abs-auth-rbac-core 0.3.1__tar.gz → 0.3.13__tar.gz

{abs_auth_rbac_core-0.3.1 → abs_auth_rbac_core-0.3.13}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.3
 Name: abs-auth-rbac-core
-Version: 0.3.1
+Version: 0.3.13
 Summary: RBAC and Auth core utilities including JWT token management.
 License: MIT
 Author: AutoBridgeSystems
@@ -12,7 +12,9 @@ Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Programming Language :: Python :: 3.13
 Requires-Dist: abs-exception-core (>=0.2.0,<0.3.0)
-Requires-Dist: abs-utils (>=0.4.0,<0.5.0)
+Requires-Dist: abs-nosql-repository-core (>=0.11.8,<0.12.0)
+Requires-Dist: abs-repository-core (>=0.3.0,<0.4.0)
+Requires-Dist: abs-utils (>=0.4.1,<0.5.0)
 Requires-Dist: casbin (>=1.41.0,<2.0.0)
 Requires-Dist: casbin-redis-watcher (>=1.3.0,<2.0.0)
 Requires-Dist: casbin-sqlalchemy-adapter (>=1.4.0,<2.0.0)

abs_auth_rbac_core-0.3.13/abs_auth_rbac_core/auth/__init__.py

@@ -0,0 +1,15 @@
+from .jwt_functions import JWTFunctions
+from .middleware import (
+    CustomHTTPBearer,
+    auth_middleware,
+    contacts_auth_middleware,
+    unified_auth_middleware
+)
+
+__all__ = [
+    "JWTFunctions",
+    "CustomHTTPBearer",
+    "auth_middleware",
+    "contacts_auth_middleware",
+    "unified_auth_middleware"
+]

{abs_auth_rbac_core-0.3.1 → abs_auth_rbac_core-0.3.13}/abs_auth_rbac_core/auth/auth_functions.py

@@ -20,7 +20,10 @@ def get_user_by_attribute(db_session: Callable[...,Any],attribute: str, value: s
             if not hasattr(Users, attribute):
                 raise ValidationError(detail=f"Attribute {attribute} does not exist on the User model")
             
-            user = session.query(Users).filter(getattr(Users, attribute) == value).first()
+            user = session.query(Users).filter(
+                getattr(Users, attribute) == value,
+                Users.deleted_at.is_(None)  # Filter out soft-deleted users
+            ).first()
 
             if not user:
                 raise NotFoundError(detail="User not found")

