cornflow 1.2.2__py3-none-any.whl → 1.2.3a1__py3-none-any.whl

cornflow/commands/permissions.py

@@ -79,9 +79,9 @@ def register_base_permissions_command(external_app: str = None, verbose: bool =
 
     # TODO: for now the permission are not going to get deleted just in case.
     #  We are just going to register new permissions
-    # if len(permissions_to_delete) > 0:
-    #     for permission in permissions_to_delete:
-    #         db.session.delete(permission)
+    if len(permissions_to_delete) > 0:
+        for permission in permissions_to_delete:
+            db.session.delete(permission)
 
     try:
         db.session.commit()

cornflow/shared/const.py

@@ -1,7 +1,7 @@
 """
 In this file we import the values for different constants on cornflow server
 """
-CORNFLOW_VERSION = "1.2.2"
+CORNFLOW_VERSION = "1.2.3a1"
 INTERNAL_TOKEN_ISSUER = "cornflow"
 
 # endpoints responses for health check

cornflow/tests/unit/test_commands.py

@@ -29,6 +29,7 @@ from cornflow.app import (
     register_dag_permissions,
     register_roles,
     register_views,
+    register_base_assignations,
 )
 from cornflow.commands.dag import register_deployed_dags_command_test
 from cornflow.endpoints import resources, alarms_resources
@@ -494,3 +495,92 @@ class TestCommands(TestCase):
             },
         )
         self.assertEqual(403, response.status_code)
+
+    def test_permissions_not_deleted_when_roles_removed_from_code(self):
+        """
+        Test that permissions are NOT deleted when roles are removed from ROLES_WITH_ACCESS.
+
+        This test demonstrates the current bug: when a role is removed from
+        ROLES_WITH_ACCESS in an endpoint's code, the corresponding permissions
+        in the database are not automatically deleted. This happens because
+        the deletion logic in register_base_permissions_command is commented out.
+
+        The test should currently FAIL to demonstrate the bug exists.
+        """
+        # First, initialize the access system normally
+        self.runner.invoke(access_init)
+
+        # Get the original ROLES_WITH_ACCESS for ExampleDataListEndpoint
+        from cornflow.endpoints.example_data import ExampleDataListEndpoint
+
+        original_roles = ExampleDataListEndpoint.ROLES_WITH_ACCESS.copy()
+
+        # Verify initial permissions are created for all three roles
+        # Get the view ID for the endpoint
+        from cornflow.models import ViewModel
+
+        view = ViewModel.query.filter_by(name="example-data").first()
+        self.assertIsNotNone(view, "example-data view should exist")
+
+        # Check permissions exist for all original roles
+        from cornflow.shared.const import ACTIONS_MAP
+        from cornflow.models import PermissionViewRoleModel
+
+        # Check GET action permissions (action_id=1 is typically GET)
+        get_action_id = 1
+        initial_permissions = PermissionViewRoleModel.query.filter_by(
+            api_view_id=view.id, action_id=get_action_id
+        ).all()
+
+        initial_role_ids = [perm.role_id for perm in initial_permissions]
+        self.assertEqual(
+            len(original_roles),
+            len(initial_permissions),
+            f"Should have permissions for all {len(original_roles)} original roles",
+        )
+
+        # Now simulate removing PLANNER_ROLE from ROLES_WITH_ACCESS
+        from cornflow.shared.const import PLANNER_ROLE, VIEWER_ROLE, ADMIN_ROLE
+
+        modified_roles = [VIEWER_ROLE, ADMIN_ROLE]  # Remove PLANNER_ROLE
+
+        # Temporarily modify the ROLES_WITH_ACCESS
+        ExampleDataListEndpoint.ROLES_WITH_ACCESS = modified_roles
+
+        try:
+
+            # Run the permission registration again
+            # (this simulates redeploying the app with modified roles)
+            self.runner.invoke(register_base_assignations, ["-v"])
+
+            # Check permissions after the "code change"
+            updated_permissions = PermissionViewRoleModel.query.filter_by(
+                api_view_id=view.id, action_id=get_action_id
+            ).all()
+
+            updated_role_ids = [perm.role_id for perm in updated_permissions]
+
+            # THIS IS THE BUG: The permission for PLANNER_ROLE should be deleted
+            # but it's not because the deletion logic is commented out
+            # So we expect this assertion to FAIL, demonstrating the bug
+            self.assertEqual(
+                len(modified_roles),
+                len(updated_permissions),
+                f"After removing PLANNER_ROLE from code, should only have {len(modified_roles)} permissions, "
+                f"but still has {len(updated_permissions)} permissions. "
+                f"This demonstrates the bug: permissions are not deleted when roles are removed from ROLES_WITH_ACCESS.",
+            )
+
+            # Also check that PLANNER_ROLE permission was actually removed
+            planner_permissions = [
+                perm for perm in updated_permissions if perm.role_id == PLANNER_ROLE
+            ]
+            self.assertEqual(
+                0,
+                len(planner_permissions),
+                "PLANNER_ROLE permission should have been deleted but still exists",
+            )
+
+        finally:
+            # Restore original ROLES_WITH_ACCESS to avoid affecting other tests
+            ExampleDataListEndpoint.ROLES_WITH_ACCESS = original_roles

