PyPI - abs-auth-rbac-core - Versions diffs - 0.1.18__py3-none-any.whl → 0.1.19__py3-none-any.whl - Mend

abs-auth-rbac-core 0.1.18py3-none-any.whl → 0.1.19py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of abs-auth-rbac-core might be problematic. Click here for more details.

Files changed (7) hide show

abs_auth_rbac_core/models/gov_casbin_rule.py CHANGED Viewed

@@ -23,3 +23,12 @@ class GovCasbinRule(BaseCasbinRule):
         self.v3 = v3
         self.v4 = v4
         self.v5 = v5
+    def __str__(self):
+        arr = [self.ptype]
+        for v in (self.v0, self.v1, self.v2, self.v3):
+            if v is None:
+                break
+            arr.append(v)
+        return ", ".join(arr)

abs_auth_rbac_core/rbac/service.py CHANGED Viewed

@@ -155,12 +155,11 @@ class RBACService:
         """
         with self.db() as session:
             try:
-                if hasattr(permissions,'model_dump'):
-                    add_permissions = [Permission(**permission.model_dump()) for permission in permissions]
+                if hasattr(permissions[0], "model_dump"):
+                    permission_objs = [Permission(**permission.model_dump()) for permission in permissions]
                 else:
-                    add_permissions = [Permission(**permission) for permission in permissions]
-                session.bulk_save_objects(add_permissions)
+                    permission_objs = [Permission(**permission) for permission in permissions]
+                session.bulk_save_objects(permission_objs)
                 session.commit()
                 return add_permissions
             except Exception as e:

abs_auth_rbac_core/util/permission_constants.py CHANGED Viewed

@@ -43,6 +43,7 @@ class PermissionAction(str, Enum):
     EDIT = "EDIT"
     DELETE = "DELETE"
     MANAGE = "MANAGE"
+    DOWNLOAD = "DOWNLOAD"
     CONFIGURE_IMPORTANCE = "CONFIGURE_IMPORTANCE"
     VIEW_FIELD_RESULTS = "VIEW_FIELD_RESULTS"
     UPDATE_STATUS = "UPDATE_STATUS"
@@ -163,12 +164,23 @@ class PermissionModule(str, Enum):
     AI_EMS="AI_EMS"
     ENTITY_MANAGER="ENTITY_MANAGER"
     ASL = "ASL"
+    EDS = "EDS"
 class PermissionResource(str, Enum):
+    DASHBOARD = "DASHBOARDS"
     WORKFORCE_AGENT = "WORKFORCE_AGENT"
     EPAR = "EPAR"
+    EPARS = "EPARS"
+    OCFO = "OCFO"
+    EDS_ASSISTANT = "EDS_ASSISTANT"
+    REPORTS = "REPORTS"
+    WORKFLOW = "WORKFLOW"
+    FEEDBACK = "FEEDBACK"
+    OCFO_TUTORIALS = "OCFO_TUTORIALS"
+    EPAR_TUTORIALS = "EPAR_TUTORIALS"
+    RECENT_REVIEW_EPARS = "RECENT_REVIEW_EPARS"
     EPAR_PROTRACK_INTEGRATION = "EPAR_PROTRACK_INTEGRATION"
     EPAR_DASHBOARD = "EPAR_DASHBOARD"
     NOTIFICATIONS = "NOTIFICATIONS"
@@ -247,6 +259,104 @@ class PermissionData(NamedTuple):
 class PermissionConstants:
+    EDS_DASHBOARD_VIEW = PermissionData(
+        name="View EDS Dashboard",
+        description="View EDS Dashboard",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.DASHBOARD,
+        action=PermissionAction.VIEW,
+    )
+    EDS_EPARS_VIEW = PermissionData(
+        name="View EPARs",
+        description="View EPARs",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.EPARS,
+        action=PermissionAction.VIEW,
+    )
+    EDS_OCFO_VIEW = PermissionData(
+        name="View OCFO",
+        description="View OCFO",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.OCFO,
+        action=PermissionAction.VIEW,
+    )
+    EDS_EDS_ASSISTANT_VIEW = PermissionData(
+        name="View EDS Assistant",
+        description="View EDS Assistant",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.EDS_ASSISTANT,
+        action=PermissionAction.VIEW,
+    )
+    EDS_REPORTS_VIEW = PermissionData(
+        name="View Reports",
+        description="View Reports",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.REPORTS,
+        action=PermissionAction.VIEW,
+    )
+    EDS_EAPR_CREATE = PermissionData(
+        name="Create EPAR",
+        description="Create EPAR",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.EPAR,
+        action=PermissionAction.CREATE,
+    )
+    EDS_EPAR_EDIT = PermissionData(
+        name="Edit EPAR",
+        description="Edit EPAR",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.EPAR,
+        action=PermissionAction.EDIT,
+    )
+    EDS_EPAR_DOWNLOAD = PermissionData(
+        name="Download EPAR",
+        description="Download EPAR",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.EPAR,
+        action=PermissionAction.DOWNLOAD,
+    )
+    EDS_EPAR_VIEW = PermissionData(
+        name="View EPAR",
+        description="View EPAR",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.EPAR,
+        action=PermissionAction.VIEW,
+    )
+    EDS_WORKFLOW_VIEW = PermissionData(
+        name="View Workflow",
+        description="View Workflow",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.WORKFLOW,
+        action=PermissionAction.VIEW,
+    )
+    EDS_FEEDBACK_VIEW = PermissionData(
+        name="View Feedback",
+        description="View Feedback",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.FEEDBACK,
+        action=PermissionAction.VIEW,
+    )
+    EDS_OCFO_TUTORIALS_VIEW = PermissionData(
+        name="View OCFO Tutorials",
+        description="View OCFO Tutorials",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.OCFO_TUTORIALS,
+        action=PermissionAction.VIEW,
+    )
+    EDS_EPAR_TUTORIALS_VIEW = PermissionData(
+        name="View EPAR Tutorials",
+        description="View EPAR Tutorials",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.EPAR_TUTORIALS,
+        action=PermissionAction.VIEW,
+    )
+    EDS_RECENT_REVIEW_EPARS_VIEW = PermissionData(
+        name="View Recent Review EPARs",
+        description="View Recent Review EPARs",
+        module=PermissionModule.EDS,
+        resource=PermissionResource.RECENT_REVIEW_EPARS,
+        action=PermissionAction.VIEW,
+    )
     VIEW_BILLING = PermissionData(
         name="View Billing",
         description="View Billing accounts",

