abs-auth-rbac-core 0.3.4__py3-none-any.whl → 0.3.5__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of abs-auth-rbac-core might be problematic. Click here for more details.

Files changed (4) hide show
  1. abs_auth_rbac_core/rbac/service.py +57 -47
  2. {abs_auth_rbac_core-0.3.4.dist-info → abs_auth_rbac_core-0.3.5.dist-info}/METADATA +4 -4
  3. {abs_auth_rbac_core-0.3.4.dist-info → abs_auth_rbac_core-0.3.5.dist-info}/RECORD +4 -4
  4. {abs_auth_rbac_core-0.3.4.dist-info → abs_auth_rbac_core-0.3.5.dist-info}/WHEEL +1 -1
abs_auth_rbac_core/rbac/service.py CHANGED
@@ -43,8 +43,8 @@ class RBACService:
43
43
  """
44
44
  self.db = session
45
45
  self.enforcer = None
46
- self.watcher = None
47
46
  self._initialize_casbin(redis_config)
47
+ self.watcher = None
48
48
 
49
49
 
50
50
  def _initialize_casbin(self,redis_config:Optional[RedisWatcherSchema]=None):
@@ -393,6 +393,7 @@ class RBACService:
393
393
  raise NotFoundError(detail="Requested role does not exist")
394
394
 
395
395
  return role
396
+
396
397
 
397
398
  def update_role_permissions(
398
399
  self,
@@ -401,13 +402,12 @@ class RBACService:
401
402
  name: Optional[str] = None,
402
403
  description: Optional[str] = None,
403
404
  ) -> Any:
404
- """Update role permissions by replacing all existing permissions with new ones"""
405
+ """Update role permissions"""
405
406
  with self.db() as session:
406
407
  try:
407
408
  if not session.is_active:
408
409
  session.begin()
409
410
 
410
- # Get role with eager loading of permissions
411
411
  role = (
412
412
  session.query(Role)
413
413
  .options(joinedload(Role.permissions))
@@ -418,81 +418,91 @@ class RBACService:
418
418
  if not role:
419
419
  raise NotFoundError(detail="Requested role does not exist")
420
420
 
421
- # Update role information if provided
422
421
  if name is not None or description is not None:
423
422
  if name:
424
- # Check if new name already exists for a different role
425
423
  existing_role = (
426
424
  session.query(Role)
427
425
  .filter(Role.name == name, Role.uuid != role_uuid)
428
426
  .first()
429
427
  )
430
-
431
428
  if existing_role:
432
429
  raise DuplicatedError(detail="Role already exists")
433
-
434
430
  if role.name != "super_admin":
435
431
  role.name = name
436
-
437
432
  if description is not None:
438
433
  role.description = description
439
434
 
440
435
  if permissions is not None:
441
436
  existing_permissions = role.permissions
437
+ existing_permission = {p.uuid for p in existing_permissions}
438
+ new_permission = set(permissions) if permissions else set()
442
439
 
443
- # Remove Casbin policies for existing permissions
444
- remove_policies = [
445
- [role_uuid, existing_permission.resource, existing_permission.action, existing_permission.module]
446
- for existing_permission in existing_permissions
447
- ]
448
- self.enforcer.remove_policies(remove_policies)
449
- self.enforcer.save_policy()
450
-
451
- # Delete existing role permissions
452
- session.query(RolePermission).filter(
453
- RolePermission.role_uuid == role_uuid
454
- ).delete(synchronize_session=False)
440
+ permissions_to_remove = existing_permission - new_permission
441
+ permissions_to_add = new_permission - existing_permission
455
442
 
456
- if permissions:
457
- # Fetch all permissions in a single query
458
- permissions_objs = (
459
- session.query(Permission)
460
- .filter(Permission.uuid.in_(permissions))
461
- .all()
462
- )
443
+ if permissions_to_remove:
444
+ session.query(RolePermission).filter(
445
+ RolePermission.role_uuid == role_uuid,
446
+ RolePermission.permission_uuid.in_(permissions_to_remove)
447
+ ).delete(synchronize_session=False)
463
448
 
