django-ninja-aio-crud 2.0.0rc7__tar.gz → 2.2.0__tar.gz

{django_ninja_aio_crud-2.0.0rc7 → django_ninja_aio_crud-2.2.0}/.github/workflows/coverage.yml

@@ -27,6 +27,6 @@ jobs:
           coverage xml
 
       - name: Coverage
-        uses: codecov/codecov-action@v5.5.1
+        uses: codecov/codecov-action@v5.5.2
         with:
           token: ${{ secrets.CODECOV_TOKEN }}

{django_ninja_aio_crud-2.0.0rc7 → django_ninja_aio_crud-2.2.0}/.github/workflows/docs.yml

@@ -7,7 +7,7 @@ on:
         description: 'Docs version to deploy (e.g. v1.0.0)'
         required: true
         default: 'dev'
-        type: choice  # ← SonarQube compliant: predefined safe options
+        type: choice
         options:
           - dev
           - stable
@@ -16,12 +16,23 @@ on:
       make_latest:
         description: 'Set as "latest" and default?'
         type: boolean
-        default: true
+        default: false
 
       delete_version:
-          description: 'Version to DELETE (leave empty to skip)'
-          required: false
-          default: ''
+        description: 'Docs version to delete'
+        required: false
+        default: ''
+        type: choice
+        options:
+          - ''
+          - dev
+          - stable
+          - "1.0"
+          - "2.0"
+      delete_confirm:
+        description: 'Confirm deletion of the selected version'
+        type: boolean
+        default: false
 
 permissions:
   contents: write
@@ -29,8 +40,6 @@ permissions:
 jobs:
   deploy:
     runs-on: ubuntu-latest
-    
-    # Only trusted events (SonarQube safe)
     if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
 
     steps:
@@ -52,18 +61,15 @@ jobs:
       - name: Compute VERSION and MAKE_LATEST
         id: vars
         env:
-          # Assign untrusted input to env var FIRST (SonarQube compliant)
           INPUT_VERSION: ${{ inputs.docs_version }}
         shell: bash
         run: |
-          # Now use safe shell variable $INPUT_VERSION
           if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "$INPUT_VERSION" ]; then
             VERSION="$INPUT_VERSION"
           else
             VERSION="dev"
           fi
 
-          # Boolean input is always safe ("true"/"false")
           if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
             MAKE_LATEST="${{ inputs.make_latest }}"
           else
@@ -82,29 +88,54 @@ jobs:
           git fetch --all --tags
           git fetch origin gh-pages --depth=1 || true
           
-          # Idempotent worktree setup
           if git worktree list | grep -q " gh-pages "; then
             git worktree remove gh-pages --force
           fi
           git worktree add gh-pages gh-pages 2>/dev/null || git worktree add gh-pages origin/gh-pages
 
           if [ "$MAKE_LATEST" = "true" ]; then
-            echo "🚀 Deploying $VERSION as latest and default"
+            echo "Deploying $VERSION as latest and default"
             mike deploy --push --update-aliases "$VERSION" latest --ignore-remote-status
-            mike set-default "$VERSION"
+            mike set-default --push latest
           else
-            echo "📦 Deploying $VERSION (non-latest)"
+            echo "Deploying $VERSION (non-latest)"
             mike deploy --push "$VERSION" --ignore-remote-status
           fi
 
           git worktree remove gh-pages --force
 
-      - name: Delete version
-        if: inputs.delete_version != ''
+      - name: Delete version (safe)
+        if: github.event_name == 'workflow_dispatch' && inputs.delete_version != '' && inputs.delete_confirm == true
+        env:
+          DELETE_VERSION: ${{ inputs.delete_version }}
+        shell: bash
         run: |
-          echo "Deleting version: ${{ inputs.delete_version }}"
-          mike delete "${{ inputs.delete_version }}" --push
-          echo "Version ${{ inputs.delete_version }} deleted successfully"
+          set -euo pipefail
+
+          echo "Requested delete: $DELETE_VERSION"
+
+          # Protect aliases and default
+          if [ "$DELETE_VERSION" = "latest" ] || [ "$DELETE_VERSION" = "stable" ]; then
+            echo "Refusing to delete protected alias: $DELETE_VERSION"
+            exit 1
+          fi
+
+          # Load current default; fail if attempting to delete it
+          CURRENT_DEFAULT="$(mike default || true)"
+          if [ -n "$CURRENT_DEFAULT" ] && [ "$DELETE_VERSION" = "$CURRENT_DEFAULT" ]; then
+            echo "Refusing to delete current default docs version: $DELETE_VERSION"
+            exit 1
+          fi
+
+          # Ensure version exists before deleting
+          if ! mike list | awk '{print $1}' | grep -Fxq "$DELETE_VERSION"; then
+            echo "Version '$DELETE_VERSION' not found. Nothing to delete."
+            exit 0
+          fi
+
+          echo "Deleting version: $DELETE_VERSION"
+          mike delete "$DELETE_VERSION" --push
+          echo "Version '$DELETE_VERSION' deleted successfully"
 
