PyPI - karrio-server-core - Versions diffs - 2025.5rc12__py3-none-any.whl → 2026.1.1__py3-none-any.whl - Mend

karrio-server-core 2025.5rc12py3-none-any.whl → 2026.1.1py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (112) hide show

karrio/server/core/authentication.py +59 -25
karrio/server/core/config.py +31 -0
karrio/server/core/datatypes.py +30 -4
karrio/server/core/dataunits.py +53 -22
karrio/server/core/exceptions.py +287 -17
karrio/server/core/filters.py +14 -0
karrio/server/core/gateway.py +285 -10
karrio/server/core/logging.py +403 -0
karrio/server/core/management/commands/runserver.py +5 -0
karrio/server/core/middleware.py +104 -2
karrio/server/core/migrations/0006_add_api_log_requested_at_index.py +22 -0
karrio/server/core/models/base.py +34 -1
karrio/server/core/oauth_validators.py +2 -3
karrio/server/core/permissions.py +1 -2
karrio/server/core/serializers.py +183 -10
karrio/server/core/signals.py +22 -28
karrio/server/core/telemetry.py +573 -0
karrio/server/core/tests/__init__.py +27 -0
karrio/server/core/{tests.py → tests/base.py} +6 -7
karrio/server/core/tests/test_exception_level.py +159 -0
karrio/server/core/tests/test_resource_token.py +593 -0
karrio/server/core/utils.py +688 -38
karrio/server/core/validators.py +144 -222
karrio/server/core/views/oauth.py +13 -12
karrio/server/core/views/references.py +2 -2
karrio/server/iam/apps.py +1 -4
karrio/server/iam/migrations/0002_setup_carrier_permission_groups.py +103 -0
karrio/server/iam/migrations/0003_remove_permission_groups.py +91 -0
karrio/server/iam/permissions.py +7 -134
karrio/server/iam/serializers.py +17 -2
karrio/server/iam/signals.py +2 -4
karrio/server/providers/admin.py +1 -1
karrio/server/providers/management/commands/migrate_rate_sheets.py +101 -0
karrio/server/providers/migrations/0082_add_zone_identifiers.py +50 -0
karrio/server/providers/migrations/0083_add_optimized_rate_sheet_structure.py +33 -0
karrio/server/providers/migrations/0084_alter_servicelevel_currency.py +168 -0
karrio/server/providers/migrations/0085_populate_dhl_parcel_de_oauth_credentials.py +82 -0
karrio/server/providers/migrations/0086_rename_dhl_parcel_de_customer_number_to_billing_number.py +71 -0
karrio/server/providers/migrations/0087_alter_carrier_capabilities.py +38 -0
karrio/server/providers/migrations/0088_servicelevel_surcharges.py +24 -0
karrio/server/providers/migrations/0089_servicelevel_cost_max_volume.py +31 -0
karrio/server/providers/migrations/0090_ratesheet_surcharges_servicelevel_zone_surcharge_ids.py +47 -0
karrio/server/providers/migrations/0091_migrate_legacy_zones_surcharges.py +154 -0
karrio/server/providers/models/__init__.py +1 -2
karrio/server/providers/models/carrier.py +103 -18
karrio/server/providers/models/service.py +188 -1
karrio/server/providers/models/sheet.py +371 -0
karrio/server/providers/serializers/base.py +263 -2
karrio/server/providers/signals.py +2 -4
karrio/server/providers/templates/providers/oauth_callback.html +105 -0
karrio/server/providers/tests/__init__.py +5 -0
karrio/server/providers/tests/test_connections.py +895 -0
karrio/server/providers/views/carriers.py +1 -3
karrio/server/providers/views/connections.py +322 -2
karrio/server/samples.py +1 -1
karrio/server/serializers/abstract.py +116 -21
karrio/server/tracing/migrations/0007_tracingrecord_tracing_created_at_idx.py +19 -0
karrio/server/tracing/models.py +2 -0
karrio/server/tracing/utils.py +5 -8
karrio/server/user/migrations/0007_user_metadata.py +25 -0
karrio/server/user/models.py +38 -23
karrio/server/user/serializers.py +1 -0
karrio/server/user/templates/registration/registration_confirm_email.html +1 -1
{karrio_server_core-2025.5rc12.dist-info → karrio_server_core-2026.1.1.dist-info}/METADATA +2 -2
{karrio_server_core-2025.5rc12.dist-info → karrio_server_core-2026.1.1.dist-info}/RECORD +67 -86
karrio/server/providers/extension/__init__.py +0 -1
karrio/server/providers/extension/models/__init__.py +0 -1
karrio/server/providers/extension/models/allied_express.py +0 -22
karrio/server/providers/extension/models/allied_express_local.py +0 -22
karrio/server/providers/extension/models/amazon_shipping.py +0 -27
karrio/server/providers/extension/models/aramex.py +0 -25
karrio/server/providers/extension/models/asendia_us.py +0 -21
karrio/server/providers/extension/models/australiapost.py +0 -20
karrio/server/providers/extension/models/boxknight.py +0 -19
karrio/server/providers/extension/models/bpost.py +0 -21
karrio/server/providers/extension/models/canadapost.py +0 -21
karrio/server/providers/extension/models/canpar.py +0 -19
karrio/server/providers/extension/models/chronopost.py +0 -22
karrio/server/providers/extension/models/colissimo.py +0 -22
karrio/server/providers/extension/models/dhl_express.py +0 -23