abs_auth_rbac_core-0.3.13/abs_auth_rbac_core/auth/middleware.py

@@ -0,0 +1,245 @@
+from fastapi import Depends, Request
+from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
+from fastapi import HTTPException
+import logging
+from typing import Callable, Any, Optional
+
+from .jwt_functions import JWTFunctions
+from .auth_functions import get_user_by_attribute
+from abs_exception_core.exceptions import UnauthorizedError, AuthError, NotFoundError
+from abs_nosql_repository_core.repository import BaseRepository
+from fastapi.security.utils import get_authorization_scheme_param
+
+class CustomHTTPBearer(HTTPBearer):
+    def __init__(self, **kwargs):
+        super().__init__(**kwargs)
+    
+    async def __call__(self, request: Request) -> Optional[HTTPAuthorizationCredentials]:
+        authorization = request.headers.get("Authorization")
+        scheme, credentials = get_authorization_scheme_param(authorization)
+        
+        if not (authorization and scheme and credentials):
+            if self.auto_error:
+                raise UnauthorizedError(detail="Invalid authentication credentials")
+            else:
+                return None
+        
+        if scheme.lower() != "bearer":
+            if self.auto_error:
+                raise UnauthorizedError(detail="Invalid authentication credentials")
+            else:
+                return None
+        
+        return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)
+
+security = CustomHTTPBearer()
+# security = HTTPBearer()
+logger = logging.getLogger(__name__)
+
+
+# Dependency acting like per-route middleware
+def auth_middleware(
+    db_session: Callable[...,Any],
+    jwt_secret_key:str,
+    jwt_algorithm:str
+):
+    """
+    This middleware is used for authentication of the user.
+    Args:
+        db_session: Callable[...,Any]: Session of the SQLAlchemy database engine
+        jwt_secret_key: Secret key of the JWT for jwt functions
+        jwt_algorithm: Algorithm used for JWT
+
+    Returns:
+    """
+    async def get_auth(request: Request, token: HTTPAuthorizationCredentials = Depends(security)):
+        jwt_functions = JWTFunctions(secret_key=jwt_secret_key,algorithm=jwt_algorithm)
+        try:
+            if not token or not token.credentials:
+                raise UnauthorizedError(detail="Invalid authentication credentials")
+
+            payload = jwt_functions.get_data(token=token.credentials)
+            uuid = payload.get("uuid")
+
+            user = get_user_by_attribute(db_session=db_session,attribute="uuid", value=uuid)
+            
+            if not user:
+                logger.error(f"Authentication failed: User with id {uuid} not found")
+                raise UnauthorizedError(detail="Authentication failed")
+
+            # Attach user to request state
+            request.state.user = user
+            return user 
+
+        except UnauthorizedError as e:
+            logger.error(e)
+            raise
+        except Exception as e:
+            logger.error(f"Authentication error: {str(e)}", exc_info=True)
+            raise UnauthorizedError(detail="Authentication failed")
+    
+    return get_auth
+
+
+def contacts_auth_middleware(
+    entity_records_service,
+    jwt_secret_key: str,
+    jwt_algorithm: str
+):
+    """
+    Contact authentication middleware using EntityRecordsService.
+
+    This middleware validates contact JWT tokens and attaches contact data to request.state.
+
+    JWT Payload Structure:
+        {
+            "sub": "contact@example.com",
+            "cid": "contact_record_id",  # KEY IDENTIFIER for contacts
+            "uuid": "unique-uuid",
+            "exp": 1234567890,
+            "iat": 1234567890
+        }
+
+    Args:
+        entity_records_service: EntityRecordsService for entity operations
+        jwt_secret_key: JWT secret key
+        jwt_algorithm: JWT algorithm (e.g., HS256)
+
+    Returns:
+        FastAPI dependency function that validates contact authentication
+    """
+
+    async def get_auth(
+        request: Request,
+        token: HTTPAuthorizationCredentials = Depends(security)
+    ):
+        jwt_functions = JWTFunctions(
+            secret_key=jwt_secret_key,
+            algorithm=jwt_algorithm
+        )
+
+        try:
+            if not token or not token.credentials:
+                raise UnauthorizedError(detail="Invalid authentication credentials")
+
+            # Decode JWT and extract payload
+            payload = jwt_functions.get_data(token=token.credentials)
+
+            # Extract cid (required for contact authentication)
+            cid = payload.get("cid")
+            if not cid:
+                raise UnauthorizedError(detail="Invalid contact token")
+
+            # Extract app_id from path parameters
+            app_id = request.path_params.get("app_id")
+            if not app_id:
+                raise UnauthorizedError(detail="App ID is required")
+
+            logger.info(f"Contact auth: app_id={app_id}, cid={cid}")
+
+            # Get app configuration (apps collection is not an entity collection)
+            # We still need BaseRepository for this until apps get moved to a service
+            base_repo = BaseRepository(db=entity_records_service.repository.db)
+            app = await base_repo.get_by_attr("id", app_id, collection_name="apps")
+            if not app:
+                logger.error(f"App not found: {app_id}")
+                raise UnauthorizedError(detail="App not found")
+
+            # Extract contact entity ID from app metadata
+            metadata = app.get("metadata", {})
+            if not metadata:
+                raise UnauthorizedError(detail="App doesn't have support for contacts")
+
+            features_entities = metadata.get("features_entities", {})
+            if "CONTACT" not in features_entities:
+                raise UnauthorizedError(detail="App doesn't have support for contacts")
+
+            contact_config = features_entities.get("CONTACT", {})
+            contact_entity_id = contact_config.get("Contacts")
+
+            if not contact_entity_id:
+                raise UnauthorizedError(detail="Contact entity not configured")
+
+            logger.info(f"Contact entity ID: {contact_entity_id}")
+
+            # Get contact record using EntityRecordsService
+            try:
+                contact = await entity_records_service.get_record_by_id(
+                    entity_id=contact_entity_id,
+                    record_id=cid,
+                    convert_ids=False  # Keep ObjectIds for internal use
+                )
+            except NotFoundError:
+                logger.error(f"Authentication failed: contact with id {cid} not found")
+                raise UnauthorizedError(detail="Authentication failed")
+
+            logger.info(f"✅ Contact authenticated: {cid}")
+
+            # Attach contact to request state
+            request.state.contact = contact
+            request.state.contact_entity_id = contact_entity_id
+
+            return contact
+
+        except UnauthorizedError:
+            raise
+        except Exception as e:
+            logger.error(f"Authentication error: {str(e)}", exc_info=True)
+            raise UnauthorizedError(detail="Authentication failed")
+
+    return get_auth
+
+
+def unified_auth_middleware(
+    jwt_secret_key: str,
+    jwt_algorithm: str,
+    get_user_auth_middleware: Callable,
+    get_contact_auth_middleware: Callable,
+):
+    """
+    Unified authentication middleware that intelligently routes to the correct
+    authentication flow based on JWT payload.
+
+    Detection Logic:
+        - If JWT contains "cid" field → Contact authentication
+        - Otherwise → User authentication
+
+    Benefits:
+        - Single entry point for all authentication
+        - JWT decoded only once for efficiency
+        - Transparent routing based on token type
+        - No code changes needed in route handlers
+
+    Args:
+        jwt_secret_key: JWT secret key
+        jwt_algorithm: JWT algorithm (e.g., HS256)
+        get_user_auth_middleware: User auth middleware callable
+        get_contact_auth_middleware: Contact auth middleware callable
+
+    Returns:
+        FastAPI dependency that handles unified authentication
+    """
+    async def get_auth(
+        request: Request,
+        token: HTTPAuthorizationCredentials = Depends(security)
+    ):
+        if not token or not token.credentials:
+            raise UnauthorizedError(detail="Invalid authentication credentials")
+
+        # Decode JWT once to inspect payload
+        jwt_functions = JWTFunctions(
+            secret_key=jwt_secret_key,
+            algorithm=jwt_algorithm
+        )
+        payload = jwt_functions.get_data(token=token.credentials)
+
+        # Route based on payload content
+        cid = payload.get("cid")
+        if cid:
+            # Contact flow: JWT contains contact ID
+            return await get_contact_auth_middleware(request=request, token=token)
+
+        # User flow: Standard user authentication
+        return await get_user_auth_middleware(request=request, token=token)
+
+    return get_auth

