cornflow 1.2.3a1__py3-none-any.whl → 1.2.3a2__py3-none-any.whl

cornflow/commands/permissions.py

@@ -4,8 +4,14 @@ from importlib import import_module
 from cornflow.shared.const import (
     BASE_PERMISSION_ASSIGNATION,
     EXTRA_PERMISSION_ASSIGNATION,
+    ROLES_MAP,
+    GET_ACTION,
+    PATCH_ACTION,
+    POST_ACTION,
+    PUT_ACTION,
+    DELETE_ACTION,
 )
-from cornflow.models import ViewModel, PermissionViewRoleModel
+from cornflow.models import ViewModel, PermissionViewRoleModel, RoleModel
 from cornflow.shared import db
 from flask import current_app
 from sqlalchemy.exc import DBAPIError, IntegrityError
@@ -14,6 +20,7 @@ from sqlalchemy.exc import DBAPIError, IntegrityError
 def register_base_permissions_command(external_app: str = None, verbose: bool = False):
     if external_app is None:
         from cornflow.endpoints import resources, alarms_resources
+
         resources_to_register = resources
         if current_app.config["ALARMS_ENDPOINTS"]:
             resources_to_register = resources + alarms_resources
@@ -31,6 +38,21 @@ def register_base_permissions_command(external_app: str = None, verbose: bool =
         (perm.role_id, perm.action_id, perm.api_view_id) for perm in permissions_in_db
     ]
     resources_names = [resource["endpoint"] for resource in resources_to_register]
+    roles_in_db = [role.name for role in RoleModel.get_all_objects()]
+    # Check which roles are not in ROLES_MAP
+    roles_not_in_map = [role for role in roles_in_db if role not in ROLES_MAP.keys()]
+    complete_base_assignation = BASE_PERMISSION_ASSIGNATION.copy()
+    if len(roles_not_in_map) > 0:
+        # We add to the complete_base_assignation the roles that are not in ROLES_MAP
+        for role in roles_not_in_map:
+            for action in [
+                GET_ACTION,
+                PATCH_ACTION,
+                POST_ACTION,
+                PUT_ACTION,
+                DELETE_ACTION,
+            ]:
+                complete_base_assignation.append((role, action))
 
     # Create base permissions
     permissions_in_app = [
@@ -41,7 +63,7 @@ def register_base_permissions_command(external_app: str = None, verbose: bool =
                 "api_view_id": views_in_db[view["endpoint"]],
             }
         )
-        for role, action in BASE_PERMISSION_ASSIGNATION
+        for role, action in complete_base_assignation
         for view in resources_to_register
         if role in view["resource"].ROLES_WITH_ACCESS
     ] + [

cornflow/shared/const.py

@@ -1,7 +1,7 @@
 """
 In this file we import the values for different constants on cornflow server
 """
-CORNFLOW_VERSION = "1.2.3a1"
+CORNFLOW_VERSION = "1.2.3a2"
 INTERNAL_TOKEN_ISSUER = "cornflow"
 
