howler-api 3.4.0.dev830__py3-none-any.whl → 3.4.0.dev845__py3-none-any.whl

howler/actions/__init__.py

@@ -2,8 +2,10 @@ import importlib
 import os
 import re
 from pathlib import Path
+from types import ModuleType
 from typing import Any, Optional
 
+from howler.common.loader import datastore
 from howler.common.logging import get_logger
 from howler.odm.models.user import User
 from howler.plugins import get_plugins
@@ -12,6 +14,9 @@ logger = get_logger(__file__)
 
 PLUGIN_PATH = Path(os.environ.get("HWL_PLUGIN_DIRECTORY", "/etc/howler/plugins"))
 
+# Roles that grant advanced hit limits
+ADVANCED_ROLES = {"automation_advanced", "actionrunner_advanced", "admin"}
+
 
 def __sanitize_specification(spec: dict[str, Any]) -> dict[str, Any]:
     """Adapt the specification for use in the UI
@@ -71,6 +76,68 @@ def __sanitize_report(report: list[dict[str, Any]]) -> list[dict[str, Any]]:
     return sanitized
 
 
+def _get_operation(operation_id: str) -> ModuleType | None:
+    """Find and return an operation module by ID."""
+    operation = None
+    try:
+        operation = importlib.import_module(f"howler.actions.{operation_id}")
+    except ImportError:
+        pass
+
+    if not operation:
+        for plugin in get_plugins():
+            if not plugin.modules.operations:
+                continue
+
+            operation = next(
+                (operation for operation in plugin.modules.operations if operation.OPERATION_ID == operation_id), None
+            )
+
+            if operation:
+                break
+
+    return operation
+
+
+def check_hit_limit(
+    query: str, user: User, max_hits_basic: int | None, max_hits_advanced: int | None
+) -> dict[str, Any] | None:
+    """Check if the user exceeds hit count limits. Returns error dict if exceeded, None otherwise.
+
+    Args:
+        query: The query to check hit count for (should be the effective query the operation will execute).
+        user: The user executing the action.
+        max_hits_basic: Maximum hits allowed for basic users (None for no limit).
+        max_hits_advanced: Maximum hits allowed for advanced users (None for no limit).
+
+    Returns:
+        Error dict if limit exceeded, None otherwise.
+    """
+    is_advanced = bool(ADVANCED_ROLES & set(user["type"]))
+    limit = max_hits_advanced if is_advanced else max_hits_basic
+
+    if limit is not None:
+        hit_count = datastore().hit.search(query, rows=0)["total"]
+        if hit_count > limit:
+            return {
+                "query": query,
+                "outcome": "error",
+                "title": "Hit limit exceeded",
+                "message": (
+                    f"This action affects {hit_count} hits, but you can only process {limit} at a time. "
+                    "Contact an administrator for bulk operations."
+                ),
+            }
+    return None
+
+
+def _check_hit_limit(operation: ModuleType, query: str, user: User) -> dict[str, Any] | None:
+    """Central hit limit check using raw query. Skipped if operation sets SKIP_CENTRAL_LIMIT."""
+    max_hits_basic = getattr(operation, "MAX_HITS_BASIC", None)
+    max_hits_advanced = getattr(operation, "MAX_HITS_ADVANCED", None)
+    return check_hit_limit(query, user, max_hits_basic, max_hits_advanced)
+
+
 def execute(
     operation_id: str,
     query: str,
@@ -89,23 +156,7 @@ def execute(
     Returns:
         list[dict[str, Any]]: A report on the execution
     """
-    operation = None
-    try:
-        operation = importlib.import_module(f"howler.actions.{operation_id}")
-    except ImportError:
-        pass
-
-    if not operation:
-        for plugin in get_plugins():
-            if not plugin.modules.operations:
-                continue
-
-            operation = next(
-                (operation for operation in plugin.modules.operations if operation.OPERATION_ID == operation_id), None
-            )
-
-            if operation:
-                break
+    operation = _get_operation(operation_id)
 
     if not operation:
         return [
@@ -117,9 +168,21 @@ def execute(
             }
         ]
 
-    user_roles: set[str] = set(user["type"] if user else [])
-    missing_roles = set(operation.specification()["roles"]) - user_roles
-    if missing_roles:
+    if not user:
+        return [
+            {
+                "query": query,
+                "outcome": "error",
+                "title": "Authentication required",
+                "message": "You must be logged in to execute actions.",
+            }
+        ]
+
+    user_roles = set(user["type"])
+    is_admin = "admin" in user_roles
+    required_roles = set(operation.specification()["roles"])
+    has_roles = required_roles & user_roles
+    if not is_admin and not has_roles:
         return [
             {
                 "query": query,
@@ -127,11 +190,18 @@ def execute(
                 "title": "Insufficient permissions",
                 "message": (
                     f"The operation ID provided ({operation_id}) requires permissions you do not have "
-                    f"({', '.join(missing_roles)}). Contact HOWLER Support for more information."
+                    f"(missing one of: {', '.join(sorted(required_roles))}). "
+                    "Contact HOWLER Support for more information."
                 ),
             }
         ]
 
+    # Skip central limit check if operation handles it locally with transformed query
+    if not getattr(operation, "SKIP_CENTRAL_LIMIT", False):
+        limit_error = _check_hit_limit(operation, query, user)
+        if limit_error:
+            return [limit_error]
+
     report = operation.execute(query=query, request_id=request_id, user=user, **kwargs)
 
     return __sanitize_report(report)

howler/actions/add_label.py

@@ -10,6 +10,8 @@ from howler.utils.str_utils import sanitize_lucene_query
 hit_helper = OdmHelper(Hit)
 
