amsdal 0.2.5__cp312-cp312-win_amd64.whl

amsdal/contrib/app_config.py

@@ -0,0 +1,7 @@
+from abc import ABC
+from abc import abstractmethod
+
+
+class AppConfig(ABC):
+    @abstractmethod
+    def on_ready(self) -> None: ...

amsdal/contrib/app_config.pyi

@@ -0,0 +1,6 @@
+import abc
+from abc import ABC, abstractmethod
+
+class AppConfig(ABC, metaclass=abc.ABCMeta):
+    @abstractmethod
+    def on_ready(self) -> None: ...

amsdal/contrib/auth/app.py

@@ -0,0 +1,27 @@
+from amsdal_utils.lifecycle.enum import LifecycleEvent
+from amsdal_utils.lifecycle.producer import LifecycleProducer
+
+from amsdal.contrib.app_config import AppConfig
+
+
+class AuthAppConfig(AppConfig):
+    """
+    Configuration class for the authentication application.
+
+    This class sets up the necessary listeners for various lifecycle events
+    related to authentication and permission checks.
+    """
+
+    def on_ready(self) -> None:
+        """
+        Sets up listeners for various lifecycle events.
+
+        This method adds listeners for server startup, user authentication, and permission checks.
+        """
+        from amsdal.contrib.auth.lifecycle.consumer import AuthenticateUserConsumer
+        from amsdal.contrib.auth.lifecycle.consumer import CheckAndCreateSuperUserConsumer
+        from amsdal.contrib.auth.lifecycle.consumer import CheckPermissionConsumer
+
+        LifecycleProducer.add_listener(LifecycleEvent.ON_SERVER_STARTUP, CheckAndCreateSuperUserConsumer)
+        LifecycleProducer.add_listener(LifecycleEvent.ON_AUTHENTICATE, AuthenticateUserConsumer)
+        LifecycleProducer.add_listener(LifecycleEvent.ON_PERMISSION_CHECK, CheckPermissionConsumer)

amsdal/contrib/auth/app.pyi

@@ -0,0 +1,15 @@
+from amsdal.contrib.app_config import AppConfig as AppConfig
+
+class AuthAppConfig(AppConfig):
+    """
+    Configuration class for the authentication application.
+
+    This class sets up the necessary listeners for various lifecycle events
+    related to authentication and permission checks.
+    """
+    def on_ready(self) -> None:
+        """
+        Sets up listeners for various lifecycle events.
+
+        This method adds listeners for server startup, user authentication, and permission checks.
+        """

amsdal/contrib/auth/decorators/__init__.py

@@ -0,0 +1,20 @@
+from collections.abc import Callable
+from functools import wraps
+from typing import Any
+
+from amsdal.context.manager import AmsdalContextManager
+from amsdal.contrib.auth.errors import AuthenticationError
+
+
+def require_auth(func: Callable[..., Any]) -> Callable[..., Any]:
+    @wraps(func)
+    def wrapper(*args: Any, **kwargs: Any) -> Callable[..., Any]:
+        request = AmsdalContextManager().get_context().get('request', None)
+
+        if not request or not request.user:
+            msg = 'Authentication required'
+            raise AuthenticationError(msg)
+
+        return func(*args, **kwargs)
+
+    return wrapper

amsdal/contrib/auth/decorators/__init__.pyi

@@ -0,0 +1,6 @@
+from amsdal.context.manager import AmsdalContextManager as AmsdalContextManager
+from amsdal.contrib.auth.errors import AuthenticationError as AuthenticationError
+from collections.abc import Callable as Callable
+from typing import Any
+
+def require_auth(func: Callable[..., Any]) -> Callable[..., Any]: ...

amsdal/contrib/auth/errors.py

@@ -0,0 +1,7 @@
+from amsdal_utils.errors import AmsdalError
+
+
+class UserCreationError(AmsdalError): ...
+
+
+class AuthenticationError(AmsdalError): ...

amsdal/contrib/auth/errors.pyi

@@ -0,0 +1,4 @@
+from amsdal_utils.errors import AmsdalError
+
+class UserCreationError(AmsdalError): ...
+class AuthenticationError(AmsdalError): ...

