PyPI - elody - Versions diffs - 0.0.195__tar.gz → 0.0.196__tar.gz - Mend

elody 0.0.195tar.gz → 0.0.196tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (51) hide show

{elody-0.0.195 → elody-0.0.196}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: elody
-Version: 0.0.195
+Version: 0.0.196
 Summary: elody SDK for Python
 Author-email: Inuits <developers@inuits.eu>
 License:                     GNU GENERAL PUBLIC LICENSE

{elody-0.0.195 → elody-0.0.196}/pyproject.toml RENAMED Viewed

@@ -6,7 +6,7 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "elody"
-version = "0.0.195"
+version = "0.0.196"
 description = "elody SDK for Python"
 readme = "README.md"
 authors = [{ name = "Inuits", email = "developers@inuits.eu" }]

{elody-0.0.195 → elody-0.0.196}/src/elody/policies/authorization/filter_generic_objects_policy_v2.py RENAMED Viewed

@@ -1,6 +1,7 @@
 import re as regex
 from copy import deepcopy
+from elody.policies.helpers import generate_filter_key_and_lookup_from_restricted_key
 from elody.policies.permission_handler import (
     get_permissions,
     mask_protected_content_post_request_hook,
@@ -123,6 +124,11 @@ class PostRequestRules:
                 restrictions = schemas[schema].get("object_restrictions", {})
                 for restricted_key, restricting_value in restrictions.items():
                     index, restricted_key = restricted_key.split(":")
+                    restricted_key, lookup = (
+                        generate_filter_key_and_lookup_from_restricted_key(
+                            restricted_key
+                        )
+                    )
                     key = f"{schema}|{restricted_key}"
                     if group := restrictions_grouped_by_index.get(index):
                         group["key"].append(key)
@@ -130,6 +136,7 @@ class PostRequestRules:
                         restrictions_grouped_by_index.update(
                             {
                                 index: {
+                                    "lookup": lookup,
                                     "key": [key],
                                     "value": restricting_value,
                                 }
@@ -155,6 +162,7 @@ class PostRequestRules:
             for restriction in restrictions_grouped_by_index.values():
                 user_context.access_restrictions.filters.append(  # pyright: ignore
                     {
+                        "lookup": restriction["lookup"],
                         "type": "selection",
                         "key": restriction["key"],
                         "value": restriction["value"],

{elody-0.0.195 → elody-0.0.196}/src/elody/policies/authorization/generic_object_request_policy_v2.py RENAMED Viewed

@@ -1,7 +1,10 @@
 import re as regex
 from configuration import get_object_configuration_mapper  # pyright: ignore
-from elody.policies.helpers import get_content
+from elody.policies.helpers import (
+    generate_filter_key_and_lookup_from_restricted_key,
+    get_content,
+)
 from elody.policies.permission_handler import (
     get_permissions,
     handle_single_item_request,
@@ -82,7 +85,7 @@ class GetRequestRules:
                     type_permissions[schemas[0]].get("object_restrictions", {}).keys()
                 )
                 for i in range(number_of_object_restrictions):
-                    keys, values = [], []
+                    lookup, keys, values = {}, [], []
                     for schema in schemas:
                         object_restrictions = type_permissions[schema].get(
                             "object_restrictions", {}
@@ -92,10 +95,16 @@ class GetRequestRules:
                             for key in object_restrictions.keys()
                             if key.startswith(f"{i}:")
                         ][0]
-                        keys.append(f"{schema}|{key.split(':')[1]}")
                         values = object_restrictions[key]
+                        key, lookup = (
+                            generate_filter_key_and_lookup_from_restricted_key(
+                                key.split(":")[1]
+                            )
+                        )
+                        keys.append(f"{schema}|{key}")
                     filters.append(
                         {
+                            "lookup": lookup,
                             "type": "selection",
                             "key": keys,
                             "value": values,

{elody-0.0.195 → elody-0.0.196}/src/elody/policies/helpers.py RENAMED Viewed

@@ -4,6 +4,24 @@ from serialization.serialize import serialize  # pyright: ignore
 from werkzeug.exceptions import NotFound
+def generate_filter_key_and_lookup_from_restricted_key(key):
+    if (keys := key.split("@", 1)) and len(keys) == 1:
+        return key, {}
+    local_field = keys[0]
+    document_type, key = keys[1].split("-", 1)
+    collection = (
+        get_object_configuration_mapper().get(document_type).crud()["collection"]
+    )
+    lookup = {
+        "from": collection,
+        "local_field": local_field,
+        "foreign_field": "identifiers",
+        "as": f"__lookup.virtual_relations.{document_type}",
+    }
+    return f"{lookup['as']}.{key}", lookup
 def get_content(item, request, content):
     return serialize(
         content,

{elody-0.0.195 → elody-0.0.196}/src/elody/policies/permission_handler.py RENAMED Viewed