{abs_auth_rbac_core-0.3.1 → abs_auth_rbac_core-0.3.13}/abs_auth_rbac_core/models/user.py

@@ -12,6 +12,7 @@ class Users(BaseModel):
     name = Column(String(100), nullable=False)
     is_active = Column(Boolean, default=True)
     last_login_at = Column(DateTime, nullable=True)
+    deleted_at = Column(DateTime, nullable=True)  # Soft delete timestamp
 
     # Relationships
     roles = relationship(

{abs_auth_rbac_core-0.3.1 → abs_auth_rbac_core-0.3.13}/abs_auth_rbac_core/rbac/service.py

@@ -4,7 +4,7 @@ from pydantic import BaseModel
 import casbin
 from casbin_sqlalchemy_adapter import Adapter
 from casbin_redis_watcher import RedisWatcher, WatcherOptions,new_watcher
-from sqlalchemy import and_, select
+from sqlalchemy import and_, or_, select
 from sqlalchemy.orm import Session, joinedload
 from ..schema import CreatePermissionSchema
 from ..models import (
@@ -65,6 +65,7 @@ class RBACService:
             self.enforcer = casbin.Enforcer(
                 policy_path, adapter
             )
+            self.enforcer.enable_auto_save(True)
             # Load policies
             self.enforcer.load_policy()
 
@@ -181,23 +182,41 @@ class RBACService:
             except Exception as e:
                 raise e
             