abs_auth_rbac_core-0.1.19.dist-info/METADATA ADDED Viewed

@@ -0,0 +1,761 @@
+Metadata-Version: 2.3
+Name: abs-auth-rbac-core
+Version: 0.1.19
+Summary: RBAC and Auth core utilities including JWT token management.
+License: MIT
+Author: AutoBridgeSystems
+Author-email: info@autobridgesystems.com
+Requires-Python: >=3.13,<4.0
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.13
+Requires-Dist: abs-exception-core (>=0.1.0,<0.2.0)
+Requires-Dist: casbin (>=1.41.0,<2.0.0)
+Requires-Dist: casbin-redis-watcher (>=1.3.0,<2.0.0)
+Requires-Dist: casbin-sqlalchemy-adapter (>=1.4.0,<2.0.0)
+Requires-Dist: fastapi[standard] (>=0.115.12,<0.116.0)
+Requires-Dist: passlib (>=1.7.4,<2.0.0)
+Requires-Dist: psycopg2-binary (>=2.9.10,<3.0.0)
+Requires-Dist: pyjwt (>=2.10.1,<3.0.0)
+Requires-Dist: sqlalchemy (>=2.0.40,<3.0.0)
+Description-Content-Type: text/markdown
+# ABS Auth RBAC Core
+A comprehensive authentication and Role-Based Access Control (RBAC) package for FastAPI applications. This package provides robust JWT-based authentication and flexible role-based permission management using Casbin with Redis support for real-time policy updates.
+## Features
+- **JWT-based Authentication**: Secure token-based authentication with customizable expiration
+- **Password Hashing**: Secure password storage using bcrypt
+- **Role-Based Access Control (RBAC)**: Flexible permission management using Casbin
+- **Real-time Policy Updates**: Redis integration for live policy synchronization
+- **User-Role Management**: Dynamic role assignment and revocation
+- **Permission Enforcement**: Decorator-based permission checking
+- **Middleware Integration**: Seamless FastAPI middleware integration
+- **Comprehensive Error Handling**: Built-in exception handling for security scenarios
+## Installation
+```bash
+pip install abs-auth-rbac-core
+```
+## Quick Start
+### 1. Basic Setup
+```python
+from abs_auth_rbac_core.auth.jwt_functions import JWTFunctions
+from abs_auth_rbac_core.rbac import RBACService
+import os
+# Initialize JWT functions
+jwt_functions = JWTFunctions(
+    secret_key=os.getenv("JWT_SECRET_KEY"),
+    algorithm=os.getenv("JWT_ALGORITHM", "HS256"),
+    expire_minutes=int(os.getenv("JWT_EXPIRE_MINUTES", "60"))
+)
+# Initialize RBAC service with database session
+rbac_service = RBACService(
+    session=your_db_session,
+    redis_config=RedisWatcherSchema(
+        host=os.getenv("REDIS_HOST"),
+        port=int(os.getenv("REDIS_PORT", "6379")),
+        channel=os.getenv("REDIS_CHANNEL", "casbin_policy_updates"),
+        password=os.getenv("REDIS_PASSWORD"),
+        ssl=os.getenv("REDIS_SSL", "false").lower() == "true"
+    )
+)
+```
+### 2. Authentication Setup
+The auth middleware can be implemented in two ways:
+#### Option 1: Using the Package Middleware (Recommended)
+The package middleware automatically handles JWT token validation and sets the user in the request state:
+```python
+from abs_auth_rbac_core.auth.middleware import auth_middleware
+# Create authentication middleware
+auth_middleware = auth_middleware(
+    db_session=your_db_session,
+    jwt_secret_key=os.getenv("JWT_SECRET_KEY"),
+    jwt_algorithm=os.getenv("JWT_ALGORITHM", "HS256")
+)
+# Apply to specific routers (recommended approach)
+app.include_router(
+    protected_router,
+    dependencies=[Depends(auth_middleware)]
+)
+# Public routes (no middleware)
+app.include_router(public_router)
+```
+**How it works:**
+1. The middleware validates the JWT token from the Authorization header
+2. Extracts the user UUID from the token payload
+3. Fetches the user from the database using the UUID
+4. **Sets the user object in `request.state.user`**
+5. Returns the user object for use in route handlers
+**Accessing the user in routes:**
+```python
+@router.get("/profile")
+async def get_profile(request: Request):
+    # User is automatically available in request.state.user
+    user = request.state.user
+    return {"user_id": user.uuid, "email": user.email}
+```
+#### Option 2: Custom Authentication Function
+```python
+from abs_auth_rbac_core.auth import JWTFunctions
+from fastapi import Security, HTTPAuthorizationCredentials
+from fastapi.security import HTTPBearer
+from abs_exception_core.exceptions import UnauthorizedError
+# Create security scheme
+security = HTTPBearer(auto_error=False)
+jwt_functions = JWTFunctions(
+    secret_key=os.getenv("JWT_SECRET_KEY"),
+    algorithm=os.getenv("JWT_ALGORITHM", "HS256"),
+    expire_minutes=int(os.getenv("JWT_EXPIRE_MINUTES", "60"))
+)
+async def get_current_user(
+    credentials: HTTPAuthorizationCredentials = Security(security),
+) -> Dict:
+    try:
+        if not credentials:
+            raise UnauthorizedError(detail="No authorization token provided")
+        token = credentials.credentials
+        # Remove 'Bearer ' prefix if present
+        if token.lower().startswith("bearer "):
+            token = token[7:]
+        decoded_token = jwt_functions.decode_jwt(token)
+        if not decoded_token:
+            raise UnauthorizedError(detail="Invalid or expired token")
+        return decoded_token
+    except Exception as e:
+        raise UnauthorizedError(detail=str(e))
+# Use in individual routes
+@app.get("/protected")
+async def protected_route(current_user: dict = Depends(get_current_user)):
+    return {"message": f"Hello {current_user.get('name')}"}
+```
+### 3. RBAC Operations
+```python
+# Create a role with permissions
+role = rbac_service.create_role(
+    name="admin",
+    description="Administrator role with full access",
+    permission_ids=["permission_uuid1", "permission_uuid2"]
+)
+# Assign roles to user
+rbac_service.bulk_assign_roles_to_user(
+    user_uuid="user_uuid",
+    role_uuids=["role_uuid1", "role_uuid2"]
+)
+# Check user permissions
