cornflow 1.2.2__tar.gz → 1.2.3a1__tar.gz

{cornflow-1.2.2/cornflow.egg-info → cornflow-1.2.3a1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cornflow
-Version: 1.2.2
+Version: 1.2.3a1
 Summary: cornflow is an open source multi-solver optimization server with a REST API built using flask.
 Home-page: https://github.com/baobabsoluciones/cornflow
 Author: baobab soluciones
@@ -14,7 +14,7 @@ Requires-Dist: alembic==1.9.2
 Requires-Dist: apispec<=6.3.0
 Requires-Dist: cachetools==5.3.3
 Requires-Dist: click<=8.1.7
-Requires-Dist: cornflow-client>=1.2.2
+Requires-Dist: cornflow-client>=1.2.0
 Requires-Dist: cryptography<=44.0.1
 Requires-Dist: disposable-email-domains>=0.0.86
 Requires-Dist: Flask==2.3.2

{cornflow-1.2.2 → cornflow-1.2.3a1}/cornflow/commands/permissions.py

@@ -79,9 +79,9 @@ def register_base_permissions_command(external_app: str = None, verbose: bool =
 
     # TODO: for now the permission are not going to get deleted just in case.
     #  We are just going to register new permissions
-    # if len(permissions_to_delete) > 0:
-    #     for permission in permissions_to_delete:
-    #         db.session.delete(permission)
+    if len(permissions_to_delete) > 0:
+        for permission in permissions_to_delete:
+            db.session.delete(permission)
 
     try:
         db.session.commit()

{cornflow-1.2.2 → cornflow-1.2.3a1}/cornflow/shared/const.py

@@ -1,7 +1,7 @@
 """
 In this file we import the values for different constants on cornflow server
 """
-CORNFLOW_VERSION = "1.2.2"
+CORNFLOW_VERSION = "1.2.3a1"
 INTERNAL_TOKEN_ISSUER = "cornflow"
 
 # endpoints responses for health check

{cornflow-1.2.2 → cornflow-1.2.3a1}/cornflow/tests/unit/test_commands.py

@@ -29,6 +29,7 @@ from cornflow.app import (
     register_dag_permissions,
     register_roles,
     register_views,
+    register_base_assignations,
 )
 from cornflow.commands.dag import register_deployed_dags_command_test
 from cornflow.endpoints import resources, alarms_resources
@@ -494,3 +495,92 @@ class TestCommands(TestCase):
             },
         )
         self.assertEqual(403, response.status_code)
+
+    def test_permissions_not_deleted_when_roles_removed_from_code(self):
+        """
+        Test that permissions are NOT deleted when roles are removed from ROLES_WITH_ACCESS.
+
+        This test demonstrates the current bug: when a role is removed from
+        ROLES_WITH_ACCESS in an endpoint's code, the corresponding permissions
+        in the database are not automatically deleted. This happens because
+        the deletion logic in register_base_permissions_command is commented out.
+
+        The test should currently FAIL to demonstrate the bug exists.
+        """
+        # First, initialize the access system normally
+        self.runner.invoke(access_init)
+
+        # Get the original ROLES_WITH_ACCESS for ExampleDataListEndpoint
+        from cornflow.endpoints.example_data import ExampleDataListEndpoint
+
+        original_roles = ExampleDataListEndpoint.ROLES_WITH_ACCESS.copy()
+
+        # Verify initial permissions are created for all three roles
+        # Get the view ID for the endpoint
+        from cornflow.models import ViewModel
+
+        view = ViewModel.query.filter_by(name="example-data").first()
+        self.assertIsNotNone(view, "example-data view should exist")
+
+        # Check permissions exist for all original roles
+        from cornflow.shared.const import ACTIONS_MAP
+        from cornflow.models import PermissionViewRoleModel
+
+        # Check GET action permissions (action_id=1 is typically GET)
+        get_action_id = 1
+        initial_permissions = PermissionViewRoleModel.query.filter_by(
+            api_view_id=view.id, action_id=get_action_id
+        ).all()
+
+        initial_role_ids = [perm.role_id for perm in initial_permissions]
+        self.assertEqual(
+            len(original_roles),
+            len(initial_permissions),
+            f"Should have permissions for all {len(original_roles)} original roles",
+        )
+
+        # Now simulate removing PLANNER_ROLE from ROLES_WITH_ACCESS
+        from cornflow.shared.const import PLANNER_ROLE, VIEWER_ROLE, ADMIN_ROLE
+
+        modified_roles = [VIEWER_ROLE, ADMIN_ROLE]  # Remove PLANNER_ROLE
+
+        # Temporarily modify the ROLES_WITH_ACCESS
+        ExampleDataListEndpoint.ROLES_WITH_ACCESS = modified_roles
+
+        try:
+
+            # Run the permission registration again
+            # (this simulates redeploying the app with modified roles)
+            self.runner.invoke(register_base_assignations, ["-v"])
+
+            # Check permissions after the "code change"
+            updated_permissions = PermissionViewRoleModel.query.filter_by(
+                api_view_id=view.id, action_id=get_action_id
+            ).all()
+
+            updated_role_ids = [perm.role_id for perm in updated_permissions]
+
+            # THIS IS THE BUG: The permission for PLANNER_ROLE should be deleted
+            # but it's not because the deletion logic is commented out
+            # So we expect this assertion to FAIL, demonstrating the bug
+            self.assertEqual(
+                len(modified_roles),
+                len(updated_permissions),
+                f"After removing PLANNER_ROLE from code, should only have {len(modified_roles)} permissions, "
+                f"but still has {len(updated_permissions)} permissions. "
+                f"This demonstrates the bug: permissions are not deleted when roles are removed from ROLES_WITH_ACCESS.",
+            )
+
+            # Also check that PLANNER_ROLE permission was actually removed
+            planner_permissions = [
+                perm for perm in updated_permissions if perm.role_id == PLANNER_ROLE
+            ]
+            self.assertEqual(
+                0,
+                len(planner_permissions),
+                "PLANNER_ROLE permission should have been deleted but still exists",
+            )
+
+        finally:
+            # Restore original ROLES_WITH_ACCESS to avoid affecting other tests
+            ExampleDataListEndpoint.ROLES_WITH_ACCESS = original_roles