 OPERATION_ID = "add_label"
+MAX_HITS_BASIC = 20
+MAX_HITS_ADVANCED = 1000
 
 CATEGORIES = list(Label.fields().keys())
 
@@ -99,7 +101,7 @@ def specification():
             "short": "Add a label to a hit",
             "long": execute.__doc__,
         },
-        "roles": ["automation_basic"],
+        "roles": ["automation_basic", "actionrunner_basic"],
         "steps": [
             {
                 "args": {"category": [], "label": []},

howler/actions/add_to_bundle.py

@@ -1,18 +1,23 @@
 from typing import Optional
 
+from howler.actions import check_hit_limit
 from howler.common.loader import datastore
 from howler.datastore.operations import OdmHelper
 from howler.odm.models.action import VALID_TRIGGERS
 from howler.odm.models.hit import Hit
+from howler.odm.models.user import User
 from howler.services import hit_service
 from howler.utils.str_utils import sanitize_lucene_query
 
 hit_helper = OdmHelper(Hit)
 
 OPERATION_ID = "add_to_bundle"
+MAX_HITS_BASIC = 10
+MAX_HITS_ADVANCED = 1000
+SKIP_CENTRAL_LIMIT = True  # This operation transforms the query, handles limit check locally
 
 
-def execute(query: str, bundle_id: Optional[str] = None, **kwargs):
+def execute(query: str, bundle_id: Optional[str] = None, user: Optional[User] = None, **kwargs):
     """Add a set of hits matching the query to the specified bundle.
 
     Args:
@@ -77,7 +82,14 @@ def execute(query: str, bundle_id: Optional[str] = None, **kwargs):
             )
 
         safe_query = f"({query}) AND (-howler.bundles:({sanitize_lucene_query(bundle_id)}) AND howler.is_bundle:false)"
-        matching_hits = ds.hit.search(safe_query)["items"]
+
+        # Check hit limit against the effective query (not raw query)
+        if user:
+            limit_error = check_hit_limit(safe_query, user, MAX_HITS_BASIC, MAX_HITS_ADVANCED)
+            if limit_error:
+                return [limit_error]
+
+        matching_hits = ds.hit.search(safe_query, rows=MAX_HITS_ADVANCED, fl="howler.id")["items"]
         if len(matching_hits) < 1:
             report.append(
                 {
@@ -141,7 +153,7 @@ def specification():
             "short": "Add a set of hits to a bundle",
             "long": execute.__doc__,
         },
-        "roles": ["automation_basic"],
+        "roles": ["automation_basic", "actionrunner_basic"],
         "steps": [
             {
                 "args": {"bundle_id": []},

howler/actions/change_field.py

@@ -65,7 +65,7 @@ def specification():
             "short": "Change one of the fields of a hit",
             "long": execute.__doc__,
         },
-        "roles": ["automation_advanced", "admin"],
+        "roles": ["automation_advanced", "actionrunner_advanced", "admin"],
         "steps": [
             {
                 "args": {"field": [], "value": []},

howler/actions/demote.py

@@ -15,6 +15,8 @@ from howler.odm.models.user import User
 from howler.utils.str_utils import sanitize_lucene_query
 
 OPERATION_ID = "demote"
+MAX_HITS_BASIC = 10
+MAX_HITS_ADVANCED = 1000
 
 ESCALATIONS = [esc for esc in Escalation.list() if esc != Escalation.EVIDENCE]
 
@@ -131,7 +133,7 @@ def specification():
             "short": "Demote a hit",
             "long": execute.__doc__,
         },
-        "roles": ["automation_basic"],
+        "roles": ["automation_basic", "actionrunner_basic"],
         "steps": [
             {
                 "args": {"escalation": []},

howler/actions/example_plugin.py

@@ -67,7 +67,7 @@ def specification():
         },
         # What roles should be necessary to run this action? In general, automation_basic should always be required,
         # while automation_advanced should be set when this action could be dangerous or costly in terms of resources.
-        "roles": ["automation_basic"],
+        "roles": ["automation_basic", "actionrunner_basic"],
         # What data should the user be required to provide? This is split intop steps, so arguments can depend on each
         # other, giving basic control flow for specifying arguments.
         "steps": [

howler/actions/prioritization.py

@@ -6,6 +6,8 @@ from howler.odm.models.hit import Hit
 hit_helper = OdmHelper(Hit)
 
 OPERATION_ID = "prioritization"
+MAX_HITS_BASIC = 10
+MAX_HITS_ADVANCED = 1000
 
 VALID_FIELDS = ["reliability", "severity", "volume", "confidence", "score"]
 
@@ -82,7 +84,7 @@ def specification():
             "short": "Change one of the prioritization fields of a hit",
             "long": execute.__doc__,
         },
-        "roles": ["automation_basic"],
+        "roles": ["automation_basic", "actionrunner_basic"],
         "steps": [
             {
                 "args": {"field": [], "value": []},

howler/actions/promote.py

@@ -13,6 +13,8 @@ from howler.odm.models.howler_data import (
 from howler.utils.str_utils import sanitize_lucene_query
 
 OPERATION_ID = "promote"
+MAX_HITS_BASIC = 10
+MAX_HITS_ADVANCED = 1000
 
 ESCALATIONS = [esc for esc in Escalation.list() if esc != Escalation.MISS]
 