amsdal/contrib/auth/lifecycle/consumer.py

@@ -0,0 +1,222 @@
+import logging
+from typing import Any
+
+import jwt
+from amsdal_data.transactions.decorators import transaction
+from amsdal_models.classes.helpers.reference_loader import ReferenceLoader
+from amsdal_models.classes.model import Model
+from amsdal_utils.lifecycle.consumer import LifecycleConsumer
+from amsdal_utils.models.data_models.reference import Reference
+from amsdal_utils.models.enums import Versions
+
+from amsdal.contrib.auth.errors import AuthenticationError
+
+logger = logging.getLogger(__name__)
+
+
+class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
+    """
+    Ensures the existence of a super user in the system.
+
+    This consumer checks if a super user exists based on the provided email and password
+    in the authentication settings. If the super user does not exist, it creates one.
+    """
+
+    @transaction
+    def on_event(self) -> None:
+        """
+        Checks for the existence of a super user and creates one if necessary.
+
+        This method ensures that a super user exists by checking the email and password
+        in the authentication settings. If the super user does not exist, it creates one
+        with the necessary permissions.
+        """
+        from amsdal.contrib.auth.settings import auth_settings
+        from models.contrib.permission import Permission  # type: ignore[import-not-found]
+        from models.contrib.user import User  # type: ignore[import-not-found]
+
+        logger.info('Ensure super user exists')
+
+        if not (auth_settings.ADMIN_USER_EMAIL and auth_settings.ADMIN_USER_PASSWORD):
+            logger.info('Email / password missing for super user - skipping')
+            return
+
+        user = (
+            User.objects.filter(email=auth_settings.ADMIN_USER_EMAIL, _address__object_version=Versions.LATEST)
+            .get_or_none()
+            .execute()
+        )
+        if user is not None:
+            logger.info('Super user already exists - skipping')
+            return
+
+        logger.info("Super user doesn't exist - creating now")
+
+        access_all_permission = (
+            Permission.objects.filter(
+                model='*',
+                action='*',
+                _address__object_version=Versions.LATEST,
+            )
+            .get()
+            .execute()
+        )
+
+        instance = User(
+            email=auth_settings.ADMIN_USER_EMAIL,
+            password=auth_settings.ADMIN_USER_PASSWORD,
+            permissions=[access_all_permission],
+        )
+        instance.save(force_insert=True)
+        logger.info('Super user created successfully')
+
+
+class AuthenticateUserConsumer(LifecycleConsumer):
+    """
+    Authenticates a user based on a provided JWT token.
+
+    This consumer decodes the JWT token from the authorization header and retrieves
+    the corresponding user from the database. If the token is invalid or expired,
+    it raises an `AuthenticationError`.
+    """
+
+    def on_event(self, auth_header: str, authentication_info: Any) -> None:
+        """
+        Authenticates the user using the provided JWT token.
+
+        This method decodes the JWT token from the authorization header and retrieves
+        the corresponding user from the database. If the token is invalid or expired,
+        it raises an `AuthenticationError`.
+
+        Args:
+            auth_header (str): The JWT token from the authorization header.
+            authentication_info (Any): The authentication information object to update with the user.
+        """
+        from amsdal.contrib.auth.settings import auth_settings
+        from models.contrib.user import User  # type: ignore[import-not-found]
+
+        authentication_info.user = None
+        email: str | None
+
+        try:
+            jwt_payload = jwt.decode(
+                auth_header,
+                auth_settings.AUTH_JWT_KEY,  # type: ignore[arg-type]
+                algorithms=['HS256'],
+            )
+            email = jwt_payload['email']
+        except jwt.ExpiredSignatureError as exc:
+            logger.error('Auth token expired. Defaulting to anonymous user.')
+
+            msg = 'Auth token has expired.'
+            raise AuthenticationError(msg) from exc
+        except Exception as exc:
+            logger.error('Auth token decode failure. Defaulting to anonymous user.')
+
+            msg = 'Failed to decode auth token.'
+            raise AuthenticationError(msg) from exc
+
+        user = User.objects.filter(email=email, _address__object_version=Versions.LATEST).get_or_none().execute()
+
+        authentication_info.user = user
+
+
+class CheckPermissionConsumer(LifecycleConsumer):
+    """
