fastapi-rtk 0.2.27__py3-none-any.whl → 1.0.13__py3-none-any.whl

fastapi_rtk/db.py

@@ -1,14 +1,15 @@
 import asyncio
 import contextlib
 import contextvars
+import typing
 from typing import (
     Any,
     Callable,
     Dict,
-    Literal,
     Optional,
 )
 
+import sqlalchemy.orm
 from fastapi import Depends
 from fastapi_users.db import SQLAlchemyUserDatabase
 from fastapi_users.models import ID, OAP, UP
@@ -39,7 +40,8 @@ from sqlalchemy.orm import (
 )
 
 from .backends.sqla.model import Table, metadata, metadatas
-from .const import FASTAPI_RTK_TABLES
+from .const import DEFAULT_METADATA_KEY, FASTAPI_RTK_TABLES, logger
+from .exceptions import FastAPIReactToolkitException
 from .security.sqla.models import OAuthAccount, User
 from .utils import T, lazy_self, safe_call, smart_run, smartdefaultdict
 
@@ -90,6 +92,7 @@ class UserDatabase(SQLAlchemyUserDatabase[UP, ID]):
 
         statement = (
             select(self.user_table)
+            .options(sqlalchemy.orm.selectinload(self.user_table.oauth_accounts))
             .join(self.oauth_account_table)
             .where(self.oauth_account_table.oauth_name == oauth)
             .where(self.oauth_account_table.account_id == account_id)
@@ -120,6 +123,7 @@ class UserDatabase(SQLAlchemyUserDatabase[UP, ID]):
             raise NotImplementedError()
 
         await safe_call(self.session.refresh(user))
+        await user.load("oauth_accounts")
         oauth_account = self.oauth_account_table(**create_dict)
         self.session.add(oauth_account)
         user.oauth_accounts.append(oauth_account)
@@ -281,14 +285,14 @@ class DatabaseSessionManager:
         """
         Initializes the tables required for FastAPI RTK to function.
         """
-        tables = [
-            table for key, table in metadata.tables.items() if key in FASTAPI_RTK_TABLES
-        ]
-        fastapi_rtk_metadata = MetaData()
-        for table in tables:
-            table.to_metadata(fastapi_rtk_metadata)
-        async with self.connect() as connection:
-            await self._create_all(connection, fastapi_rtk_metadata)
+        await self.create_all(
+            None,
+            tables=[
+                table
+                for key, table in metadata.tables.items()
+                if key in FASTAPI_RTK_TABLES
+            ],
+        )
 
     async def close(self):
         """
@@ -332,6 +336,8 @@ class DatabaseSessionManager:
         Yields:
             AsyncConnection | Connection: The database connection.
         """
+        if bind == DEFAULT_METADATA_KEY:
+            bind = None
         engine = self._engine_binds.get(bind) if bind else self._engine
         if not engine:
             raise Exception("DatabaseSessionManager is not initialized")
@@ -341,14 +347,20 @@ class DatabaseSessionManager:
                 try:
                     yield connection
                 except Exception:
-                    await connection.rollback()
+                    try:
+                        await connection.rollback()
+                    except Exception as e:
+                        logger.error(f"Failed to rollback connection: {e}")
                     raise
         else:
             with engine.begin() as connection:
                 try:
                     yield connection
                 except Exception:
-                    connection.rollback()
+                    try:
+                        connection.rollback()
+                    except Exception as e:
+                        logger.error(f"Failed to rollback connection: {e}")
                     raise
 
     @contextlib.asynccontextmanager
@@ -367,6 +379,8 @@ class DatabaseSessionManager:
         Yields:
             AsyncSession | Session: The database session.
         """
+        if bind == DEFAULT_METADATA_KEY:
+            bind = None
         session_maker = (
             self._sessionmaker_binds.get(bind) if bind else self._sessionmaker
         )
@@ -379,10 +393,16 @@ class DatabaseSessionManager:
         try:
             yield session
         except Exception:
-            await safe_call(session.rollback())
+            try:
+                await safe_call(session.rollback())
+            except Exception as e:
+                logger.error(f"Failed to rollback session: {e}")
             raise
         finally:
-            await safe_call(session.close())
+            try:
+                await safe_call(session.close())
+            except Exception as e:
+                logger.error(f"Failed to close session: {e}")
             self._session_context.reset(token)
             self._sessions_context[bind].reset(bind_token)
 
