cardo-python-utils 0.5.dev0__tar.gz → 0.5.dev2__tar.gz

{cardo_python_utils-0.5.dev0/cardo_python_utils.egg-info → cardo_python_utils-0.5.dev2}/PKG-INFO

@@ -1,8 +1,8 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev0
+Version: 0.5.dev2
 Summary: Python library enhanced with a wide range of functions for different scenarios.
-Author-email: Kristi Kotini <hello@cardoai.com>, Klajdi Çaushi <hello@cardoai.com>
+Author-email: CardoAI <hello@cardoai.com>
 License: MIT
 Project-URL: Homepage, https://github.com/CardoAI/cardo-python-utils
 Project-URL: Repository, https://github.com/CardoAI/cardo-python-utils.git
@@ -37,6 +37,9 @@ Requires-Dist: PyJWT; extra == "drf"
 Provides-Extra: django-admin-auth
 Requires-Dist: Django; extra == "django-admin-auth"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "django-admin-auth"
+Provides-Extra: django-keycloak-groups
+Requires-Dist: Django; extra == "django-keycloak-groups"
+Requires-Dist: python-keycloak>=5.8.1; extra == "django-keycloak-groups"
 Provides-Extra: all
 Requires-Dist: Django; extra == "all"
 Provides-Extra: dev

{cardo_python_utils-0.5.dev0 → cardo_python_utils-0.5.dev2/cardo_python_utils.egg-info}/PKG-INFO

@@ -1,8 +1,8 @@
 Metadata-Version: 2.4
 Name: cardo-python-utils
-Version: 0.5.dev0
+Version: 0.5.dev2
 Summary: Python library enhanced with a wide range of functions for different scenarios.
-Author-email: Kristi Kotini <hello@cardoai.com>, Klajdi Çaushi <hello@cardoai.com>
+Author-email: CardoAI <hello@cardoai.com>
 License: MIT
 Project-URL: Homepage, https://github.com/CardoAI/cardo-python-utils
 Project-URL: Repository, https://github.com/CardoAI/cardo-python-utils.git
@@ -37,6 +37,9 @@ Requires-Dist: PyJWT; extra == "drf"
 Provides-Extra: django-admin-auth
 Requires-Dist: Django; extra == "django-admin-auth"
 Requires-Dist: mozilla-django-oidc>=4.0.1; extra == "django-admin-auth"
+Provides-Extra: django-keycloak-groups
+Requires-Dist: Django; extra == "django-keycloak-groups"
+Requires-Dist: python-keycloak>=5.8.1; extra == "django-keycloak-groups"
 Provides-Extra: all
 Requires-Dist: Django; extra == "all"
 Provides-Extra: dev

{cardo_python_utils-0.5.dev0 → cardo_python_utils-0.5.dev2}/cardo_python_utils.egg-info/SOURCES.txt

@@ -22,4 +22,5 @@ python_utils/django/utils.py
 python_utils/django/auth/__init__.py
 python_utils/django/auth/admin.py
 python_utils/django/auth/drf.py
+python_utils/django/auth/keycloak.py
 python_utils/django/auth/ninja.py

{cardo_python_utils-0.5.dev0 → cardo_python_utils-0.5.dev2}/cardo_python_utils.egg-info/requires.txt

@@ -15,6 +15,10 @@ Django
 Django
 mozilla-django-oidc>=4.0.1
 
+[django-keycloak-groups]
+Django
+python-keycloak>=5.8.1
+
 [django-ninja]
 Django
 django-ninja

{cardo_python_utils-0.5.dev0 → cardo_python_utils-0.5.dev2}/pyproject.toml

@@ -4,14 +4,13 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "cardo-python-utils"
-version = "0.5.dev0"
+version = "0.5.dev2"
 description = "Python library enhanced with a wide range of functions for different scenarios."
 readme = "README.rst"
 requires-python = ">=3.8"
 license = {text = "MIT"}
 authors = [
-    {name = "Kristi Kotini", email = "hello@cardoai.com"},
-    {name = "Klajdi Çaushi", email = "hello@cardoai.com"}
+    {name = "CardoAI", email = "hello@cardoai.com"},
 ]
 keywords = ["utilities", "helpers", "django"]
 classifiers = [
@@ -49,6 +48,10 @@ django-admin-auth = [
     "Django",
     "mozilla-django-oidc>=4.0.1",
 ]
+django-keycloak-groups = [
+    "Django",
+    "python-keycloak>=5.8.1",
+]
 all = [
     "Django",
 ]