+    Checks and manages permissions for a given user and object.
+
+    This consumer prepopulates default permissions, checks class-level permissions,
+    and object-level permissions for a given user and object.
+    """
+
+    def _prepopulate_default_permissions(self, object_class: type[Model], permissions_info: Any) -> None:
+        from amsdal.contrib.auth.settings import auth_settings
+        from models.contrib.permission import Permission  # type: ignore[import-not-found]
+
+        permissions_info.has_read_permission = not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION
+        permissions_info.has_create_permission = (
+            (not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION) if object_class.__name__ != 'LoginSession' else True
+        )
+        permissions_info.has_update_permission = not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION
+        permissions_info.has_delete_permission = not auth_settings.REQUIRE_DEFAULT_AUTHORIZATION
+
+        required_permissions = Permission.objects.filter(
+            model=object_class.__name__,
+            _address__object_version=Versions.LATEST,
+        ).execute()
+
+        for required_permission in required_permissions:
+            if required_permission.action == 'read':
+                permissions_info.has_read_permission = False
+            elif required_permission.action == 'create':
+                permissions_info.has_create_permission = False
+            elif required_permission.action == 'update':
+                permissions_info.has_update_permission = False
+            elif required_permission.action == 'delete':
+                permissions_info.has_delete_permission = False
+
+    def _check_class_permissions(self, object_class: type[Model], user: Any, permissions_info: Any) -> None:
+        if hasattr(object_class, 'has_permission'):
+            for action in ['read', 'create', 'update', 'delete']:
+                setattr(permissions_info, f'has_{action}_permission', object_class.has_permission(user, action))
+
+        if not user or not getattr(user, 'permissions', None):
+            return
+
+        user_permissions = [
+            ReferenceLoader(p).load_reference() if isinstance(p, Reference) else p for p in user.permissions
+        ]
+
+        for user_permission in user_permissions:
+            if user_permission.model not in [object_class.__name__, '*']:
+                continue
+
+            if user_permission.action == 'read':
+                permissions_info.has_read_permission = True
+            elif user_permission.action == 'create':
+                permissions_info.has_create_permission = True
+            elif user_permission.action == 'update':
+                permissions_info.has_update_permission = True
+            elif user_permission.action == 'delete':
+                permissions_info.has_delete_permission = True
+            elif user_permission.action == '*':
+                permissions_info.has_read_permission = True
+                permissions_info.has_create_permission = True
+                permissions_info.has_update_permission = True
+                permissions_info.has_delete_permission = True
+
+    def _check_object_permissions(self, obj: Model, user: Any, permissions_info: Any) -> None:
+        if hasattr(obj, 'has_object_permission'):
+            for action in ['read', 'update', 'delete']:
+                setattr(
+                    permissions_info,
+                    f'has_{action}_permission',
+                    getattr(permissions_info, f'has_{action}_permission') and obj.has_object_permission(user, action),
+                )
+
+    def on_event(
+        self,
+        object_class: type[Model],
+        user: Any,
+        access_types: list[Any],  # noqa: ARG002
+        permissions_info: Any,
+        obj: Model | None = None,
+    ) -> None:
+        """
+        Main method to check permissions for a given user and object.
+
+        This method prepopulates default permissions, checks class-level permissions,
+        and object-level permissions for the given user and object.
+
+        Args:
+            object_class (type[Model]): The class of the object to check permissions for.
+            user (Any): The user to check permissions for.
+            access_types (list[Any]): The list of access types to check.
+            permissions_info (Any): The permissions information object to update.
+            obj (Model | None): The object to check permissions for, if any.
+        """
+        self._prepopulate_default_permissions(object_class, permissions_info)
+        self._check_class_permissions(object_class, user, permissions_info)
+
+        if obj:
+            self._check_object_permissions(obj, user, permissions_info)