{cornflow-1.2.2.dist-info → cornflow-1.2.3a1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cornflow
-Version: 1.2.2
+Version: 1.2.3a1
 Summary: cornflow is an open source multi-solver optimization server with a REST API built using flask.
 Home-page: https://github.com/baobabsoluciones/cornflow
 Author: baobab soluciones
@@ -14,7 +14,7 @@ Requires-Dist: alembic==1.9.2
 Requires-Dist: apispec<=6.3.0
 Requires-Dist: cachetools==5.3.3
 Requires-Dist: click<=8.1.7
-Requires-Dist: cornflow-client>=1.2.2
+Requires-Dist: cornflow-client>=1.2.0
 Requires-Dist: cryptography<=44.0.1
 Requires-Dist: disposable-email-domains>=0.0.86
 Requires-Dist: Flask==2.3.2

{cornflow-1.2.2.dist-info → cornflow-1.2.3a1.dist-info}/RECORD

@@ -32,7 +32,7 @@ cornflow/commands/access.py,sha256=NTZJFF9la8TDuMcD_ISQtJTj-wtM2p1dddokQJHtkj0,7
 cornflow/commands/actions.py,sha256=4AwgAmyI6VeaugkISvTlNGrIzMMU_-ZB3MhwDD_CIEA,1544
 cornflow/commands/cleanup.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cornflow/commands/dag.py,sha256=AtagFGnB_ucfO0qUawDgd4iRoBCVc-RiOs08DqXSwXM,3786
-cornflow/commands/permissions.py,sha256=mDPqiY2r2YXlUg4wmZRoI4GAMVFC6AjNT3kqzPEKUw8,6627
+cornflow/commands/permissions.py,sha256=iNa8I1jsuBBdA1XqoNz_tbm7YAb1-Oc6nitepYLNPRg,6621
 cornflow/commands/roles.py,sha256=Oux-UkswkQ74zqaMEJYIEsZpQZGBcGaSahVzx9feAHU,1516
 cornflow/commands/schemas.py,sha256=40dZSJ2nEqBa7Crb6DbFmnclT5e8ljAIjscOgHr9lhk,1970
 cornflow/commands/users.py,sha256=2YTbNYY5kZL6ujxGP4fyYgqtv5uuVGdkLR31n7OFFaE,2477
@@ -119,7 +119,7 @@ cornflow/schemas/user_role.py,sha256=e5y6RgdZZtLqD-h2B3sa5WokI5-pT78tWw85IG34I74
 cornflow/schemas/view.py,sha256=ctq9Y1TmjrWdyOqgDYeEx7qbbuNLKfSiNOlFTlXmpaw,429
 cornflow/shared/__init__.py,sha256=1ahcBwWOsSjGI4FEm77JBQjitBdBszOncKcEMjzwGYE,29
 cornflow/shared/compress.py,sha256=pohQaGs1xbH8CN6URIH6BAHA--pFq7Hmjz8oI3c3B5c,1347
-cornflow/shared/const.py,sha256=ndYbK94cs5tmwX1mFs6S_t5v_mC7il24IcicmNHL9Zw,3553
+cornflow/shared/const.py,sha256=nepftaeiyR-pmAXnHwws5MqCARoTqWPG_-TtCw3KufM,3555
 cornflow/shared/email.py,sha256=QNDDMv86LZObkevSCyUbLQeR2UD3zWScPIr82NDzYHQ,3437
 cornflow/shared/exceptions.py,sha256=E82488IiwTXCv8iwrnGvkTonhJcwbeE5ARO4Zsmhl2c,6966
 cornflow/shared/licenses.py,sha256=Lc71Jw2NxVTFWtoXdQ9wJX_o3BDfYg1xVoehDXvnCkQ,1328