{cardo_python_utils-0.5.dev0 → cardo_python_utils-0.5.dev2}/python_utils/django/auth/admin.py

@@ -44,6 +44,4 @@ class OIDCCustomAuthenticationBackend(OIDCAuthenticationBackend):
 
 
 def has_permission(request):
-    # The user does not need to be staff to access the admin site
-    # Only superusers will have access to do anything in the admin site
-    return request.user.is_active and request.user.is_superuser
+    return request.user.is_active

cardo_python_utils-0.5.dev2/python_utils/django/auth/keycloak.py

@@ -0,0 +1,119 @@
+from django.apps import apps
+from django.conf import settings
+from django.db import models
+from keycloak import KeycloakAdmin
+from keycloak import KeycloakOpenIDConnection
+from keycloak.exceptions import KeycloakGetError
+
+
+class UserGroupBase(models.Model):
+    """
+    Abstract base model for Keycloak user groups.
+    """
+    id = models.UUIDField(
+        primary_key=True,
+        help_text="The ID of the group, as coming from Keycloak.",
+    )
+    path = models.CharField(
+        max_length=255,
+        help_text="The full path of the group, as coming from Keycloak.",
+        db_index=True,
+    )
+
+    class Meta:
+        abstract = True
+
+
+class KeycloakService:
+    def __init__(self):
+        self._user_group_model = self._get_user_group_model()
+        self._keycloak_admin = self._get_keycloak_admin()
+
+    def sync_user_groups(self, raise_exceptions: bool = False):
+        print("Syncing user groups from Keycloak...")
+
+        try:
+            groups = self._keycloak_admin.get_groups(full_hierarchy=True)
+        except KeycloakGetError as e:
+            print(f"Failed to fetch groups from Keycloak: {str(e)}")
+            if raise_exceptions:
+                raise e
+
+            return
+
+        # Process existing and new groups
+        existing_groups = self._user_group_model.objects.all()
+        existing_groups_by_id = {str(group.id): group for group in existing_groups}
+
+        reported_group_ids = set()
+        for group in groups:
+            self._process_group_recursively(
+                group, existing_groups_by_id, reported_group_ids
+            )
+
+        # Identify deleted groups
+        deleted_groups = self._user_group_model.objects.exclude(
+            id__in=reported_group_ids
+        )
+        if deleted_groups.exists():
+            print(
+                f"Deleting groups no longer present in Keycloak: {list(deleted_groups.values_list('path', flat=True))}"
+            )
+            deleted_groups.delete()
+
+    def _get_keycloak_admin(self):
+        keycloak_connection = KeycloakOpenIDConnection(
+            server_url=settings.KEYCLOAK_SERVER_URL,
+            realm_name=settings.KEYCLOAK_REALM,
+            user_realm_name=settings.KEYCLOAK_REALM,
+            client_id=settings.KEYCLOAK_ADMIN_CLIENT_ID,
+            client_secret_key=settings.KEYCLOAK_ADMIN_CLIENT_SECRET,
+            verify=True,
+        )
+        return KeycloakAdmin(connection=keycloak_connection)
+
+    def _get_user_group_model(self):
+        """
+        Dynamically get the UserGroup model.
+
+        Attempts to use the model specified in settings.KEYCLOAK_USER_GROUP_MODEL.
+
+        Returns:
+            The UserGroup model class.
+
+        Raises:
+            LookupError: If the model cannot be found.
+        """
+        try:
+            model_string = getattr(settings, "KEYCLOAK_USER_GROUP_MODEL")
+        except AttributeError:
+            raise LookupError(
+                "Please set KEYCLOAK_USER_GROUP_MODEL in your Django settings "
+                "(e.g., 'myapp.models.UserGroup')."
+            )
+
+        return apps.get_model(model_string)
+
+    def _process_group_recursively(
+        self, group, existing_groups_by_id, reported_group_ids
+    ):
+        group_id = str(group["id"])
+        reported_group_ids.add(group_id)
+
+        if group_id in existing_groups_by_id:
+            existing_group = existing_groups_by_id[group_id]
+            if existing_group.path != group["path"]:
+                print(
+                    f"Updating group path from {existing_group.path} to {group['path']}..."
+                )
+                existing_group.path = group["path"]
+                existing_group.save()
+        else:
+            print(f"Creating new group with path {group['path']}...")
+            self._user_group_model.objects.create(id=group_id, path=group["path"])
+
+        if subgroups := group.get("subGroups"):
+            for subgroup in subgroups:
+                self._process_group_recursively(
+                    subgroup, existing_groups_by_id, reported_group_ids
+                )