amsdal/contrib/auth/lifecycle/consumer.pyi

@@ -0,0 +1,69 @@
+from _typeshed import Incomplete
+from amsdal.contrib.auth.errors import AuthenticationError as AuthenticationError
+from amsdal_models.classes.model import Model
+from amsdal_utils.lifecycle.consumer import LifecycleConsumer
+from typing import Any
+
+logger: Incomplete
+
+class CheckAndCreateSuperUserConsumer(LifecycleConsumer):
+    """
+    Ensures the existence of a super user in the system.
+
+    This consumer checks if a super user exists based on the provided email and password
+    in the authentication settings. If the super user does not exist, it creates one.
+    """
+    def on_event(self) -> None:
+        """
+        Checks for the existence of a super user and creates one if necessary.
+
+        This method ensures that a super user exists by checking the email and password
+        in the authentication settings. If the super user does not exist, it creates one
+        with the necessary permissions.
+        """
+
+class AuthenticateUserConsumer(LifecycleConsumer):
+    """
+    Authenticates a user based on a provided JWT token.
+
+    This consumer decodes the JWT token from the authorization header and retrieves
+    the corresponding user from the database. If the token is invalid or expired,
+    it raises an `AuthenticationError`.
+    """
+    def on_event(self, auth_header: str, authentication_info: Any) -> None:
+        """
+        Authenticates the user using the provided JWT token.
+
+        This method decodes the JWT token from the authorization header and retrieves
+        the corresponding user from the database. If the token is invalid or expired,
+        it raises an `AuthenticationError`.
+
+        Args:
+            auth_header (str): The JWT token from the authorization header.
+            authentication_info (Any): The authentication information object to update with the user.
+        """
+
+class CheckPermissionConsumer(LifecycleConsumer):
+    """
+    Checks and manages permissions for a given user and object.
+
+    This consumer prepopulates default permissions, checks class-level permissions,
+    and object-level permissions for a given user and object.
+    """
+    def _prepopulate_default_permissions(self, object_class: type[Model], permissions_info: Any) -> None: ...
+    def _check_class_permissions(self, object_class: type[Model], user: Any, permissions_info: Any) -> None: ...
+    def _check_object_permissions(self, obj: Model, user: Any, permissions_info: Any) -> None: ...
+    def on_event(self, object_class: type[Model], user: Any, access_types: list[Any], permissions_info: Any, obj: Model | None = None) -> None:
+        """
+        Main method to check permissions for a given user and object.
+
+        This method prepopulates default permissions, checks class-level permissions,
+        and object-level permissions for the given user and object.
+
+        Args:
+            object_class (type[Model]): The class of the object to check permissions for.
+            user (Any): The user to check permissions for.
+            access_types (list[Any]): The list of access types to check.
+            permissions_info (Any): The permissions information object to update.
+            obj (Model | None): The object to check permissions for, if any.
+        """