@@ -118,7 +120,7 @@ def specification():
             "short": "Promote a hit",
             "long": execute.__doc__,
         },
-        "roles": ["automation_basic"],
+        "roles": ["automation_basic", "actionrunner_basic"],
         "steps": [
             {
                 "args": {"escalation": []},

howler/actions/remove_from_bundle.py

@@ -1,19 +1,24 @@
 from typing import Optional
 
+from howler.actions import check_hit_limit
 from howler.common.exceptions import HowlerException
 from howler.common.loader import datastore
 from howler.datastore.operations import OdmHelper
 from howler.odm.models.action import VALID_TRIGGERS
 from howler.odm.models.hit import Hit
+from howler.odm.models.user import User
 from howler.services import hit_service
 from howler.utils.str_utils import sanitize_lucene_query
 
 hit_helper = OdmHelper(Hit)
 
 OPERATION_ID = "remove_from_bundle"
+MAX_HITS_BASIC = 10
+MAX_HITS_ADVANCED = 1000
+SKIP_CENTRAL_LIMIT = True  # This operation transforms the query, handles limit check locally
 
 
-def execute(query: str, bundle_id: Optional[str] = None, **kwargs):
+def execute(query: str, bundle_id: Optional[str] = None, user: Optional[User] = None, **kwargs):
     """Remove a set of hits matching the query from the specified bundle.
 
     Args:
@@ -62,9 +67,15 @@ def execute(query: str, bundle_id: Optional[str] = None, **kwargs):
                 }
             )
 
-        safe_query = f"{query} AND (howler.bundles:{bundle_id})"
+        safe_query = f"{query} AND (howler.bundles:{sanitize_lucene_query(bundle_id)})"
 
-        matching_hits = ds.hit.search(safe_query)["items"]
+        # Check hit limit against the effective query (not raw query)
+        if user:
+            limit_error = check_hit_limit(safe_query, user, MAX_HITS_BASIC, MAX_HITS_ADVANCED)
+            if limit_error:
+                return [limit_error]
+
+        matching_hits = ds.hit.search(safe_query, rows=MAX_HITS_ADVANCED, fl="howler.id")["items"]
         if len(matching_hits) < 1:
             report.append(
                 {
@@ -83,7 +94,7 @@ def execute(query: str, bundle_id: Optional[str] = None, **kwargs):
 
         hit_service.update_hit(
             bundle_id,
-            [hit_helper.list_remove("howler.hits", h["howler"]["id"]) for h in ds.hit.search(safe_query)["items"]],
+            [hit_helper.list_remove("howler.hits", h["howler"]["id"]) for h in matching_hits],
         )
 
         if len(ds.hit.get(bundle_id).howler.hits) < 1:
@@ -121,7 +132,7 @@ def specification():
             "short": "Remove a set of hits from a bundle",
             "long": execute.__doc__,
         },
-        "roles": ["automation_basic"],
+        "roles": ["automation_basic", "actionrunner_basic"],
         "steps": [
             {
                 "args": {"bundle_id": []},

howler/actions/remove_label.py

@@ -10,6 +10,8 @@ from howler.utils.str_utils import sanitize_lucene_query
 hit_helper = OdmHelper(Hit)
 
 OPERATION_ID = "remove_label"
+MAX_HITS_BASIC = 20
+MAX_HITS_ADVANCED = 1000
 
 CATEGORIES = list(Label.fields().keys())
 
@@ -99,7 +101,7 @@ def specification():
             "short": "Remove a label from a hit",
             "long": execute.__doc__,
         },
-        "roles": ["automation_basic"],
+        "roles": ["automation_basic", "actionrunner_basic"],
         "steps": [
             {
                 "args": {"category": [], "label": []},

howler/actions/transition.py

@@ -1,6 +1,7 @@
 import inspect
 from typing import Optional, cast
 
+from howler.actions import check_hit_limit
 from howler.common.exceptions import InvalidDataException, NotFoundException
 from howler.common.loader import datastore
 from howler.common.logging import get_logger
@@ -17,6 +18,9 @@ from howler.services import event_service, hit_service
 from howler.utils.list_utils import flatten_list
 
 OPERATION_ID = "transition"
+MAX_HITS_BASIC = 10
+MAX_HITS_ADVANCED = 1000
+SKIP_CENTRAL_LIMIT = True  # This operation transforms the query, handles limit check locally
 
 log = get_logger(__file__)
 
@@ -70,8 +74,17 @@ def execute(
         status (str): The status from which to transition.
         transition (str): The transition to attempt to execute.
     """
-    rows = 1000 if "automation_advanced" in user.type else 10
-    hits = datastore().hit.search(f"({query}) AND howler.status:{status}", rows=rows, fl="howler.id")
+    # Build effective query with status filter
+    effective_query = f"({query}) AND howler.status:{status}"
+
+    # Check hit limit against the effective query (not raw query)
+    limit_error = check_hit_limit(effective_query, user, MAX_HITS_BASIC, MAX_HITS_ADVANCED)
+    if limit_error:
+        return [limit_error]
+
+    is_advanced = "automation_advanced" in user.type or "actionrunner_advanced" in user.type or "admin" in user.type
+    rows = MAX_HITS_ADVANCED if is_advanced else MAX_HITS_BASIC
+    hits = datastore().hit.search(effective_query, rows=rows, fl="howler.id")
 
     ids = [hit.howler.id for hit in hits["items"]]
 
@@ -176,7 +189,7 @@ def specification():
             "short": "Transition a hit",
             "long": execute.__doc__,
         },
-        "roles": ["automation_basic"],
+        "roles": ["automation_basic", "actionrunner_basic"],
         "steps": [
             {
                 "args": {"status": []},

howler/api/v1/action.py

@@ -23,7 +23,11 @@ action_api._doc = "Endpoints relating to bulk actions and automation"  # type: i
 
