PyPI - geek-cafe-saas-sdk - Versions diffs - 0.6.0__py3-none-any.whl - Mend

geek-cafe-saas-sdk 0.6.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of geek-cafe-saas-sdk might be problematic. Click here for more details.

Files changed (194) hide show

geek_cafe_saas_sdk/domains/auth/handlers/users/delete/app.py ADDED Viewed

@@ -0,0 +1,41 @@
+# src/geek_cafe_saas_sdk/lambda_handlers/users/delete/app.py
+from typing import Dict, Any
+from geek_cafe_saas_sdk.services import UserService
+from geek_cafe_saas_sdk.lambda_handlers import ServicePool
+from geek_cafe_saas_sdk.utilities.response import service_result_to_response, error_response, success_response
+from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
+user_service_pool = ServicePool(UserService)
+def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+    """
+    Lambda handler for deleting a user by its ID.
+    Args:
+        event: API Gateway event
+        context: Lambda context
+        injected_service: Optional UserService for testing
+    """
+    try:
+        user_service = injected_service if injected_service else user_service_pool.get()
+        user_id = LambdaEventUtility.get_authenticated_user_id(event)
+        tenant_id = LambdaEventUtility.get_authenticated_user_tenant_id(event)
+        resource_id = LambdaEventUtility.get_value_from_path_parameters(event, 'id')
+        if not resource_id:
+            return error_response("User ID is required in the path.", "VALIDATION_ERROR", 400)
+        result = user_service.delete(
+            resource_id=resource_id,
+            tenant_id=tenant_id,
+            user_id=user_id
+        )
+        if result.success:
+            return success_response(message="User deleted successfully", status_code=204)
+        return service_result_to_response(result)
+    except Exception as e:
+        return error_response(f"An unexpected error occurred: {str(e)}", "INTERNAL_ERROR", 500)

geek_cafe_saas_sdk/domains/auth/handlers/users/get/app.py ADDED Viewed

@@ -0,0 +1,39 @@
+# src/geek_cafe_saas_sdk/lambda_handlers/users/get/app.py
+from typing import Dict, Any
+from geek_cafe_saas_sdk.services import UserService
+from geek_cafe_saas_sdk.lambda_handlers import ServicePool
+from geek_cafe_saas_sdk.utilities.response import service_result_to_response, error_response
+from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
+user_service_pool = ServicePool(UserService)
+def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+    """
+    Lambda handler for retrieving a single user by its ID.
+    Args:
+        event: API Gateway event
+        context: Lambda context
+        injected_service: Optional UserService for testing
+    """
+    try:
+        user_service = injected_service if injected_service else user_service_pool.get()
+        user_id = LambdaEventUtility.get_authenticated_user_id(event)
+        tenant_id = LambdaEventUtility.get_authenticated_user_tenant_id(event)
+        resource_id = LambdaEventUtility.get_value_from_path_parameters(event, 'id')
+        if not resource_id:
+            return error_response("User ID is required in the path.", "VALIDATION_ERROR", 400)
+        result = user_service.get_by_id(
+            resource_id=resource_id,
+            tenant_id=tenant_id,
+            user_id=user_id
+        )
+        return service_result_to_response(result)
+    except Exception as e:
+        return error_response(f"An unexpected error occurred: {str(e)}", "INTERNAL_ERROR", 500)

geek_cafe_saas_sdk/domains/auth/handlers/users/list/app.py ADDED Viewed

@@ -0,0 +1,36 @@
+# src/geek_cafe_saas_sdk/lambda_handlers/users/list/app.py
+from typing import Dict, Any
+from geek_cafe_saas_sdk.services import UserService
+from geek_cafe_saas_sdk.lambda_handlers import ServicePool
+from geek_cafe_saas_sdk.utilities.response import service_result_to_response, error_response
+from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
+user_service_pool = ServicePool(UserService)
+def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+    """
+    Lambda handler for listing users with optional filters.
+    Args:
+        event: API Gateway event
+        context: Lambda context
+        injected_service: Optional UserService for testing
+    """
+    try:
+        user_service = injected_service if injected_service else user_service_pool.get()
+        user_id = LambdaEventUtility.get_authenticated_user_id(event)
+        tenant_id = LambdaEventUtility.get_authenticated_user_tenant_id(event)
+        query_params = event.get('queryStringParameters', {}) or {}
+        # UserService has list_by_tenant method
+        result = user_service.list_by_tenant(
+            tenant_id=tenant_id,
+            user_id=user_id
+        )
+        return service_result_to_response(result)
+    except Exception as e:
+        return error_response(f"An unexpected error occurred: {str(e)}", "INTERNAL_ERROR", 500)