-    async def get_permissions_by_condition(self, condition: dict, use_filter_by: bool = True):
+    def build_filter(self,cond: dict):
+        if "and" in cond:
+            return and_(*[self.build_filter(c) for c in cond["and"]])
+        elif "or" in cond:
+            return or_(*[self.build_filter(c) for c in cond["or"]])
+        else:
+            # Multiple simple field=value pairs in the same dict
+            return and_(*[
+                getattr(Permission, field) == value
+                for field, value in cond.items()
+            ])
+
+
+    async def get_permissions_by_condition(self, condition: dict):
         """
-        Get permission(s) based on a condition dict.
-        If use_filter_by is True, assumes all conditions are `==`.
+        Get permission(s) based on nested logical conditions.
+
+        Example:
+        {
+            "and": [
+                {"entity_id": "123"},
+                {"or": [
+                    {"user_id": "456"},
+                    {"group_id": "789"}
+                ]}
+            ]
+        }
         """
         with self.db() as session:
             try:
-                query = session.query(Permission)
-                if use_filter_by:
-                    query = query.filter_by(**condition)
-                else:
-                    filters = [getattr(Permission, k) == v for k, v in condition.items()]
-                    query = query.filter(*filters)
+                query = session.query(Permission).filter(self.build_filter(condition))
                 return query.all()
             except Exception as e:
                 raise e
-            
+
     async def delete_permission_by_uuids(self,permission_uuids:List[str]):
         """
         Delete a permission by uuids
@@ -278,7 +297,85 @@ class RBACService:
                 return self.get_user_only_permissions(user_uuid)
             except Exception as e:
                 raise e
-            
+
+    def revoke_all_user_access(self, user_uuid: str) -> dict:
+        """
+        Revoke all roles and permissions from a user in a single operation.
+        This is typically used when soft-deleting a user.
+
+        Args:
+            user_uuid: The UUID of the user to revoke all access from
+
+        Returns:
+            dict: Summary of revoked roles and permissions
+        """
+        with self.db() as session:
+            try:
+                if not session.is_active:
+                    session.begin()
+
+                # Get all user roles
+                user_roles = (
+                    session.query(UserRole)
+                    .options(joinedload(UserRole.role))
+                    .filter(UserRole.user_uuid == user_uuid)
+                    .all()
+                )
+
+                role_uuids = [ur.role.uuid for ur in user_roles] if user_roles else []
+
+                # Get all direct user permissions
+                user_permissions = (
+                    session.query(UserPermission)
+                    .options(joinedload(UserPermission.permission))
+                    .filter(UserPermission.user_uuid == user_uuid)
+                    .all()
+                )
+
+                permission_uuids = [up.permission.uuid for up in user_permissions] if user_permissions else []
+
+                # Revoke all roles
+                if role_uuids:
+                    session.query(UserRole).filter(
+                        UserRole.user_uuid == user_uuid,
+                        UserRole.role_uuid.in_(role_uuids)
+                    ).delete(synchronize_session=False)
+
+                # Revoke all direct permissions and remove from Casbin
+                if permission_uuids:
+                    permissions = session.query(Permission).filter(
+                        Permission.uuid.in_(permission_uuids)
+                    ).all()
+
+                    # Remove Casbin policies
+                    policies = [
+                        [f"user:{user_uuid}", permission.resource, permission.action, permission.module]
+                        for permission in permissions
+                    ]
+                    removed_policies = self.enforcer.remove_policies(policies)
+                    if removed_policies:
+                        self.enforcer.save_policy()
+                        self.enforcer.load_policy()
+
+                    # Delete from database
+                    session.query(UserPermission).filter(
+                        UserPermission.user_uuid == user_uuid,
+                        UserPermission.permission_uuid.in_(permission_uuids)
+                    ).delete(synchronize_session=False)
+
+                session.commit()
+
+                return {
+                    "user_uuid": user_uuid,
+                    "roles_revoked": len(role_uuids),
+                    "permissions_revoked": len(permission_uuids),
+                    "role_uuids": role_uuids,
+                    "permission_uuids": permission_uuids
+                }
+
+            except Exception as e:
+                raise e
+
     def list_roles(self) -> Any:
         """
         Get the list of all roles
@@ -392,7 +489,7 @@ class RBACService:
             if not role:
                 raise NotFoundError(detail="Requested role does not exist")
                 