@@ -148,7 +148,7 @@ cornflow/tests/unit/test_apiview.py,sha256=03M1GsQRVK7zqmslhOJXr4lLDLY2gMAgg86nk
 cornflow/tests/unit/test_application.py,sha256=ZVmTQDUOkPRxHqt6mWU9G_lQ3jJNMJR0cx7IkLMFGrU,1715
 cornflow/tests/unit/test_cases.py,sha256=Ez9dxlZL-SUf9DW9b_A_qPowHqUZ-TA73DMOzeBeLIU,37718
 cornflow/tests/unit/test_cli.py,sha256=E2w-Lzgx_k__0mYwlbg2z80_z9nwPZKI0CbgyGmpQRY,18775
-cornflow/tests/unit/test_commands.py,sha256=kvO8Vn60rj3WBG2oXw7NpDSEYoGLNe806txbJPhtNJo,14722
+cornflow/tests/unit/test_commands.py,sha256=ZajFnltdPlw4o6B5Cf7ZSYhZb6fM9z6tARhFOhKMug8,18695
 cornflow/tests/unit/test_dags.py,sha256=XsOi5bBJQdQz3DmYAVJf1myoAsRyBBdmku-xBr0Bku0,13386
 cornflow/tests/unit/test_data_checks.py,sha256=6s50d1iuRTUcAYn14oEcRS39ZZ6E9ussU4YpkpYhtC4,8612
 cornflow/tests/unit/test_example_data.py,sha256=D-Tgnqw7NZlnBXaDcUU0reNhAca5JlJP2Sdn3KdS4Sw,4127
@@ -169,8 +169,8 @@ cornflow/tests/unit/test_tables.py,sha256=SW_K8LRLwR1nB0uH8CPQCjeN8Gei-TasAgkOin
 cornflow/tests/unit/test_token.py,sha256=PZ11b46UCQpCESsRiAPhpgWkGAsAwKCVNxVQai_kxXM,4199
 cornflow/tests/unit/test_users.py,sha256=N5tcF5nSncD0F_ZlBxGuS87p6kNS4hUzRLr3_AcnK-o,22802
 cornflow/tests/unit/tools.py,sha256=ag3sWv2WLi498R1GL5AOUnXqSsszD3UugzLZLC5NqAw,585
-cornflow-1.2.2.dist-info/METADATA,sha256=PMSZtEpia3rytt8MfgpZn2zUEzh-Lwi2LtEVXYBt394,9527
-cornflow-1.2.2.dist-info/WHEEL,sha256=zaaOINJESkSfm_4HQVc5ssNzHCPXhJm0kEUakpsEHaU,91
-cornflow-1.2.2.dist-info/entry_points.txt,sha256=q9cPKAFBsmHkERCqQ2JcOTM-tVBLHTl-DGxwCXowAWM,46
-cornflow-1.2.2.dist-info/top_level.txt,sha256=Qj9kLFJW1PLb-ZV2s_aCkQ-Wi5W6KC6fFR-LTBrx-rU,24
-cornflow-1.2.2.dist-info/RECORD,,
+cornflow-1.2.3a1.dist-info/METADATA,sha256=zrEdE7w5XdzXENv06QWMxLNDmS0Zfcvpq5zsaJtuaGs,9529
+cornflow-1.2.3a1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+cornflow-1.2.3a1.dist-info/entry_points.txt,sha256=q9cPKAFBsmHkERCqQ2JcOTM-tVBLHTl-DGxwCXowAWM,46
+cornflow-1.2.3a1.dist-info/top_level.txt,sha256=Qj9kLFJW1PLb-ZV2s_aCkQ-Wi5W6KC6fFR-LTBrx-rU,24
+cornflow-1.2.3a1.dist-info/RECORD,,

{cornflow-1.2.2.dist-info → cornflow-1.2.3a1.dist-info}/WHEEL

@@ -1,5 +1,5 @@
 Wheel-Version: 1.0
-Generator: setuptools (80.8.0)
+Generator: setuptools (80.9.0)
 Root-Is-Purelib: true
 Tag: py3-none-any