+has_permission = rbac_service.check_permission(
+    user_uuid="user_uuid",
+    resource="USER_MANAGEMENT",
+    action="VIEW",
+    module="USER_MANAGEMENT"
+)
+# Get user permissions
+user_permissions = rbac_service.get_user_permissions(user_uuid="user_uuid")
+user_roles = rbac_service.get_user_roles(user_uuid="user_uuid")
+```
+## Core Components
+### Authentication (`auth/`)
+- `jwt_functions.py`: JWT token management and password hashing
+- `middleware.py`: Authentication middleware for FastAPI
+- `auth_functions.py`: Core authentication functions
+### RBAC (`rbac/`)
+- `service.py`: Main RBAC service with role and permission management
+- `decorator.py`: Decorators for permission checking
+### Models (`models/`)
+- `user.py`: User model
+- `roles.py`: Role model
+- `permissions.py`: Permission model
+- `user_role.py`: User-Role association model
+- `role_permission.py`: Role-Permission association model
+- `rbac_model.py`: Base RBAC model
+- `base_model.py`: Base model with common fields
+### Utilities (`util/`)
+- `permission_constants.py`: Predefined permission constants and enums
+## Complete Implementation Example
+### 1. Dependency Injection Setup
+```python
+from dependency_injector import containers, providers
+from abs_auth_rbac_core.auth.middleware import auth_middleware
+from abs_auth_rbac_core.rbac import RBACService
+from abs_auth_rbac_core.util.permission_constants import (
+    PermissionAction,
+    PermissionModule,
+    PermissionResource
+)
+class Container(containers.DeclarativeContainer):
+    # Configure wiring for dependency injection
+    wiring_config = containers.WiringConfiguration(
+        modules=[
+            "src.api.auth_route",
+            "src.api.endpoints.rbac.permission_route",
+            "src.api.endpoints.rbac.role_route",
+            "src.api.endpoints.rbac.users_route",
+            # Add other modules that need dependency injection
+        ]
+    )
+    # Database session provider
+    db_session = providers.Factory(your_db_session_factory)
+    # RBAC service provider
+    rbac_service = providers.Singleton(
+        RBACService,
+        session=db_session,
+        redis_config=RedisWatcherSchema(
+            host=os.getenv("REDIS_HOST"),
+            port=int(os.getenv("REDIS_PORT", "6379")),
+            channel=os.getenv("REDIS_CHANNEL", "casbin_policy_updates"),
+            password=os.getenv("REDIS_PASSWORD"),
+            ssl=os.getenv("REDIS_SSL", "false").lower() == "true"
+        )
+    )
+    # Auth middleware provider
+    get_auth_middleware = providers.Factory(
+        auth_middleware,
+        db_session=db_session,
+        jwt_secret_key=os.getenv("JWT_SECRET_KEY"),
+        jwt_algorithm=os.getenv("JWT_ALGORITHM", "HS256")
+    )
+# Initialize container
+container = Container()
+app.container = container
+```
+### 2. Complete Application Setup
+```python
+from fastapi import FastAPI, Depends
+from dependency_injector.wiring import Provide, inject
+from src.core.container import Container
+@singleton
+class CreateApp:
+    def __init__(self):
+        self.container = Container()
+        self.db = self.container.db()
+        # Get the auth middleware factory
+        self.auth_middleware = self.container.get_auth_middleware()
+        self.app = FastAPI(
+            title="Your Service",
+            description="Service Description",
+            version="0.0.1"
+        )
+        # Apply CORS middleware
+        self.app.add_middleware(
+            CORSMiddleware,
+            allow_origins=[str(origin) for origin in configs.BACKEND_CORS_ORIGINS],
+            allow_credentials=True,
+            allow_methods=["*"],
+            allow_headers=["*"],
+        )
+        # Public routes (no authentication required)
+        self.app.include_router(auth_router, tags=["Auth"])
+        self.app.include_router(public_router_v1)
+        # Protected routes (authentication required)
+        self.app.include_router(
+            router_v1,
+            dependencies=[Depends(self.auth_middleware)]
+        )
+        # Register exception handlers
+        register_exception_handlers(self.app)
+# Initialize application
+application = CreateApp()
+app = application.app
+```
+### 3. Route Implementation with Permissions
+```python
+from fastapi import APIRouter, Depends, Request
+from dependency_injector.wiring import Provide, inject
+from abs_auth_rbac_core.rbac import rbac_require_permission
+from abs_auth_rbac_core.util.permission_constants import (
+    PermissionAction,
+    PermissionModule,
+    PermissionResource
+)
+# Protected router (requires authentication)
+router = APIRouter(prefix="/users")
+# Public router (no authentication required)
+public_router = APIRouter(prefix="/users")
+# Public route example (no authentication or permissions required)
+@public_router.post("/all", response_model=FindUserResult)
+@inject
+async def get_user_list(
+    request: Request,
+    find_query: FindUser = Body(...),
+    rbac_service: RBACService = Depends(Provide[Container.rbac_service]),
+    service: UserService = Depends(Provide[Container.user_service]),
+):
+    """Get the list of users with filtering, sorting and pagination"""
+    find_query.searchable_fields = find_query.searchable_fields or ["name"]
+    users = service.get_list(schema=find_query)
+    return users
+# Protected route with permission check
+@router.get("/{user_id}", response_model=UserProfile)
+@inject
+@rbac_require_permission(
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.VIEW.value}"
+)
+async def get_user(
+    user_id: int,
+    request: Request,
+    service: UserService = Depends(Provide[Container.user_service]),
+    rbac_service: RBACService = Depends(Provide[Container.rbac_service]),
+):
+    """Get user profile with permissions and roles"""
