GeneralManager 0.10.6__tar.gz → 0.11.0__tar.gz

{generalmanager-0.10.6 → generalmanager-0.11.0}/GeneralManager.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GeneralManager
-Version: 0.10.6
+Version: 0.11.0
 Summary: Modular Django-based data management framework with ORM, GraphQL, fine-grained permissions, rule validation, calculations and caching.
 Author-email: Tim Kleindick <tkleindick@yahoo.de>
 License-Expression: MIT

{generalmanager-0.10.6 → generalmanager-0.11.0}/GeneralManager.egg-info/SOURCES.txt

@@ -43,8 +43,10 @@ src/general_manager/permission/__init__.py
 src/general_manager/permission/basePermission.py
 src/general_manager/permission/fileBasedPermission.py
 src/general_manager/permission/managerBasedPermission.py
+src/general_manager/permission/mutationPermission.py
 src/general_manager/permission/permissionChecks.py
 src/general_manager/permission/permissionDataManager.py
+src/general_manager/permission/utils.py
 src/general_manager/rule/__init__.py
 src/general_manager/rule/handler.py
 src/general_manager/rule/rule.py

{generalmanager-0.10.6 → generalmanager-0.11.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: GeneralManager
-Version: 0.10.6
+Version: 0.11.0
 Summary: Modular Django-based data management framework with ORM, GraphQL, fine-grained permissions, rule validation, calculations and caching.
 Author-email: Tim Kleindick <tkleindick@yahoo.de>
 License-Expression: MIT

{generalmanager-0.10.6 → generalmanager-0.11.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "GeneralManager"
-version = "0.10.6"
+version = "0.11.0"
 description = "Modular Django-based data management framework with ORM, GraphQL, fine-grained permissions, rule validation, calculations and caching."
 readme = "README.md"
 authors = [{ name = "Tim Kleindick", email = "tkleindick@yahoo.de" }]

{generalmanager-0.10.6 → generalmanager-0.11.0}/src/general_manager/api/mutation.py

@@ -1,5 +1,14 @@
 import inspect
-from typing import get_type_hints, Optional, Union, List, Tuple, get_origin, get_args
+from typing import (
+    get_type_hints,
+    Optional,
+    Union,
+    List,
+    Tuple,
+    get_origin,
+    get_args,
+    Type,
+)
 import graphene
 
 from general_manager.api.graphql import GraphQL
@@ -7,9 +16,10 @@ from general_manager.manager.generalManager import GeneralManager
 
 from general_manager.utils.formatString import snake_to_camel
 from typing import TypeAliasType
+from general_manager.permission.mutationPermission import MutationPermission
 
 
-def graphQlMutation(needs_role: Optional[str] = None, auth_required: bool = False):
+def graphQlMutation(permission: Optional[Type[MutationPermission]] = None):
     """
     Decorator that transforms a function into a GraphQL mutation class and registers it for use in a Graphene-based API.
 
@@ -109,11 +119,9 @@ def graphQlMutation(needs_role: Optional[str] = None, auth_required: bool = Fals
 
         # Define mutate method
         def _mutate(root, info, **kwargs):
-            # Auth check
-            if auth_required and not getattr(info.context, "user", None):
-                return mutation_class(
-                    **{"success": False, "errors": ["Authentication required"]}
-                )
+
+            if permission:
+                permission.check(kwargs, info.context.user)
             try:
                 result = fn(info, **kwargs)
                 data = {}

{generalmanager-0.10.6 → generalmanager-0.11.0}/src/general_manager/permission/basePermission.py

@@ -8,6 +8,7 @@ from general_manager.permission.permissionChecks import (
 
 from django.contrib.auth.models import AnonymousUser, AbstractUser
 from general_manager.permission.permissionDataManager import PermissionDataManager
+from general_manager.permission.utils import validatePermissionString
 
 if TYPE_CHECKING:
     from general_manager.manager.generalManager import GeneralManager
@@ -153,24 +154,9 @@ class BasePermission(ABC):
         self,
         permission: str,
     ) -> bool:
-        # permission can be a combination of multiple permissions
-        # separated by "&" (e.g. "isAuthenticated&isMatchingKeyAccount")
-        # this means that all sub_permissions must be true
-        return all(
-            [
-                self.__validateSinglePermission(sub_permission)
-                for sub_permission in permission.split("&")
-            ]
-        )
-
-    def __validateSinglePermission(
-        self,
-        permission: str,
-    ) -> bool:
-        permission_function, *config = permission.split(":")
-        if permission_function not in permission_functions:
-            raise ValueError(f"Permission {permission} not found")
-
-        return permission_functions[permission_function]["permission_method"](
-            self.instance, self.request_user, config
-        )
+        """
+        Validates a permission string which can be a combination of multiple permissions
+        separated by "&" (e.g. "isAuthenticated&isMatchingKeyAccount").
+        This means that all sub_permissions must be true.
+        """
+        return validatePermissionString(permission, self.instance, self.request_user)

{generalmanager-0.10.6 → generalmanager-0.11.0}/src/general_manager/permission/managerBasedPermission.py

@@ -30,8 +30,7 @@ class ManagerBasedPermission(BasePermission):
         request_user: AbstractUser,
     ) -> None:
 