karrio/server/providers/extension/models/dhl_parcel_de.py +0 -25
karrio/server/providers/extension/models/dhl_poland.py +0 -22
karrio/server/providers/extension/models/dhl_universal.py +0 -19
karrio/server/providers/extension/models/dicom.py +0 -20
karrio/server/providers/extension/models/dpd.py +0 -37
karrio/server/providers/extension/models/dpdhl.py +0 -26
karrio/server/providers/extension/models/easypost.py +0 -20
karrio/server/providers/extension/models/eshipper.py +0 -21
karrio/server/providers/extension/models/fedex.py +0 -25
karrio/server/providers/extension/models/fedex_ws.py +0 -24
karrio/server/providers/extension/models/freightcom.py +0 -21
karrio/server/providers/extension/models/generic.py +0 -35
karrio/server/providers/extension/models/geodis.py +0 -22
karrio/server/providers/extension/models/hay_post.py +0 -22
karrio/server/providers/extension/models/laposte.py +0 -19
karrio/server/providers/extension/models/locate2u.py +0 -22
karrio/server/providers/extension/models/nationex.py +0 -22
karrio/server/providers/extension/models/purolator.py +0 -21
karrio/server/providers/extension/models/roadie.py +0 -18
karrio/server/providers/extension/models/royalmail.py +0 -19
karrio/server/providers/extension/models/sendle.py +0 -22
karrio/server/providers/extension/models/tge.py +0 -63
karrio/server/providers/extension/models/tnt.py +0 -23
karrio/server/providers/extension/models/ups.py +0 -23
karrio/server/providers/extension/models/usps.py +0 -23
karrio/server/providers/extension/models/usps_international.py +0 -23
karrio/server/providers/extension/models/usps_wt.py +0 -24
karrio/server/providers/extension/models/usps_wt_international.py +0 -24
karrio/server/providers/extension/models/zoom2u.py +0 -23
karrio/server/providers/tests.py +0 -3
{karrio_server_core-2025.5rc12.dist-info → karrio_server_core-2026.1.1.dist-info}/WHEEL +0 -0
{karrio_server_core-2025.5rc12.dist-info → karrio_server_core-2026.1.1.dist-info}/top_level.txt +0 -0

karrio/server/core/validators.py CHANGED Viewed

@@ -1,23 +1,12 @@
 import re
-import typing
-import logging
-import requests  # type: ignore
 import phonenumbers
-from constance import config
 from datetime import datetime
+from karrio.server.core.logging import logger
 import karrio.lib as lib
 import karrio.core.units as units
 import karrio.server.serializers as serializers
-import karrio.server.core.datatypes as datatypes
-# Try to import the references module, which may not be available in all environments
-try:
-    import karrio.references as references
-except ImportError:
-    references = None
-logger = logging.getLogger(__name__)
 DIMENSIONS = ["width", "height", "length"]
@@ -45,9 +34,13 @@ def dimensions_required_together(value):
         )
-def valid_time_format(prop: str):
-    def validate(value):
+class TimeFormatValidator:
+    """Validator for HH:MM time format that can be pickled."""
+    def __init__(self, prop: str):
+        self.prop = prop
+    def __call__(self, value):
         try:
             datetime.strptime(value, "%H:%M")
         except Exception:
@@ -56,12 +49,14 @@ def valid_time_format(prop: str):
                 code="invalid",
             )
-    return validate
+class DateFormatValidator:
+    """Validator for YYYY-MM-DD date format that can be pickled."""
-def valid_date_format(prop: str):
-    def validate(value):
+    def __init__(self, prop: str):
+        self.prop = prop
+    def __call__(self, value):
         try:
             datetime.strptime(value, "%Y-%m-%d")
         except Exception:
@@ -70,12 +65,14 @@ def valid_date_format(prop: str):
                 code="invalid",
             )
-    return validate
+class DateTimeFormatValidator:
+    """Validator for YYYY-MM-DD HH:MM datetime format that can be pickled."""
-def valid_datetime_format(prop: str):
-    def validate(value):
+    def __init__(self, prop: str):
+        self.prop = prop
+    def __call__(self, value):
         try:
             datetime.strptime(value, "%Y-%m-%d %H:%M")
         except Exception:
@@ -84,21 +81,40 @@ def valid_datetime_format(prop: str):
                 code="invalid",
             )
-    return validate
+def valid_time_format(prop: str):
+    """Factory function for time format validator."""
+    return TimeFormatValidator(prop)
-def valid_base64(prop: str, max_size: int = 5242880):
-    def validate(value: str):
+def valid_date_format(prop: str):
+    """Factory function for date format validator."""
+    return DateFormatValidator(prop)
+def valid_datetime_format(prop: str):
+    """Factory function for datetime format validator."""
+    return DateTimeFormatValidator(prop)
+class Base64Validator:
+    """Validator for base64 encoded content that can be pickled."""
