elody 0.0.205__tar.gz → 0.0.207__tar.gz

{elody-0.0.205 → elody-0.0.207}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: elody
-Version: 0.0.205
+Version: 0.0.207
 Summary: elody SDK for Python
 Author-email: Inuits <developers@inuits.eu>
 License:                     GNU GENERAL PUBLIC LICENSE

{elody-0.0.205 → elody-0.0.207}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "elody"
-version = "0.0.205"
+version = "0.0.207"
 description = "elody SDK for Python"
 readme = "README.md"
 authors = [{ name = "Inuits", email = "developers@inuits.eu" }]

{elody-0.0.205 → elody-0.0.207}/src/elody/csv.py

@@ -275,7 +275,7 @@ class CSVMultiObject(CSVParser):
                     if not value:
                         continue
                     if not key or isinstance(value, list):
-                        if len(value) == 1 and value[0] == '':
+                        if len(value) == 1 and value[0] == "":
                             continue
                         if "invalid_value" not in self.get_errors():
                             self.set_error("invalid_value", list())

{elody-0.0.205 → elody-0.0.207}/src/elody/object_configurations/elody_configuration.py

@@ -60,7 +60,14 @@ class ElodyConfiguration(BaseObjectConfiguration):
         template = {
             "_id": _id,
             "identifiers": list(
-                set([_id, *identifiers, *document_defaults.pop("identifiers", [])])
+                set(
+                    [
+                        _id,
+                        *identifiers,
+                        *document_defaults.pop("identifiers", []),
+                        *post_body.pop("identifiers", []),
+                    ]
+                )
             ),
             "metadata": [],
             "relations": [],

{elody-0.0.205 → elody-0.0.207}/src/elody/policies/authorization/filter_generic_objects_policy_v2.py

@@ -14,6 +14,7 @@ from inuits_policy_based_auth.contexts.policy_context import (  # pyright: ignor
 from inuits_policy_based_auth.contexts.user_context import (  # pyright: ignore
     UserContext,
 )
+from werkzeug.exceptions import BadRequest
 
 
 class FilterGenericObjectsPolicyV2(BaseAuthorizationPolicy):
@@ -27,11 +28,8 @@ class FilterGenericObjectsPolicyV2(BaseAuthorizationPolicy):
         if not isinstance(user_context.access_restrictions.filters, list):
             user_context.access_restrictions.filters = []
         type_filter, filters = self.__split_type_filter(
-            user_context, deepcopy(g.get("content") or request.json or [])
+            deepcopy(g.get("content") or request.json or [])
         )
-        if not type_filter:
-            policy_context.access_verdict = True
-            return policy_context
 
         policy_context.access_verdict = False
         for role in user_context.x_tenant.roles:
@@ -59,13 +57,15 @@ class FilterGenericObjectsPolicyV2(BaseAuthorizationPolicy):
 
         return policy_context
 
-    def __split_type_filter(self, user_context: UserContext, request_body: list):
+    def __split_type_filter(self, request_body: list):
         type_filter = None
         for filter in request_body:
             if filter["type"] == "type":
                 type_filter = filter
+                break
             elif filter["type"] == "selection" and filter["key"] == "type":
                 type_filter = filter
+                break
             elif item_types := filter.get("item_types"):
                 type_filter = {
                     "type": "selection",
@@ -73,22 +73,12 @@ class FilterGenericObjectsPolicyV2(BaseAuthorizationPolicy):
                     "value": item_types,
                     "match_exact": True,
                 }
+                break
 
         if not type_filter:
-            if tenant_relation_type := user_context.bag.get("tenant_relation_type"):
-                user_context.access_restrictions.filters.append(  # pyright: ignore
-                    {
-                        "type": "selection",
-                        "key": tenant_relation_type,
-                        "value": [
-                            user_context.bag.get(
-                                "tenant_defining_entity_id", user_context.x_tenant.id
-                            )
-                        ],
-                        "match_exact": True,
-                    }
-                )
-            return None, request_body
+            raise BadRequest(
+                "Filter with type 'type', or a filter with type 'selection' and 'key' equal to 'type' is required"
+            )
 
         try:
             request_body.remove(type_filter)

{elody-0.0.205 → elody-0.0.207}/src/elody/policies/authorization/generic_object_request_policy_v2.py

