PyPI - chewy-attachment - Versions diffs - 0.1.0__py3-none-any.whl - Mend

chewy-attachment 0.1.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

chewy_attachment/__init__.py +3 -0
chewy_attachment/core/__init__.py +21 -0
chewy_attachment/core/exceptions.py +38 -0
chewy_attachment/core/permissions.py +136 -0
chewy_attachment/core/schemas.py +61 -0
chewy_attachment/core/storage.py +158 -0
chewy_attachment/core/utils.py +56 -0
chewy_attachment/django_app/__init__.py +3 -0
chewy_attachment/django_app/admin.py +16 -0
chewy_attachment/django_app/apps.py +11 -0
chewy_attachment/django_app/migrations/0001_initial.py +33 -0
chewy_attachment/django_app/migrations/__init__.py +0 -0
chewy_attachment/django_app/models.py +64 -0
chewy_attachment/django_app/permissions.py +36 -0
chewy_attachment/django_app/serializers.py +35 -0
chewy_attachment/django_app/tests/__init__.py +0 -0
chewy_attachment/django_app/tests/conftest.py +56 -0
chewy_attachment/django_app/tests/test_views.py +207 -0
chewy_attachment/django_app/urls.py +14 -0
chewy_attachment/django_app/views.py +202 -0
chewy_attachment/fastapi_app/__init__.py +5 -0
chewy_attachment/fastapi_app/crud.py +93 -0
chewy_attachment/fastapi_app/dependencies.py +190 -0
chewy_attachment/fastapi_app/models.py +51 -0
chewy_attachment/fastapi_app/router.py +134 -0
chewy_attachment/fastapi_app/schemas.py +31 -0
chewy_attachment/fastapi_app/tests/__init__.py +0 -0
chewy_attachment/fastapi_app/tests/conftest.py +113 -0
chewy_attachment/fastapi_app/tests/test_router.py +182 -0
chewy_attachment-0.1.0.dist-info/METADATA +384 -0
chewy_attachment-0.1.0.dist-info/RECORD +33 -0
chewy_attachment-0.1.0.dist-info/WHEEL +4 -0
chewy_attachment-0.1.0.dist-info/licenses/LICENSE +21 -0

chewy_attachment/fastapi_app/dependencies.py ADDED Viewed

@@ -0,0 +1,190 @@
+"""Dependency injection for ChewyAttachment FastAPI app"""
+from pathlib import Path
+from typing import Generator, Optional
+from fastapi import Depends, HTTPException, Request, status
+from sqlmodel import Session, SQLModel, create_engine
+from ..core.permissions import PermissionChecker
+from ..core.schemas import UserContext
+from ..core.storage import FileStorageEngine
+from .crud import get_attachment
+from .models import Attachment
+_engine = None
+_storage_root: Optional[Path] = None
+def configure(database_url: str, storage_root: str | Path) -> None:
+    """
+    Configure database and storage for the FastAPI app.
+    Must be called before using the app.
+    Args:
+        database_url: SQLAlchemy database URL
+        storage_root: Root directory for file storage
+    """
+    global _engine, _storage_root
+    _engine = create_engine(database_url, echo=False)
+    SQLModel.metadata.create_all(_engine)
+    _storage_root = Path(storage_root)
+def get_engine():
+    """Get database engine"""
+    if _engine is None:
+        raise RuntimeError(
+            "Database not configured. Call configure() first."
+        )
+    return _engine
+def get_session() -> Generator[Session, None, None]:
+    """
+    Get database session dependency.
+    Yields:
+        Database session
+    """
+    engine = get_engine()
+    with Session(engine) as session:
+        yield session
+def get_storage_engine() -> FileStorageEngine:
+    """
+    Get storage engine dependency.
+    Returns:
+        FileStorageEngine instance
+    """
+    if _storage_root is None:
+        raise RuntimeError(
+            "Storage not configured. Call configure() first."
+        )
+    return FileStorageEngine(_storage_root)
+def get_current_user(request: Request) -> UserContext:
+    """
+    Get current user from request.
+    This dependency should be overridden by the host application
+    to provide actual user authentication.
+    By default, it checks for user_id in request.state.
+    Args:
+        request: FastAPI request
+    Returns:
+        UserContext instance
+    """
+    if hasattr(request.state, "user_id") and request.state.user_id:
+        return UserContext.authenticated(str(request.state.user_id))
+    return UserContext.anonymous()
+def get_current_user_required(
+    user: UserContext = Depends(get_current_user),
+) -> UserContext:
+    """
+    Get current user, requiring authentication.
+    Args:
+        user: User context from get_current_user
+    Returns:
+        UserContext instance
+    Raises:
+        HTTPException: If user is not authenticated
+    """
+    if not user.is_authenticated:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Authentication required",
+        )
+    return user
+def get_attachment_or_404(
+    attachment_id: str,
+    session: Session = Depends(get_session),
+) -> Attachment:
+    """
+    Get attachment by ID or raise 404.
+    Args:
+        attachment_id: Attachment ID
+        session: Database session
+    Returns:
+        Attachment instance
+    Raises:
+        HTTPException: If attachment not found
+    """
+    attachment = get_attachment(session, attachment_id)
+    if attachment is None:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="Attachment not found",
+        )
+    return attachment
+def require_view_permission(
+    attachment: Attachment = Depends(get_attachment_or_404),
+    user: UserContext = Depends(get_current_user),
+) -> Attachment:
+    """
+    Require view permission for attachment.
+    Args:
+        attachment: Attachment instance
+        user: User context
+    Returns:
+        Attachment instance if permitted
+    Raises:
+        HTTPException: If permission denied
+    """
+    file_metadata = attachment.to_file_metadata()
+    if not PermissionChecker.can_view(file_metadata, user):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="You do not have permission to view this file",
+        )
+    return attachment
+def require_delete_permission(
+    attachment: Attachment = Depends(get_attachment_or_404),
+    user: UserContext = Depends(get_current_user),
+) -> Attachment:
+    """
+    Require delete permission for attachment.
+    Args:
+        attachment: Attachment instance
+        user: User context
+    Returns:
+        Attachment instance if permitted
+    Raises:
+        HTTPException: If permission denied
+    """
+    file_metadata = attachment.to_file_metadata()
+    if not PermissionChecker.can_delete(file_metadata, user):
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Only the file owner can delete this file",
+        )
+    return attachment