+    return service.get_user_profile("id", user_id, rbac_service)
+```
+**How the RBAC decorator works:**
+1. The `@rbac_require_permission` decorator automatically extracts the user from `request.state.user`
+2. Gets the user's UUID: `current_user_uuid = request.state.user.uuid`
+3. Checks if the user has the required permissions using the RBAC service
+4. If permission is denied, raises `PermissionDeniedError`
+5. If permission is granted, the route handler executes normally
+**Important:** The `request: Request` parameter is required in routes that use the `@rbac_require_permission` decorator because it needs access to `request.state.user`.
+### Authentication Flow Overview
+```
+1. Client sends request with Authorization header
+   Authorization: Bearer <jwt_token>
+2. Auth middleware intercepts the request
+   ├── Validates JWT token
+   ├── Extracts user UUID from token
+   ├── Fetches user from database
+   └── Sets user in request.state.user
+3. RBAC decorator checks permissions
+   ├── Gets user UUID from request.state.user
+   ├── Checks permissions against Casbin policies
+   └── Allows/denies access based on permissions
+4. Route handler executes (if permissions granted)
+   └── Can access user via request.state.user
+```
+### Accessing Current User
+#### In Routes with RBAC Decorator
+```python
+@router.get("/my-profile")
+@inject
+@rbac_require_permission(
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.VIEW.value}"
+)
+async def get_my_profile(
+    request: Request,
+    rbac_service: RBACService = Depends(Provide[Container.rbac_service]),
+):
+    # Access current user from request state
+    current_user = request.state.user
+    return service.get_user_profile("uuid", current_user.uuid, rbac_service)
+```
+#### In Routes with Custom Auth Function
+```python
+@router.get("/profile")
+async def get_profile(current_user: dict = Depends(get_current_user)):
+    # current_user is the decoded JWT payload
+    return {"user_id": current_user["uuid"], "email": current_user["email"]}
+```
+#### In Service Methods
+```python
+def some_service_method(self, user_uuid: str, rbac_service: RBACService):
+    # Get user permissions
+    permissions = rbac_service.get_user_permissions(user_uuid=user_uuid)
+    # Get user roles
+    roles = rbac_service.get_user_roles(user_uuid=user_uuid)
+    return {"permissions": permissions, "roles": roles}
+```
+@router.post("/create")
+@inject
+@rbac_require_permission(
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.CREATE.value}"
+)
+async def create_user(
+    user: CreateUserWithRoles,
+    request: Request,
+    rbac_service: RBACService = Depends(Provide[Container.rbac_service]),
+):
+    """Create a new user with roles"""
+    new_user = service.add_user(user)
+    # Assign roles if provided
+    if user.role_uuids and len(user.role_uuids) > 0 and new_user.uuid:
+        rbac_service.bulk_assign_roles_to_user(
+            user_uuid=new_user.uuid,
+            role_uuids=user.role_uuids,
+        )
+    return new_user
+@router.patch("/{user_id}")
+@inject
+@rbac_require_permission(
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.EDIT.value}"
+)
+async def update_user(
+    user_id: int,
+    user: UpdateUserWithRoles,
+    request: Request,
+    rbac_service: RBACService = Depends(Provide[Container.rbac_service]),
+):
+    """Update user with new attributes and roles"""
+    return service.patch_user(user_id, user, rbac_service)
+@router.delete("/{user_id}")
+@inject
+@rbac_require_permission(
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.DELETE.value}"
+)
+async def delete_user(
+    user_id: int,
+    request: Request,
+    rbac_service: RBACService = Depends(Provide[Container.rbac_service]),
+):
+    """Delete user"""
+    return service.remove_user(user_id, rbac_service)
+```
+### 3. Role and Permission Management
+```python
+@router.get("/roles")
+@inject
+@rbac_require_permission(
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.ROLE_MANAGEMENT.value}:{PermissionAction.VIEW.value}"
+)
+async def get_roles(
+    request: Request,
+    rbac_service: RBACService = Depends(Provide[Container.rbac_service]),
+):
+    """Get all roles"""
+    return rbac_service.list_roles()
+@router.post("/roles")
+@inject
+@rbac_require_permission(
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.ROLE_MANAGEMENT.value}:{PermissionAction.CREATE.value}"
+)
+async def create_role(
+    role: CreateRoleSchema,
+    request: Request,
+    rbac_service: RBACService = Depends(Provide[Container.rbac_service]),
+):
+    """Create a new role with permissions"""
+    return rbac_service.create_role(
+        name=role.name,
+        description=role.description,
+        permission_ids=role.permission_ids
+    )
+@router.get("/user-permissions/{user_uuid}")
+@inject
+@rbac_require_permission([
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.VIEW.value}",
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.ROLE_MANAGEMENT.value}:{PermissionAction.VIEW.value}"
+])
+async def get_user_permissions(
+    user_uuid: str,
+    request: Request,
+    rbac_service: RBACService = Depends(Provide[Container.rbac_service]),
+):
+    """Get all permissions for a user"""
+    return rbac_service.get_user_permissions(user_uuid)
+```
+### 4. User Profile with Permissions
+```python
+def get_user_profile(self, attr: str, value: any, rbac_service: RBACService) -> UserProfile:
+    """Get user profile with permissions and roles"""
+    user = self.user_repository.read_by_attr(attr, value, eager=True)
+    # Get user permissions and roles
+    permissions = rbac_service.get_user_permissions(user_uuid=user.uuid)
+    user_permissions = rbac_service.get_user_only_permissions(user_uuid=user.uuid)