464
- found_permission_ids = {p.uuid for p in permissions_objs}
465
- missing_permission_ids = set(permissions) - found_permission_ids
466
- if missing_permission_ids:
467
- raise NotFoundError(
468
- detail=f"Permissions with UUIDs '{', '.join(missing_permission_ids)}' not found"
449
+ if permissions_to_add:
450
+ new_permissions = (
451
+ session.query(Permission)
452
+ .filter(Permission.uuid.in_(permissions_to_add))
453
+ .all()
469
454
  )
470
455
 
471
- # Bulk insert role permissions
472
- role_permissions = [
473
- {"role_uuid": role_uuid, "permission_uuid": permission.uuid}
474
- for permission in permissions_objs
475
- ]
476
- session.bulk_insert_mappings(RolePermission, role_permissions)
456
+ found_permission = {p.uuid for p in new_permissions}
457
+ missing_permission = permissions_to_add - found_permission
458
+ if missing_permission:
459
+ raise NotFoundError(
460
+ detail=f"Permissions with UUIDs '{', '.join(missing_permission)}' not found"
461
+ )
477
462
 
478
- # Add Casbin policies
479
- policies = [
480
- [role_uuid, permission.resource, permission.action, permission.module]
481
- for permission in permissions_objs
482
- ]
483
- self.enforcer.add_policies(policies)
484
- self.enforcer.save_policy()
463
+ role_permissions = [
464
+ {"role_uuid": role_uuid, "permission_uuid": permission.uuid}
465
+ for permission in new_permissions
466
+ ]
467
+ session.bulk_insert_mappings(RolePermission, role_permissions)
485
468
 
486
469
  session.commit()
470
+ casbin_updated = False
471
+
472
+ if permissions is not None:
473
+ existing_permissions_dict = {p.uuid: p for p in existing_permissions}
474
+
475
+ if permissions_to_remove:
476
+ remove_policies = [
477
+ [role_uuid, existing_permissions_dict[perm_id].resource,
478
+ existing_permissions_dict[perm_id].action,
479
+ existing_permissions_dict[perm_id].module]
480
+ for perm_id in permissions_to_remove
481
+ ]
482
+
483
+ self.enforcer.remove_policies(remove_policies)
484
+ casbin_updated = True
485
+
486
+
487
+ if permissions_to_add:
488
+ add_policies = [
489
+ [role_uuid, p.resource, p.action, p.module]
490
+ for p in new_permissions
491
+ ]
492
+
493
+ self.enforcer.add_policies(add_policies)
494
+ casbin_updated = True
495
+
496
+ if casbin_updated:
497
+ self.enforcer.save_policy()
487
498
 
488
- # Refresh the role to get the updated permissions
489
499
  session.refresh(role)
490
500
 
