fastapi-rtk 0.2.60__py3-none-any.whl → 1.0.18__py3-none-any.whl

fastapi_rtk/backends/sqla/interface.py

@@ -7,9 +7,7 @@ from typing import Annotated, Literal, Type
 
 import fastapi
 import marshmallow_sqlalchemy
-import pydantic
 import sqlalchemy
-import sqlalchemy.exc
 from pydantic import (
     AfterValidator,
     BeforeValidator,
@@ -45,7 +43,6 @@ from ...utils import (
     lazy_import,
     lazy_self,
     safe_call,
-    safe_call_sync,
     smart_run,
 )
 from .db import SQLAQueryBuilder
@@ -258,7 +255,12 @@ class SQLAInterface(AbstractInterface[ModelType, Session | AsyncSession, Column]
                     unique_order_columns.update(
                         [f"{col_name}.{sub_col}" for sub_col in sub_order_columns]
                     )
-            elif self.is_property(col_name) and not self.is_hybrid_property(col_name):
+            elif (
+                self.is_property(col_name)
+                and not self.is_hybrid_property(col_name)
+                or self.is_files(col_name)
+                or self.is_images(col_name)
+            ):
                 continue
 
             # Allow the column to be used for ordering by default
@@ -356,14 +358,12 @@ class SQLAInterface(AbstractInterface[ModelType, Session | AsyncSession, Column]
             ]
         elif self.is_file(col) or self.is_image(col):
             value_type = fastapi.UploadFile
+            annotated_str_type = typing.Annotated[
+                str | None, BeforeValidator(lambda x: None if x == "null" else x)
+            ]
             if self.is_files(col) or self.is_images(col):
-                value_type = list[value_type | str]
-            return (
-                value_type
-                | typing.Annotated[
-                    str | None, BeforeValidator(lambda x: None if x == "null" else x)
-                ]
-            )
+                value_type = list[value_type | annotated_str_type]
+            return value_type | annotated_str_type
         elif self.is_date(col):
             return date
         elif self.is_datetime(col):
@@ -682,57 +682,6 @@ class SQLAInterface(AbstractInterface[ModelType, Session | AsyncSession, Column]
 
         return result
 
-    def _generate_schema_from_dict(self, schema_dict):
-        # Allow await for deferrable columns
-        deferrable_columns = [
-            key for key in schema_dict.keys() if key in self.list_properties
-        ]
-        model_name = schema_dict.get("__name__", "UnknownModel")
-        if deferrable_columns:
-
-            async def fill_deferrable(model: Model, col: str):
-                try:
-                    return getattr(model, col)
-                except sqlalchemy.exc.MissingGreenlet:
-                    logger.warning(
-                        f"'MissingGreenlet' error when accessing {model.__class__.__name__}.{col} to create pydantic model {model_name}, trying to await it instead."
-                    )
-                    try:
-                        await getattr(model.awaitable_attrs, col)
-                    except Exception as e:
-                        return_value = (
-                            []
-                            if self.is_relation_one_to_many(col)
-                            or self.is_relation_many_to_many(col)
-                            else None
-                        )
-                        logger.error(
-                            f"Error when awaiting {model.__class__.__name__}.{col} to create pydantic model {model_name}, returning {return_value} instead: {e}"
-                        )
-                        return return_value
-                    return getattr(model, col)
-
-            async def fill_deferables(data: Model):
-                async with AsyncTaskRunner():
-                    for col in deferrable_columns:
-                        AsyncTaskRunner.add_task(
-                            lambda col=col: fill_deferrable(data, col)
-                        )
-
-            def fill_deferrables_validator(data):
-                if isinstance(data, Model):
-                    safe_call_sync(fill_deferables(data))
-                return data
-
-            decorated_func = pydantic.model_validator(mode="before")(
-                fill_deferrables_validator
-            )
-            schema_dict["__validators__"] = schema_dict.get("__validators__", {})
-            schema_dict["__validators__"][fill_deferrables_validator.__name__] = (
-                decorated_func
-            )
-        return super()._generate_schema_from_dict(schema_dict)
-
     """
     --------------------------------------------------------------------------------------------------------
         SQLA RELATED METHODS - ONLY IN SQLAInterface

fastapi_rtk/backends/sqla/model.py

@@ -13,7 +13,7 @@ from sqlalchemy.util.typing import Literal
 from ...bases.model import BasicModel
 from ...const import DEFAULT_METADATA_KEY
 from ...exceptions import FastAPIReactToolkitException
-from ...utils import smart_run_sync
+from ...utils import AsyncTaskRunner, smart_run_sync
 