+    roles = rbac_service.get_user_roles(user_uuid=user.uuid)
+    # Convert roles to response models
+    role_models = [UserRoleResponse.model_validate(role) for role in roles]
+    return UserProfile(
+        id=user.id,
+        uuid=user.uuid,
+        email=user.email,
+        name=user.name,
+        is_active=user.is_active,
+        last_login_at=user.last_login_at,
+        permissions=permissions,
+        user_permissions=user_permissions,
+        roles=role_models,
+    )
+```
+## Permission System
+### Permission Format
+Permissions follow the format: `module:resource:action`
+- **Module**: The system module (e.g., `USER_MANAGEMENT`, `EMAIL_PROCESS`)
+- **Resource**: The specific resource within the module (e.g., `USER_MANAGEMENT`, `ROLE_MANAGEMENT`)
+- **Action**: The action being performed (e.g., `VIEW`, `CREATE`, `EDIT`, `DELETE`)
+### Using Permission Constants
+```python
+from abs_auth_rbac_core.util.permission_constants import (
+    PermissionAction,
+    PermissionModule,
+    PermissionResource,
+    PermissionConstants
+)
+# Using enums
+permission_string = f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.VIEW.value}"
+# Using predefined constants
+user_view_permission = PermissionConstants.RBAC_USER_MANAGEMENT_VIEW
+permission_string = f"{user_view_permission.module}:{user_view_permission.resource}:{user_view_permission.action}"
+```
+### Multiple Permissions
+```python
+@rbac_require_permission([
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.VIEW.value}",
+    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.ROLE_MANAGEMENT.value}:{PermissionAction.VIEW.value}"
+])
+async def get_user_with_roles():
+    # User needs both permissions to access this endpoint
+    pass
+```
+## Configuration
+### Environment Variables
+```bash
+# JWT Configuration
+JWT_SECRET_KEY=your-secret-key
+JWT_ALGORITHM=HS256
+JWT_ACCESS_TOKEN_EXPIRE_MINUTES=60
+JWT_REFRESH_TOKEN_EXPIRE_MINUTES=1440
+# Redis Configuration (for real-time policy updates)
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=your-redis-password
+REDIS_CHANNEL=casbin_policy_updates
+REDIS_SSL=false
+# Database Configuration
+DATABASE_URI=postgresql://user:password@localhost/dbname
+```
+### Casbin Policy Configuration
+The package uses a default policy configuration that supports:
+- Role-based access control
+- Resource-based permissions
+- Module-based organization
+- Super admin bypass
+Policy format: `[role] [resource] [action] [module]`
+## Error Handling
+The package includes comprehensive error handling:
+```python
+from abs_exception_core.exceptions import (
+    UnauthorizedError,
+    PermissionDeniedError,
+    ValidationError,
+    DuplicatedError,
+    NotFoundError
+)
+# Handle authentication errors
+try:
+    user = await auth_middleware(request)
+except UnauthorizedError as e:
+    return {"error": "Authentication failed", "detail": str(e)}
+# Handle permission errors
+try:
+    # Protected operation
+    pass
+except PermissionDeniedError as e:
+    return {"error": "Permission denied", "detail": str(e)}
+```
+## Best Practices
+### 1. Security
+- Always use environment variables for sensitive data
+- Implement proper password policies
+- Regularly rotate JWT secret keys
+- Use HTTPS in production
+- Implement rate limiting for authentication endpoints
+### 2. Permission Design
+- Use descriptive permission names
+- Group related permissions by module
+- Implement least privilege principle
+- Document permission requirements
+### 3. Performance
+- Use Redis for real-time policy updates
+- Implement caching for frequently accessed permissions
+- Optimize database queries with eager loading
+- Monitor policy enforcement performance
+### 4. Maintenance
+- Regularly audit user permissions
+- Implement permission cleanup for inactive users
+- Monitor and log security events
+- Keep dependencies updated
+### 5. Testing
+- Test all permission combinations
+- Mock external dependencies
+- Test error scenarios
+- Implement integration tests
+## Monitoring and Logging
+```python
+import logging
+from abs_utils.logger import setup_logger
+logger = setup_logger(__name__)
+# Log authentication events
+logger.info(f"User {user_uuid} authenticated successfully")
+# Log permission checks
+logger.info(f"Permission check: {user_uuid} -> {resource}:{action}:{module}")
+# Log role assignments
+logger.info(f"Roles assigned to user {user_uuid}: {role_uuids}")
+```
+## Migration and Deployment
+### Database Migrations
+Ensure your database has the required tables:
+- `users`
+- `roles`
+- `permissions`
+- `user_roles`
+- `role_permissions`
+- `gov_casbin_rules`
+### Redis Setup
+For real-time policy updates, configure Redis:
+```bash
+# Install Redis
+sudo apt-get install redis-server
+# Configure Redis
+redis-cli config set requirepass your-password
+redis-cli config set notify-keyspace-events KEA
+```
+### Health Checks
+```python
+@app.get("/health")
+async def health_check():
+    return {
+        "status": "healthy",
+        "rbac_watcher": rbac_service.is_watcher_active(),
+        "policy_count": rbac_service.get_policy_count()
+    }
+```
+## Troubleshooting
+### Common Issues
+1. **Authentication Fails**
+   - Check JWT secret key configuration
+   - Verify token expiration settings
+   - Ensure user exists in database
+2. **Permission Denied**
+   - Verify user has required roles
+   - Check role-permission assignments
+   - Validate permission format
+3. **Redis Connection Issues**
+   - Check Redis server status
+   - Verify connection parameters
+   - Ensure Redis supports pub/sub
+4. **Policy Not Updating**
+   - Check Redis watcher configuration
+   - Verify policy format
+   - Monitor Redis logs
+## License
+This project is licensed under the MIT License - see the LICENSE file for details.