 @generate_swagger_docs()
 @action_api.route("/")
-@api_login(audit=False, check_xsrf_token=False, required_type=["automation_basic"])
+@api_login(
+    audit=False,
+    check_xsrf_token=False,
+    required_type=["admin", "automation_basic", "automation_advanced", "actionrunner_basic", "actionrunner_advanced"],
+)
 def get_actions(**_) -> Response:
     """Get a list of existing actions
 
@@ -43,7 +47,7 @@ def get_actions(**_) -> Response:
 
 @generate_swagger_docs()
 @action_api.route("/", methods=["POST"])
-@api_login(audit=False, check_xsrf_token=False, required_type=["automation_basic"])
+@api_login(audit=False, check_xsrf_token=False, required_type=["admin", "automation_basic", "automation_advanced"])
 def add_action(user: User, **_) -> Response:
     """Create a new action
 
@@ -97,7 +101,7 @@ def add_action(user: User, **_) -> Response:
 @api_login(
     audit=False,
     check_xsrf_token=False,
-    required_type=["automation_basic"],
+    required_type=["admin", "automation_basic", "automation_advanced"],
 )
 def update_action(id: str, user: User, **_) -> Response:
     """Update an existing action
@@ -164,7 +168,7 @@ def update_action(id: str, user: User, **_) -> Response:
 
 @generate_swagger_docs()
 @action_api.route("/<id>", methods=["DELETE"])
-@api_login(audit=True, check_xsrf_token=False, required_type=["automation_basic"])
+@api_login(audit=True, check_xsrf_token=False, required_type=["admin", "automation_basic", "automation_advanced"])
 def delete_action(id: str, user: User, **kwargs) -> Response:
     """Delete an existing action
 
@@ -200,7 +204,11 @@ def delete_action(id: str, user: User, **kwargs) -> Response:
 
 @generate_swagger_docs()
 @action_api.route("/<id>/execute", methods=["POST"])
-@api_login(audit=True, check_xsrf_token=False, required_type=["automation_basic"])
+@api_login(
+    audit=True,
+    check_xsrf_token=False,
+    required_type=["admin", "automation_basic", "automation_advanced", "actionrunner_basic", "actionrunner_advanced"],
+)
 def execute_action(id: str, **kwargs) -> Response:
     """Execute one or more actions on a given query
 
@@ -275,7 +283,11 @@ def execute_action(id: str, **kwargs) -> Response:
 
 @generate_swagger_docs()
 @action_api.route("/operations")
-@api_login(audit=False, check_xsrf_token=False, required_type=["automation_basic"])
+@api_login(
+    audit=False,
+    check_xsrf_token=False,
+    required_type=["admin", "automation_basic", "automation_advanced", "actionrunner_basic", "actionrunner_advanced"],
+)
 def get_operations(**_) -> Response:
     """Get a list of operations the user can run on a query
 
@@ -295,7 +307,11 @@ def get_operations(**_) -> Response:
 
 @generate_swagger_docs()
 @action_api.route("/execute", methods=["POST"])
-@api_login(audit=True, check_xsrf_token=False, required_type=["automation_basic"])
+@api_login(
+    audit=True,
+    check_xsrf_token=False,
+    required_type=["admin", "automation_basic", "automation_advanced", "actionrunner_basic", "actionrunner_advanced"],
+)
 def execute_operations(**kwargs) -> Response:
     """Execute one or more operations on a given query
 

howler/common/loader.py

@@ -13,7 +13,7 @@ if TYPE_CHECKING:
 
 APP_NAME = os.environ.get("APP_NAME", "howler")
 APP_PREFIX = os.environ.get("APP_PREFIX", "hwl")
-USER_TYPES = {"admin", "user", "automation_basic", "automation_advanced"}
+USER_TYPES = {"admin", "user", "automation_basic", "automation_advanced", "actionrunner_basic", "actionrunner_advanced"}
 
 
 def env_substitute(buffer):

howler/odm/base.py

@@ -19,7 +19,7 @@ from datetime import datetime
 from enum import Enum as PyEnum
 from enum import EnumMeta
 from typing import Any as _Any
-from typing import Dict, Union
+from typing import Callable
 from venv import logger
 
 import arrow
@@ -29,6 +29,8 @@ from dateutil.tz import tzutc
 from howler.common import loader
 from howler.common.exceptions import HowlerKeyError, HowlerNotImplementedError, HowlerTypeError, HowlerValueError
 from howler.common.net import is_valid_domain, is_valid_ip
+from howler.odm.howler_enum import HowlerEnum
+from howler.utils.compat import StrEnum as PyStrEnum
 from howler.utils.dict_utils import flatten, recursive_update
 from howler.utils.isotime import now_as_iso
 from howler.utils.uid import get_random_id
@@ -549,15 +551,23 @@ class Processor(ValidatedKeyword):
 
 
 class Enum(Keyword):
-    """A field storing a short string that has predefined list of possible values"""
+    """A field storing a short string that has predefined list of possible values.
 