-            return role
+            return role    
 
     def update_role_permissions(
         self,
@@ -402,6 +499,7 @@ class RBACService:
         description: Optional[str] = None,
     ) -> Any:
         """Update role permissions by replacing all existing permissions with new ones"""
+
         with self.db() as session:
             try:
                 if not session.is_active:
@@ -438,50 +536,46 @@ class RBACService:
                         role.description = description
 
                 if permissions is not None:
-                    existing_permissions = role.permissions
-
-                    # Remove Casbin policies for existing permissions
-                    remove_policies = [
-                        [role_uuid, existing_permission.resource, existing_permission.action, existing_permission.module]
-                        for existing_permission in existing_permissions
-                    ]
-                    self.enforcer.remove_policies(remove_policies)
-                    self.enforcer.save_policy()
-
-                    # Delete existing role permissions
+                    # Remove ALL existing policies for this role from Casbin
+                    self.enforcer.remove_filtered_policy(0, str(role_uuid))
+                    
+                    # Delete existing role permissions from database
                     session.query(RolePermission).filter(
                         RolePermission.role_uuid == role_uuid
                     ).delete(synchronize_session=False)
 
-                if permissions:
-                    # Fetch all permissions in a single query
-                    permissions_objs = (
-                        session.query(Permission)
-                        .filter(Permission.uuid.in_(permissions))
-                        .all()
-                    )
-
-                    found_permission_ids = {p.uuid for p in permissions_objs}
-                    missing_permission_ids = set(permissions) - found_permission_ids
-                    if missing_permission_ids:
-                        raise NotFoundError(
-                            detail=f"Permissions with UUIDs '{', '.join(missing_permission_ids)}' not found"
+                    # Add new permissions if provided
+                    if permissions:
+                        # Fetch all permissions in a single query
+                        permissions_objs = (
+                            session.query(Permission)
+                            .filter(Permission.uuid.in_(permissions))
+                            .all()
                         )
 
-                    # Bulk insert role permissions
-                    role_permissions = [
-                        {"role_uuid": role_uuid, "permission_uuid": permission.uuid}
-                        for permission in permissions_objs
-                    ]
-                    session.bulk_insert_mappings(RolePermission, role_permissions)
-
-                    # Add Casbin policies
-                    policies = [
-                        [role_uuid, permission.resource, permission.action, permission.module]
-                        for permission in permissions_objs
-                    ]
-                    self.enforcer.add_policies(policies)
-                    self.enforcer.save_policy()
+                        found_permission_ids = {p.uuid for p in permissions_objs}
+                        missing_permission_ids = set(permissions) - found_permission_ids
+                        if missing_permission_ids:
+                            raise NotFoundError(
+                                detail=f"Permissions with UUIDs '{', '.join(missing_permission_ids)}' not found"
+                            )
+
+                        # Bulk insert role permissions
+                        role_permissions = [
+                            {"role_uuid": role_uuid, "permission_uuid": permission.uuid}
+                            for permission in permissions_objs
+                        ]
+                        session.bulk_insert_mappings(RolePermission, role_permissions)
+
+                        # Add new Casbin policies
+                        policies = [
+                            [role_uuid, permission.resource, permission.action, permission.module]
+                            for permission in permissions_objs
+                        ]
+                        self.enforcer.add_policies(policies)
+                    
+                    # Save all Casbin changes
+                    # self.enforcer.save_policy()
 
                 session.commit()
 

abs_auth_rbac_core-0.3.13/abs_auth_rbac_core/repository/__init__.py

@@ -0,0 +1,4 @@
+from .role_repository import RoleRepository
+from .permission_repository import PermissionRepository
+
+__all__ = ["RoleRepository", "PermissionRepository"]

abs_auth_rbac_core-0.3.13/abs_auth_rbac_core/repository/permission_repository.py

@@ -0,0 +1,12 @@
+from typing import Any, List, Optional, Callable
+from sqlalchemy.orm import joinedload
+from contextlib import AbstractContextManager
+from sqlalchemy.orm import Session
+from abs_repository_core.repository.base_repository import BaseRepository
+from abs_repository_core.schemas.base_schema import FindBase, FindUniqueValues
+from abs_auth_rbac_core.models.permissions import Permission
+
+class PermissionRepository(BaseRepository):
+    def __init__(self, db: Callable[..., Session]):
+        self.db = db
+        super().__init__(db, Permission)