{abs_auth_rbac_core-0.1.18.dist-info → abs_auth_rbac_core-0.1.19.dist-info}/RECORD RENAMED Viewed

@@ -5,7 +5,7 @@ abs_auth_rbac_core/auth/jwt_functions.py,sha256=9vhjWrxXdE8fVQ4FGrPj9y6PoSEsaeFo
 abs_auth_rbac_core/auth/middleware.py,sha256=Hn5EoDE2zEWXHXTgrSFgE85s0ivzFNTxYIqtgLBdtGE,1849
 abs_auth_rbac_core/models/__init__.py,sha256=9ImboxQ04XxRjd5o1RDBn465BOj3F2pahuVXF15NuqE,292
 abs_auth_rbac_core/models/base_model.py,sha256=AaWObslm8sTetv4H1Ia_gPpi_75uF5z1o7Et9WAvstU,612
-abs_auth_rbac_core/models/gov_casbin_rule.py,sha256=uWkzOgtG0_8CXR4YLBz_JINA8apcB1D4aWiCgSkuTCs,789
+abs_auth_rbac_core/models/gov_casbin_rule.py,sha256=lzt837KLX1HiXsBH8Y43G-pPAKmm_ykhn-m13_VOUyI,999
 abs_auth_rbac_core/models/permissions.py,sha256=op_6t3OKDGzQvroVhYgoM7g_umr7MD-ZABjk5HdTpB8,859
 abs_auth_rbac_core/models/rbac_model.py,sha256=GbgMA-lJoU__xYP7wCw2FB9P1ftMzRAU2sWyGnmqnt4,323
 abs_auth_rbac_core/models/role_permission.py,sha256=KQ7MGwFvHhXgWL73TGH_elfG0rTLj5Ct11EWi6ypNb8,414
@@ -17,11 +17,11 @@ abs_auth_rbac_core/models/user_role.py,sha256=20pqmtJPzlUrI9ulHGouk8XlFgrGG7I6ik
 abs_auth_rbac_core/rbac/__init__.py,sha256=oYjtpmfrkEbwWCBAWuRoU1fM4fCpBxkF_lwQrelK1As,79
 abs_auth_rbac_core/rbac/decorator.py,sha256=pEFAW0Nn2iE4KBctPhNOmO_VLeJFDX2V9v2LsCu6kHY,1824
 abs_auth_rbac_core/rbac/policy.conf,sha256=wghhhKxgZH0rPhh1QFrIpq9nevJT3s7OxxvXiU3zzuI,305
-abs_auth_rbac_core/rbac/service.py,sha256=YKur4trtTc0N-u3oqrfAJf9yLOTzSU-Pn2qh5drciqs,37250
+abs_auth_rbac_core/rbac/service.py,sha256=abG09-jnjhhql_47kE7IDRbZTvP5-RiChCDyauugHQo,37253
 abs_auth_rbac_core/schema/__init__.py,sha256=v9xibJ8Wr9k0u6PEYNK0LCGUJD71SB5vxu9BZG0S7tM,46
 abs_auth_rbac_core/schema/permission.py,sha256=XvxPU68FY0PFgkF4GR2bSrzNvFB8c8OgY_d0JOJvMc8,203
 abs_auth_rbac_core/util/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-abs_auth_rbac_core/util/permission_constants.py,sha256=ICnn7mDoNt4_adUcbMjWtBeY2MgJu4F9qS5jRgR3nNU,92039
-abs_auth_rbac_core-0.1.18.dist-info/METADATA,sha256=F1uG5WazxHEz9jAwRqYAPfT1ccnpbLsYrOPT1DLXet4,6689
-abs_auth_rbac_core-0.1.18.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
-abs_auth_rbac_core-0.1.18.dist-info/RECORD,,
+abs_auth_rbac_core/util/permission_constants.py,sha256=cUEi6S9iNK4jwxevlb4ZNiBUcFSu4wlkN-p-O3-l7xs,95712
+abs_auth_rbac_core-0.1.19.dist-info/METADATA,sha256=WFk4zpwzAmPo988AG_7eBTmruz9xSbSLKsAFkSuoAYg,23270
+abs_auth_rbac_core-0.1.19.dist-info/WHEEL,sha256=b4K_helf-jlQoXBBETfwnf4B04YC67LOev0jo4fX5m8,88
+abs_auth_rbac_core-0.1.19.dist-info/RECORD,,

