abs-auth-rbac-core 0.3.5__tar.gz → 0.3.7__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of abs-auth-rbac-core might be problematic. Click here for more details.

Files changed (33) hide show
  1. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/PKG-INFO +1 -1
  2. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/rbac/service.py +39 -51
  3. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/pyproject.toml +1 -1
  4. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/README.md +0 -0
  5. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/__init__.py +0 -0
  6. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/auth/__init__.py +0 -0
  7. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/auth/auth_functions.py +0 -0
  8. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/auth/jwt_functions.py +0 -0
  9. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/auth/middleware.py +0 -0
  10. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/__init__.py +0 -0
  11. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/base_model.py +0 -0
  12. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/gov_casbin_rule.py +0 -0
  13. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/permissions.py +0 -0
  14. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/rbac_model.py +0 -0
  15. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/role_permission.py +0 -0
  16. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/roles.py +0 -0
  17. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/seeder/permission_seeder.py +0 -0
  18. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/user.py +0 -0
  19. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/user_permission.py +0 -0
  20. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/models/user_role.py +0 -0
  21. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/rbac/__init__.py +0 -0
  22. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/rbac/decorator.py +0 -0
  23. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/rbac/policy.conf +0 -0
  24. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/repository/__init__.py +0 -0
  25. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/repository/permission_repository.py +0 -0
  26. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/repository/role_repository.py +0 -0
  27. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/schema/__init__.py +0 -0
  28. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/schema/permission.py +0 -0
  29. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/service/__init__.py +0 -0
  30. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/service/permission_service.py +0 -0
  31. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/service/role_service.py +0 -0
  32. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/util/__init__.py +0 -0
  33. {abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/util/permission_constants.py +0 -0
{abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: abs-auth-rbac-core
3
- Version: 0.3.5
3
+ Version: 0.3.7
4
4
  Summary: RBAC and Auth core utilities including JWT token management.
5
5
  License-Expression: MIT
6
6
  Author: AutoBridgeSystems
{abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/abs_auth_rbac_core/rbac/service.py RENAMED
@@ -65,6 +65,7 @@ class RBACService:
65
65
  self.enforcer = casbin.Enforcer(
66
66
  policy_path, adapter
67
67
  )
68
+ self.enforcer.enable_auto_save(False)
68
69
  # Load policies
69
70
  self.enforcer.load_policy()
70
71
 
@@ -392,8 +393,7 @@ class RBACService:
392
393
  if not role:
393
394
  raise NotFoundError(detail="Requested role does not exist")
394
395
 
395
- return role
396
-
396
+ return role
397
397
 
398
398
  def update_role_permissions(
399
399
  self,
@@ -402,12 +402,14 @@ class RBACService:
402
402
  name: Optional[str] = None,
403
403
  description: Optional[str] = None,
404
404
  ) -> Any:
405
- """Update role permissions"""
405
+ """Update role permissions by replacing all existing permissions with new ones"""
406
+
406
407
  with self.db() as session:
407
408
  try:
408
409
  if not session.is_active:
409
410
  session.begin()
410
411
 
412
+ # Get role with eager loading of permissions
411
413
  role = (
412
414
  session.query(Role)
413
415
  .options(joinedload(Role.permissions))
@@ -418,91 +420,77 @@ class RBACService:
418
420
  if not role:
419
421
  raise NotFoundError(detail="Requested role does not exist")
420
422
 
423
+ # Update role information if provided
421
424
  if name is not None or description is not None:
422
425
  if name:
426
+ # Check if new name already exists for a different role
423
427
  existing_role = (
424
428
  session.query(Role)
425
429
  .filter(Role.name == name, Role.uuid != role_uuid)
426
430
  .first()
427
431
  )
432
+
428
433
  if existing_role:
429
434
  raise DuplicatedError(detail="Role already exists")
435
+
430
436
  if role.name != "super_admin":
431
437
  role.name = name
438
+
432
439
  if description is not None:
433
440
  role.description = description
434
441
 