chewy_attachment/fastapi_app/models.py ADDED Viewed

@@ -0,0 +1,51 @@
+"""SQLModel models for ChewyAttachment FastAPI app"""
+import uuid
+from datetime import datetime
+from sqlmodel import Field, SQLModel
+from ..core.schemas import FileMetadata
+class Attachment(SQLModel, table=True):
+    """Attachment model for storing file metadata"""
+    __tablename__ = "chewy_attachment_files"
+    id: str = Field(
+        default_factory=lambda: str(uuid.uuid4()),
+        primary_key=True,
+        max_length=36,
+    )
+    original_name: str = Field(max_length=255)
+    storage_path: str = Field(max_length=500)
+    mime_type: str = Field(max_length=100)
+    size: int
+    owner_id: str = Field(max_length=100, index=True)
+    is_public: bool = Field(default=False, index=True)
+    created_at: datetime = Field(default_factory=datetime.now, index=True)
+    def to_file_metadata(self) -> FileMetadata:
+        """Convert to FileMetadata for permission checking"""
+        return FileMetadata(
+            id=self.id,
+            original_name=self.original_name,
+            storage_path=self.storage_path,
+            mime_type=self.mime_type,
+            size=self.size,
+            owner_id=self.owner_id,
+            is_public=self.is_public,
+            created_at=self.created_at,
+        )
+class AttachmentCreate(SQLModel):
+    """Schema for creating attachment (internal use)"""
+    original_name: str
+    storage_path: str
+    mime_type: str
+    size: int
+    owner_id: str
+    is_public: bool = False