{abs_auth_rbac_core-0.1.18.dist-info → abs_auth_rbac_core-0.1.19.dist-info}/WHEEL RENAMED Viewed

@@ -1,4 +1,4 @@
 Wheel-Version: 1.0
-Generator: poetry-core 2.1.2
+Generator: poetry-core 2.1.3
 Root-Is-Purelib: true
 Tag: py3-none-any

abs_auth_rbac_core-0.1.18.dist-info/METADATA DELETED Viewed

@@ -1,234 +0,0 @@
-Metadata-Version: 2.3
-Name: abs-auth-rbac-core
-Version: 0.1.18
-Summary: RBAC and Auth core utilities including JWT token management.
-License: MIT
-Author: AutoBridgeSystems
-Author-email: info@autobridgesystems.com
-Requires-Python: >=3.13,<4.0
-Classifier: License :: OSI Approved :: MIT License
-Classifier: Programming Language :: Python :: 3
-Classifier: Programming Language :: Python :: 3.13
-Requires-Dist: abs-exception-core (>=0.1.0,<0.2.0)
-Requires-Dist: casbin (>=1.41.0,<2.0.0)
-Requires-Dist: casbin-redis-watcher (>=1.3.0,<2.0.0)
-Requires-Dist: casbin-sqlalchemy-adapter (>=1.4.0,<2.0.0)
-Requires-Dist: fastapi[standard] (>=0.115.12,<0.116.0)
-Requires-Dist: passlib (>=1.7.4,<2.0.0)
-Requires-Dist: psycopg2-binary (>=2.9.10,<3.0.0)
-Requires-Dist: pyjwt (>=2.10.1,<3.0.0)
-Requires-Dist: sqlalchemy (>=2.0.40,<3.0.0)
-Description-Content-Type: text/markdown
-# ABS Auth RBAC Core
-A comprehensive authentication and Role-Based Access Control (RBAC) package for FastAPI applications. This package provides robust JWT-based authentication and flexible role-based permission management using Casbin.
-## Features
-- JWT-based authentication with customizable token expiration
-- Password hashing using bcrypt
-- Role-Based Access Control (RBAC) with Casbin integration
-- Flexible permission management
-- User-role and role-permission associations
-- Middleware for authentication and authorization
-## Installation
-```bash
-pip install abs-auth-rbac-core
-```
-## Quick Start
-### 1. Authentication Setup
-```python
-from abs_auth_rbac_core.auth.jwt_functions import JWTFunctions
-import os
-# Initialize JWT functions with environment variables
-jwt_functions = JWTFunctions(
-    secret_key=os.getenv("JWT_SECRET_KEY"),
-    algorithm=os.getenv("JWT_ALGORITHM", "HS256"),
-    expire_minutes=int(os.getenv("JWT_EXPIRE_MINUTES", "60"))
-)
-# Create access token
-token = jwt_functions.create_access_token(data={"sub": "user_id"})
-# Verify password
-is_valid = jwt_functions.verify_password(plain_password, hashed_password)
-# Get password hash
-hashed_password = jwt_functions.get_password_hash(plain_password)
-```
-### 2. RBAC Setup
-```python
-from abs_auth_rbac_core.rbac.service import RBACService
-# Initialize RBAC service
-rbac_service = RBACService(
-    session=your_db_session
-)
-# Create a role with permissions
-role = rbac_service.create_role(
-    name="admin",
-    description="Administrator role",
-    permission_ids=["permission_uuid1", "permission_uuid2"]
-)
-# Assign roles to user
-rbac_service.bulk_assign_roles_to_user(
-    user_uuid="user_uuid",
-    role_uuids=["role_uuid1", "role_uuid2"]
-)
-# Check permission
-has_permission = rbac_service.check_permission(
-    user_uuid="user_uuid",
-    resource="resource_name",
-    action="action_name",
-    module="module_name"
-)
-```
-## Core Components
-### Authentication (`auth/`)
-- `jwt_functions.py`: JWT token management and password hashing
-- `middleware.py`: Authentication middleware for FastAPI
-- `auth_functions.py`: Core authentication functions
-### RBAC (`rbac/`)
-- `service.py`: Main RBAC service with role and permission management
-- `decorator.py`: Decorators for permission checking
-### Models (`models/`)
-- `user.py`: User model
-- `roles.py`: Role model
-- `permissions.py`: Permission model