-    def __init__(self, values: PyEnum | list[typing.Any] | set[typing.Any], *args, **kwargs):
+    Accepts values from lists/sets, Enum classes, and StrEnum (PyStrEnum) members.
+    """
+
+    def __init__(
+        self,
+        values: type[HowlerEnum] | type[PyEnum] | type[PyStrEnum] | list[typing.Any] | set[typing.Any],
+        *args,
+        **kwargs,
+    ):
         super().__init__(*args, **kwargs)
         if isinstance(values, set):
             self.values = values
         elif isinstance(values, (list, tuple)):
             self.values = set(values)
-        elif isinstance(values, (PyEnum, EnumMeta)):
+        elif isinstance(values, (PyEnum, PyStrEnum, EnumMeta)):
             self.values = set([e.value for e in values])  # type: ignore
         else:
             raise HowlerTypeError(f"Type unsupported for Enum odm: {type(values)}")
@@ -1063,7 +1073,7 @@ class Optional(_Field):
 
 class Model:
     @classmethod
-    def fields(cls, skip_mappings=False) -> dict[str, _Field]:
+    def fields(cls, skip_mappings=False, no_cache=False) -> dict[str, _Field]:
         """Describe the elements of the model.
 
         For compound fields return the field object.
@@ -1071,33 +1081,42 @@ class Model:
         Args:
             skip_mappings (bool): Skip over mappings where the real subfield names are unknown.
         """
-        if skip_mappings and hasattr(cls, "_odm_field_cache_skip"):
+        if not no_cache and skip_mappings and "_odm_field_cache_skip" in cls.__dict__:
             return cls._odm_field_cache_skip
 
-        if not skip_mappings and hasattr(cls, "_odm_field_cache"):
+        if not no_cache and not skip_mappings and "_odm_field_cache" in cls.__dict__:
             return cls._odm_field_cache
 
         out = dict()
+        # Iterate through inherited classes. If any of them are odm.Model (e.g., they expose fields())
+        # then include their fields as well. This allows for class inheritance.
+        for base in cls.__bases__:
+            _fields: Callable[..., dict[str, _Field]] | None = getattr(base, "fields", None)
+            if _fields and callable(_fields):
+                out.update(_fields(skip_mappings=skip_mappings, no_cache=True))
+
         for name, field_data in cls.__dict__.items():
             if isinstance(field_data, _Field):
                 if skip_mappings and isinstance(field_data, Mapping):
                     continue
                 out[name.rstrip("_")] = field_data
 
-        if skip_mappings:
-            cls._odm_field_cache_skip = out
-        else:
-            cls._odm_field_cache = out
+        if not no_cache:
+            if skip_mappings:
+                cls._odm_field_cache_skip = out
+            else:
+                cls._odm_field_cache = out
+
         return out
 
     @classmethod
     def add_namespace(cls, namespace: str, field: _Field, index=None, store=None, description=None):
         recursive_set_name(field, namespace)
 
-        if hasattr(cls, "_odm_field_cache_skip"):
+        if "_odm_field_cache_skip" in cls.__dict__:
             cls._odm_field_cache_skip[namespace.rstrip("_")] = field
 
-        if hasattr(cls, "_odm_field_cache"):
+        if "_odm_field_cache" in cls.__dict__:
             cls._odm_field_cache[namespace.rstrip("_")] = field
 
         setattr(cls, namespace, field)
@@ -1112,10 +1131,10 @@ class Model:
 
     @classmethod
     def remove_namespace(cls, namespace: str):
-        if hasattr(cls, "_odm_field_cache_skip"):
+        if "_odm_field_cache_skip" in cls.__dict__:
             del cls._odm_field_cache_skip[namespace.rstrip("_")]
 
-        if hasattr(cls, "_odm_field_cache"):
+        if "_odm_field_cache" in cls.__dict__:
             del cls._odm_field_cache[namespace.rstrip("_")]
 
         delattr(cls, namespace)
@@ -1147,8 +1166,11 @@ class Model:
             else:
                 out[name] = sub_field
 
-        if isinstance(field, Compound) and show_compound:
-            out[name] = field
+        if show_compound:
+            if isinstance(field, Compound):
+                out[name] = field
+            elif isinstance(field, List) and isinstance(field.child_type, Compound):
+                out[name] = field.child_type
 
         return out
 
@@ -1163,6 +1185,11 @@ class Model:
             skip_mappings (bool): Skip over mappings where the real subfield names are unknown.
         """
         out = dict()
+        for base in cls.__bases__:
+            _flat_fields: Callable[..., dict[str, _Field]] | None = getattr(base, "flat_fields", None)
+            if _flat_fields and callable(_flat_fields):
+                out.update(_flat_fields(show_compound=show_compound, skip_mappings=skip_mappings))
+
         for name, field in cls.__dict__.items():
             if isinstance(field, _Field):
                 if skip_mappings and isinstance(field, Mapping):
@@ -1185,7 +1212,7 @@ class Model:
         include_autogen_note=True,
         defaults=None,
         url_prefix="/howler/odm/class/",
-    ) -> Union[str, Dict]:
+    ) -> str:
         markdown_content = (
             (
                 '??? success "Auto-Generated Documentation"\n    '
@@ -1476,12 +1503,44 @@ def recursive_set_name(field, name, to_parent=False):
         recursive_set_name(field.child_type, name, to_parent=True)
 