@@ -423,41 +443,52 @@ class DatabaseSessionManager:
             await safe_call(scoped_session_maker.remove())
 
     # Used for testing
-    async def create_all(self, binds: list[str] | Literal["all"] | None = "all"):
+    async def create_all(
+        self,
+        binds: typing.Literal["all", "default"] | str | list[str] | None = "all",
+        **kwargs,
+    ):
         """
         Creates all tables in the database.
 
         Args:
-            binds (list[str] | Literal["all"] | None, optional): The database URLs to create tables in. Defaults to "all".
+            binds (typing.Literal["all", "default"] | str | list[str] | None, optional): The bind keys to create tables for. If `"default"` or `None`, only the tables for the primary database are created. If `"all"`, tables for all databases are created. If a string or list of strings, only the tables for the specified bind keys are created. Defaults to `"all"`.
+            **kwargs: Additional keyword arguments to pass to the `create_all` method of the metadata.
         """
-        async with self.connect() as connection:
-            await self._create_all(connection, metadata)
-
-        if not self._engine_binds or not binds:
-            return
+        metadata_to_create = list[tuple[str, MetaData]]()
+        if binds == "all" or binds == DEFAULT_METADATA_KEY or binds is None:
+            metadata_to_create.append((None, metadata))
+        if binds == "all":
+            metadata_to_create.extend(
+                (key, metadatas[key]) for key in self._engine_binds.keys()
+            )
+        elif binds is not None:
+            binds = [binds] if isinstance(binds, str) else binds
+            for bind in binds:
+                if bind == DEFAULT_METADATA_KEY:
+                    metadata_to_create.append((None, metadata))
+                elif bind in self._engine_binds:
+                    metadata_to_create.append((bind, metadatas[bind]))
+                else:
+                    raise FastAPIReactToolkitException(f"Bind '{bind}' not found")
 
-        bind_keys = self._engine_binds.keys() if binds == "all" else binds
-        for key in bind_keys:
-            async with self.connect(key) as connection:
-                await self._create_all(connection, metadatas[key])
+        for bind, current_metadata in metadata_to_create:
+            async with self.connect(bind) as connection:
+                await self._create_all(connection, current_metadata, **kwargs)
 
-    async def drop_all(self, binds: list[str] | Literal["all"] | None = "all"):
+    async def drop_all(
+        self,
+        binds: typing.Literal["all", "default"] | str | list[str] | None = "all",
+        **kwargs,
+    ):
         """
         Drops all tables in the database.
 
         Args:
-            binds (list[str] | Literal["all"] | None, optional): The database URLs to drop tables in. Defaults to "all".
+            binds (typing.Literal["all", "default"] | str | list[str] | None, optional): The bind keys to drop tables from. If `"default"` or `None`, only the tables for the primary database are dropped. If `"all"`, tables for all databases are dropped. If a string or list of strings, only the tables for the specified bind keys are dropped. Defaults to `"all"`.
+            **kwargs: Additional keyword arguments to pass to the `drop_all` method of the metadata.
         """
-        async with self.connect() as connection:
-            await self._create_all(connection, metadata, drop=True)
-
-        if not self._engine_binds or not binds:
-            return
-
-        bind_keys = self._engine_binds.keys() if binds == "all" else binds
-        for key in bind_keys:
-            async with self.connect(key) as connection:
-                await self._create_all(connection, metadatas[key], drop=True)
+        return await self.create_all(binds, drop=True, **kwargs)
 
     async def autoload_table(self, func: Callable[[Connection], SA_Table]):
         """
@@ -542,7 +573,11 @@ class DatabaseSessionManager:
         return scoped_session(sessionmaker)
 
