PyPI - abs-auth-rbac-core - Versions diffs - 0.3.5__tar.gz → 0.3.6__tar.gz - Mend

abs-auth-rbac-core 0.3.5tar.gz → 0.3.6tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of abs-auth-rbac-core might be problematic. Click here for more details.

Files changed (33) hide show

{abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.6}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: abs-auth-rbac-core
-Version: 0.3.5
+Version: 0.3.6
 Summary: RBAC and Auth core utilities including JWT token management.
 License-Expression: MIT
 Author: AutoBridgeSystems

{abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.6}/abs_auth_rbac_core/rbac/service.py RENAMED Viewed

@@ -392,8 +392,7 @@ class RBACService:
             if not role:
                 raise NotFoundError(detail="Requested role does not exist")
-            return role
+            return role
     def update_role_permissions(
         self,
@@ -402,12 +401,14 @@ class RBACService:
         name: Optional[str] = None,
         description: Optional[str] = None,
     ) -> Any:
-        """Update role permissions"""
+        """Update role permissions by replacing all existing permissions with new ones"""
         with self.db() as session:
             try:
                 if not session.is_active:
                     session.begin()
+                # Get role with eager loading of permissions
                 role = (
                     session.query(Role)
                     .options(joinedload(Role.permissions))
@@ -418,91 +419,77 @@ class RBACService:
                 if not role:
                     raise NotFoundError(detail="Requested role does not exist")
+                # Update role information if provided
                 if name is not None or description is not None:
                     if name:
+                        # Check if new name already exists for a different role
                         existing_role = (
                             session.query(Role)
                             .filter(Role.name == name, Role.uuid != role_uuid)
                             .first()
                         )
                         if existing_role:
                             raise DuplicatedError(detail="Role already exists")
                         if role.name != "super_admin":
                             role.name = name
                     if description is not None:
                         role.description = description
                 if permissions is not None:
-                    existing_permissions = role.permissions
-                    existing_permission = {p.uuid for p in existing_permissions}
-                    new_permission = set(permissions) if permissions else set()
-                    permissions_to_remove = existing_permission - new_permission
-                    permissions_to_add = new_permission - existing_permission
-                    if permissions_to_remove:
-                        session.query(RolePermission).filter(
-                            RolePermission.role_uuid == role_uuid,
-                            RolePermission.permission_uuid.in_(permissions_to_remove)
-                        ).delete(synchronize_session=False)
+                    # Remove ALL existing policies for this role from Casbin
+                    self.enforcer.remove_filtered_policy(0, str(role_uuid))
+                    # Delete existing role permissions from database
+                    session.query(RolePermission).filter(
+                        RolePermission.role_uuid == role_uuid
+                    ).delete(synchronize_session=False)
-                    if permissions_to_add:
-                        new_permissions = (
+                    # Add new permissions if provided
+                    if permissions:
+                        # Fetch all permissions in a single query
+                        permissions_objs = (
                             session.query(Permission)
-                            .filter(Permission.uuid.in_(permissions_to_add))
+                            .filter(Permission.uuid.in_(permissions))
                             .all()
                         )
-                        found_permission = {p.uuid for p in new_permissions}
-                        missing_permission = permissions_to_add - found_permission
-                        if missing_permission:
+                        found_permission_ids = {p.uuid for p in permissions_objs}
+                        missing_permission_ids = set(permissions) - found_permission_ids
+                        if missing_permission_ids:
                             raise NotFoundError(
-                                detail=f"Permissions with UUIDs '{', '.join(missing_permission)}' not found"
+                                detail=f"Permissions with UUIDs '{', '.join(missing_permission_ids)}' not found"
                             )
+                        # Bulk insert role permissions
                         role_permissions = [
                             {"role_uuid": role_uuid, "permission_uuid": permission.uuid}
-                            for permission in new_permissions
+                            for permission in permissions_objs
                         ]
                         session.bulk_insert_mappings(RolePermission, role_permissions)
-                session.commit()
-                casbin_updated = False
-                if permissions is not None:
-                    existing_permissions_dict = {p.uuid: p for p in existing_permissions}
-                    if permissions_to_remove:
-                        remove_policies = [
-                            [role_uuid, existing_permissions_dict[perm_id].resource,
-                            existing_permissions_dict[perm_id].action,
-                            existing_permissions_dict[perm_id].module]
-                            for perm_id in permissions_to_remove
-                        ]
-                        self.enforcer.remove_policies(remove_policies)
-                        casbin_updated = True
-                    if permissions_to_add:
-                        add_policies = [
-                            [role_uuid, p.resource, p.action, p.module]
-                            for p in new_permissions
+                        # Add new Casbin policies
+                        policies = [
+                            [role_uuid, permission.resource, permission.action, permission.module]
+                            for permission in permissions_objs
                         ]
-                        self.enforcer.add_policies(add_policies)
-                        casbin_updated = True
-                if casbin_updated:
+                        self.enforcer.add_policies(policies)
+                    # Save all Casbin changes
                     self.enforcer.save_policy()
+                session.commit()
+                # Refresh the role to get the updated permissions
                 session.refresh(role)
+                # Return the updated role with permissions
                 return role
             except Exception as e:
                 raise e
     def delete_role(self, role_uuid: str,exception_roles:List[str]=None):
         """Delete a role and its associated permissions"""

{abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.6}/pyproject.toml RENAMED Viewed

@@ -1,6 +1,6 @@
 [project]
 name = "abs-auth-rbac-core"
-version = "0.3.5"
+version = "0.3.6"
 description = "RBAC and Auth core utilities including JWT token management."
 authors = [
     {name = "AutoBridgeSystems", email = "info@autobridgesystems.com"}