435
442
  if permissions is not None:
436
- existing_permissions = role.permissions
437
- existing_permission = {p.uuid for p in existing_permissions}
438
- new_permission = set(permissions) if permissions else set()
439
-
440
- permissions_to_remove = existing_permission - new_permission
441
- permissions_to_add = new_permission - existing_permission
442
-
443
- if permissions_to_remove:
444
- session.query(RolePermission).filter(
445
- RolePermission.role_uuid == role_uuid,
446
- RolePermission.permission_uuid.in_(permissions_to_remove)
447
- ).delete(synchronize_session=False)
443
+ # Remove ALL existing policies for this role from Casbin
444
+ self.enforcer.remove_filtered_policy(0, str(role_uuid))
445
+
446
+ # Delete existing role permissions from database
447
+ session.query(RolePermission).filter(
448
+ RolePermission.role_uuid == role_uuid
449
+ ).delete(synchronize_session=False)
448
450
 
449
- if permissions_to_add:
450
- new_permissions = (
451
+ # Add new permissions if provided
452
+ if permissions:
453
+ # Fetch all permissions in a single query
454
+ permissions_objs = (
451
455
  session.query(Permission)
452
- .filter(Permission.uuid.in_(permissions_to_add))
456
+ .filter(Permission.uuid.in_(permissions))
453
457
  .all()
454
458
  )
455
459
 
456
- found_permission = {p.uuid for p in new_permissions}
457
- missing_permission = permissions_to_add - found_permission
458
- if missing_permission:
460
+ found_permission_ids = {p.uuid for p in permissions_objs}
461
+ missing_permission_ids = set(permissions) - found_permission_ids
462
+ if missing_permission_ids:
459
463
  raise NotFoundError(
460
- detail=f"Permissions with UUIDs '{', '.join(missing_permission)}' not found"
464
+ detail=f"Permissions with UUIDs '{', '.join(missing_permission_ids)}' not found"
461
465
  )
462
466
 
467
+ # Bulk insert role permissions
463
468
  role_permissions = [
464
469
  {"role_uuid": role_uuid, "permission_uuid": permission.uuid}
465
- for permission in new_permissions
470
+ for permission in permissions_objs
466
471
  ]
467
472
  session.bulk_insert_mappings(RolePermission, role_permissions)
468
473
 
469
- session.commit()
470
- casbin_updated = False
471
-
472
- if permissions is not None:
473
- existing_permissions_dict = {p.uuid: p for p in existing_permissions}
474
-
475
- if permissions_to_remove:
476
- remove_policies = [
477
- [role_uuid, existing_permissions_dict[perm_id].resource,
478
- existing_permissions_dict[perm_id].action,
479
- existing_permissions_dict[perm_id].module]
480
- for perm_id in permissions_to_remove
481
- ]
482
-
483
- self.enforcer.remove_policies(remove_policies)
484
- casbin_updated = True
485
-
486
-
487
- if permissions_to_add:
488
- add_policies = [
489
- [role_uuid, p.resource, p.action, p.module]
490
- for p in new_permissions
474
+ # Add new Casbin policies
475
+ policies = [
476
+ [role_uuid, permission.resource, permission.action, permission.module]
477
+ for permission in permissions_objs
491
478
  ]
492
-
493
- self.enforcer.add_policies(add_policies)
494
- casbin_updated = True
495
-
496
- if casbin_updated:
479
+ self.enforcer.add_policies(policies)
480
+
481
+ # Save all Casbin changes
497
482
  self.enforcer.save_policy()
498
483
 
484
+ session.commit()
485
+
486
+ # Refresh the role to get the updated permissions
499
487
  session.refresh(role)
500
488
 
489
+ # Return the updated role with permissions
501
490
  return role
502
491
 
503
492
  except Exception as e:
504
493
  raise e
505
-
506
494
 
507
495
  def delete_role(self, role_uuid: str,exception_roles:List[str]=None):
508
496
  """Delete a role and its associated permissions"""
{abs_auth_rbac_core-0.3.5 → abs_auth_rbac_core-0.3.7}/pyproject.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [project]
2
2
  name = "abs-auth-rbac-core"
3
- version = "0.3.5"
3
+ version = "0.3.7"
4
4
  description = "RBAC and Auth core utilities including JWT token management."
5
5
  authors = [
6
6
  {name = "AutoBridgeSystems", email = "info@autobridgesystems.com"}