       - name: List versions
         run: mike list

{django_ninja_aio_crud-2.0.0rc7 → django_ninja_aio_crud-2.2.0}/PKG-INFO

@@ -1,9 +1,9 @@
 Metadata-Version: 2.4
 Name: django-ninja-aio-crud
-Version: 2.0.0rc7
+Version: 2.2.0
 Summary: Django Ninja AIO CRUD - Rest Framework
 Author: Giuseppe Casillo
-Requires-Python: >=3.10
+Requires-Python: >=3.10, <=3.14
 Description-Content-Type: text/markdown
 Classifier: Operating System :: OS Independent
 Classifier: Topic :: Internet

{django_ninja_aio_crud-2.0.0rc7 → django_ninja_aio_crud-2.2.0}/docs/api/authentication.md

@@ -614,188 +614,11 @@ Support both JWT and API Key:
 class ArticleViewSet(APIViewSet):
     model = Article
     api = api
-    auth = [JWTAuth() | APIKeyAuth()]  # Either JWT or API Key
+    auth = [JWTAuth(), APIKeyAuth()]  # Either JWT or API Key
 ```
 
 Django Ninja will try both methods; if either succeeds, the request is authenticated.
 
-## Token Validation
-
-### Expiration Validation
-
-JWT tokens include `exp` claim (expiration timestamp):
-
-```python
-# Token payload
-{
-  "sub": "123",
-  "exp": 1704067200,  # Unix timestamp
-  "iat": 1704063600
-}
-```
-
-AsyncJwtBearer automatically validates expiration:
-
-```python
-class JWTAuth(AsyncJwtBearer):
-    jwt_public = jwk.RSAKey.import_key(PUBLIC_KEY)
-    # Expiration checked automatically
-```
-
-**Error Response:**
-
-```json
-{
-  "detail": "Token has expired"
-}
-```
-
-### Not Before Validation
-
-Use `nbf` claim for tokens that become valid in the future:
-
-```python
-# Token payload
-{
-  "sub": "123",
-  "nbf": 1704063600,  # Not valid before this time
-  "exp": 1704067200
-}
-```
-
-Automatically validated by AsyncJwtBearer.
-
-### Custom Validation
-
-```python
-class StrictAuth(AsyncJwtBearer):
-    jwt_public = jwk.RSAKey.import_key(PUBLIC_KEY)
-
-    async def auth_handler(self, request):
-        # Check token type
-        token_type = self.dcd.claims.get("typ")
-        if token_type != "access":
-            return False
-
-        # Check IP whitelist
-        allowed_ips = self.dcd.claims.get("allowed_ips", [])
-        client_ip = request.META.get('REMOTE_ADDR')
-        if allowed_ips and client_ip not in allowed_ips:
-            return False
-
-        # Continue with normal auth
-        user_id = self.dcd.claims.get("sub")
-        return await User.objects.aget(id=user_id)
-```
-
-## Testing Authentication
-
-### Unit Tests
-
-```python
-import pytest
-from ninja.testing import TestAsyncClient
-from myapp.views import api
-from myapp.auth import JWTAuth
-import jwt
-from datetime import datetime, timedelta
-
-
-def create_token(user_id: int, **claims) -> str:
-    payload = {
-        "sub": str(user_id),
-        "exp": datetime.utcnow() + timedelta(hours=1),
-        "iat": datetime.utcnow(),
-        **claims
-    }
-    return jwt.encode(payload, PRIVATE_KEY, algorithm="RS256")
-
-
-@pytest.mark.asyncio
-async def test_authenticated_request():
-    client = TestAsyncClient(api)
-
-    # Create user
-    user = await User.objects.acreate(username="testuser")
-
-    # Create token
-    token = create_token(user.id)
-
-    # Make authenticated request
-    response = await client.get(
-        "/article/",
-        headers={"Authorization": f"Bearer {token}"}
-    )
-
-    assert response.status_code == 200
-
-
-@pytest.mark.asyncio
-async def test_missing_token():
-    client = TestAsyncClient(api)
-
-    response = await client.get("/article/")
-    assert response.status_code == 401
-    assert "detail" in response.json()
-
-
-@pytest.mark.asyncio
-async def test_expired_token():
-    client = TestAsyncClient(api)
-
-    # Create expired token
-    payload = {
-        "sub": "123",
-        "exp": datetime.utcnow() - timedelta(hours=1),  # Expired
-        "iat": datetime.utcnow() - timedelta(hours=2)
-    }
-    token = jwt.encode(payload, PRIVATE_KEY, algorithm="RS256")
-
-    response = await client.get(
-        "/article/",
-        headers={"Authorization": f"Bearer {token}"}
-    )
-
-    assert response.status_code == 401
-
-
-@pytest.mark.asyncio
-async def test_invalid_signature():
-    client = TestAsyncClient(api)
-
-    # Create token with wrong key
-    payload = {"sub": "123", "exp": datetime.utcnow() + timedelta(hours=1)}
-    token = jwt.encode(payload, "wrong-secret", algorithm="HS256")
-
-    response = await client.get(
-        "/article/",
-        headers={"Authorization": f"Bearer {token}"}
-    )
-
-    assert response.status_code == 401
-```
-
-### Mock Authentication
-
-For testing without real tokens:
-
-```python
-from unittest.mock import AsyncMock, patch
-
-
-@pytest.mark.asyncio
-@patch('myapp.auth.JWTAuth.auth_handler')
-async def test_with_mock_auth(mock_auth):
-    # Mock auth to return test user
-    user = await User.objects.acreate(username="testuser")
-    mock_auth.return_value = user
-
-    client = TestAsyncClient(api)
-    response = await client.get("/article/")
-
-    assert response.status_code == 200
-```
-
 ## Best Practices
 
 1. **Use RSA (asymmetric) keys for production:**

{django_ninja_aio_crud-2.0.0rc7 → django_ninja_aio_crud-2.2.0}/docs/api/views/api_view.md

@@ -81,15 +81,12 @@ Registers all defined views to the API instance.
 
 **Returns:** The router instance
 
-**Usage:**
-
-```python
-view = UserAPIView()
-view.add_views_to_route()
-```
+**Note:** When using `@api.view(prefix="/path", tags=[...])`, manual registration via `add_views_to_route()` is not required; the router is mounted automatically.
 
 ## Complete Example
 
+**Recommended:**
+
 ```python
 from ninja_aio import NinjaAIO
 from ninja_aio.views import APIView
@@ -101,6 +98,23 @@ class StatsSchema(Schema):
     total: int
     active: int
 