abs_auth_rbac_core-0.3.13/abs_auth_rbac_core/repository/role_repository.py

@@ -0,0 +1,18 @@
+from typing import Any, List, Optional, Callable
+from sqlalchemy.orm import joinedload
+from contextlib import AbstractContextManager
+from sqlalchemy.orm import Session
+from abs_repository_core.repository.base_repository import BaseRepository
+from abs_auth_rbac_core.models.roles import Role
+from abs_exception_core.exceptions import NotFoundError
+from abs_repository_core.schemas import FilterSchema, FindBase
+
+
+class RoleRepository(BaseRepository):
+    def __init__(self, db: Callable[..., Session]):
+        self.db = db
+        super().__init__(db, Role)
+
+
+
+

abs_auth_rbac_core-0.3.13/abs_auth_rbac_core/service/__init__.py

@@ -0,0 +1,4 @@
+from .role_service import RoleService
+from .permission_service import PermissionService
+
+__all__ = ["RoleService", "PermissionService"]

abs_auth_rbac_core-0.3.13/abs_auth_rbac_core/service/permission_service.py

@@ -0,0 +1,15 @@
+from typing import Any, List, Optional
+from abs_repository_core.services.base_service import BaseService
+from abs_repository_core.schemas.base_schema import FindBase, FindUniqueValues
+from abs_auth_rbac_core.models.roles import Role
+from abs_auth_rbac_core.repository.permission_repository import PermissionRepository
+from pydantic import BaseModel
+
+
+class PermissionService(BaseService):
+    def __init__(self, repository:PermissionRepository):
+        super().__init__(repository)
+        self.repository = repository
+        
+    def list_permissions(self, schema: FindBase, eager: bool = True):
+        return self.repository.read_by_options(schema, eager)

abs_auth_rbac_core-0.3.13/abs_auth_rbac_core/service/role_service.py

@@ -0,0 +1,18 @@
+from typing import Any, List, Optional
+from abs_repository_core.services.base_service import BaseService
+from abs_repository_core.schemas.base_schema import FindBase, FindUniqueValues
+from abs_auth_rbac_core.models.roles import Role
+from abs_auth_rbac_core.repository.role_repository import RoleRepository
+from pydantic import BaseModel
+
+
+class RoleService(BaseService):
+    def __init__(self, repository:RoleRepository):
+        self.repository = repository
+        super().__init__(repository)
+
+
+    def list_roles(self, schema: FindBase, eager: bool = True):
+        return self.repository.read_by_options(schema, eager)
+    
+    

{abs_auth_rbac_core-0.3.1 → abs_auth_rbac_core-0.3.13}/abs_auth_rbac_core/util/permission_constants.py

@@ -153,6 +153,10 @@ class PermissionAction(str, Enum):
     VIEW_IMPORT_DATA = "VIEW_IMPORT_DATA"
     VIEW_WORKFLOW = "VIEW_WORKFLOW"
     VIEW_ERROR_DATA = "VIEW_ERROR_DATA"
+    VIEW_ENTITY_RECORD = "VIEW_ENTITY_RECORD"
+    EDIT_ENTITY_RECORD = "EDIT_ENTITY_RECORD"
+    DELETE_ENTITY_RECORD = "DELETE_ENTITY_RECORD"
+    CREATE_ENTITY_RECORD = "CREATE_ENTITY_RECORD"
 
 
 
@@ -172,12 +176,17 @@ class PermissionModule(str, Enum):
     ASL = "ASL"
     EDS = "EDS"
     WORKFORCE_AGENT = "WORKFORCE_AGENT"
-
+    ENTITY = "ENTITY"
+    ENTITY_VIEW = "ENTITY_VIEW"
+    ENTITY_RECORD = "ENTITY_RECORD"
+    CHATBOT = "CHATBOT"
 
 
 class PermissionResource(str, Enum):
+    ENTITIES = "ENTITIES"
     DASHBOARD = "DASHBOARDS"
     WORKFORCE_AGENT = "WORKFORCE_AGENT"
+    CHATBOT = "CHATBOT"
     EPAR = "EPAR"
     EPARS = "EPARS"
     OCFO = "OCFO"
@@ -262,6 +271,7 @@ class PermissionResource(str, Enum):
     AUTOMATION_ACTION = "AUTOMATION_ACTION"
     AUTOMATION_INPUT = "AUTOMATION_INPUT"
     AUTOMATION_HISTORY = "AUTOMATION_HISTORY"
+    USER_PROFILE = "USER_PROFILE"
 