amsdal/contrib/auth/migrations/0000_initial.py

@@ -0,0 +1,49 @@
+from amsdal_utils.models.enums import SchemaTypes
+
+from amsdal.migration import migrations
+
+
+class Migration(migrations.Migration):
+    operations: list[migrations.Operation] = [
+        migrations.CreateClass(
+            schema_type=SchemaTypes.CONTRIB,
+            class_name='Permission',
+            new_schema={
+                'title': 'Permission',
+                'required': ['model', 'action'],
+                'properties': {
+                    'model': {'type': 'string', 'title': 'Model'},
+                    'action': {'type': 'string', 'title': 'Action'},
+                },
+                'custom_code': "@property  # type: ignore[misc]\ndef display_name(self) -> str:  # type: ignore[no-untyped-def]\n    return f'{self.model}:{self.action}'",
+            },
+        ),
+        migrations.CreateClass(
+            schema_type=SchemaTypes.CONTRIB,
+            class_name='User',
+            new_schema={
+                'title': 'User',
+                'required': ['email', 'password'],
+                'properties': {
+                    'email': {'type': 'string', 'title': 'Email'},
+                    'password': {'type': 'binary', 'title': 'Password (hash)'},
+                    'permissions': {'type': 'array', 'items': {'type': 'Permission'}, 'title': 'Permissions'},
+                },
+                'custom_code': "from typing import Any\n\n\ndef pre_init(self, *, is_new_object: bool, kwargs: dict[str, Any]) -> None:  # type: ignore[no-untyped-def]  # noqa: ARG001\n    import bcrypt\n\n    from amsdal.contrib.auth.errors import UserCreationError\n\n    email = kwargs.get('email', None)\n    password = kwargs.get('password', None)\n\n    if email is None or email == '':\n        msg = \"Email can't be empty\"\n        raise UserCreationError(msg)\n\n    if password is None or password == '':\n        msg = \"Password can't be empty\"\n        raise UserCreationError(msg)\n\n    kwargs['email'] = email.lower()\n\n    if is_new_object and '_metadata' not in kwargs:\n        hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())\n        kwargs['password'] = hashed_password\n        kwargs['_object_id'] = email.lower()\n\ndef pre_create(self) -> None:  # type: ignore[no-untyped-def]  # noqa: ARG001\n    pass\n\n@property  # type: ignore[misc]\ndef display_name(self) -> str:  # type: ignore[no-untyped-def]\n    return self.email",
+            },
+        ),
+        migrations.CreateClass(
+            schema_type=SchemaTypes.CONTRIB,
+            class_name='LoginSession',
+            new_schema={
+                'title': 'LoginSession',
+                'required': ['email', 'password'],
+                'properties': {
+                    'email': {'type': 'string', 'title': 'Email'},
+                    'password': {'type': 'string', 'title': 'Password (hash)'},
+                    'token': {'type': 'string', 'title': 'Token', 'mark_as_read_only': True},
+                },
+                'custom_code': "from datetime import datetime\nfrom datetime import timedelta\nfrom datetime import timezone\nfrom typing import Any\n\nimport bcrypt\nimport jwt\nfrom amsdal_utils.models.enums import Versions\n\n\ndef pre_init(self, *, is_new_object: bool, kwargs: dict[str, Any]) -> None:  # type: ignore[no-untyped-def]  # noqa: ARG001\n    if not is_new_object or '_metadata' in kwargs:\n        return\n\n    from amsdal.contrib.auth.errors import AuthenticationError\n    from amsdal.contrib.auth.settings import auth_settings\n\n    email = kwargs.get('email', None)\n    password = kwargs.get('password', None)\n\n    if not email:\n        msg = \"Email can't be empty\"\n        raise AuthenticationError(msg)\n\n    if not password:\n        msg = \"Password can't be empty\"\n        raise AuthenticationError(msg)\n\n    lowercased_email = email.lower()\n\n    from models.contrib.user import User  # type: ignore[import-not-found]\n\n    user = User.objects.filter(email=lowercased_email, _address__object_version=Versions.LATEST).get_or_none().execute()\n\n    if not user:\n        msg = 'Invalid email / password'\n        raise AuthenticationError(msg)\n\n    if not bcrypt.checkpw(password.encode('utf-8') if isinstance(password, str) else password, user.password):\n        msg = 'Invalid email / password'\n        raise AuthenticationError(msg)\n\n    kwargs['password'] = 'validated'\n    expiration_time = datetime.now(tz=timezone.utc) + timedelta(seconds=1200)\n    token = jwt.encode(\n        {'email': lowercased_email, 'exp': expiration_time},\n        key=auth_settings.AUTH_JWT_KEY,  # type: ignore[arg-type]\n        algorithm='HS256',\n    )\n\n    kwargs['token'] = token\n\n@property  # type: ignore[misc]\ndef display_name(self) -> str:  # type: ignore[no-untyped-def]\n    return self.email",
+            },
+        ),
+    ]

amsdal/contrib/auth/models/login_session/hooks/pre_init.py

@@ -0,0 +1,64 @@
+from datetime import datetime
+from datetime import timedelta
+from datetime import timezone
+from typing import Any
+
+import bcrypt
+import jwt
+from amsdal_utils.models.enums import Versions
+
+
+def pre_init(self, *, is_new_object: bool, kwargs: dict[str, Any]) -> None:  # type: ignore[no-untyped-def]  # noqa: ARG001
+    """
+    Pre-initializes a user object by validating email and password, and generating a JWT token.
+
+    This method checks if the object is new and validates the provided email and password.
+    If the email and password are valid, it generates a JWT token and adds it to the kwargs.
+
+    Args:
+        is_new_object (bool): Indicates if the object is new.
+        kwargs (dict[str, Any]): The keyword arguments containing user details.
+
+    Raises:
+        AuthenticationError: If the email or password is invalid.
+    """
+    if not is_new_object or '_metadata' in kwargs:
+        return
+
+    from amsdal.contrib.auth.errors import AuthenticationError
+    from amsdal.contrib.auth.settings import auth_settings
+
+    email = kwargs.get('email', None)
+    password = kwargs.get('password', None)
+
+    if not email:
+        msg = "Email can't be empty"
+        raise AuthenticationError(msg)
+
+    if not password:
+        msg = "Password can't be empty"
+        raise AuthenticationError(msg)
+
+    lowercased_email = email.lower()
+
+    from models.contrib.user import User  # type: ignore[import-not-found]
+
+    user = User.objects.filter(email=lowercased_email, _address__object_version=Versions.LATEST).get_or_none().execute()
+
+    if not user:
+        msg = 'Invalid email / password'
+        raise AuthenticationError(msg)
+
+    if not bcrypt.checkpw(password.encode('utf-8') if isinstance(password, str) else password, user.password):
+        msg = 'Invalid email / password'
+        raise AuthenticationError(msg)
+
+    kwargs['password'] = 'validated'
+    expiration_time = datetime.now(tz=timezone.utc) + timedelta(seconds=auth_settings.AUTH_TOKEN_EXPIRATION)
+    token = jwt.encode(
+        {'email': lowercased_email, 'exp': expiration_time},
+        key=auth_settings.AUTH_JWT_KEY,  # type: ignore[arg-type]
+        algorithm='HS256',
+    )
+
+    kwargs['token'] = token