geek_cafe_saas_sdk/domains/auth/handlers/users/update/app.py ADDED Viewed

@@ -0,0 +1,44 @@
+# src/geek_cafe_saas_sdk/lambda_handlers/users/update/app.py
+import json
+from typing import Dict, Any
+from geek_cafe_saas_sdk.services import UserService
+from geek_cafe_saas_sdk.lambda_handlers import ServicePool
+from geek_cafe_saas_sdk.utilities.response import service_result_to_response, error_response
+from geek_cafe_saas_sdk.utilities.lambda_event_utility import LambdaEventUtility
+user_service_pool = ServicePool(UserService)
+def handler(event: Dict[str, Any], context: object, injected_service=None) -> Dict[str, Any]:
+    """
+    Lambda handler for updating an existing user.
+    Args:
+        event: API Gateway event
+        context: Lambda context
+        injected_service: Optional UserService for testing
+    """
+    try:
+        user_service = injected_service if injected_service else user_service_pool.get()
+        body = LambdaEventUtility.get_body_from_event(event)
+        user_id = LambdaEventUtility.get_authenticated_user_id(event)
+        tenant_id = LambdaEventUtility.get_authenticated_user_tenant_id(event)
+        resource_id = LambdaEventUtility.get_value_from_path_parameters(event, 'id')
+        if not resource_id:
+            return error_response("User ID is required in the path.", "VALIDATION_ERROR", 400)
+        result = user_service.update(
+            resource_id=resource_id,
+            tenant_id=tenant_id,
+            user_id=user_id,
+            updates=body
+        )
+        return service_result_to_response(result)
+    except json.JSONDecodeError:
+        return error_response("Invalid JSON in request body.", "VALIDATION_ERROR", 400)
+    except Exception as e:
+        return error_response(f"An unexpected error occurred: {str(e)}", "INTERNAL_ERROR", 500)

geek_cafe_saas_sdk/domains/auth/models/__init__.py ADDED Viewed

@@ -0,0 +1,13 @@
+# Auth Domain Models
+from .user import User
+from .permission import Permission
+from .role import Role
+from .resource_permission import ResourcePermission
+__all__ = [
+    "User",
+    "Permission",
+    "Role",
+    "ResourcePermission",
+]

geek_cafe_saas_sdk/domains/auth/models/permission.py ADDED Viewed

@@ -0,0 +1,134 @@
+"""
+Copyright 2024-2025 Geek Cafe, LLC
+MIT License. See Project Root for the license information.
+Permission model for fine-grained access control.
+Supports extensible permission definitions.
+"""
+from typing import Dict, Any
+from boto3_assist.dynamodb.dynamodb_index import DynamoDBIndex, DynamoDBKey
+from geek_cafe_saas_sdk.models.base_model import BaseModel
+class Permission(BaseModel):
+    """
+    Permission definition model.
+    Defines individual permissions that can be granted to roles or users.
+    Extensible - applications can register custom permissions.
+    Examples:
+    - events:read, events:write, events:delete
+    - chat:send_message, chat:manage_channel
+    - analytics:view_dashboard
+    Access Patterns:
+    - Get permission by code (primary key)
+    - List all permissions (scan/query all)
+    - List permissions by category (GSI1)
+    """
+    def __init__(self):
+        super().__init__()
+        # Core fields
+        self._code: str | None = None  # Unique code: "events:read"
+        self._name: str | None = None  # Display name: "Read Events"
+        self._description: str | None = None
+        self._category: str | None = None  # "events", "chat", "analytics", etc.
+        # Metadata
+        self._is_system: bool = True  # System permissions can't be deleted
+        self._metadata: Dict[str, Any] = {}
+        self._setup_indexes()
+    def _setup_indexes(self):
+        """Setup DynamoDB indexes for permission queries."""
+        # Primary index: permission by code
+        primary: DynamoDBIndex = DynamoDBIndex()
+        primary.name = "primary"
+        primary.partition_key.attribute_name = "pk"
+        primary.partition_key.value = lambda: DynamoDBKey.build_key(
+            ("permission", self.code)
+        )
+        primary.sort_key.attribute_name = "sk"
+        primary.sort_key.value = lambda: DynamoDBKey.build_key(
+            ("permission", self.code)
+        )
+        self.indexes.add_primary(primary)
+        # GSI1: Permissions by category
+        gsi: DynamoDBIndex = DynamoDBIndex()
+        gsi.name = "gsi1"
+        gsi.partition_key.attribute_name = f"{gsi.name}_pk"
+        gsi.partition_key.value = lambda: DynamoDBKey.build_key(
+            ("permission_category", self.category or "uncategorized")
+        )
+        gsi.sort_key.attribute_name = f"{gsi.name}_sk"
+        gsi.sort_key.value = lambda: DynamoDBKey.build_key(
+            ("code", self.code)
+        )
+        self.indexes.add_secondary(gsi)
+    # Code
+    @property
+    def code(self) -> str | None:
+        """Permission code (e.g., 'events:read')."""
+        return self._code
+    @code.setter
+    def code(self, value: str | None):
+        self._code = value
+    # Name
+    @property
+    def name(self) -> str | None:
+        """Display name."""
+        return self._name
+    @name.setter
+    def name(self, value: str | None):
+        self._name = value
+    # Description
+    @property
+    def description(self) -> str | None:
+        """Permission description."""
+        return self._description
+    @description.setter
+    def description(self, value: str | None):
+        self._description = value
+    # Category
+    @property
+    def category(self) -> str | None:
+        """Permission category (e.g., 'events', 'chat')."""
+        return self._category
+    @category.setter
+    def category(self, value: str | None):
+        self._category = value
+    # Is System
+    @property
+    def is_system(self) -> bool:
+        """Whether this is a system permission (cannot be deleted)."""
+        return self._is_system
+    @is_system.setter
+    def is_system(self, value: bool):
+        self._is_system = value
+    # Metadata
+    @property
+    def metadata(self) -> Dict[str, Any]:
+        """Additional metadata."""
+        return self._metadata
+    @metadata.setter
+    def metadata(self, value: Dict[str, Any]):
+        self._metadata = value if value else {}