 __all__ = ["Model", "metadata", "metadatas", "Base"]
 
@@ -125,6 +125,21 @@ class Model(sqlalchemy.ext.asyncio.AsyncAttrs, BasicModel, DeclarativeBase):
     def get_pk_attrs(cls):
         return [col.name for col in cls.__mapper__.primary_key]
 
+    async def load(self, *cols: list[str] | str):
+        """
+        Asynchronously loads the specified columns of the model instance.
+
+        Args:
+            *cols (list[str] | str): The columns to load. Can be a list of strings or individual string arguments.
+        """
+        cols = [
+            item for col in cols for item in (col if isinstance(col, list) else [col])
+        ]
+
+        async with AsyncTaskRunner() as runner:
+            for col in cols:
+                runner.add_task(getattr(self.awaitable_attrs, col))
+
 
 class Table(SA_Table):
     """

fastapi_rtk/bases/db.py

@@ -55,9 +55,15 @@ class DBQueryParams(typing.TypedDict):
     where_in: tuple[str, list[typing.Any]] | None
     where_id: PRIMARY_KEY | None
     where_id_in: list[PRIMARY_KEY] | None
-    filters: list[FilterSchema] | None
+    filters: (
+        list[FilterSchema | dict[str, typing.Any] | tuple[str, str, typing.Any] | list]
+        | None
+    )
     filter_classes: list[tuple[str, AbstractBaseFilter, typing.Any]] | None
-    opr_filters: list[OprFilterSchema] | None
+    opr_filters: (
+        list[OprFilterSchema | dict[str, typing.Any] | tuple[str, typing.Any] | list]
+        | None
+    )
     opr_filter_classes: list[tuple[AbstractBaseFilter, typing.Any]] | None
     global_filter: tuple[list[str], str] | None
 
@@ -182,6 +188,12 @@ class AbstractQueryBuilder(abc.ABC, typing.Generic[T]):
                 )
             elif step == "filters" and params.get("filters"):
                 for filter in params["filters"]:
+                    if isinstance(filter, dict):
+                        filter = FilterSchema(**filter)
+                    elif isinstance(filter, (list, tuple)):
+                        filter = FilterSchema(
+                            col=filter[0], opr=filter[1], value=filter[2]
+                        )
                     statement = await safe_call(self.apply_filter(statement, filter))
             elif step == "filter_classes" and params.get("filter_classes"):
                 for filter_class in params["filter_classes"]:
@@ -190,6 +202,12 @@ class AbstractQueryBuilder(abc.ABC, typing.Generic[T]):
                     )
             elif step == "opr_filters" and params.get("opr_filters"):
                 for opr_filter in params["opr_filters"]:
+                    if isinstance(opr_filter, dict):
+                        opr_filter = OprFilterSchema(**opr_filter)
+                    elif isinstance(opr_filter, (list, tuple)):
+                        opr_filter = OprFilterSchema(
+                            opr=opr_filter[0], value=opr_filter[1]
+                        )
                     statement = await safe_call(
                         self.apply_opr_filter(statement, opr_filter)
                     )

fastapi_rtk/bases/file_manager.py

@@ -35,6 +35,18 @@ class AbstractFileManager(abc.ABC):
         namegen: typing.Callable[[str], str] | None = None,
         permission: int | None = None,
     ):
+        """
+        Initializes the AbstractFileManager.
+
+        Args:
+            base_path (str | None, optional): Base path for file storage. Defaults to None.
+            allowed_extensions (list[str] | None, optional): Allowed file extensions. Defaults to None.
+            namegen (typing.Callable[[str], str] | None, optional): Callable for generating file names. Defaults to None.
+            permission (int | None, optional): File permission settings. Defaults to None.
+
+        Raises:
+            ValueError: If `base_path` is not set.
+        """
         if base_path is not None:
             self.base_path = base_path
         if allowed_extensions is not None:

fastapi_rtk/bases/filter.py

@@ -51,7 +51,7 @@ class AbstractBaseOprFilter(AbstractBaseFilter[T]):
     """
 
     @abc.abstractmethod
-    def apply(self, statement, value) -> T:
+    def apply(self, statement: T, value) -> T:
         """
         Apply the filter to the given SQLAlchemy Select statement.
 

fastapi_rtk/cli/cli.py

@@ -1,6 +1,10 @@
+import io
+import typing
+import zipfile
 from pathlib import Path
 from typing import Annotated, Union
 
+import httpx
 import typer
 
 app = typer.Typer(rich_markup_mode="rich")
@@ -30,5 +34,62 @@ def callback(
     """
 