-        self.__instance = instance
-        self.__request_user = request_user
+        super().__init__(instance, request_user)
         self.__attribute_permissions = self.__getAttributePermissions()
         self.__based_on_permission = self.__getBasedOnPermission()
         self.__overall_results: Dict[permission_type, Optional[bool]] = {
@@ -51,7 +50,7 @@ class ManagerBasedPermission(BasePermission):
         basis_object = getattr(self.instance, __based_on__, None)
         if basis_object is None:
             raise ValueError(
-                f"Based on object {__based_on__} not found in instance {self.__instance}"
+                f"Based on object {__based_on__} not found in instance {self.instance}"
             )
         if not isinstance(basis_object, GeneralManager) and not issubclass(
             basis_object, GeneralManager
@@ -71,14 +70,6 @@ class ManagerBasedPermission(BasePermission):
             request_user=self.request_user,
         )
 
-    @property
-    def instance(self) -> PermissionDataManager | GeneralManager:
-        return self.__instance
-
-    @property
-    def request_user(self) -> AbstractUser:
-        return self.__request_user
-
     def __getAttributePermissions(
         self,
     ) -> dict[str, dict[permission_type, list[str]]]:

generalmanager-0.11.0/src/general_manager/permission/mutationPermission.py

@@ -0,0 +1,88 @@
+from __future__ import annotations
+from django.contrib.auth.models import AbstractUser, AnonymousUser
+from typing import Any
+from general_manager.permission.basePermission import BasePermission
+
+from general_manager.permission.permissionDataManager import PermissionDataManager
+from general_manager.permission.utils import validatePermissionString
+
+
+class MutationPermission:
+    __mutate__: list[str]
+
+    def __init__(
+        self, data: dict[str, Any], request_user: AbstractUser | AnonymousUser
+    ) -> None:
+        self._data = PermissionDataManager(data)
+        self._request_user = request_user
+        self.__attribute_permissions = self.__getAttributePermissions()
+
+        self.__overall_result: bool | None = None
+
+    @property
+    def data(self) -> PermissionDataManager:
+        return self._data
+
+    @property
+    def request_user(self) -> AbstractUser | AnonymousUser:
+        return self._request_user
+
+    def __getAttributePermissions(
+        self,
+    ) -> dict[str, list[str]]:
+        attribute_permissions = {}
+        for attribute in self.__class__.__dict__:
+            if not attribute.startswith("__"):
+                attribute_permissions[attribute] = getattr(self.__class__, attribute)
+        return attribute_permissions
+
+    @classmethod
+    def check(
+        cls,
+        data: dict[str, Any],
+        request_user: AbstractUser | AnonymousUser | Any,
+    ) -> None:
+        """
+        Check if the user has permission to perform the mutation based on the provided data.
+        Raises:
+            PermissionError: If the user does not have permission.
+        """
+        errors = []
+        Permission = cls(data, BasePermission.getUserWithId(request_user))
+        for key in data:
+            if not Permission.checkPermission(key):
+                errors.append(
+                    f"Permission denied for {key} with value {data[key]} for user {request_user}"
+                )
+        if errors:
+            raise PermissionError(f"Permission denied with errors: {errors}")
+
+    def checkPermission(
+        self,
+        attribute: str,
+    ) -> bool:
+
+        has_attribute_permissions = attribute in self.__attribute_permissions
+
+        if not has_attribute_permissions:
+            last_result = self.__overall_result
+            if last_result is not None:
+                return last_result
+            attribute_permission = True
+        else:
+            attribute_permission = self.__checkSpecificPermission(
+                self.__attribute_permissions[attribute]
+            )
+
+        permission = self.__checkSpecificPermission(self.__mutate__)
+        self.__overall_result = permission
+        return permission and attribute_permission
+
+    def __checkSpecificPermission(
+        self,
+        permissions: list[str],
+    ) -> bool:
+        for permission in permissions:
+            if validatePermissionString(permission, self.data, self.request_user):
+                return True
+        return False

{generalmanager-0.10.6 → generalmanager-0.11.0}/src/general_manager/permission/permissionDataManager.py

@@ -24,10 +24,6 @@ class PermissionDataManager(Generic[GeneralManagerData]):
             self.getData = (
                 lambda name, permission_data=permission_data: permission_data.get(name)
             )
-            if manager is None:
-                raise ValueError(
-                    "Manager must be provided if permission_data is a dict"
-                )
             self._manager = manager
         else:
             raise TypeError(
@@ -48,7 +44,7 @@ class PermissionDataManager(Generic[GeneralManagerData]):
         return self._permission_data
 
     @property
-    def manager(self) -> type[GeneralManagerData]:
+    def manager(self) -> type[GeneralManagerData] | None:
         return self._manager
 
     def __getattr__(self, name: str) -> Any:

generalmanager-0.11.0/src/general_manager/permission/utils.py

@@ -0,0 +1,35 @@
+from general_manager.permission.permissionChecks import (
+    permission_functions,
+)
+from general_manager.permission.permissionDataManager import PermissionDataManager
+from django.contrib.auth.models import AbstractUser, AnonymousUser
+
+from general_manager.manager.generalManager import GeneralManager
+from general_manager.manager.meta import GeneralManagerMeta
+
+
+def validatePermissionString(
+    permission: str,
+    data: PermissionDataManager | GeneralManager | GeneralManagerMeta,
+    request_user: AbstractUser | AnonymousUser,
+) -> bool:
+    # permission can be a combination of multiple permissions
+    # separated by "&" (e.g. "isAuthenticated&isMatchingKeyAccount")
+    # this means that all sub_permissions must be true
+    def _validateSinglePermission(
+        permission: str,
+    ) -> bool:
+        permission_function, *config = permission.split(":")
+        if permission_function not in permission_functions:
+            raise ValueError(f"Permission {permission} not found")
+
+        return permission_functions[permission_function]["permission_method"](
+            data, request_user, config
+        )
+
+    return all(
+        [
+            _validateSinglePermission(sub_permission)
+            for sub_permission in permission.split("&")
+        ]
+    )