     async def _create_all(
-        self, connection: Connection | AsyncConnection, metadata: MetaData, drop=False
+        self,
+        connection: Connection | AsyncConnection,
+        metadata: MetaData,
+        drop=False,
+        **kwargs,
     ):
         """
         Creates all tables in the database based on the metadata.
@@ -551,14 +586,15 @@ class DatabaseSessionManager:
             connection (Connection | AsyncConnection): The database connection.
             metadata (MetaData): The metadata object containing the tables to create.
             drop (bool, optional): Whether to drop the tables instead of creating them. Defaults to False.
+            **kwargs: Additional keyword arguments to pass to the `create_all` or `drop_all` method of the metadata.
 
         Returns:
             None
         """
         func = metadata.drop_all if drop else metadata.create_all
         if isinstance(connection, AsyncConnection):
-            return await connection.run_sync(func)
-        return func(connection)
+            return await connection.run_sync(func, **kwargs)
+        return func(connection, **kwargs)
 
 
 db = DatabaseSessionManager()

fastapi_rtk/decorators.py

@@ -405,7 +405,7 @@ def docs(description="", data: dict[str, str] | None = None):
             column2 = Column(String(50))
     ```
     """
-    from .cli.export import table_documentation
+    from .cli.commands.export import table_documentation
 
     data = data or {}
 

fastapi_rtk/dependencies.py

@@ -1,14 +1,16 @@
 import fastapi
+import sqlalchemy
 from fastapi import Depends, HTTPException
 
 from .api.base_api import BaseApi
-from .const import PERMISSION_PREFIX
+from .const import PERMISSION_PREFIX, ErrorCode, logger
+from .db import db
 from .globals import g
-from .security.sqla.models import PermissionApi, User
+from .security.sqla.models import Api, Permission, PermissionApi, Role, User
+from .utils import smart_run
 
 __all__ = [
     "set_global_user",
-    "permissions",
     "current_permissions",
     "has_access_dependency",
 ]
@@ -54,57 +56,19 @@ def check_g_user():
 
     async def check_g_user_dependency():
         if not g.user:
-            raise HTTPException(status_code=403, detail="Forbidden")
+            raise HTTPException(
+                fastapi.status.HTTP_401_UNAUTHORIZED,
+                ErrorCode.GET_USER_MISSING_TOKEN_OR_INACTIVE_USER,
+            )
 
     return check_g_user_dependency
 
 
-def permissions(as_object=False):
-    """
-    A dependency for FastAPI that will return all permissions of the current user.
-
-    This will implicitly call the `current_user` dependency from `fastapi_users`. Therefore, it can return `403 Forbidden` if the user is not authenticated.
-
-    Args:
-        as_object (bool): Whether to return the `PermissionApi` objects or return the api names (E.g "AuthApi" or "AuthApi|UserApi").
-
-    Usage:
-    ```python
-    async def get_info(
-            *,
-            permissions: List[str] = Depends(permissions()),
-            session: AsyncSession | Session = Depends(get_async_session),
-        ):
-    ...more code
-    ```
-    """
-
-    async def permissions_depedency():
-        if not g.user:
-            raise HTTPException(status_code=401, detail="Unauthorized")
-
-        if not g.user.roles:
-            raise HTTPException(status_code=403, detail="Forbidden")
-
-        permissions = []
-        for role in g.user.roles:
-            for permission_api in role.permissions:
-                if as_object:
-                    permissions.append(permission_api)
-                else:
-                    permissions.append(permission_api.api.name)
-        permissions = list(set(permissions))
-
-        return permissions
-
-    return permissions_depedency
-
-
 def current_permissions(api: BaseApi):
     """
     A dependency for FastAPI that will return all permissions of the current user for the specified API.
 
-    Because it will implicitly call the `permissions` dependency, it can return `403 Forbidden` if the user is not authenticated.
+    Because it will implicitly check whether the user is authenticated, it can return `401 Unauthorized` or `403 Forbidden`.
 