 
+@app.command()
+def create_app(
+    directory: typing.Annotated[
+        str,
+        typer.Option(
+            ...,
+            help="The directory where the new FastAPI RTK application will be created.",
+        ),
+    ] = ".",
+):
+    """
+    Create a new FastAPI RTK application with a predefined structure from https://codeberg.org/datatactics/fastapi-rtk-skeleton.
+
+    This command sets up the necessary files and directories for a FastAPI RTK project,
+    allowing you to get started quickly with development.
+    """
+    with httpx.Client() as client:
+        url = "https://codeberg.org/datatactics/fastapi-rtk-skeleton/archive/main.zip"
+        response = client.get(url)
+        response.raise_for_status()
+
+        # Unzip the content into the specified directory
+        with zipfile.ZipFile(io.BytesIO(response.content)) as zip_ref:
+            # Get all members (files/folders) in the zip
+            members = zip_ref.namelist()
+
+            # Find the top-level directory name
+            top_level_dir = members[0].split("/")[0] + "/"
+
+            # Extract each file, stripping the top-level directory
+            for member in members:
+                # Skip the top-level directory itself
+                if member == top_level_dir:
+                    continue
+
+                # Get the path without the top-level directory
+                target_path = member[len(top_level_dir) :]
+
+                # Skip if empty (this was the root folder)
+                if not target_path:
+                    continue
+
+                # Get the source file
+                source = zip_ref.open(member)
+                target_file = Path(directory) / target_path
+
+                # Create directories if needed
+                if member.endswith("/"):
+                    target_file.mkdir(parents=True, exist_ok=True)
+                else:
+                    target_file.parent.mkdir(parents=True, exist_ok=True)
+                    with open(target_file, "wb") as f:
+                        f.write(source.read())
+
+            typer.echo(f"FastAPI RTK application skeleton created in {directory}")
+
+
 def main():
     app()

fastapi_rtk/cli/commands/security.py

@@ -238,7 +238,7 @@ async def _check_roles(name: str, create: bool = False):
         if not role:
             if not create:
                 raise Exception(f"Role {name} does not exist")
-            await g.current_app.security.create_role(name=name, session=session)
+            await g.current_app.sm.create_role(name=name, session=session)
 
 
 async def _create_user(
@@ -255,7 +255,7 @@ async def _create_user(
     """
     if role:
         await _check_roles(role, create=create_role)
-    return await g.current_app.security.create_user(
+    return await g.current_app.sm.create_user(
         email=email,
         username=username,
         password=password,
@@ -269,8 +269,8 @@ async def _reset_password(email_or_username: str, password: str):
     """
     Reset user password.
     """
-    user = await g.current_app.security.get_user(email_or_username)
-    return await g.current_app.security.reset_password(user, password)
+    user = await g.current_app.sm.get_user(email_or_username)
+    return await g.current_app.sm.reset_password(user, password)
 
 
 async def export_data(
@@ -281,7 +281,7 @@ async def export_data(
     """
     Export data.
     """
-    data = await g.current_app.security.export_data(data, type)
+    data = await g.current_app.sm.export_data(data, type)
     with open(file_path, "w") as f:
         f.write(data)
 
@@ -290,4 +290,4 @@ async def _cleanup():
     """
     Cleanup unused permissions from apis and roles.
     """
-    await g.current_app.security.cleanup()
+    await g.current_app.sm.cleanup()

fastapi_rtk/const.py

@@ -76,7 +76,7 @@ DEFAULT_COOKIE_NAME = "dataTactics"
 DEFAULT_BASEDIR = "app"
 DEFAULT_STATIC_FOLDER = DEFAULT_BASEDIR + "/static"
 DEFAULT_TEMPLATE_FOLDER = DEFAULT_BASEDIR + "/templates"
-DEFAULT_PROFILER_FOLDER = DEFAULT_STATIC_FOLDER + "/profiles"
+DEFAULT_PROFILER_FOLDER = DEFAULT_STATIC_FOLDER + "/profiler"
 DEFAULT_LANG_FOLDER = DEFAULT_BASEDIR + "/lang"
 DEFAULT_LANGUAGES = "en,de"
 DEFAULT_TRANSLATIONS_KEY = "translations"

fastapi_rtk/db.py

@@ -9,6 +9,7 @@ from typing import (
     Optional,
 )
 
