abs-auth-rbac-core 0.3.5__py3-none-any.whl → 0.3.7__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of abs-auth-rbac-core might be problematic. Click here for more details.
- abs_auth_rbac_core/rbac/service.py +39 -51
- {abs_auth_rbac_core-0.3.5.dist-info → abs_auth_rbac_core-0.3.7.dist-info}/METADATA +1 -1
- {abs_auth_rbac_core-0.3.5.dist-info → abs_auth_rbac_core-0.3.7.dist-info}/RECORD +4 -4
- {abs_auth_rbac_core-0.3.5.dist-info → abs_auth_rbac_core-0.3.7.dist-info}/WHEEL +0 -0
|
@@ -65,6 +65,7 @@ class RBACService:
|
|
|
65
65
|
self.enforcer = casbin.Enforcer(
|
|
66
66
|
policy_path, adapter
|
|
67
67
|
)
|
|
68
|
+
self.enforcer.enable_auto_save(False)
|
|
68
69
|
# Load policies
|
|
69
70
|
self.enforcer.load_policy()
|
|
70
71
|
|
|
@@ -392,8 +393,7 @@ class RBACService:
|
|
|
392
393
|
if not role:
|
|
393
394
|
raise NotFoundError(detail="Requested role does not exist")
|
|
394
395
|
|
|
395
|
-
return role
|
|
396
|
-
|
|
396
|
+
return role
|
|
397
397
|
|
|
398
398
|
def update_role_permissions(
|
|
399
399
|
self,
|
|
@@ -402,12 +402,14 @@ class RBACService:
|
|
|
402
402
|
name: Optional[str] = None,
|
|
403
403
|
description: Optional[str] = None,
|
|
404
404
|
) -> Any:
|
|
405
|
-
"""Update role permissions"""
|
|
405
|
+
"""Update role permissions by replacing all existing permissions with new ones"""
|
|
406
|
+
|
|
406
407
|
with self.db() as session:
|
|
407
408
|
try:
|
|
408
409
|
if not session.is_active:
|
|
409
410
|
session.begin()
|
|
410
411
|
|
|
412
|
+
# Get role with eager loading of permissions
|
|
411
413
|
role = (
|
|
412
414
|
session.query(Role)
|
|
413
415
|
.options(joinedload(Role.permissions))
|
|
@@ -418,91 +420,77 @@ class RBACService:
|
|
|
418
420
|
if not role:
|
|
419
421
|
raise NotFoundError(detail="Requested role does not exist")
|
|
420
422
|
|
|
423
|
+
# Update role information if provided
|
|
421
424
|
if name is not None or description is not None:
|
|
422
425
|
if name:
|
|
426
|
+
# Check if new name already exists for a different role
|
|
423
427
|
existing_role = (
|
|
424
428
|
session.query(Role)
|
|
425
429
|
.filter(Role.name == name, Role.uuid != role_uuid)
|
|
426
430
|
.first()
|
|
427
431
|
)
|
|
432
|
+
|
|
428
433
|
if existing_role:
|
|
429
434
|
raise DuplicatedError(detail="Role already exists")
|
|
435
|
+
|
|
430
436
|
if role.name != "super_admin":
|
|
431
437
|
role.name = name
|
|
438
|
+
|
|
432
439
|
if description is not None:
|
|
433
440
|
role.description = description
|
|
434
441
|
|
|
435
442
|
if permissions is not None:
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
if permissions_to_remove:
|
|
444
|
-
session.query(RolePermission).filter(
|
|
445
|
-
RolePermission.role_uuid == role_uuid,
|
|
446
|
-
RolePermission.permission_uuid.in_(permissions_to_remove)
|
|
447
|
-
).delete(synchronize_session=False)
|
|
443
|
+
# Remove ALL existing policies for this role from Casbin
|
|
444
|
+
self.enforcer.remove_filtered_policy(0, str(role_uuid))
|
|
445
|
+
|
|
446
|
+
# Delete existing role permissions from database
|
|
447
|
+
session.query(RolePermission).filter(
|
|
448
|
+
RolePermission.role_uuid == role_uuid
|
|
449
|
+
).delete(synchronize_session=False)
|
|
448
450
|
|
|
449
|
-
if
|
|
450
|
-
|
|
451
|
+
# Add new permissions if provided
|
|
452
|
+
if permissions:
|
|
453
|
+
# Fetch all permissions in a single query
|
|
454
|
+
permissions_objs = (
|
|
451
455
|
session.query(Permission)
|
|
452
|
-
.filter(Permission.uuid.in_(
|
|
456
|
+
.filter(Permission.uuid.in_(permissions))
|
|
453
457
|
.all()
|
|
454
458
|
)
|
|
455
459
|
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
if
|
|
460
|
+
found_permission_ids = {p.uuid for p in permissions_objs}
|
|
461
|
+
missing_permission_ids = set(permissions) - found_permission_ids
|
|
462
|
+
if missing_permission_ids:
|
|
459
463
|
raise NotFoundError(
|
|
460
|
-