 
-def model(index=None, store=None, description=None):
-    """Decorator to create model objects."""
+def model(index=None, store=None, description=None, id_field=None):
+    """Decorator that finalizes a Model subclass for use with the datastore.
+    Assigns metadata to the class (description, id field), validates that all
+    declared field names are legal, recursively sets each field's name, and
+    applies default index/store settings to every field.
+    If ``id_field`` is not provided, it defaults to ``<classname_lower>_id``.
+    Args:
+        index: Default index setting applied to all fields on the model.
+        store: Default store setting applied to all fields on the model.
+        description: Human-readable description of the model.
+        id_field: Name of the field used as the primary key. Defaults to
+            ``<classname_lower>_id`` when not specified.
+    Returns:
+        A class decorator that configures and returns the decorated Model subclass.
+    Raises:
+        HowlerValueError: If any field name fails the ``FIELD_SANITIZER`` regex
+            or appears in ``BANNED_FIELDS``.
+    """
 
     def _finish_model(cls):
         cls._Model__description = description
-        for name, field_data in cls.fields().items():
+        fields = cls.fields()
+
+        if id_field is None:
+            cls._Model__id_field = f"{cls.__name__.lower()}_id"
+        else:
+            if not isinstance(id_field, str):
+                raise HowlerTypeError(f"id_field must be a str, got {type(id_field).__name__}")
+
+            if not FIELD_SANITIZER.match(id_field) or id_field in BANNED_FIELDS:
+                raise HowlerValueError(f"Illegal id_field name: {id_field}")
+
+            if id_field not in fields:
+                raise HowlerValueError(f"id_field must reference a declared field: {id_field}")
+
+            cls._Model__id_field = id_field
+
+        for name, field_data in fields.items():
             if not FIELD_SANITIZER.match(name) or name in BANNED_FIELDS:
                 raise HowlerValueError(f"Illegal variable name: {name}")
 

howler/odm/models/user.py

@@ -63,7 +63,7 @@ class User(odm.Model):
     access_control: str = odm.Keyword(index=False, store=False, optional=True, description="Access control filter")
     type: list[str] = odm.List(
         odm.Enum(values=loader.USER_TYPES),
-        default=["user", "automation_basic"],
+        default=["user", "actionrunner_basic"],
         description="Type of user",
     )
     uname: str = odm.Keyword(copyto="__text__", description="Username")

howler/odm/random_data.py

@@ -119,7 +119,14 @@ def create_users(ds):
             "email": "admin@howler.cyber.gc.ca",
             "password": admin_hash,
             "uname": "admin",
-            "type": ["admin", "user", "automation_basic", "automation_advanced"],
+            "type": [
+                "admin",
+                "user",
+                "automation_basic",
+                "automation_advanced",
+                "actionrunner_basic",
+                "actionrunner_advanced",
+            ],
             "groups": [
                 "group1",
                 "group2",
@@ -169,6 +176,11 @@ def create_users(ds):
                     "password": user_hash,
                 },
             },
+            "type": [
+                "user",
+                "automation_basic",
+                "actionrunner_basic",
+            ],
             "password": user_hash,
             "uname": "user",
             "favourite_views": [user_view.view_id],

howler/utils/compat.py

@@ -0,0 +1,27 @@
+"""Compatibility shims for symbols added in Python 3.11.
+
+Import from this module instead of using `if sys.version_info` guards inline.
+"""
+
+import sys
+
+if sys.version_info >= (3, 11):
+    from enum import StrEnum
+    from typing import NotRequired, TypedDict
+else:
+    from enum import Enum as _Enum
+
+    class StrEnum(str, _Enum):  # type: ignore[no-redef]
+        """str + Enum backport for Python < 3.11."""
+
+        def __str__(self) -> str:
+            return str.__str__(self)
+
+        def __format__(self, format_spec: str) -> str:
+            return str.__format__(self, format_spec)
+
+    # typing_extensions.TypedDict supports Generic[T] mixing on Python < 3.11;
+    # the stdlib version does not gain that until 3.11.
+    from typing_extensions import NotRequired, TypedDict  # noqa: F401
+
+__all__ = ["NotRequired", "StrEnum", "TypedDict"]

{howler_api-3.4.0.dev830.dist-info → howler_api-3.4.0.dev845.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: howler-api
-Version: 3.4.0.dev830
+Version: 3.4.0.dev845
 Summary: Howler - API server
 License: MIT
 Keywords: howler,alerting,gc,canada,cse-cst,cse,cst,cyber,cccs

