_revenue,
"hq_country": profile.headquarters_country,
"hq_country_other": profile.headquarters_country_other,
"hq_street": profile.headquarters_street,
"hq_zip": profile.headquarters_zip,
"hq_city": profile.headquarters_city,
"hq_state": profile.headquarters_state,
"has_intl": profile.has_international_locations,
"intl_countries": json.dumps(profile.international_countries),
"target_markets": json.dumps(profile.target_markets),
"jurisdiction": profile.primary_jurisdiction,
"is_controller": profile.is_data_controller,
"is_processor": profile.is_data_processor,
"uses_ai": profile.uses_ai,
"ai_use_cases": json.dumps(profile.ai_use_cases),
"dpo_name": profile.dpo_name,
"dpo_email": profile.dpo_email,
"legal_name": profile.legal_contact_name,
"legal_email": profile.legal_contact_email,
"machine_builder": json.dumps(profile.machine_builder) if profile.machine_builder else None,
"is_complete": profile.is_complete,
"repos": json.dumps(profile.repos),
"document_sources": json.dumps(profile.document_sources),
"processing_systems": json.dumps(profile.processing_systems),
"ai_systems": json.dumps(profile.ai_systems),
"technical_contacts": json.dumps(profile.technical_contacts),
"subject_to_nis2": profile.subject_to_nis2,
"subject_to_ai_act": profile.subject_to_ai_act,
"subject_to_iso27001": profile.subject_to_iso27001,
"supervisory_authority": profile.supervisory_authority,
"review_cycle_months": profile.review_cycle_months,
}
def execute_update(
db: Session,
params: dict[str, Any],
completed_at_sql: str,
where_clause: str,
) -> None:
db.execute(
text(f"""UPDATE compliance_company_profiles SET
company_name = :company_name, legal_form = :legal_form,
industry = :industry, founded_year = :founded_year,
business_model = :business_model, offerings = CAST(:offerings AS JSONB),
offering_urls = CAST(:offering_urls AS JSONB),
company_size = :company_size, employee_count = :employee_count,
annual_revenue = :annual_revenue,
headquarters_country = :hq_country, headquarters_country_other = :hq_country_other,
headquarters_street = :hq_street, headquarters_zip = :hq_zip,
headquarters_city = :hq_city, headquarters_state = :hq_state,
has_international_locations = :has_intl,
international_countries = CAST(:intl_countries AS JSONB),
target_markets = CAST(:target_markets AS JSONB), primary_jurisdiction = :jurisdiction,
is_data_controller = :is_controller, is_data_processor = :is_processor,
uses_ai = :uses_ai, ai_use_cases = CAST(:ai_use_cases AS JSONB),
dpo_name = :dpo_name, dpo_email = :dpo_email,
legal_contact_name = :legal_name, legal_contact_email = :legal_email,
machine_builder = CAST(:machine_builder AS JSONB), is_complete = :is_complete,
repos = CAST(:repos AS JSONB), document_sources = CAST(:document_sources AS JSONB),
processing_systems = CAST(:processing_systems AS JSONB),
ai_systems = CAST(:ai_systems AS JSONB), technical_contacts = CAST(:technical_contacts AS JSONB),
subject_to_nis2 = :subject_to_nis2, subject_to_ai_act = :subject_to_ai_act,
subject_to_iso27001 = :subject_to_iso27001,
supervisory_authority = :supervisory_authority,
review_cycle_months = :review_cycle_months,
updated_at = NOW(), completed_at = {completed_at_sql}
WHERE {where_clause}"""),
params,
)
def execute_insert(
db: Session,
params: dict[str, Any],
completed_at_sql: str,
) -> None:
db.execute(
text(f"""INSERT INTO compliance_company_profiles
(tenant_id, project_id, company_name, legal_form, industry, founded_year,
business_model, offerings, offering_urls,
company_size, employee_count, annual_revenue,
headquarters_country, headquarters_country_other,
headquarters_street, headquarters_zip, headquarters_city, headquarters_state,
has_international_locations, international_countries,
target_markets, primary_jurisdiction,
is_data_controller, is_data_processor, uses_ai, ai_use_cases,
dpo_name, dpo_email, legal_contact_name, legal_contact_email,
machine_builder, is_complete, completed_at,
repos, document_sources, processing_systems, ai_systems, technical_contacts,
subject_to_nis2, subject_to_ai_act, subject_to_iso27001,
supervisory_authority, review_cycle_months)
VALUES (:tid, :pid, :company_name, :legal_form, :industry, :founded_year,
:business_model, CAST(:offerings AS JSONB), CAST(:offering_urls AS JSONB),
:company_size, :employee_count, :annual_revenue,
:hq_country, :hq_country_other,
:hq_street, :hq_zip, :hq_city, :hq_state,
:has_intl, CAST(:intl_countries AS JSONB),
CAST(:target_markets AS JSONB), :jurisdiction,
:is_controller, :is_processor, :uses_ai, CAST(:ai_use_cases AS JSONB),
:dpo_name, :dpo_email, :legal_name, :legal_email,
CAST(:machine_builder AS JSONB), :is_complete, {completed_at_sql},
CAST(:repos AS JSONB), CAST(:document_sources AS JSONB), CAST(:processing_systems AS JSONB),
CAST(:ai_systems AS JSONB), CAST(:technical_contacts AS JSONB),
:subject_to_nis2, :subject_to_ai_act, :subject_to_iso27001,
:supervisory_authority, :review_cycle_months)"""),
params,
)
Reference in New Issue View Git Blame Copy Permalink