@@ -18,6 +18,7 @@ from inuits_policy_based_auth.contexts.policy_context import (  # pyright: ignor
 from inuits_policy_based_auth.contexts.user_context import (  # pyright: ignore
     UserContext,
 )
+from werkzeug.exceptions import BadRequest
 
 
 class GenericObjectRequestPolicyV2(BaseAuthorizationPolicy):
@@ -113,28 +114,13 @@ class GetRequestRules:
                     )
             filters.insert(0, {"type": "type", "value": type_query_parameter})
         else:
-            filters.append(
-                {
-                    "type": "selection",
-                    "key": "type",
-                    "value": allowed_item_types,
-                    "match_exact": True,
-                }
-            )
-            if tenant_relation_type := user_context.bag.get("tenant_relation_type"):
-                filters.append(
-                    {
-                        "type": "selection",
-                        "key": tenant_relation_type,
-                        "value": [
-                            "tenant:super",
-                            user_context.bag.get(
-                                "tenant_defining_entity_id", user_context.x_tenant.id
-                            ),
-                        ],
-                        "match_exact": True,
-                    }
-                )
+            """
+            Allowing no type_query_parameter will expose following security risks:
+                - object_restrictions not being applied
+                - inability to determine collection to execute filters
+            => if no type_query_parameter is a business requirement, override this policy for that specific client and consider the security risks
+            """
+            raise BadRequest("Query parameter 'type' is required")
 
         user_context.access_restrictions.filters = filters
         user_context.access_restrictions.post_request_hook = (

{elody-0.0.205 → elody-0.0.207}/src/elody/policies/permission_handler.py

@@ -59,7 +59,7 @@ def handle_single_item_request(
     key_to_check=None,
 ):
     try:
-        item_in_storage_format, flat_item, object_lists, restrictions_schema = (
+        item, flat_item, object_lists, restrictions_schema = (
             __prepare_item_for_permission_check(item, permissions, crud)
         )
 
@@ -73,7 +73,7 @@ def handle_single_item_request(
 
         return __is_allowed_to_crud_item_keys(
             user_context,
-            item_in_storage_format,
+            item,
             flat_item,
             restrictions_schema,
             crud,
@@ -84,7 +84,7 @@ def handle_single_item_request(
     except Exception as exception:
         log.debug(
             f"{exception.__class__.__name__}: {str(exception)}",
-            item.get("storage_format", item),
+            item,
         )
         if crud != "read":
             log.debug(f"Request body: {request_body}", {})
@@ -97,7 +97,7 @@ def mask_protected_content_post_request_hook(user_context: UserContext, permissi
         for item in response["results"]:
             try:
                 (
-                    item_in_storage_format,
+                    item,
                     flat_item,
                     object_lists,
                     restrictions_schema,
@@ -107,7 +107,7 @@ def mask_protected_content_post_request_hook(user_context: UserContext, permissi
 
                 __is_allowed_to_crud_item_keys(
                     user_context,
-                    item_in_storage_format,
+                    item,
                     flat_item,
                     restrictions_schema,
                     "read",
@@ -117,7 +117,7 @@ def mask_protected_content_post_request_hook(user_context: UserContext, permissi
             except Exception as exception:
                 log.debug(
                     f"{exception.__class__.__name__}: {str(exception)}",
-                    item.get("storage_format", item),
+                    item,
                 )
                 raise exception
 
@@ -128,7 +128,6 @@ def mask_protected_content_post_request_hook(user_context: UserContext, permissi
 
 
 def __prepare_item_for_permission_check(item, permissions, crud):
-    item = deepcopy(item.get("storage_format", item))
     if item.get("type", "") not in permissions[crud].keys():
         return item, None, None, None
 
@@ -175,7 +174,7 @@ def __is_allowed_to_crud_item(
 
 def __is_allowed_to_crud_item_keys(
     user_context: UserContext,
-    item_in_storage_format,
+    item,
     flat_item,
     restrictions_schema,
     crud,
@@ -207,19 +206,17 @@ def __is_allowed_to_crud_item_keys(
                 for info in keys_info:
                     if info["object_list"]:
                         element = __get_element_from_object_list_of_item(
-                            item_in_storage_format,
+                            item,
                             info["key"],
                             info["object_key"],
                             object_lists,
                         )
                         if element:
-                            item_in_storage_format[info["key"]].remove(element)
+                            item[info["key"]].remove(element)
                         break
                 else:
                     try:
-                        del item_in_storage_format[keys_info[0]["key"]][
-                            keys_info[1]["key"]
-                        ]
+                        del item[keys_info[0]["key"]][keys_info[1]["key"]]
                     except KeyError:
                         pass
                 if key_to_check and key_to_check == restricted_key:
@@ -228,7 +225,7 @@ def __is_allowed_to_crud_item_keys(
                 if flat_request_body.get(restricted_key):
                     user_context.bag["restricted_keys"].append(restricted_key)
 
-    user_context.bag["requested_item"] = item_in_storage_format
+    user_context.bag["requested_item"] = item
     return len(user_context.bag["restricted_keys"]) == 0
 
 

{elody-0.0.205 → elody-0.0.207}/src/elody.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: elody
-Version: 0.0.205
+Version: 0.0.207
 Summary: elody SDK for Python
 Author-email: Inuits <developers@inuits.eu>
 License:                     GNU GENERAL PUBLIC LICENSE