{howler_api-3.4.0.dev830.dist-info → howler_api-3.4.0.dev845.dist-info}/RECORD

@@ -1,20 +1,20 @@
 howler/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-howler/actions/__init__.py,sha256=Xkr37l1JSyjed5mrgZmxYKHX6AcG1rw3y48i86HlLjQ,5172
-howler/actions/add_label.py,sha256=3Vvjsn3FBPReFLGRANyoJB28xY7ZK31Zm1xIThpbq0s,3270
-howler/actions/add_to_bundle.py,sha256=SY0v5uTns5OLi_BHY50wGCLQmi1zSw1CaErbhOgAq1U,5245
-howler/actions/change_field.py,sha256=wC2n8IzfD7TtgdP3M2Kzws2hu0OuQRq1_QeQ6iNzj8M,2181
-howler/actions/demote.py,sha256=dYz7XpAAs03SyXlOHwGZN-NKb2GfAhbfVHeQa51NOp8,5134
-howler/actions/example_plugin.py,sha256=TPF-ERmfhWrU1H64uC1DheWKG6Z1RZle5inRi5tUmnE,4749
-howler/actions/prioritization.py,sha256=qXgvw98YzaFVICIW6jQR-cQSIAZIwqL7-jioHE6s_Y0,2821
-howler/actions/promote.py,sha256=v2lFS4WkOpX47ChbSYbhJKzwAShYE3Fg2UVQ6sbr7Yw,4703
-howler/actions/remove_from_bundle.py,sha256=Tt9zPZuPrplM8lvCo2sHKORY4U4z3S6RfltXRigDvF4,4251
-howler/actions/remove_label.py,sha256=I6_4KnBgvW6OwP7tNe5LMbaOZfAVf5S9ADijBt7g-9A,3325
-howler/actions/transition.py,sha256=B_qIbnBdcFvvhPg9H8gE6jYGVDF9sAxBnJTMBajMO-Q,6456
+howler/actions/__init__.py,sha256=dE2-GcmPu-co02NN1bwEBK5PXb0jCWqkM6V54-JgyuM,7865
+howler/actions/add_label.py,sha256=eBQTdAa66_T7hZrVOIbLvMObTuoxpaJ3gmlzo-L1e2M,3337
+howler/actions/add_to_bundle.py,sha256=u_Fb2HA_tbWgbaH8Pg1UhKxvqYPmum_ObrRWr-xNvi8,5807
+howler/actions/change_field.py,sha256=OjL8Z2ZfifoJdFpUV876CEzrEPxsteqGfH6CksORpXo,2206
+howler/actions/demote.py,sha256=b31yzpGiTSdEKcC9QFxF2Q-fE3OJ4Q7gSNVjM7Z9Vrk,5201
+howler/actions/example_plugin.py,sha256=CVY2wenxHWjyhtEu8S4HOqGxYAYwE_3Otq8DIdmuFgU,4771
+howler/actions/prioritization.py,sha256=ZpSo2L2WV3NtBSazqmLmskohWFGn2C9wdlAJc162gCo,2888
+howler/actions/promote.py,sha256=VPpEmzQ7ApeSESNilNpUwiLRR5AdT4-xwYlOjenexgg,4770
+howler/actions/remove_from_bundle.py,sha256=hgLULSQPqrHo4p1xmUmMmA-VoiEr4mjQhgCj1gyDZXw,4814
+howler/actions/remove_label.py,sha256=W4eFe_Io0QPTaMCNPT53GLt4xvkrTKU05ipqJSZFitk,3392
+howler/actions/transition.py,sha256=4eckby4SiWmy-JGjQE0sHNMmrH1x5zXLJIoTeWYuEPU,7073
 howler/api/__init__.py,sha256=8IjKws_NIhDl22oHRNrVMqgwmO2i2aMwEPHUPb1hnes,8717
 howler/api/base.py,sha256=i--N7f4itJBRNVayDAqOiZYIq9thXwdblRBGfePyP1c,2689
 howler/api/socket.py,sha256=VaH3O5rBAn9tZdPcdC-6TaJ-gksQ3u41kz2YAtafNA4,4097
 howler/api/v1/__init__.py,sha256=Qy4PXXm9r3VNvuvPUZPtY8rtXgnmGIB8U3cNt65um-w,3872
-howler/api/v1/action.py,sha256=Q-2GdL-xWMNno0GnmggjTe4Zm3XUzfTaaSlMk24h4NY,11182
+howler/api/v1/action.py,sha256=21lkZsWTeCfn1FITKplcW7PyVE9TlnXWInqyKERM6qo,11654
 howler/api/v1/analytic.py,sha256=dPrWOPIZUOUGLObkWy8W8ErcvbkEVoya8aBY1ERUD7M,19788
 howler/api/v1/auth.py,sha256=aM0PWXtySvgbrkT3RqWgJFzxOaM4cwtRThoYsGHCjac,14313
 howler/api/v1/clue.py,sha256=zTEIq_sPomWaY8xIKhbN03l1UfZ_OVoqBT_3eoGZfN4,2938
@@ -37,7 +37,7 @@ howler/common/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 howler/common/classification.py,sha256=oOpyfZh4SudrCcLjBpJIOi3Ye_iy5Kc1Nu27KScp9og,43057
 howler/common/classification.yml,sha256=3VBqzKYkiqz8bCsSuqNvqxeqUPN1NmXBKHusGFO3hbg,4092
 howler/common/exceptions.py,sha256=An8MW-qB8g7EYLTxddnoIiyxNDQAqU9AmH8MrDFfnwQ,5804
-howler/common/loader.py,sha256=VgoNwf8G95t4MIe9TBYhnSDmU1XZlxsmeNEP1wFcFrg,5455
+howler/common/loader.py,sha256=A8xDyfm6J_bqoiO-jH4G0h1ONd8WaORx7NGntUyR_94,5502
 howler/common/logging/__init__.py,sha256=79UQ0ZbLwrHgHwHEaMpkRxRgtARudn1oV4AfBJQBNyU,7843
 howler/common/logging/audit.py,sha256=iR42dJ8hhuXQFN60yyXcms31dPtgZSHBQlHH_VZTEZc,3528