detail=f"Permissions with UUIDs '{', '.join(
|
|
464
|
+
detail=f"Permissions with UUIDs '{', '.join(missing_permission_ids)}' not found"
|
|
461
465
|
)
|
|
462
466
|
|
|
467
|
+
# Bulk insert role permissions
|
|
463
468
|
role_permissions = [
|
|
464
469
|
{"role_uuid": role_uuid, "permission_uuid": permission.uuid}
|
|
465
|
-
for permission in
|
|
470
|
+
for permission in permissions_objs
|
|
466
471
|
]
|
|
467
472
|
session.bulk_insert_mappings(RolePermission, role_permissions)
|
|
468
473
|
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
existing_permissions_dict = {p.uuid: p for p in existing_permissions}
|
|
474
|
-
|
|
475
|
-
if permissions_to_remove:
|
|
476
|
-
remove_policies = [
|
|
477
|
-
[role_uuid, existing_permissions_dict[perm_id].resource,
|
|
478
|
-
existing_permissions_dict[perm_id].action,
|
|
479
|
-
existing_permissions_dict[perm_id].module]
|
|
480
|
-
for perm_id in permissions_to_remove
|
|
481
|
-
]
|
|
482
|
-
|
|
483
|
-
self.enforcer.remove_policies(remove_policies)
|
|
484
|
-
casbin_updated = True
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
if permissions_to_add:
|
|
488
|
-
add_policies = [
|
|
489
|
-
[role_uuid, p.resource, p.action, p.module]
|
|
490
|
-
for p in new_permissions
|
|
474
|
+
# Add new Casbin policies
|
|
475
|
+
policies = [
|
|
476
|
+
[role_uuid, permission.resource, permission.action, permission.module]
|
|
477
|
+
for permission in permissions_objs
|
|
491
478
|
]
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
if casbin_updated:
|
|
479
|
+
self.enforcer.add_policies(policies)
|
|
480
|
+
|
|
481
|
+
# Save all Casbin changes
|
|
497
482
|
self.enforcer.save_policy()
|
|
498
483
|
|
|
484
|
+
session.commit()
|
|
485
|
+
|
|
486
|
+
# Refresh the role to get the updated permissions
|
|
499
487
|
session.refresh(role)
|
|
500
488
|
|
|
489
|
+
# Return the updated role with permissions
|
|
501
490
|
return role
|
|
502
491
|
|
|
503
492
|
except Exception as e:
|
|
504
493
|
raise e
|
|
505
|
-
|
|
506
494
|
|
|
507
495
|
def delete_role(self, role_uuid: str,exception_roles:List[str]=None):
|
|
508
496
|
"""Delete a role and its associated permissions"""
|
|
@@ -17,7 +17,7 @@ abs_auth_rbac_core/models/user_role.py,sha256=20pqmtJPzlUrI9ulHGouk8XlFgrGG7I6ik
|
|
|
17
17
|
abs_auth_rbac_core/rbac/__init__.py,sha256=oYjtpmfrkEbwWCBAWuRoU1fM4fCpBxkF_lwQrelK1As,79
|
|
18
18
|
abs_auth_rbac_core/rbac/decorator.py,sha256=pEFAW0Nn2iE4KBctPhNOmO_VLeJFDX2V9v2LsCu6kHY,1824
|
|
19
19
|
abs_auth_rbac_core/rbac/policy.conf,sha256=wghhhKxgZH0rPhh1QFrIpq9nevJT3s7OxxvXiU3zzuI,305
|
|
20
|
-
abs_auth_rbac_core/rbac/service.py,sha256=
|
|
20
|
+
abs_auth_rbac_core/rbac/service.py,sha256=KOwqLlaY7JiaK0WKGLmA7hxtMac1bB0Rt6wWD7pR0NY,38412
|
|
21
21
|
abs_auth_rbac_core/repository/__init__.py,sha256=tuEdEV5HsePiaEg2Jrakf-QOR3evTeS-2Tq5VqbywyU,154
|
|
22
22
|
abs_auth_rbac_core/repository/permission_repository.py,sha256=SQJyyErrrMnTnLJjhwZythPbYVGt5z0N5GJ5fV6Gvuo,541
|
|
23
23
|
abs_auth_rbac_core/repository/role_repository.py,sha256=OEPpWIm_61rOljPEcejqXyOvowYDK8Uh5K_pvRLfb3Y,562
|
|
@@ -28,6 +28,6 @@ abs_auth_rbac_core/service/permission_service.py,sha256=tWasmKe0lr1QokmKzjD08O25
|
|
|
28
28
|
abs_auth_rbac_core/service/role_service.py,sha256=Q68igKS-cArHaq-tqrjWPpptnrXYImRAEwKQep0ZOBQ,633
|
|
29
29
|
abs_auth_rbac_core/util/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
|
|
30
30
|
abs_auth_rbac_core/util/permission_constants.py,sha256=EHM4ZkQmMWR-AyoSEf-pJL-EC_eZ4Q_JEp9w62GknHY,102747
|
|
31
|
-
abs_auth_rbac_core-0.3.
|
|
32
|
-
abs_auth_rbac_core-0.3.
|
|
33
|
-
abs_auth_rbac_core-0.3.
|
|
31
|
+
abs_auth_rbac_core-0.3.7.dist-info/METADATA,sha256=uWbeixNYlthRsJSy8jv9tGwSD67B4svfSsYDQdy_iFU,23654
|
|
32
|
+
abs_auth_rbac_core-0.3.7.dist-info/WHEEL,sha256=M5asmiAlL6HEcOq52Yi5mmk9KmTVjY2RDPtO4p9DMrc,88
|
|
33
|
+
abs_auth_rbac_core-0.3.7.dist-info/RECORD,,
|
|
File without changes
|