cornflow 1.2.3a1__py3-none-any.whl → 1.2.3a3__py3-none-any.whl

cornflow/commands/permissions.py

@@ -4,8 +4,14 @@ from importlib import import_module
 from cornflow.shared.const import (
     BASE_PERMISSION_ASSIGNATION,
     EXTRA_PERMISSION_ASSIGNATION,
+    ROLES_MAP,
+    GET_ACTION,
+    PATCH_ACTION,
+    POST_ACTION,
+    PUT_ACTION,
+    DELETE_ACTION,
 )
-from cornflow.models import ViewModel, PermissionViewRoleModel
+from cornflow.models import ViewModel, PermissionViewRoleModel, RoleModel
 from cornflow.shared import db
 from flask import current_app
 from sqlalchemy.exc import DBAPIError, IntegrityError
@@ -14,6 +20,7 @@ from sqlalchemy.exc import DBAPIError, IntegrityError
 def register_base_permissions_command(external_app: str = None, verbose: bool = False):
     if external_app is None:
         from cornflow.endpoints import resources, alarms_resources
+
         resources_to_register = resources
         if current_app.config["ALARMS_ENDPOINTS"]:
             resources_to_register = resources + alarms_resources
@@ -31,6 +38,23 @@ def register_base_permissions_command(external_app: str = None, verbose: bool =
         (perm.role_id, perm.action_id, perm.api_view_id) for perm in permissions_in_db
     ]
     resources_names = [resource["endpoint"] for resource in resources_to_register]
+    roles_in_db = [role.id for role in RoleModel.get_all_objects()]
+    # Check which roles are not in ROLES_MAP
+    roles_not_in_map = [
+        role_id for role_id in roles_in_db if role_id not in ROLES_MAP.keys()
+    ]
+    complete_base_assignation = BASE_PERMISSION_ASSIGNATION.copy()
+    if len(roles_not_in_map) > 0:
+        # We add to the complete_base_assignation the roles that are not in ROLES_MAP
+        for role_id in roles_not_in_map:
+            for action in [
+                GET_ACTION,
+                PATCH_ACTION,
+                POST_ACTION,
+                PUT_ACTION,
+                DELETE_ACTION,
+            ]:
+                complete_base_assignation.append((role_id, action))
 
     # Create base permissions
     permissions_in_app = [
@@ -41,7 +65,7 @@ def register_base_permissions_command(external_app: str = None, verbose: bool =
                 "api_view_id": views_in_db[view["endpoint"]],
             }
         )
-        for role, action in BASE_PERMISSION_ASSIGNATION
+        for role, action in complete_base_assignation
         for view in resources_to_register
         if role in view["resource"].ROLES_WITH_ACCESS
     ] + [

cornflow/shared/const.py

@@ -1,7 +1,7 @@
 """
 In this file we import the values for different constants on cornflow server
 """
-CORNFLOW_VERSION = "1.2.3a1"
+CORNFLOW_VERSION = "1.2.3a3"
 INTERNAL_TOKEN_ISSUER = "cornflow"
 