+@api.view(prefix="/analytics", tags=["Analytics"])
+class AnalyticsView(APIView):
+    def views(self):
+        @self.router.get("/dashboard", response=StatsSchema)
+        async def dashboard(request):
+            return {"total": 1000, "active": 750}
+
+        @self.router.post("/track")
+        async def track_event(request, event: str):
+            return {"tracked": event}
+```
+
+**Alternative implementation:**
+
+```python
+api = NinjaAIO(title="My API")
+
 class AnalyticsView(APIView):
     api = api
     router_tag = "Analytics"
@@ -109,26 +123,21 @@ class AnalyticsView(APIView):
     def views(self):
         @self.router.get("/dashboard", response=StatsSchema)
         async def dashboard(request):
-            return {
-                "total": 1000,
-                "active": 750
-            }
+            return {"total": 1000, "active": 750}
 
         @self.router.post("/track")
         async def track_event(request, event: str):
-            # tracking logic
             return {"tracked": event}
 
-# Register views
 AnalyticsView().add_views_to_route()
 ```
 
 ## Notes
 
 - Use `APIView` for simple, non-CRUD endpoints
-- For CRUD operations, use [`APIViewSet`](api_view_set.md) instead
-- All views are automatically async-compatible
-- Error codes `{400, 401, 404, 428}` are available via `self.error_codes`
+- For CRUD operations, use [`APIViewSet`](api_view_set.md)
+- All views are async-compatible
+- Standard error codes are available via `self.error_codes`
 
 Note:
 

{django_ninja_aio_crud-2.0.0rc7 → django_ninja_aio_crud-2.2.0}/docs/api/views/api_view_set.md

@@ -16,7 +16,7 @@ Notes:
 
 - Retrieve path has no trailing slash; update/delete include a trailing slash.
 - `{base}` auto-resolves from model verbose name plural (lowercase) unless `api_route_path` is provided.
-- Error responses may use a unified generic schema for codes: 400, 401, 404, 428.
+- Error responses may use a unified generic schema for codes: 400, 401, 404.
 
 ## Core Attributes
 
@@ -317,7 +317,7 @@ All generated handlers are decorated with `@unique_view(...)` to ensure stable u
 
 ## Error Handling
 
-All CRUD and M2M endpoints may respond with `GenericMessageSchema` for error codes: 400 (validation), 401 (auth), 404 (not found), 428 (precondition required).
+All CRUD and M2M endpoints may respond with `GenericMessageSchema` for error codes: 400 (validation), 401 (auth), 404 (not found).
 
 ## Performance Tips
 
@@ -329,7 +329,31 @@ All CRUD and M2M endpoints may respond with `GenericMessageSchema` for error cod
 
 ## Minimal Usage
 
+Recommended:
+
 ```python
+from ninja_aio import NinjaAIO
+from ninja_aio.views import APIViewSet
+from .models import User
+
+api = NinjaAIO(title="My API")
+
+@api.viewset(model=User)
+class UserViewSet(APIViewSet):
+    pass
+```
+
+Note: prefix and tags are optional. If omitted, the base path is inferred from the model verbose name plural and tags default to the model verbose name.
+
+Alternative implementation:
+
+```python
+from ninja_aio import NinjaAIO
+from ninja_aio.views import APIViewSet
+from .models import User
+