geek_cafe_saas_sdk/domains/auth/models/resource_permission.py ADDED Viewed

@@ -0,0 +1,245 @@
+"""
+Copyright 2024-2025 Geek Cafe, LLC
+MIT License. See Project Root for the license information.
+ResourcePermission model for ABAC (Attribute-Based Access Control).
+Grants specific permissions to users on specific resources.
+"""
+from typing import List, Dict, Any
+from boto3_assist.dynamodb.dynamodb_index import DynamoDBIndex, DynamoDBKey
+from geek_cafe_saas_sdk.models.base_model import BaseModel
+class ResourcePermission(BaseModel):
+    """
+    Resource-level permission grant.
+    Allows granting specific permissions to users on specific resources.
+    Supports resource sharing and delegation.
+    Examples:
+    - Grant "events:write" to user-456 on event-789
+    - Grant "chat:admin" to user-123 on channel-abc
+    - Grant "analytics:read" to user-999 on tenant-def
+    Access Patterns:
+    - Get grants for user on resource (GSI1: user + resource)
+    - List all user's grants (GSI2: user only)
+    - List all grants on resource (GSI3: resource only)
+    - Check specific grant (primary key)
+    """
+    def __init__(self):
+        super().__init__()
+        # Who has access
+        self._user_id: str | None = None
+        self._tenant_id: str | None = None
+        # What they can access
+        self._resource_type: str | None = None  # "event", "chat_channel", "group", etc.
+        self._resource_id: str | None = None
+        # What they can do
+        self._permissions: List[str] = []  # ["read", "write", "delete"]
+        # Context
+        self._granted_by: str | None = None  # User ID who granted this
+        self._granted_at: int | None = None  # UTC timestamp
+        self._expires_at: int | None = None  # Optional expiration
+        self._reason: str | None = None  # Why granted
+        # Metadata
+        self._metadata: Dict[str, Any] = {}
+        self._setup_indexes()
+    def _setup_indexes(self):
+        """Setup DynamoDB indexes for resource permission queries."""
+        # Primary index: specific grant
+        primary: DynamoDBIndex = DynamoDBIndex()
+        primary.name = "primary"
+        primary.partition_key.attribute_name = "pk"
+        primary.partition_key.value = lambda: DynamoDBKey.build_key(
+            ("user", self.user_id),
+            ("resource", self.resource_type),
+            ("resource_id", self.resource_id)
+        )
+        primary.sort_key.attribute_name = "sk"
+        primary.sort_key.value = lambda: DynamoDBKey.build_key(
+            ("grant", self.id)
+        )
+        self.indexes.add_primary(primary)
+        # GSI1: User's grants on a specific resource
+        gsi: DynamoDBIndex = DynamoDBIndex()
+        gsi.name = "gsi1"
+        gsi.partition_key.attribute_name = f"{gsi.name}_pk"
+        gsi.partition_key.value = lambda: DynamoDBKey.build_key(
+            ("user", self.user_id)
+        )
+        gsi.sort_key.attribute_name = f"{gsi.name}_sk"
+        gsi.sort_key.value = lambda: DynamoDBKey.build_key(
+            ("resource", self.resource_type),
+            ("resource_id", self.resource_id)
+        )
+        self.indexes.add_secondary(gsi)
+        # GSI2: All grants for a user (across all resources)
+        gsi: DynamoDBIndex = DynamoDBIndex()
+        gsi.name = "gsi2"
+        gsi.partition_key.attribute_name = f"{gsi.name}_pk"
+        gsi.partition_key.value = lambda: DynamoDBKey.build_key(
+            ("user_grants", self.user_id)
+        )
+        gsi.sort_key.attribute_name = f"{gsi.name}_sk"
+        gsi.sort_key.value = lambda: DynamoDBKey.build_key(
+            ("resource", self.resource_type),
+            ("resource_id", self.resource_id),
+            ("grant", self.id)
+        )
+        self.indexes.add_secondary(gsi)
+        # GSI3: All grants on a resource (who has access)
+        gsi: DynamoDBIndex = DynamoDBIndex()
+        gsi.name = "gsi3"
+        gsi.partition_key.attribute_name = f"{gsi.name}_pk"