amsdal/contrib/auth/models/login_session/model.json

@@ -0,0 +1,23 @@
+{
+  "title": "LoginSession",
+  "type": "object",
+  "properties": {
+    "email": {
+      "title": "Email",
+      "type": "string"
+    },
+    "password": {
+      "title": "Password (hash)",
+      "type": "string"
+    },
+    "token": {
+      "title": "Token",
+      "type": "string",
+      "mark_as_read_only": true
+    }
+  },
+  "required": [
+    "email",
+    "password"
+  ]
+}

amsdal/contrib/auth/models/login_session/modifiers/display_name.py

@@ -0,0 +1,11 @@
+@property  # type: ignore[misc]
+def display_name(self) -> str:  # type: ignore[no-untyped-def]
+    """
+    Returns the display name of the user.
+
+    This method returns the email of the user as their display name.
+
+    Returns:
+        str: The email of the user.
+    """
+    return self.email

amsdal/contrib/auth/models/permission/fixtures/basic_permissions.json

@@ -0,0 +1,62 @@
+[
+    {
+        "external_id": "user_delete",
+        "model": "User",
+        "action": "delete"
+    },
+    {
+        "external_id": "user_read",
+        "model": "User",
+        "action": "read"
+    },
+    {
+        "external_id": "user_update",
+        "model": "User",
+        "action": "update"
+    },
+    {
+        "external_id": "user_all_actions",
+        "model": "User",
+        "action": "*"
+    },
+    {
+        "external_id": "all_models_all_actions",
+        "model": "*",
+        "action": "*"
+    },
+    {
+        "external_id": "login_session_delete",
+        "model": "LoginSession",
+        "action": "delete"
+    },
+    {
+        "external_id": "login_session_read",
+        "model": "LoginSession",
+        "action": "read"
+    },
+    {
+        "external_id": "login_session_update",
+        "model": "LoginSession",
+        "action": "update"
+    },
+    {
+        "external_id": "permission_delete",
+        "model": "Permission",
+        "action": "delete"
+    },
+    {
+        "external_id": "permission_read",
+        "model": "Permission",
+        "action": "read"
+    },
+    {
+        "external_id": "permission_update",
+        "model": "Permission",
+        "action": "update"
+    },
+    {
+        "external_id": "permission_create",
+        "model": "Permission",
+        "action": "create"
+    }
+]

amsdal/contrib/auth/models/permission/model.json

@@ -0,0 +1,18 @@
+{
+  "title": "Permission",
+  "type": "object",
+  "properties": {
+    "model": {
+      "title": "Model",
+      "type": "string"
+    },
+    "action": {
+      "title": "Action",
+      "type": "string"
+    }
+  },
+  "required": [
+    "model",
+    "action"
+  ]
+}

amsdal/contrib/auth/models/permission/modifiers/display_name.py

@@ -0,0 +1,11 @@
+@property  # type: ignore[misc]
+def display_name(self) -> str:  # type: ignore[no-untyped-def]
+    """
+    Returns the display name of the user.
+
+    This method returns a formatted string combining the model and action of the user.
+
+    Returns:
+        str: The formatted display name in the format 'model:action'.
+    """
+    return f'{self.model}:{self.action}'