 # endpoints responses for health check

cornflow/tests/unit/test_commands.py

@@ -584,3 +584,106 @@ class TestCommands(TestCase):
         finally:
             # Restore original ROLES_WITH_ACCESS to avoid affecting other tests
             ExampleDataListEndpoint.ROLES_WITH_ACCESS = original_roles
+
+    def test_custom_role_permissions_are_preserved(self):
+        """
+        Test that custom roles (not in ROLES_MAP) are automatically detected
+        and assigned complete permissions during synchronization.
+
+        This test verifies that when permissions are synchronized:
+        1. Custom roles in the database are automatically detected
+        2. They are assigned all actions (GET, PATCH, POST, PUT, DELETE)
+        3. These permissions are created for all endpoints where the role has access
+        """
+        # First, initialize the access system normally
+        self.runner.invoke(access_init)
+
+        # Get a view to work with
+        from cornflow.models import ViewModel, PermissionViewRoleModel, RoleModel
+
+        view = ViewModel.query.filter_by(name="example-data").first()
+        self.assertIsNotNone(view, "example-data view should exist")
+
+        # Create a custom role that is NOT in ROLES_MAP
+        custom_role_id = 999  # Use an ID that's not in ROLES_MAP
+        custom_role = RoleModel({"id": custom_role_id, "name": "custom_role"})
+        custom_role.save()
+
+        # Temporarily add the custom role to ExampleDataListEndpoint ROLES_WITH_ACCESS
+        from cornflow.endpoints.example_data import ExampleDataListEndpoint
+
+        original_roles = ExampleDataListEndpoint.ROLES_WITH_ACCESS.copy()
+        ExampleDataListEndpoint.ROLES_WITH_ACCESS = original_roles + [custom_role_id]
+
+        try:
+            # Count permissions before synchronization
+            perms_before = PermissionViewRoleModel.query.filter_by(
+                role_id=custom_role_id, api_view_id=view.id
+            ).count()
+            self.assertEqual(
+                0, perms_before, "No custom permissions should exist initially"
+            )
+
+            # Run permission synchronization - this should auto-detect the custom role
+            self.runner.invoke(register_base_assignations, ["-v"])
+
+            # Verify that ALL actions have been assigned to the custom role
+            from cornflow.shared.const import (
+                GET_ACTION,
+                PATCH_ACTION,
+                POST_ACTION,
+                PUT_ACTION,
+                DELETE_ACTION,
+            )
+
+            expected_actions = [
+                GET_ACTION,
+                PATCH_ACTION,
+                POST_ACTION,
+                PUT_ACTION,
+                DELETE_ACTION,
+            ]
+
+            for action in expected_actions:
+                permission = PermissionViewRoleModel.query.filter_by(
+                    role_id=custom_role_id, action_id=action, api_view_id=view.id
+                ).first()
+                self.assertIsNotNone(
+                    permission,
+                    f"Custom role should have permission for action {action}. "
+                    f"The system should auto-detect custom roles and assign complete permissions.",
+                )
+
+            # Verify total count of permissions for custom role
+            total_perms = PermissionViewRoleModel.query.filter_by(
+                role_id=custom_role_id, api_view_id=view.id
+            ).count()
+            self.assertEqual(
+                len(expected_actions),
+                total_perms,
+                f"Custom role should have {len(expected_actions)} permissions (all actions)",
+            )
+
+            # Test that running sync again doesn't duplicate permissions
+            self.runner.invoke(register_base_assignations, ["-v"])
+
+            total_perms_after_second_sync = PermissionViewRoleModel.query.filter_by(
+                role_id=custom_role_id, api_view_id=view.id
+            ).count()
+            self.assertEqual(
+                len(expected_actions),
+                total_perms_after_second_sync,
+                "Permissions should not be duplicated on subsequent syncs",
+            )
+
+        finally:
+            # Clean up
+            # Delete permissions first (due to foreign key constraints)
+            permissions_to_delete = PermissionViewRoleModel.query.filter_by(
+                role_id=custom_role_id
+            ).all()
+            for perm in permissions_to_delete:
+                perm.delete()
+            custom_role.delete()
+            # Restore original ROLES_WITH_ACCESS
+            ExampleDataListEndpoint.ROLES_WITH_ACCESS = original_roles

{cornflow-1.2.3a1.dist-info → cornflow-1.2.3a3.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cornflow
-Version: 1.2.3a1
+Version: 1.2.3a3
 Summary: cornflow is an open source multi-solver optimization server with a REST API built using flask.
 Home-page: https://github.com/baobabsoluciones/cornflow
 Author: baobab soluciones