+api = NinjaAIO(title="My API")
+
 class UserViewSet(APIViewSet):
     model = User
     api = api
@@ -340,18 +364,16 @@ UserViewSet().add_views_to_route()
 ## Disable Selected Views
 
 ```python
+@api.viewset(model=User)
 class ReadOnlyUserViewSet(APIViewSet):
-    model = User
-    api = api
     disable = ["create", "update", "delete"]
 ```
 
 ## Authentication Example
 
 ```python
+@api.viewset(model=User)
 class UserViewSet(APIViewSet):
-    model = User
-    api = api
     auth = [JWTAuth()]      # global fallback
     get_auth = None         # list/retrieve public
     delete_auth = [AdminAuth()]  # delete restricted
@@ -359,7 +381,16 @@ class UserViewSet(APIViewSet):
 
 ## Complete M2M + Filters Example
 
+Recommended:
+
 ```python
+from ninja_aio import NinjaAIO
+from ninja_aio.views import APIViewSet
+from ninja_aio.models import ModelSerializer
+from django.db import models
+
+api = NinjaAIO(title="My API")
+
 class Tag(ModelSerializer):
     name = models.CharField(max_length=100)
     class ReadSerializer:
@@ -371,12 +402,41 @@ class User(ModelSerializer):
     class ReadSerializer:
         fields = ["id", "username", "tags"]
 
+@api.viewset(model=User)
+class UserViewSet(APIViewSet):
+    query_params = {"search": (str, None)}
+    m2m_relations = [
+        M2MRelationSchema(
+            model=Tag,
+            related_name="tags",
+            filters={"name": (str, "")},
+            add=True,
+            remove=True,
+            get=True,
+        )
+    ]
+
+    async def query_params_handler(self, queryset, filters):
+        if filters.get("search"):
+            from django.db.models import Q
+            s = filters["search"]
+            return queryset.filter(Q(username__icontains=s))
+        return queryset
+
+    async def tags_query_params_handler(self, queryset, filters):
+        name_filter = filters.get("name")
+        if name_filter:
+            queryset = queryset.filter(name__icontains=name_filter)
+        return queryset
+```
+
+Alternative implementation:
+
+```python
 class UserViewSet(APIViewSet):
     model = User
     api = api
-    query_params = {
-        "search": (str, None)
-    }
+    query_params = {"search": (str, None)}
     m2m_relations = [
         M2MRelationSchema(
             model=Tag,
@@ -384,7 +444,7 @@ class UserViewSet(APIViewSet):
             filters={"name": (str, "")},
             add=True,
             remove=True,
-            get=True
+            get=True,
         )
     ]
 
@@ -400,6 +460,28 @@ class UserViewSet(APIViewSet):
         if name_filter:
             queryset = queryset.filter(name__icontains=name_filter)
         return queryset
+
+UserViewSet().add_views_to_route()
+```
+
+## ReadOnlyViewSet
+
+ReadOnlyViewSet enables only list and retrieve endpoints.
+
+```python
+@api.viewset(model=MyModel)
+class MyModelReadOnlyViewSet(ReadOnlyViewSet):
+    pass
+```
+
+## WriteOnlyViewSet
+
+WriteOnlyViewSet enables only create, update, and delete endpoints.
+
+```python
+@api.viewset(model=MyModel)
+class MyModelWriteOnlyViewSet(WriteOnlyViewSet):
+    pass
 ```
 
 ## See Also