@@ -3,9 +3,11 @@ import re as regex
 from configuration import get_object_configuration_mapper  # pyright: ignore
 from copy import deepcopy
 from elody.error_codes import ErrorCode, get_error_code, get_read
+from elody.policies.helpers import get_item
 from elody.util import flatten_dict, interpret_flat_key
 from inuits_policy_based_auth.contexts.user_context import UserContext
 from logging_elody.log import log  # pyright: ignore
+from storage.storagemanager import StorageManager  # pyright: ignore
 _permissions = {}
@@ -63,7 +65,7 @@ def handle_single_item_request(
         )
         is_allowed_to_crud_item = (
-            __is_allowed_to_crud_item(flat_item, restrictions_schema)
+            __is_allowed_to_crud_item(flat_item, restrictions_schema, user_context)
             if flat_item
             else None
         )
@@ -131,10 +133,7 @@ def __prepare_item_for_permission_check(item, permissions, crud):
     if item.get("type", "") not in permissions[crud].keys():
         return item, None, None, None
-    config = get_object_configuration_mapper().get(item["type"])
-    object_lists = config.document_info().get("object_lists", {})
-    flat_item = flatten_dict(object_lists, item)
+    flat_item, object_lists = __get_flat_item_and_object_lists(item)
     return (
         item,
         flat_item,
@@ -159,13 +158,15 @@ def __get_restrictions_schema(flat_item, permissions, crud):
     return schemas[schema] if schemas and schema else {}
-def __is_allowed_to_crud_item(flat_item, restrictions_schema):
+def __is_allowed_to_crud_item(
+    flat_item, restrictions_schema, user_context: UserContext
+):
     restrictions = restrictions_schema.get("object_restrictions", {})
     for restricted_key, restricting_values in restrictions.items():
         restricted_key = restricted_key.split(":")[1]
         item_value_in_restricting_values = __item_value_in_values(
-            flat_item, restricted_key, restricting_values
+            flat_item, restricted_key, restricting_values, {}, user_context
         )
         if not item_value_in_restricting_values:
             return None
@@ -192,7 +193,11 @@ def __is_allowed_to_crud_item_keys(
         condition_match = True
         for condition_key, condition_values in restricting_conditions.items():
             condition_match = __item_value_in_values(
-                flat_item, condition_key, condition_values, flat_request_body
+                flat_item,
+                condition_key,
+                condition_values,
+                flat_request_body,
+                user_context,
             )
             if not condition_match:
                 break
@@ -228,7 +233,9 @@ def __is_allowed_to_crud_item_keys(
     return len(user_context.bag["restricted_keys"]) == 0
-def __item_value_in_values(flat_item, key, values: list, flat_request_body: dict = {}):
+def __item_value_in_values(
+    flat_item, key, values: list, flat_request_body, user_context: UserContext
+):
     negate_condition = False
     is_optional = False
@@ -239,6 +246,10 @@ def __item_value_in_values(flat_item, key, values: list, flat_request_body: dict
         key = key[1:]
         is_optional = True
+    key_of_relation = None
+    if (keys := key.split("@", 1)) and len(keys) == 2:
+        key = keys[0]
+        key_of_relation = keys[1].split("-", 1)[1]
     try:
         item_value = flat_request_body.get(key, flat_item[key])
         if is_optional:
@@ -249,6 +260,15 @@ def __item_value_in_values(flat_item, key, values: list, flat_request_body: dict
                 f"{get_error_code(ErrorCode.METADATA_KEY_UNDEFINED, get_read())} | key:{key} | document:{flat_item.get('_id', flat_item["type"])} - Key {key} not found in document {flat_item.get('_id', flat_item["type"])}. Either prefix the key with '?' in your permission configuration to make it an optional restriction, or patch the document to include the key. '?' will allow access if key does not exist, '!?' will deny access if key does not exist."
             )
         return not negate_condition
+    else:
+        if key_of_relation:
+            if isinstance(item_value, list):
+                item_value = item_value[0]
+            item = get_item(StorageManager(), user_context.bag, {"id": item_value})
+            flat_item, _ = __get_flat_item_and_object_lists(item)
+            return __item_value_in_values(
+                flat_item, key_of_relation, values, flat_request_body, user_context
+            )
     expected_values = []
     for value in values:
@@ -280,3 +300,9 @@ def __get_element_from_object_list_of_item(
         if element[object_lists[object_list]] == key:
             return element
     return {}
+def __get_flat_item_and_object_lists(item):
+    config = get_object_configuration_mapper().get(item["type"])
+    object_lists = config.document_info().get("object_lists", {})
+    return flatten_dict(object_lists, item), object_lists

{elody-0.0.195 → elody-0.0.196}/src/elody.egg-info/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: elody
-Version: 0.0.195
+Version: 0.0.196
 Summary: elody SDK for Python
 Author-email: Inuits <developers@inuits.eu>
 License:                     GNU GENERAL PUBLIC LICENSE