chewy_attachment/fastapi_app/router.py ADDED Viewed

@@ -0,0 +1,134 @@
+"""FastAPI router for ChewyAttachment"""
+from fastapi import APIRouter, Depends, File, Form, HTTPException, UploadFile, status
+from fastapi.responses import FileResponse
+from sqlmodel import Session
+from ..core.schemas import UserContext
+from ..core.storage import FileStorageEngine
+from . import crud
+from .dependencies import (
+    get_current_user_required,
+    get_session,
+    get_storage_engine,
+    require_delete_permission,
+    require_view_permission,
+)
+from .models import Attachment, AttachmentCreate
+from .schemas import AttachmentResponse, ErrorResponse
+router = APIRouter(prefix="/files", tags=["attachments"])
+@router.post(
+    "",
+    response_model=AttachmentResponse,
+    status_code=status.HTTP_201_CREATED,
+    responses={
+        401: {"model": ErrorResponse, "description": "Authentication required"},
+    },
+)
+async def upload_file(
+    file: UploadFile = File(...),
+    is_public: bool = Form(default=False),
+    session: Session = Depends(get_session),
+    storage: FileStorageEngine = Depends(get_storage_engine),
+    user: UserContext = Depends(get_current_user_required),
+):
+    """
+    Upload a new file.
+    - **file**: File to upload
+    - **is_public**: Whether the file should be publicly accessible
+    """
+    content = await file.read()
+    original_name = file.filename or "unnamed"
+    result = storage.save_file(content, original_name)
+    attachment_data = AttachmentCreate(
+        original_name=original_name,
+        storage_path=result.storage_path,
+        mime_type=result.mime_type,
+        size=result.size,
+        owner_id=user.user_id,
+        is_public=is_public,
+    )
+    attachment = crud.create_attachment(session, attachment_data)
+    return attachment
+@router.get(
+    "/{attachment_id}",
+    response_model=AttachmentResponse,
+    responses={
+        403: {"model": ErrorResponse, "description": "Permission denied"},
+        404: {"model": ErrorResponse, "description": "Attachment not found"},
+    },
+)
+async def get_file_info(
+    attachment: Attachment = Depends(require_view_permission),
+):
+    """
+    Get file metadata.
+    - **attachment_id**: UUID of the attachment
+    """
+    return attachment
+@router.get(
+    "/{attachment_id}/content",
+    responses={
+        403: {"model": ErrorResponse, "description": "Permission denied"},
+        404: {"model": ErrorResponse, "description": "Attachment not found"},
+    },
+)
+async def download_file(
+    attachment: Attachment = Depends(require_view_permission),
+    storage: FileStorageEngine = Depends(get_storage_engine),
+):
+    """
+    Download file content.
+    - **attachment_id**: UUID of the attachment
+    """
+    try:
+        file_path = storage.get_file_path(attachment.storage_path)
+    except Exception:
+        raise HTTPException(
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="File not found on storage",
+        )
+    return FileResponse(
+        path=file_path,
+        media_type=attachment.mime_type,
+        filename=attachment.original_name,
+    )
+@router.delete(
+    "/{attachment_id}",
+    status_code=status.HTTP_204_NO_CONTENT,
+    responses={
+        403: {"model": ErrorResponse, "description": "Permission denied"},
+        404: {"model": ErrorResponse, "description": "Attachment not found"},
+    },
+)
+async def delete_file(
+    attachment: Attachment = Depends(require_delete_permission),
+    session: Session = Depends(get_session),
+    storage: FileStorageEngine = Depends(get_storage_engine),
+):
+    """
+    Delete a file.
+    Only the file owner can delete the file.
+    - **attachment_id**: UUID of the attachment
+    """
+    storage.delete_file(attachment.storage_path)
+    crud.delete_attachment(session, attachment)
+    return None

chewy_attachment/fastapi_app/schemas.py ADDED Viewed

@@ -0,0 +1,31 @@
+"""Pydantic schemas for ChewyAttachment FastAPI app"""
+from datetime import datetime
+from pydantic import BaseModel
+class AttachmentResponse(BaseModel):
+    """Response schema for attachment"""
+    id: str
+    original_name: str
+    mime_type: str
+    size: int
+    owner_id: str
+    is_public: bool
+    created_at: datetime
+    model_config = {"from_attributes": True}
+class AttachmentUploadForm(BaseModel):
+    """Form data for file upload (excluding file itself)"""
+    is_public: bool = False
+class ErrorResponse(BaseModel):
+    """Error response schema"""
+    detail: str