+import sqlalchemy.orm
 from fastapi import Depends
 from fastapi_users.db import SQLAlchemyUserDatabase
 from fastapi_users.models import ID, OAP, UP
@@ -91,6 +92,7 @@ class UserDatabase(SQLAlchemyUserDatabase[UP, ID]):
 
         statement = (
             select(self.user_table)
+            .options(sqlalchemy.orm.selectinload(self.user_table.oauth_accounts))
             .join(self.oauth_account_table)
             .where(self.oauth_account_table.oauth_name == oauth)
             .where(self.oauth_account_table.account_id == account_id)
@@ -121,6 +123,7 @@ class UserDatabase(SQLAlchemyUserDatabase[UP, ID]):
             raise NotImplementedError()
 
         await safe_call(self.session.refresh(user))
+        await user.load("oauth_accounts")
         oauth_account = self.oauth_account_table(**create_dict)
         self.session.add(oauth_account)
         user.oauth_accounts.append(oauth_account)

fastapi_rtk/dependencies.py

@@ -1,14 +1,16 @@
 import fastapi
+import sqlalchemy
 from fastapi import Depends, HTTPException
 
 from .api.base_api import BaseApi
-from .const import PERMISSION_PREFIX, ErrorCode
+from .const import PERMISSION_PREFIX, ErrorCode, logger
+from .db import db
 from .globals import g
-from .security.sqla.models import PermissionApi, User
+from .security.sqla.models import Api, Permission, PermissionApi, Role, User
+from .utils import smart_run
 
 __all__ = [
     "set_global_user",
-    "permissions",
     "current_permissions",
     "has_access_dependency",
 ]
@@ -62,82 +64,65 @@ def check_g_user():
     return check_g_user_dependency
 
 
-def permissions(as_object=False):
+def current_permissions(api: BaseApi):
     """
-    A dependency for FastAPI that will return all permissions of the current user.
+    A dependency for FastAPI that will return all permissions of the current user for the specified API.
 
-    This will implicitly call the `current_user` dependency from `fastapi_users`. Therefore, it can return `403 Forbidden` if the user is not authenticated.
+    Because it will implicitly check whether the user is authenticated, it can return `401 Unauthorized` or `403 Forbidden`.
 
     Args:
-        as_object (bool): Whether to return the `PermissionApi` objects or return the api names (E.g "AuthApi" or "AuthApi|UserApi").
+        api (BaseApi): The API to be checked.
 
     Usage:
     ```python
     async def get_info(
             *,
-            permissions: List[str] = Depends(permissions()),
+            permissions: List[str] = Depends(current_permissions(self)),
             session: AsyncSession | Session = Depends(get_async_session),
         ):
     ...more code
     ```
     """
 
-    async def permissions_depedency():
-        if not g.user:
-            raise HTTPException(
-                fastapi.status.HTTP_401_UNAUTHORIZED,
-                ErrorCode.GET_USER_MISSING_TOKEN_OR_INACTIVE_USER,
-            )
-
-        if not g.user.roles:
-            raise HTTPException(
-                fastapi.status.HTTP_403_FORBIDDEN, ErrorCode.GET_USER_NO_ROLES
-            )
+    async def current_permissions_depedency(_=Depends(_ensure_roles)):
+        sm = g.current_app.sm
+        api_name = api.__class__.__name__
+        permissions = set[str]()
+        db_role_ids = list[int]()
 
-        permissions = []
+        # Retrieve permissions from built-in roles
         for role in g.user.roles:
-            for permission_api in role.permissions:
-                if as_object:
-                    permissions.append(permission_api)
-                else:
-                    permissions.append(permission_api.api.name)
-        permissions = list(set(permissions))
-
-        return permissions
-
-    return permissions_depedency
+            if role.name not in sm.builtin_roles:
+                db_role_ids.append(role.id)
+                continue
 
+            api_permission_tuples = sm.get_api_permission_tuples_from_builtin_roles(
+                role.name
+            )
+            for multi_apis_str, multi_perms_str in api_permission_tuples:
+                api_names = multi_apis_str.split("|")
+                perm_names = multi_perms_str.split("|")
+                if api_name in api_names:
+                    permissions.update(perm_names)
+
+        if db_role_ids:
+            query = (
+                sqlalchemy.select(Permission)
+                .join(PermissionApi)
+                .join(PermissionApi.roles)
+                .join(Api)
+                .where(Api.name == api_name, Role.id.in_(db_role_ids))
+            )
+            if api.base_permissions:
+                query = query.where(Permission.name.in_(api.base_permissions))
 