491
- # Return the updated role with permissions
492
501
  return role
493
502
 
494
503
  except Exception as e:
495
504
  raise e
505
+
496
506
 
497
507
  def delete_role(self, role_uuid: str,exception_roles:List[str]=None):
498
508
  """Delete a role and its associated permissions"""
{abs_auth_rbac_core-0.3.4.dist-info → abs_auth_rbac_core-0.3.5.dist-info}/METADATA RENAMED
@@ -1,16 +1,16 @@
1
- Metadata-Version: 2.3
1
+ Metadata-Version: 2.4
2
2
  Name: abs-auth-rbac-core
3
- Version: 0.3.4
3
+ Version: 0.3.5
4
4
  Summary: RBAC and Auth core utilities including JWT token management.
5
- License: MIT
5
+ License-Expression: MIT
6
6
  Author: AutoBridgeSystems
7
7
  Author-email: info@autobridgesystems.com
8
8
  Requires-Python: >=3.11,<4.0
9
- Classifier: License :: OSI Approved :: MIT License
10
9
  Classifier: Programming Language :: Python :: 3
11
10
  Classifier: Programming Language :: Python :: 3.11
12
11
  Classifier: Programming Language :: Python :: 3.12
13
12
  Classifier: Programming Language :: Python :: 3.13
13
+ Classifier: Programming Language :: Python :: 3.14
14
14
  Requires-Dist: abs-exception-core (>=0.2.0,<0.3.0)
15
15
  Requires-Dist: abs-repository-core (>=0.3.0,<0.4.0)
16
16
  Requires-Dist: abs-utils (>=0.4.1,<0.5.0)
{abs_auth_rbac_core-0.3.4.dist-info → abs_auth_rbac_core-0.3.5.dist-info}/RECORD RENAMED
@@ -17,7 +17,7 @@ abs_auth_rbac_core/models/user_role.py,sha256=20pqmtJPzlUrI9ulHGouk8XlFgrGG7I6ik
17
17
  abs_auth_rbac_core/rbac/__init__.py,sha256=oYjtpmfrkEbwWCBAWuRoU1fM4fCpBxkF_lwQrelK1As,79
18
18
  abs_auth_rbac_core/rbac/decorator.py,sha256=pEFAW0Nn2iE4KBctPhNOmO_VLeJFDX2V9v2LsCu6kHY,1824
19
19
  abs_auth_rbac_core/rbac/policy.conf,sha256=wghhhKxgZH0rPhh1QFrIpq9nevJT3s7OxxvXiU3zzuI,305
20
- abs_auth_rbac_core/rbac/service.py,sha256=0SY86djzDJ8QKt9uEaWkkN-AZX-szGK9v8HRyqRwilk,38447
20
+ abs_auth_rbac_core/rbac/service.py,sha256=VtaEN1smrj7IhS6W9uoJNC2E6lGfHM-xxbcC0JqVz0o,38826
21
21
  abs_auth_rbac_core/repository/__init__.py,sha256=tuEdEV5HsePiaEg2Jrakf-QOR3evTeS-2Tq5VqbywyU,154
22
22
  abs_auth_rbac_core/repository/permission_repository.py,sha256=SQJyyErrrMnTnLJjhwZythPbYVGt5z0N5GJ5fV6Gvuo,541
23
23
  abs_auth_rbac_core/repository/role_repository.py,sha256=OEPpWIm_61rOljPEcejqXyOvowYDK8Uh5K_pvRLfb3Y,562
@@ -28,6 +28,6 @@ abs_auth_rbac_core/service/permission_service.py,sha256=tWasmKe0lr1QokmKzjD08O25
28
28
  abs_auth_rbac_core/service/role_service.py,sha256=Q68igKS-cArHaq-tqrjWPpptnrXYImRAEwKQep0ZOBQ,633
29
29
  abs_auth_rbac_core/util/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
30
30
  abs_auth_rbac_core/util/permission_constants.py,sha256=EHM4ZkQmMWR-AyoSEf-pJL-EC_eZ4Q_JEp9w62GknHY,102747
31
- abs_auth_rbac_core-0.3.4.dist-info/METADATA,sha256=bXwUvNxw6j3RMLubiPw5LZQH-U36MAB19YBVolVSAJM,23643
32
- abs_auth_rbac_core-0.3.4.dist-info/WHEEL,sha256=fGIA9gx4Qxk2KDKeNJCbOEwSrmLtjWCwzBz351GyrPQ,88
33
- abs_auth_rbac_core-0.3.4.dist-info/RECORD,,
31
+ abs_auth_rbac_core-0.3.5.dist-info/METADATA,sha256=-kCTAs13PzOFmqx26C3gG0GaIC-y_KvcDSA7Pi32qiQ,23654
32
+ abs_auth_rbac_core-0.3.5.dist-info/WHEEL,sha256=M5asmiAlL6HEcOq52Yi5mmk9KmTVjY2RDPtO4p9DMrc,88
33
+ abs_auth_rbac_core-0.3.5.dist-info/RECORD,,
{abs_auth_rbac_core-0.3.4.dist-info → abs_auth_rbac_core-0.3.5.dist-info}/WHEEL RENAMED
@@ -1,4 +1,4 @@
1
1
  Wheel-Version: 1.0
2
- Generator: poetry-core 2.1.2
2
+ Generator: poetry-core 2.2.0
3
3
  Root-Is-Purelib: true
4
4
  Tag: py3-none-any