 # endpoints responses for health check

cornflow/tests/unit/test_commands.py

@@ -584,3 +584,60 @@ class TestCommands(TestCase):
         finally:
             # Restore original ROLES_WITH_ACCESS to avoid affecting other tests
             ExampleDataListEndpoint.ROLES_WITH_ACCESS = original_roles
+
+    def test_custom_role_permissions_are_preserved(self):
+        """
+        Test that permissions for custom roles (not in ROLES_MAP) are preserved
+        during permission synchronization.
+
+        This test verifies that when permissions are synchronized, only permissions
+        for roles defined in ROLES_MAP are subject to deletion, while custom roles
+        added manually to the database are preserved.
+        """
+        # First, initialize the access system normally
+        self.runner.invoke(access_init)
+
+        # Get a view to work with
+        from cornflow.models import ViewModel, PermissionViewRoleModel, RoleModel
+
+        view = ViewModel.query.filter_by(name="example-data").first()
+        self.assertIsNotNone(view, "example-data view should exist")
+
+        # Create a custom role that is NOT in ROLES_MAP
+        custom_role_id = 999  # Use an ID that's not in ROLES_MAP
+        custom_role = RoleModel({"id": custom_role_id, "name": "custom_role"})
+        custom_role.save()
+
+        # Create a permission for this custom role
+        from cornflow.shared.const import GET_ACTION
+
+        custom_permission = PermissionViewRoleModel(
+            {"role_id": custom_role_id, "action_id": GET_ACTION, "api_view_id": view.id}
+        )
+        custom_permission.save()
+
+        # Verify the custom permission exists
+        custom_perms_before = PermissionViewRoleModel.query.filter_by(
+            role_id=custom_role_id, action_id=GET_ACTION, api_view_id=view.id
+        ).all()
+        self.assertEqual(
+            1, len(custom_perms_before), "Custom permission should exist before sync"
+        )
+
+        # Run permission synchronization (this would previously delete custom role permissions)
+        self.runner.invoke(register_base_assignations, ["-v"])
+
+        # Verify the custom permission still exists after synchronization
+        custom_perms_after = PermissionViewRoleModel.query.filter_by(
+            role_id=custom_role_id, action_id=GET_ACTION, api_view_id=view.id
+        ).all()
+        self.assertEqual(
+            1,
+            len(custom_perms_after),
+            "Custom role permission should be preserved after synchronization. "
+            "Permissions should only be deleted for roles defined in ROLES_MAP.",
+        )
+
+        # Clean up
+        custom_permission.delete()
+        custom_role.delete()

{cornflow-1.2.3a1.dist-info → cornflow-1.2.3a2.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cornflow
-Version: 1.2.3a1
+Version: 1.2.3a2
 Summary: cornflow is an open source multi-solver optimization server with a REST API built using flask.
 Home-page: https://github.com/baobabsoluciones/cornflow
 Author: baobab soluciones