+        gsi.partition_key.value = lambda: DynamoDBKey.build_key(
+            ("resource", self.resource_type),
+            ("resource_id", self.resource_id)
+        )
+        gsi.sort_key.attribute_name = f"{gsi.name}_sk"
+        gsi.sort_key.value = lambda: DynamoDBKey.build_key(
+            ("user", self.user_id)
+        )
+        self.indexes.add_secondary(gsi)
+        # GSI4: Grants by tenant (for admin view)
+        gsi: DynamoDBIndex = DynamoDBIndex()
+        gsi.name = "gsi4"
+        gsi.partition_key.attribute_name = f"{gsi.name}_pk"
+        gsi.partition_key.value = lambda: DynamoDBKey.build_key(
+            ("tenant", self.tenant_id)
+        )
+        gsi.sort_key.attribute_name = f"{gsi.name}_sk"
+        gsi.sort_key.value = lambda: DynamoDBKey.build_key(
+            ("resource", self.resource_type),
+            ("resource_id", self.resource_id),
+            ("user", self.user_id)
+        )
+        self.indexes.add_secondary(gsi)
+    # User ID
+    @property
+    def user_id(self) -> str | None:
+        """User being granted access."""
+        return self._user_id
+    @user_id.setter
+    def user_id(self, value: str | None):
+        self._user_id = value
+    # Tenant ID
+    @property
+    def tenant_id(self) -> str | None:
+        """Tenant context for the grant."""
+        return self._tenant_id
+    @tenant_id.setter
+    def tenant_id(self, value: str | None):
+        self._tenant_id = value
+    # Resource Type
+    @property
+    def resource_type(self) -> str | None:
+        """Type of resource (e.g., 'event', 'chat_channel')."""
+        return self._resource_type
+    @resource_type.setter
+    def resource_type(self, value: str | None):
+        self._resource_type = value
+    # Resource ID
+    @property
+    def resource_id(self) -> str | None:
+        """ID of the specific resource."""
+        return self._resource_id
+    @resource_id.setter
+    def resource_id(self, value: str | None):
+        self._resource_id = value
+    # Permissions
+    @property
+    def permissions(self) -> List[str]:
+        """Permissions granted (e.g., ['read', 'write'])."""
+        return self._permissions
+    @permissions.setter
+    def permissions(self, value: List[str]):
+        self._permissions = value if value else []
+    # Granted By
+    @property
+    def granted_by(self) -> str | None:
+        """User ID who granted this permission."""
+        return self._granted_by
+    @granted_by.setter
+    def granted_by(self, value: str | None):
+        self._granted_by = value
+    # Granted At
+    @property
+    def granted_at(self) -> int | None:
+        """UTC timestamp when granted."""
+        return self._granted_at
+    @granted_at.setter
+    def granted_at(self, value: int | None):
+        self._granted_at = value
+    # Expires At
+    @property
+    def expires_at(self) -> int | None:
+        """UTC timestamp when grant expires (None = never)."""
+        return self._expires_at
+    @expires_at.setter
+    def expires_at(self, value: int | None):
+        self._expires_at = value
+    # Reason
+    @property
+    def reason(self) -> str | None:
+        """Reason for granting permission."""
+        return self._reason
+    @reason.setter
+    def reason(self, value: str | None):
+        self._reason = value
+    # Metadata
+    @property
+    def metadata(self) -> Dict[str, Any]:
+        """Additional metadata."""
+        return self._metadata
+    @metadata.setter
+    def metadata(self, value: Dict[str, Any]):
+        self._metadata = value if value else {}
+    # Helper Methods
+    def is_expired(self) -> bool:
+        """Check if grant has expired."""
+        if self.expires_at is None:
+            return False
+        import time
+        return time.time() > self.expires_at
+    def has_permission(self, permission: str) -> bool:
+        """Check if grant includes specific permission."""
+        return permission in self.permissions