{cornflow-1.2.2 → cornflow-1.2.3a1/cornflow.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cornflow
-Version: 1.2.2
+Version: 1.2.3a1
 Summary: cornflow is an open source multi-solver optimization server with a REST API built using flask.
 Home-page: https://github.com/baobabsoluciones/cornflow
 Author: baobab soluciones
@@ -14,7 +14,7 @@ Requires-Dist: alembic==1.9.2
 Requires-Dist: apispec<=6.3.0
 Requires-Dist: cachetools==5.3.3
 Requires-Dist: click<=8.1.7
-Requires-Dist: cornflow-client>=1.2.2
+Requires-Dist: cornflow-client>=1.2.0
 Requires-Dist: cryptography<=44.0.1
 Requires-Dist: disposable-email-domains>=0.0.86
 Requires-Dist: Flask==2.3.2

{cornflow-1.2.2 → cornflow-1.2.3a1}/cornflow.egg-info/requires.txt

@@ -2,7 +2,7 @@ alembic==1.9.2
 apispec<=6.3.0
 cachetools==5.3.3
 click<=8.1.7
-cornflow-client>=1.2.2
+cornflow-client>=1.2.0
 cryptography<=44.0.1
 disposable-email-domains>=0.0.86
 Flask==2.3.2

{cornflow-1.2.2 → cornflow-1.2.3a1}/requirements.txt

@@ -2,7 +2,7 @@ alembic==1.9.2
 apispec<=6.3.0
 cachetools==5.3.3
 click<=8.1.7
-cornflow-client>=1.2.2
+cornflow-client>=1.2.0
 cryptography<=44.0.1
 disposable-email-domains>=0.0.86
 Flask==2.3.2

{cornflow-1.2.2 → cornflow-1.2.3a1}/setup.py

@@ -9,7 +9,7 @@ with open("requirements.txt", "r") as fh:
 
 setuptools.setup(
     name="cornflow",
-    version="1.2.2",
+    version="1.2.3a1",
     author="baobab soluciones",
     author_email="cornflow@baobabsoluciones.es",
     description="cornflow is an open source multi-solver optimization server with a REST API built using flask.",