chewy_attachment/fastapi_app/tests/__init__.py ADDED Viewed

File without changes

chewy_attachment/fastapi_app/tests/conftest.py ADDED Viewed

@@ -0,0 +1,113 @@
+"""pytest configuration for FastAPI tests"""
+import shutil
+from pathlib import Path
+from typing import Callable, Optional
+import pytest
+from fastapi import FastAPI
+from fastapi.testclient import TestClient
+from sqlmodel import Session, SQLModel, create_engine
+from chewy_attachment.core.schemas import UserContext
+from chewy_attachment.fastapi_app import dependencies
+from chewy_attachment.fastapi_app.router import router
+TEST_DIR = Path(__file__).parent.absolute()
+TEST_STORAGE = TEST_DIR / "test_storage"
+TEST_DB = TEST_DIR / "test.db"
+_current_user_id: Optional[str] = None
+def _get_test_current_user() -> UserContext:
+    """Get current user for testing"""
+    if _current_user_id is not None:
+        return UserContext.authenticated(_current_user_id)
+    return UserContext.anonymous()
+@pytest.fixture(scope="session", autouse=True)
+def setup_test_environment():
+    """Set up test environment"""
+    TEST_STORAGE.mkdir(parents=True, exist_ok=True)
+    yield
+    if TEST_STORAGE.exists():
+        shutil.rmtree(TEST_STORAGE)
+    if TEST_DB.exists():
+        TEST_DB.unlink()
+@pytest.fixture(scope="function")
+def db_engine():
+    """Create test database engine"""
+    db_path = TEST_DIR / f"test_{id(object())}.db"
+    engine = create_engine(
+        f"sqlite:///{db_path}",
+        connect_args={"check_same_thread": False},
+    )
+    SQLModel.metadata.create_all(engine)
+    yield engine
+    engine.dispose()
+    if db_path.exists():
+        db_path.unlink()
+@pytest.fixture
+def db_session(db_engine):
+    """Create test database session"""
+    with Session(db_engine) as session:
+        yield session
+@pytest.fixture
+def app(db_engine):
+    """Create test FastAPI app"""
+    test_app = FastAPI()
+    dependencies._engine = db_engine
+    dependencies._storage_root = TEST_STORAGE
+    test_app.include_router(router)
+    test_app.dependency_overrides[dependencies.get_current_user] = _get_test_current_user
+    yield test_app
+    test_app.dependency_overrides.clear()
+@pytest.fixture
+def client(app):
+    """Create test client"""
+    return TestClient(app)
+@pytest.fixture
+def user1_id():
+    """User 1 ID"""
+    return "user-1-test-id"
+@pytest.fixture
+def user2_id():
+    """User 2 ID"""
+    return "user-2-test-id"
+@pytest.fixture
+def set_current_user() -> Callable[[Optional[str]], None]:
+    """Fixture to set current user for testing"""
+    def _set_user(user_id: Optional[str]):
+        global _current_user_id
+        _current_user_id = user_id
+    yield _set_user
+    global _current_user_id
+    _current_user_id = None