{cornflow-1.2.3a1.dist-info → cornflow-1.2.3a3.dist-info}/RECORD

@@ -32,7 +32,7 @@ cornflow/commands/access.py,sha256=NTZJFF9la8TDuMcD_ISQtJTj-wtM2p1dddokQJHtkj0,7
 cornflow/commands/actions.py,sha256=4AwgAmyI6VeaugkISvTlNGrIzMMU_-ZB3MhwDD_CIEA,1544
 cornflow/commands/cleanup.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 cornflow/commands/dag.py,sha256=AtagFGnB_ucfO0qUawDgd4iRoBCVc-RiOs08DqXSwXM,3786
-cornflow/commands/permissions.py,sha256=iNa8I1jsuBBdA1XqoNz_tbm7YAb1-Oc6nitepYLNPRg,6621
+cornflow/commands/permissions.py,sha256=f6UMB1dj4KBXhrCXalcOdiQlDUldbbmslI6yTrK-_VM,7439
 cornflow/commands/roles.py,sha256=Oux-UkswkQ74zqaMEJYIEsZpQZGBcGaSahVzx9feAHU,1516
 cornflow/commands/schemas.py,sha256=40dZSJ2nEqBa7Crb6DbFmnclT5e8ljAIjscOgHr9lhk,1970
 cornflow/commands/users.py,sha256=2YTbNYY5kZL6ujxGP4fyYgqtv5uuVGdkLR31n7OFFaE,2477
@@ -119,7 +119,7 @@ cornflow/schemas/user_role.py,sha256=e5y6RgdZZtLqD-h2B3sa5WokI5-pT78tWw85IG34I74
 cornflow/schemas/view.py,sha256=ctq9Y1TmjrWdyOqgDYeEx7qbbuNLKfSiNOlFTlXmpaw,429
 cornflow/shared/__init__.py,sha256=1ahcBwWOsSjGI4FEm77JBQjitBdBszOncKcEMjzwGYE,29
 cornflow/shared/compress.py,sha256=pohQaGs1xbH8CN6URIH6BAHA--pFq7Hmjz8oI3c3B5c,1347
-cornflow/shared/const.py,sha256=nepftaeiyR-pmAXnHwws5MqCARoTqWPG_-TtCw3KufM,3555
+cornflow/shared/const.py,sha256=06VjXJ1MxSc7MrmWMZD95N0VCLjiNqXIE3o1a-xd9n0,3555
 cornflow/shared/email.py,sha256=QNDDMv86LZObkevSCyUbLQeR2UD3zWScPIr82NDzYHQ,3437
 cornflow/shared/exceptions.py,sha256=E82488IiwTXCv8iwrnGvkTonhJcwbeE5ARO4Zsmhl2c,6966
 cornflow/shared/licenses.py,sha256=Lc71Jw2NxVTFWtoXdQ9wJX_o3BDfYg1xVoehDXvnCkQ,1328
@@ -148,7 +148,7 @@ cornflow/tests/unit/test_apiview.py,sha256=03M1GsQRVK7zqmslhOJXr4lLDLY2gMAgg86nk
 cornflow/tests/unit/test_application.py,sha256=ZVmTQDUOkPRxHqt6mWU9G_lQ3jJNMJR0cx7IkLMFGrU,1715
 cornflow/tests/unit/test_cases.py,sha256=Ez9dxlZL-SUf9DW9b_A_qPowHqUZ-TA73DMOzeBeLIU,37718
 cornflow/tests/unit/test_cli.py,sha256=E2w-Lzgx_k__0mYwlbg2z80_z9nwPZKI0CbgyGmpQRY,18775
-cornflow/tests/unit/test_commands.py,sha256=ZajFnltdPlw4o6B5Cf7ZSYhZb6fM9z6tARhFOhKMug8,18695
+cornflow/tests/unit/test_commands.py,sha256=JaV_RX9VNaYj_3_QKHZmxct5irfA9GnQLKmpO002P1Y,23002
 cornflow/tests/unit/test_dags.py,sha256=XsOi5bBJQdQz3DmYAVJf1myoAsRyBBdmku-xBr0Bku0,13386
 cornflow/tests/unit/test_data_checks.py,sha256=6s50d1iuRTUcAYn14oEcRS39ZZ6E9ussU4YpkpYhtC4,8612
 cornflow/tests/unit/test_example_data.py,sha256=D-Tgnqw7NZlnBXaDcUU0reNhAca5JlJP2Sdn3KdS4Sw,4127
@@ -169,8 +169,8 @@ cornflow/tests/unit/test_tables.py,sha256=SW_K8LRLwR1nB0uH8CPQCjeN8Gei-TasAgkOin
 cornflow/tests/unit/test_token.py,sha256=PZ11b46UCQpCESsRiAPhpgWkGAsAwKCVNxVQai_kxXM,4199
 cornflow/tests/unit/test_users.py,sha256=N5tcF5nSncD0F_ZlBxGuS87p6kNS4hUzRLr3_AcnK-o,22802
 cornflow/tests/unit/tools.py,sha256=ag3sWv2WLi498R1GL5AOUnXqSsszD3UugzLZLC5NqAw,585
-cornflow-1.2.3a1.dist-info/METADATA,sha256=zrEdE7w5XdzXENv06QWMxLNDmS0Zfcvpq5zsaJtuaGs,9529
-cornflow-1.2.3a1.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-cornflow-1.2.3a1.dist-info/entry_points.txt,sha256=q9cPKAFBsmHkERCqQ2JcOTM-tVBLHTl-DGxwCXowAWM,46
-cornflow-1.2.3a1.dist-info/top_level.txt,sha256=Qj9kLFJW1PLb-ZV2s_aCkQ-Wi5W6KC6fFR-LTBrx-rU,24
-cornflow-1.2.3a1.dist-info/RECORD,,
+cornflow-1.2.3a3.dist-info/METADATA,sha256=lwa0AelaIIcefbhB5bES98yk1h4R_r5p17FzhqvIpdE,9529
+cornflow-1.2.3a3.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+cornflow-1.2.3a3.dist-info/entry_points.txt,sha256=q9cPKAFBsmHkERCqQ2JcOTM-tVBLHTl-DGxwCXowAWM,46
+cornflow-1.2.3a3.dist-info/top_level.txt,sha256=Qj9kLFJW1PLb-ZV2s_aCkQ-Wi5W6KC6fFR-LTBrx-rU,24
+cornflow-1.2.3a3.dist-info/RECORD,,