-def current_permissions(api: BaseApi):
-    """
-    A dependency for FastAPI that will return all permissions of the current user for the specified API.
-
-    Because it will implicitly call the `permissions` dependency, it can return `403 Forbidden` if the user is not authenticated.
-
-    Args:
-        api (BaseApi): The API to be checked.
-
-    Usage:
-    ```python
-    async def get_info(
-            *,
-            permissions: List[str] = Depends(current_permissions(self)),
-            session: AsyncSession | Session = Depends(get_async_session),
-        ):
-    ...more code
-    ```
-    """
+            permissions_in_db = await smart_run(db.current_session.scalars, query)
+            permissions.update(perm.name for perm in permissions_in_db.all())
 
-    async def current_permissions_depedency(
-        permissions_apis: list[PermissionApi] = Depends(permissions(as_object=True)),
-    ):
-        permissions = []
-        for permission_api in permissions_apis:
-            if api.__class__.__name__ in permission_api.api.name.split("|"):
-                permissions = permissions + permission_api.permission.name.split("|")
         if api.base_permissions:
-            permissions = [x for x in permissions if x in api.base_permissions]
-        return list(set(permissions))
+            permissions = permissions.intersection(set(api.base_permissions))
+
+        return list(permissions)
 
     return current_permissions_depedency
 
@@ -149,7 +134,7 @@ def has_access_dependency(
     """
     A dependency for FastAPI to check whether current user has access to the specified API and permission.
 
-    Because it will implicitly call the `current_permissions` dependency, it can return `403 Forbidden` if the user is not authenticated.
+    Because it will implicitly check whether the user is authenticated, it can return `401 Unauthorized` or `403 Forbidden`.
 
     Usage:
     ```python
@@ -165,15 +150,55 @@ def has_access_dependency(
         api (BaseApi): The API to be checked.
         permission (str): The permission to check.
     """
+    permission = f"{PERMISSION_PREFIX}{permission}"
 
-    async def check_permission(
-        permissions: list[str] = Depends(current_permissions(api)),
-    ):
-        if f"{PERMISSION_PREFIX}{permission}" not in permissions:
+    async def check_permission():
+        _ensure_roles(ErrorCode.PERMISSION_DENIED)
+        sm = g.current_app.sm
+
+        # First, check built-in roles (avoiding unnecessary DB queries)
+        # This also covers the case for API and permission name with pipes
+        if any(
+            sm.has_access_in_builtin_roles(
+                role.name, api.__class__.__name__, permission
+            )
+            for role in g.user.roles
+        ):
+            logger.debug(
+                f"User {g.user} has access to {api.__class__.__name__} with permission {permission} via built-in roles."
+            )
+            return
+
+        db_role_ids = [
+            role.id for role in g.user.roles if role.name not in sm.builtin_roles
+        ]
+        if not db_role_ids:
             raise HTTPException(
                 fastapi.status.HTTP_403_FORBIDDEN, ErrorCode.PERMISSION_DENIED
             )
-        return
+
+        api_name = api.__class__.__name__
+        stmt = (
+            sqlalchemy.select(sqlalchemy.literal(True))
+            .select_from(Permission)
+            .join(PermissionApi)
+            .join(PermissionApi.roles)
+            .join(Api)
+            .where(
+                Api.name == api_name,
+                Permission.name == permission,
+                Role.id.in_(db_role_ids),
+            )
+            .limit(1)
+        )
+        result = await smart_run(db.current_session.scalar, stmt)
+        result = bool(result)
+        if result:
+            return
+
+        raise HTTPException(
+            fastapi.status.HTTP_403_FORBIDDEN, ErrorCode.PERMISSION_DENIED
+        )
 
     return check_permission
 
@@ -208,3 +233,24 @@ async def set_global_request(request: fastapi.Request):
     ...more code
     """
     g.request = request
+
+
+def _ensure_roles(err_forbidden_message=ErrorCode.GET_USER_NO_ROLES):
+    """
+    A dependency for FastAPI that will ensure the current user has roles assigned.
+
+    Args:
+        err_forbidden_message (str): The error message to be used when raising `403 Forbidden`. Defaults to `ErrorCode.GET_USER_NO_ROLES`.
+
+    Raises:
+        HTTPException: Raised when the user is not authenticated.
+        HTTPException: Raised when the user has no roles assigned.
+    """
+    if not g.user:
+        raise HTTPException(
+            fastapi.status.HTTP_401_UNAUTHORIZED,
+            ErrorCode.GET_USER_MISSING_TOKEN_OR_INACTIVE_USER,
+        )
+
+    if not g.user.roles:
+        raise HTTPException(fastapi.status.HTTP_403_FORBIDDEN, err_forbidden_message)