 howler/common/logging/format.py,sha256=UnkOJ5lw0m0XIT57CQHV9OCrOPGC8_2GVg1rD_jM4qg,1138
@@ -85,7 +85,7 @@ howler/helper/workflow.py,sha256=ATvEv5CI7Bm2bTEy0U0EPEdz6-fZfyqIkc-gZCYmRY8,480
 howler/helper/ws.py,sha256=im7pFQJDmGs3EyaBviGD1csYmTTRwLx8Gfih6-MlPhs,15911
 howler/odm/README.md,sha256=Ihc_DyjVQlLaIOEbPoQNPkum9Ecn8kn37-PMFQsX77s,5645
 howler/odm/__init__.py,sha256=1n6vgBOrFcCHSBFysqgODERvqP7s5DIeJe8N8UeE5pM,44
-howler/odm/base.py,sha256=jXJBaLTx83s1g9BbAZp4S1GJJz_fBxWHIP8CW0em27Q,52956
+howler/odm/base.py,sha256=oO5MW5hziQp5xd_x2NNCl1F2v3vbm731Bn6-71Ou65Q,55745
 howler/odm/charter.txt,sha256=-Wgrv7nqugZmeQknJk0_m6klLJStjVbuqKbi_KaDinQ,15277
 howler/odm/helper.py,sha256=t12eFRnDfEELn4K2lpccXRWHAPdz2-f_pVFUp4lva2Q,13945
 howler/odm/howler_enum.py,sha256=JzRK3_adlhvfkoGdMZD1jgOwlneZs8-x7OxGEj3zcpY,768
@@ -145,9 +145,9 @@ howler/odm/models/localized_label.py,sha256=G7gfQ1cngiI4KprqldHWE1KHkAgK4AG_JsfH
 howler/odm/models/overview.py,sha256=kvZcMYPDlkJEGa0L1jq9pG0RFjLOVudC64-2GTWVu2w,684
 howler/odm/models/pivot.py,sha256=ZewcGh91xbE64snZ5Ahz2So1onAqO8U9H4CFe6jBOXs,1405
 howler/odm/models/template.py,sha256=-Tqq_36qD_3nQ4jv13OPeH_EyyERKhc55wT03CU-Kbk,979
-howler/odm/models/user.py,sha256=T1VTbUfRHU4g48iccW3TS7lWSgGXVfd1CuSx-b3TDjE,3388
+howler/odm/models/user.py,sha256=1MSQEUopCUHZLjGaUY_L_2uJnBQYlXODzC6VoHRPWLE,3390
 howler/odm/models/view.py,sha256=DYFrYcx4NT-Z_0GUg_5qjRRLwrMMFK78NQ-20iuFx8o,1323
-howler/odm/random_data.py,sha256=96HRJu1O47hDvZ3pA55UPN6ckPh458oxrxQrmupmJng,29490
+howler/odm/random_data.py,sha256=9nTxel-hw3ujLyZer41-AVQUXieemdx7KbpPXNlCVng,29783
 howler/odm/randomizer.py,sha256=2gBwQA6karZQhX82cz0oBhgCXvmVlFXhdKXGdjoAjLM,23870
 howler/patched.py,sha256=Br4BGU5raaqjSMDLD7ogb5A8Yn0dzecouh6uWVV2jlQ,77
 howler/plugins/__init__.py,sha256=P5P-t4KgIInOzp4NmIturNIhUbb3jPO81n55Q_b_gM0,841
@@ -187,6 +187,7 @@ howler/telemetry.py,sha256=bXjXhZXwiwcGDJAD2ZNN_Zh6aZd19cQqtmn3G47Ckac,2584
 howler/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 howler/utils/annotations.py,sha256=GLuDbjbXp8esDji3qhQY_uQyOWVqfIdpF_zs2t0IaMI,878
 howler/utils/chunk.py,sha256=NoVDKzZkO8O92xXk0s0Pny2g7It9BX0PqWbknmnRSFg,895
+howler/utils/compat.py,sha256=iFUqWgdbrilxKZkRAGR_nPGqi9rWUtIhtOR_7oX6uRk,851
 howler/utils/constants.py,sha256=FxmABq-DE5eFTHDlGvy5jRNm-6AU-o4mRo093QWBofw,121
 howler/utils/dict_utils.py,sha256=L5bB7WRACZLxBlxHY4cRNH7ASBieEPGTbeSIqU_VOVs,7063
 howler/utils/isotime.py,sha256=iCGae-3OPS6PxQx76IwOpV_IRYc0wF9ezp61h7MifsY,449
@@ -196,7 +197,7 @@ howler/utils/path.py,sha256=DfOU4i4zSs4wchHoE8iE7aWVLkTxiC_JRGepF2hBYBk,690
 howler/utils/socket_utils.py,sha256=nz1SklC9xBHUSfHyTJjpq3mbozX1GDf01WzdGxfaUII,2212
 howler/utils/str_utils.py,sha256=HE8Hqh2HlOLaj16w0H9zKOyDJLp-f1LQ50y_WeGZaEk,8389
 howler/utils/uid.py,sha256=p9dsqyvZ-lpiAuzZWCPCeEM99kdk0Ly9czf04HNdSuw,1341
-howler_api-3.4.0.dev830.dist-info/METADATA,sha256=MHWu4BXE8lJmKTHkP9jq3jHd0l8SxZyNytPKXUfYvE4,2879
-howler_api-3.4.0.dev830.dist-info/WHEEL,sha256=Vz2fHgx6HFtSwhs8KvkHLqH5Ea4w1_rner5uNVGCeIE,88
-howler_api-3.4.0.dev830.dist-info/entry_points.txt,sha256=Lu9SBGvwe0wczJHmc-RudC24lmQk7tv3ZBXon9RIihg,259
-howler_api-3.4.0.dev830.dist-info/RECORD,,
+howler_api-3.4.0.dev845.dist-info/METADATA,sha256=G95U-YGAkHdhBvqYdZD6iqzaaUAbYTWGRxjCiA8A3yI,2879
+howler_api-3.4.0.dev845.dist-info/WHEEL,sha256=Vz2fHgx6HFtSwhs8KvkHLqH5Ea4w1_rner5uNVGCeIE,88
+howler_api-3.4.0.dev845.dist-info/entry_points.txt,sha256=Lu9SBGvwe0wczJHmc-RudC24lmQk7tv3ZBXon9RIihg,259
+howler_api-3.4.0.dev845.dist-info/RECORD,,