-- `user_role.py`: User-Role association model
-- `role_permission.py`: Role-Permission association model
-- `rbac_model.py`: Base RBAC model
-- `base_model.py`: Base model with common fields
-## Usage Examples
-### 1. Setting Up Authentication Middleware
-```python
-from fastapi import FastAPI, Depends
-from dependency_injector import containers, providers
-from abs_auth_rbac_core.auth.middleware import auth_middleware
-from abs_auth_rbac_core.rbac import RBACService
-# Create a container for dependency injection
-class Container(containers.DeclarativeContainer):
-    # Database session provider
-    db_session = providers.Factory(your_db_session_factory)
-    # RBAC service provider
-    rbac_service = providers.Factory(
-        RBACService,
-        session=db_session
-    )
-    # Auth middleware provider
-    get_auth_middleware = providers.Factory(
-        auth_middleware,
-        db_session=db_session,
-        jwt_secret_key=os.getenv("JWT_SECRET_KEY"),
-        jwt_algorithm=os.getenv("JWT_ALGORITHM", "HS256")
-    )
-# Initialize FastAPI app
-app = FastAPI()
-container = Container()
-app.container = container
-```
-### 2. Applying Middleware to Routers
-```python
-from fastapi import FastAPI, Depends
-from src.core.container import Container
-class CreateApp:
-    def __init__(self):
-        self.container = Container()
-        self.auth_middleware = self.container.get_auth_middleware()
-        self.app = FastAPI(
-            title="Your Service",
-            description="Service Description",
-            version="0.0.1"
-        )
-        # Apply middleware to specific routers
-        self.app.include_router(
-            users_router,
-            dependencies=[Depends(self.auth_middleware)],
-            tags=["Users"]
-        )
-        # Public routes (no middleware)
-        self.app.include_router(
-            public_router,
-            tags=["Public"]
-        )
-```
-### 3. Permission Management
-```python
-from abs_auth_rbac_core.util.permission_constants import (
-    PermissionAction,
-    PermissionModule,
-    PermissionResource
-)
-# permissions
-permission = PermissionData(
-    name="User Management",
-    description="Manage user accounts",
-    module=PermissionModule.USER_MANAGEMENT,
-    resource=PermissionResource.USER_MANAGEMENT,
-    action=PermissionAction.MANAGE
-)
-# Check permissions in route
-@app.get("/users")
-@rbac_require_permission(
-    f"{PermissionModule.USER_MANAGEMENT.value}:{PermissionResource.USER_MANAGEMENT.value}:{PermissionAction.VIEW.value}"
-)
-async def list_users():
-    return {"users": [...]}
-```
-## Error Handling
-The package includes comprehensive error handling for common scenarios:
-- `UnauthorizedError`: For invalid or expired tokens
-- `ValidationError`: For invalid token formats
-- `DuplicatedError`: For duplicate role names
-- `NotFoundError`: For non-existent resources
-- `PermissionDeniedError`: For insufficient permissions
-## Best Practices
-1. Always use environment variables for sensitive data (secret keys, etc.)
-2. Implement proper error handling for authentication and authorization failures
-3. Use the middleware for global authentication
-4. Implement proper logging for security-related events
-5. Regularly rotate secret keys and tokens
-6. Use strong password policies
-7. Implement rate limiting for authentication endpoints
-## License
-This project is licensed under the MIT License - see the LICENSE file for details.

abs-auth-rbac-core 0.1.18__py3-none-any.whl → 0.1.19__py3-none-any.whl

Potentially problematic release.

abs-auth-rbac-core 0.1.18py3-none-any.whl → 0.1.19py3-none-any.whl