     Args:
         api (BaseApi): The API to be checked.
@@ -120,16 +84,45 @@ def current_permissions(api: BaseApi):
     ```
     """
 
-    async def current_permissions_depedency(
-        permissions_apis: list[PermissionApi] = Depends(permissions(as_object=True)),
-    ):
-        permissions = []
-        for permission_api in permissions_apis:
-            if api.__class__.__name__ in permission_api.api.name.split("|"):
-                permissions = permissions + permission_api.permission.name.split("|")
+    async def current_permissions_depedency(_=Depends(_ensure_roles)):
+        sm = g.current_app.sm
+        api_name = api.__class__.__name__
+        permissions = set[str]()
+        db_role_ids = list[int]()
+
+        # Retrieve permissions from built-in roles
+        for role in g.user.roles:
+            if role.name not in sm.builtin_roles:
+                db_role_ids.append(role.id)
+                continue
+
+            api_permission_tuples = sm.get_api_permission_tuples_from_builtin_roles(
+                role.name
+            )
+            for multi_apis_str, multi_perms_str in api_permission_tuples:
+                api_names = multi_apis_str.split("|")
+                perm_names = multi_perms_str.split("|")
+                if api_name in api_names:
+                    permissions.update(perm_names)
+
+        if db_role_ids:
+            query = (
+                sqlalchemy.select(Permission)
+                .join(PermissionApi)
+                .join(PermissionApi.roles)
+                .join(Api)
+                .where(Api.name == api_name, Role.id.in_(db_role_ids))
+            )
+            if api.base_permissions:
+                query = query.where(Permission.name.in_(api.base_permissions))
+
+            permissions_in_db = await smart_run(db.current_session.scalars, query)
+            permissions.update(perm.name for perm in permissions_in_db.all())
+
         if api.base_permissions:
-            permissions = [x for x in permissions if x in api.base_permissions]
-        return list(set(permissions))
+            permissions = permissions.intersection(set(api.base_permissions))
+
+        return list(permissions)
 
     return current_permissions_depedency
 
@@ -141,7 +134,7 @@ def has_access_dependency(
     """
     A dependency for FastAPI to check whether current user has access to the specified API and permission.
 
-    Because it will implicitly call the `current_permissions` dependency, it can return `403 Forbidden` if the user is not authenticated.
+    Because it will implicitly check whether the user is authenticated, it can return `401 Unauthorized` or `403 Forbidden`.
 
     Usage:
     ```python
@@ -157,13 +150,55 @@ def has_access_dependency(
         api (BaseApi): The API to be checked.
         permission (str): The permission to check.
     """
+    permission = f"{PERMISSION_PREFIX}{permission}"
+
+    async def check_permission():
+        _ensure_roles(ErrorCode.PERMISSION_DENIED)
+        sm = g.current_app.sm
+
+        # First, check built-in roles (avoiding unnecessary DB queries)
+        # This also covers the case for API and permission name with pipes
+        if any(
+            sm.has_access_in_builtin_roles(
+                role.name, api.__class__.__name__, permission
+            )
+            for role in g.user.roles
+        ):
+            logger.debug(
+                f"User {g.user} has access to {api.__class__.__name__} with permission {permission} via built-in roles."
+            )
+            return
+
+        db_role_ids = [
+            role.id for role in g.user.roles if role.name not in sm.builtin_roles
+        ]
+        if not db_role_ids:
+            raise HTTPException(
+                fastapi.status.HTTP_403_FORBIDDEN, ErrorCode.PERMISSION_DENIED
+            )
+
+        api_name = api.__class__.__name__
+        stmt = (
+            sqlalchemy.select(sqlalchemy.literal(True))
+            .select_from(Permission)
+            .join(PermissionApi)
+            .join(PermissionApi.roles)
+            .join(Api)
+            .where(
+                Api.name == api_name,
+                Permission.name == permission,
+                Role.id.in_(db_role_ids),
+            )
+            .limit(1)
+        )
+        result = await smart_run(db.current_session.scalar, stmt)
+        result = bool(result)
+        if result:
+            return
 