 
 class PermissionData(NamedTuple):
@@ -273,6 +283,22 @@ class PermissionData(NamedTuple):
 
 
 class PermissionConstants:
+    # User Profile Permissions
+    USER_PROFILE_VIEW = PermissionData(
+        name="View User Profile",
+        description="Permission to view user profile",
+        module=PermissionModule.USER_MANAGEMENT,
+        resource=PermissionResource.USER_PROFILE,
+        action=PermissionAction.VIEW,
+    )
+    USER_PROFILE_EDIT = PermissionData(
+        name="Edit User Profile",
+        description="Permission to edit user profile",
+        module=PermissionModule.USER_MANAGEMENT,
+        resource=PermissionResource.USER_PROFILE,
+        action=PermissionAction.EDIT,
+    )
+
     # Automation Builder Permissions
     AUTOMATION_HISTORY_VIEW = PermissionData(
         name="View Automation History",

{abs_auth_rbac_core-0.3.1 → abs_auth_rbac_core-0.3.13}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "abs-auth-rbac-core"
-version = "0.3.1"
+version = "0.3.13"
 description = "RBAC and Auth core utilities including JWT token management."
 authors = [
     {name = "AutoBridgeSystems", email = "info@autobridgesystems.com"}
@@ -18,7 +18,9 @@ dependencies = [
     "casbin-sqlalchemy-adapter (>=1.4.0,<2.0.0)",
     "psycopg2-binary (>=2.9.10,<3.0.0)",
     "casbin-redis-watcher (>=1.3.0,<2.0.0)",
-    "abs-utils (>=0.4.0,<0.5.0)"
+    "abs-utils (>=0.4.1,<0.5.0)",
+    "abs-repository-core (>=0.3.0,<0.4.0)",
+    "abs-nosql-repository-core (>=0.11.8,<0.12.0)"
 ]
 
 [build-system]

abs_auth_rbac_core-0.3.1/abs_auth_rbac_core/auth/__init__.py

@@ -1,3 +0,0 @@
-from .jwt_functions import JWTFunctions
-
-__all__ = ["JWTFunctions"]

abs_auth_rbac_core-0.3.1/abs_auth_rbac_core/auth/middleware.py

@@ -1,51 +0,0 @@
-from fastapi import Depends, Request
-from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
-import logging
-from typing import Callable, Any
-
-from .jwt_functions import JWTFunctions
-from .auth_functions import get_user_by_attribute
-from abs_exception_core.exceptions import UnauthorizedError
-
-security = HTTPBearer()
-logger = logging.getLogger(__name__)
-
-
-# Dependency acting like per-route middleware
-def auth_middleware(
-    db_session: Callable[...,Any],
-    jwt_secret_key:str,
-    jwt_algorithm:str
-):
-    """
-    This middleware is used for authentication of the user.
-    Args:
-        db_session: Callable[...,Any]: Session of the SQLAlchemy database engine
-        jwt_secret_key: Secret key of the JWT for jwt functions
-        jwt_algorithm: Algorithm used for JWT
-
-    Returns:
-    """
-    async def get_auth(request: Request, token: HTTPAuthorizationCredentials = Depends(security)):
-        jwt_functions = JWTFunctions(secret_key=jwt_secret_key,algorithm=jwt_algorithm)
-        try:
-            if not token or not token.credentials:
-                raise UnauthorizedError(detail="Invalid authentication credentials")
-
-            payload = jwt_functions.get_data(token=token.credentials)
-            uuid = payload.get("uuid")
-
-            user = get_user_by_attribute(db_session=db_session,attribute="uuid", value=uuid)
-            
-            if not user:
-                logger.error(f"Authentication failed: User with id {uuid} not found")
-                raise UnauthorizedError(detail="Authentication failed")
-
-            # Attach user to request state
-            request.state.user = user
-            return user 
-
-        except Exception as e:
-            logger.error(f"Authentication error: {str(e)}", exc_info=True)
-            raise UnauthorizedError(detail="Authentication failed")
-    return get_auth