{cornflow-1.2.3a1.dist-info → cornflow-1.2.3a2.dist-info}/RECORD

@@ -32,7 +32,7 @@ cornflow/commands/access.py,sha256=NTZJFF9la8TDuMcD_ISQtJTj-wtM2p1dddokQJHtkj0,7
 cornflow/commands/actions.py,sha256=4AwgAmyI6VeaugkISvTlNGrIzMMU_-ZB3MhwDD_CIEA,1544
 cornflow/commands/cleanup.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cornflow/commands/dag.py,sha256=AtagFGnB_ucfO0qUawDgd4iRoBCVc-RiOs08DqXSwXM,3786
-cornflow/commands/permissions.py,sha256=iNa8I1jsuBBdA1XqoNz_tbm7YAb1-Oc6nitepYLNPRg,6621
+cornflow/commands/permissions.py,sha256=xrAVNjipabc1SWt3TApRdoVsHjtfmpEPnC6vXmmhLWs,7412
 cornflow/commands/roles.py,sha256=Oux-UkswkQ74zqaMEJYIEsZpQZGBcGaSahVzx9feAHU,1516
 cornflow/commands/schemas.py,sha256=40dZSJ2nEqBa7Crb6DbFmnclT5e8ljAIjscOgHr9lhk,1970
 cornflow/commands/users.py,sha256=2YTbNYY5kZL6ujxGP4fyYgqtv5uuVGdkLR31n7OFFaE,2477
@@ -119,7 +119,7 @@ cornflow/schemas/user_role.py,sha256=e5y6RgdZZtLqD-h2B3sa5WokI5-pT78tWw85IG34I74
 cornflow/schemas/view.py,sha256=ctq9Y1TmjrWdyOqgDYeEx7qbbuNLKfSiNOlFTlXmpaw,429
 cornflow/shared/__init__.py,sha256=1ahcBwWOsSjGI4FEm77JBQjitBdBszOncKcEMjzwGYE,29
 cornflow/shared/compress.py,sha256=pohQaGs1xbH8CN6URIH6BAHA--pFq7Hmjz8oI3c3B5c,1347
-cornflow/shared/const.py,sha256=nepftaeiyR-pmAXnHwws5MqCARoTqWPG_-TtCw3KufM,3555
+cornflow/shared/const.py,sha256=iyD9RFf0z7NyGvZJtNGLIAbsxYYcG3IpRbke72pl-7A,3555
 cornflow/shared/email.py,sha256=QNDDMv86LZObkevSCyUbLQeR2UD3zWScPIr82NDzYHQ,3437
 cornflow/shared/exceptions.py,sha256=E82488IiwTXCv8iwrnGvkTonhJcwbeE5ARO4Zsmhl2c,6966
 cornflow/shared/licenses.py,sha256=Lc71Jw2NxVTFWtoXdQ9wJX_o3BDfYg1xVoehDXvnCkQ,1328
@@ -148,7 +148,7 @@ cornflow/tests/unit/test_apiview.py,sha256=03M1GsQRVK7zqmslhOJXr4lLDLY2gMAgg86nk
 cornflow/tests/unit/test_application.py,sha256=ZVmTQDUOkPRxHqt6mWU9G_lQ3jJNMJR0cx7IkLMFGrU,1715
 cornflow/tests/unit/test_cases.py,sha256=Ez9dxlZL-SUf9DW9b_A_qPowHqUZ-TA73DMOzeBeLIU,37718
 cornflow/tests/unit/test_cli.py,sha256=E2w-Lzgx_k__0mYwlbg2z80_z9nwPZKI0CbgyGmpQRY,18775
-cornflow/tests/unit/test_commands.py,sha256=ZajFnltdPlw4o6B5Cf7ZSYhZb6fM9z6tARhFOhKMug8,18695
+cornflow/tests/unit/test_commands.py,sha256=EcaZh1DsA3HgHx5NhpIJKcnUn8KDcnyk2QajhwGs6Yk,21063
 cornflow/tests/unit/test_dags.py,sha256=XsOi5bBJQdQz3DmYAVJf1myoAsRyBBdmku-xBr0Bku0,13386
 cornflow/tests/unit/test_data_checks.py,sha256=6s50d1iuRTUcAYn14oEcRS39ZZ6E9ussU4YpkpYhtC4,8612
 cornflow/tests/unit/test_example_data.py,sha256=D-Tgnqw7NZlnBXaDcUU0reNhAca5JlJP2Sdn3KdS4Sw,4127
@@ -169,8 +169,8 @@ cornflow/tests/unit/test_tables.py,sha256=SW_K8LRLwR1nB0uH8CPQCjeN8Gei-TasAgkOin
 cornflow/tests/unit/test_token.py,sha256=PZ11b46UCQpCESsRiAPhpgWkGAsAwKCVNxVQai_kxXM,4199
 cornflow/tests/unit/test_users.py,sha256=N5tcF5nSncD0F_ZlBxGuS87p6kNS4hUzRLr3_AcnK-o,22802
 cornflow/tests/unit/tools.py,sha256=ag3sWv2WLi498R1GL5AOUnXqSsszD3UugzLZLC5NqAw,585
-cornflow-1.2.3a1.dist-info/METADATA,sha256=zrEdE7w5XdzXENv06QWMxLNDmS0Zfcvpq5zsaJtuaGs,9529
-cornflow-1.2.3a1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-cornflow-1.2.3a1.dist-info/entry_points.txt,sha256=q9cPKAFBsmHkERCqQ2JcOTM-tVBLHTl-DGxwCXowAWM,46
-cornflow-1.2.3a1.dist-info/top_level.txt,sha256=Qj9kLFJW1PLb-ZV2s_aCkQ-Wi5W6KC6fFR-LTBrx-rU,24
-cornflow-1.2.3a1.dist-info/RECORD,,
+cornflow-1.2.3a2.dist-info/METADATA,sha256=FFezXKR-SO1Jiu61BODNGQ8Bkva4mCNw02isDt9XwEc,9529
+cornflow-1.2.3a2.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+cornflow-1.2.3a2.dist-info/entry_points.txt,sha256=q9cPKAFBsmHkERCqQ2JcOTM-tVBLHTl-DGxwCXowAWM,46
+cornflow-1.2.3a2.dist-info/top_level.txt,sha256=Qj9kLFJW1PLb-ZV2s_aCkQ-Wi5W6KC6fFR-LTBrx-rU,24
+cornflow-1.2.3a2.dist-info/RECORD,,