chewy_attachment/fastapi_app/tests/test_router.py ADDED Viewed

@@ -0,0 +1,182 @@
+"""Unit tests for FastAPI router"""
+import io
+import shutil
+from pathlib import Path
+from fastapi import status
+TEST_DIR = Path(__file__).parent.absolute()
+TEST_STORAGE = TEST_DIR / "test_storage"
+class TestAttachmentRouter:
+    """Test cases for attachment API router"""
+    TEST_FILE_CONTENT = b"Hello, this is test file content!"
+    TEST_FILE_NAME = "test.txt"
+    def setup_method(self):
+        """Set up before each test"""
+        TEST_STORAGE.mkdir(parents=True, exist_ok=True)
+    def teardown_method(self):
+        """Clean up after each test"""
+        if TEST_STORAGE.exists():
+            for item in TEST_STORAGE.iterdir():
+                if item.is_dir():
+                    shutil.rmtree(item)
+                else:
+                    item.unlink()
+    def _upload_file(self, client, is_public: bool = False):
+        """Helper to upload a file"""
+        files = {"file": (self.TEST_FILE_NAME, io.BytesIO(self.TEST_FILE_CONTENT))}
+        data = {"is_public": str(is_public).lower()}
+        return client.post("/files", files=files, data=data)
+    def test_upload_file_success(self, client, set_current_user, user1_id):
+        """Test successful file upload"""
+        set_current_user(user1_id)
+        response = self._upload_file(client)
+        assert response.status_code == status.HTTP_201_CREATED
+        data = response.json()
+        assert data["original_name"] == self.TEST_FILE_NAME
+        assert data["size"] == len(self.TEST_FILE_CONTENT)
+        assert data["owner_id"] == user1_id
+        assert data["is_public"] is False
+    def test_upload_file_public(self, client, set_current_user, user1_id):
+        """Test uploading public file"""
+        set_current_user(user1_id)
+        response = self._upload_file(client, is_public=True)
+        assert response.status_code == status.HTTP_201_CREATED
+        data = response.json()
+        assert data["is_public"] is True
+    def test_upload_file_unauthenticated_fails(self, client, set_current_user):
+        """Test upload fails without authentication"""
+        set_current_user(None)
+        files = {"file": (self.TEST_FILE_NAME, io.BytesIO(self.TEST_FILE_CONTENT))}
+        response = client.post("/files", files=files)
+        assert response.status_code == status.HTTP_401_UNAUTHORIZED
+    def test_get_file_info_by_owner(self, client, set_current_user, user1_id):
+        """Test owner can get file info"""
+        set_current_user(user1_id)
+        upload_response = self._upload_file(client)
+        file_id = upload_response.json()["id"]
+        response = client.get(f"/files/{file_id}")
+        assert response.status_code == status.HTTP_200_OK
+        assert response.json()["id"] == file_id
+    def test_get_private_file_info_by_non_owner_fails(
+        self, client, set_current_user, user1_id, user2_id
+    ):
+        """Test non-owner cannot get private file info"""
+        set_current_user(user1_id)
+        upload_response = self._upload_file(client, is_public=False)
+        file_id = upload_response.json()["id"]
+        set_current_user(user2_id)
+        response = client.get(f"/files/{file_id}")
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+    def test_get_public_file_info_anonymous(self, client, set_current_user, user1_id):
+        """Test anonymous user can get public file info"""
+        set_current_user(user1_id)
+        upload_response = self._upload_file(client, is_public=True)
+        file_id = upload_response.json()["id"]
+        set_current_user(None)
+        response = client.get(f"/files/{file_id}")
+        assert response.status_code == status.HTTP_200_OK
+        assert response.json()["id"] == file_id
+    def test_delete_file_by_owner(self, client, set_current_user, user1_id):
+        """Test owner can delete file"""
+        set_current_user(user1_id)
+        upload_response = self._upload_file(client)
+        file_id = upload_response.json()["id"]
+        response = client.delete(f"/files/{file_id}")
+        assert response.status_code == status.HTTP_204_NO_CONTENT
+    def test_delete_file_by_non_owner_fails(
+        self, client, set_current_user, user1_id, user2_id
+    ):
+        """Test non-owner cannot delete file"""
+        set_current_user(user1_id)
+        upload_response = self._upload_file(client)
+        file_id = upload_response.json()["id"]
+        set_current_user(user2_id)
+        response = client.delete(f"/files/{file_id}")
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+    def test_delete_public_file_by_non_owner_fails(
+        self, client, set_current_user, user1_id, user2_id
+    ):
+        """Test non-owner cannot delete even public file"""
+        set_current_user(user1_id)
+        upload_response = self._upload_file(client, is_public=True)
+        file_id = upload_response.json()["id"]
+        set_current_user(user2_id)
+        response = client.delete(f"/files/{file_id}")
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+    def test_download_file_by_owner(self, client, set_current_user, user1_id):
+        """Test owner can download file"""
+        set_current_user(user1_id)
+        upload_response = self._upload_file(client)
+        file_id = upload_response.json()["id"]
+        response = client.get(f"/files/{file_id}/content")
+        assert response.status_code == status.HTTP_200_OK
+        assert response.content == self.TEST_FILE_CONTENT
+    def test_download_private_file_by_non_owner_fails(
+        self, client, set_current_user, user1_id, user2_id
+    ):
+        """Test non-owner cannot download private file"""
+        set_current_user(user1_id)
+        upload_response = self._upload_file(client, is_public=False)
+        file_id = upload_response.json()["id"]
+        set_current_user(user2_id)
+        response = client.get(f"/files/{file_id}/content")
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+    def test_download_public_file_anonymous(self, client, set_current_user, user1_id):
+        """Test anonymous user can download public file"""
+        set_current_user(user1_id)
+        upload_response = self._upload_file(client, is_public=True)
+        file_id = upload_response.json()["id"]
+        set_current_user(None)
+        response = client.get(f"/files/{file_id}/content")
+        assert response.status_code == status.HTTP_200_OK
+        assert response.content == self.TEST_FILE_CONTENT
+    def test_get_nonexistent_file_returns_404(self, client, set_current_user, user1_id):
+        """Test 404 for nonexistent file"""
+        set_current_user(user1_id)
+        response = client.get("/files/00000000-0000-0000-0000-000000000000")
+        assert response.status_code == status.HTTP_404_NOT_FOUND