-    async def check_permission(
-        permissions: list[str] = Depends(current_permissions(api)),
-    ):
-        if f"{PERMISSION_PREFIX}{permission}" not in permissions:
-            raise HTTPException(status_code=403, detail="Forbidden")
-        return
+        raise HTTPException(
+            fastapi.status.HTTP_403_FORBIDDEN, ErrorCode.PERMISSION_DENIED
+        )
 
     return check_permission
 
@@ -182,3 +217,40 @@ async def set_global_background_tasks(background_tasks: fastapi.BackgroundTasks)
     ...more code
     """
     g.background_tasks = background_tasks
+
+
+async def set_global_request(request: fastapi.Request):
+    """
+    A dependency for FastAPI that will set the `request` to the global variable `g.request`.
+
+    Usage:
+    ```python
+    async def get_info(
+            *,
+            session: AsyncSession | Session = Depends(get_async_session),
+            none: None = Depends(set_global_request),
+        ):
+    ...more code
+    """
+    g.request = request
+
+
+def _ensure_roles(err_forbidden_message=ErrorCode.GET_USER_NO_ROLES):
+    """
+    A dependency for FastAPI that will ensure the current user has roles assigned.
+
+    Args:
+        err_forbidden_message (str): The error message to be used when raising `403 Forbidden`. Defaults to `ErrorCode.GET_USER_NO_ROLES`.
+
+    Raises:
+        HTTPException: Raised when the user is not authenticated.
+        HTTPException: Raised when the user has no roles assigned.
+    """
+    if not g.user:
+        raise HTTPException(
+            fastapi.status.HTTP_401_UNAUTHORIZED,
+            ErrorCode.GET_USER_MISSING_TOKEN_OR_INACTIVE_USER,
+        )
+
+    if not g.user.roles:
+        raise HTTPException(fastapi.status.HTTP_403_FORBIDDEN, err_forbidden_message)

fastapi_rtk/exceptions.py

@@ -1,8 +1,16 @@
 import typing
 
+import fastapi
+import pydantic
+
 from .utils import T
 
-__all__ = ["raise_exception", "FastAPIReactToolkitException", "RolesMismatchException"]
+__all__ = [
+    "raise_exception",
+    "FastAPIReactToolkitException",
+    "RolesMismatchException",
+    "HTTPWithValidationException",
+]
 
 
 def raise_exception(message: str, return_type: typing.Type[T] | None = None) -> T:
@@ -28,3 +36,45 @@ class FastAPIReactToolkitException(Exception):
 
 class RolesMismatchException(FastAPIReactToolkitException):
     """Exception raised when the roles do not match the expected roles."""
+
+
+class HTTPWithValidationException(fastapi.HTTPException):
+    """
+    Custom HTTP Exception for FastAPI with validation details.
+    """
+
+    URL = f"https://errors.pydantic.dev/{pydantic.version.version_short()}/v"
+    _no_input = object()
+
+    def __init__(
+        self,
+        status_code: int,
+        type: str,
+        location_type: typing.Literal["path", "query", "body"],
+        field: str,
+        msg: str,
+        input: typing.Any = _no_input,
+        headers: typing.Dict[str, str] | None = None,
+    ):
+        """
+        Initialize the HTTPWithValidationException.
+
+        Args:
+            status_code (int): HTTP status code for the exception.
+            type (str): Type of the error (e.g., "string_type", "validation_error").
+            location_type (typing.Literal["path", "query", "body"]): Location type of the error, either "path", "query", or "body".
+            field (str): Field name where the error occurred.
+            msg (str): Error message describing the validation issue.
+            input (typing.Any, optional): Optional input value that caused the error. Defaults to _no_input.
+            headers (typing.Dict[str, str] | None, optional): Optional headers to include in the response. Defaults to None.
+        """
+        obj = {"type": type, "loc": [location_type, field], "msg": msg}
+        if input is not self._no_input:
+            if isinstance(input, pydantic.BaseModel):
+                input = input.model_dump(mode="json")
+            else:
+                input = str(input)
+            obj["input"] = input
+        obj["url"] = f"{self.URL}/{type}"
+
+        super().__init__(status_code, [obj], headers)