+    def __init__(self, prop: str, max_size: int = 5242880):
+        self.prop = prop
+        self.max_size = max_size
+    def __call__(self, value: str):
         error = None
         try:
             buffer = lib.to_buffer(value, validate=True)
-            if buffer.getbuffer().nbytes > max_size:
-                error = f"Error: file size exceeds {max_size} bytes."
+            if buffer.getbuffer().nbytes > self.max_size:
+                error = f"Error: file size exceeds {self.max_size} bytes."
         except Exception as e:
-            logger.exception(e)
+            logger.error("Invalid base64 file content", error=str(e))
             error = "Invalid base64 file content"
             raise serializers.ValidationError(
                 error,
@@ -108,7 +124,10 @@ def valid_base64(prop: str, max_size: int = 5242880):
         if error is not None:
             raise serializers.ValidationError(error, code="invalid")
-    return validate
+def valid_base64(prop: str, max_size: int = 5242880):
+    """Factory function for base64 validator."""
+    return Base64Validator(prop, max_size)
 class OptionDefaultSerializer(serializers.Serializer):
@@ -158,32 +177,114 @@ class PresetSerializer(serializers.Serializer):
         dimensions_required_together(data)
         if data is not None and "package_preset" in data:
-            preset = next(
-                (
-                    presets[data["package_preset"]]
-                    for _, presets in dataunits.REFERENCE_MODELS[
-                        "package_presets"
-                    ].items()
-                    if data["package_preset"] in presets
-                ),
-                {},
+            package_presets = dataunits.REFERENCE_MODELS.get("package_presets", {})
+            preset_name = data["package_preset"]
+            # Find the preset across all carriers
+            preset = lib.identity(
+                next(
+                    (
+                        presets[preset_name]
+                        for carrier_id, presets in package_presets.items()
+                        if preset_name in presets
+                    ),
+                    None,
+                )
+                or {}
             )
             data.update(
                 {
                     **data,
-                    "width": data.get("width", preset.get("width")),
-                    "length": data.get("length", preset.get("length")),
-                    "height": data.get("height", preset.get("height")),
-                    "dimension_unit": data.get(
-                        "dimension_unit", preset.get("dimension_unit")
-                    ),
+                    "width": data.get("width") or preset.get("width"),
+                    "length": data.get("length") or preset.get("length"),
+                    "height": data.get("height") or preset.get("height"),
+                    "dimension_unit": data.get("dimension_unit")
+                    or preset.get("dimension_unit"),
                 }
             )
         return data
+def shipment_documents_accessor(cls=None, *, include_base64: bool = False):
+    """
+    Class decorator that computes shipping_documents for Shipment serializers.
+    When applied to a serializer class, this decorator overrides to_representation()
+    to dynamically build the shipping_documents list based on the shipment's
+    label and invoice fields.
+    Args:
+        include_base64: If True, includes base64 content in shipping_documents.
+                       If False (default), only includes URLs.
+    Usage:
+        @shipment_documents_accessor
+        class Shipment(Serializer):
+            ...  # shipping_documents will have URLs only
+        @shipment_documents_accessor(include_base64=True)
+        class PurchasedShipment(Shipment):
+            ...  # shipping_documents will include base64 content
+    """
+    def decorator(klass):
+        # Store the flag on the class for reference
+        klass._include_base64_documents = include_base64
+        # Store original to_representation
+        original_to_representation = klass.to_representation
+        def to_representation(self, instance):
+            # Get the original serialized data
+            data = original_to_representation(self, instance)
+            # Build shipping_documents dynamically
+            documents = []
+            # Add label document if exists
+            label = getattr(instance, "label", None)
+            if label:
+                label_format = getattr(instance, "label_type", None) or "PDF"
+                documents.append(
+                    {
+                        "category": "label",
+                        "format": label_format,
+                        "url": getattr(instance, "label_url", None),
+                        "base64": label if include_base64 else None,
+                    }
+                )
+            # Add invoice document if exists
+            invoice = getattr(instance, "invoice", None)
+            if invoice:
+                documents.append(
+                    {
+                        "category": "invoice",
+                        "format": "PDF",
+                        "url": getattr(instance, "invoice_url", None),
+                        "base64": invoice if include_base64 else None,
+                    }
+                )
+            # Update the data with computed shipping_documents
+            data["shipping_documents"] = documents
+            return data
+        klass.to_representation = to_representation
+        return klass
+    # Handle both @shipment_documents_accessor and @shipment_documents_accessor(...)
+    if cls is not None:
+        # Called as @shipment_documents_accessor without parentheses
+        return decorator(cls)
+    else:
+        # Called as @shipment_documents_accessor(...) with arguments
+        return decorator
 class AugmentedAddressSerializer(serializers.Serializer):
     def validate(self, data):
         # Format and validate Postal Code
@@ -233,188 +334,9 @@ class AugmentedAddressSerializer(serializers.Serializer):
                     }
                 )
             except Exception as e:
-                logger.warning(e)
+                logger.warning("Invalid phone number format", error=str(e))
                 raise serializers.ValidationError(
                     {"phone_number": "Invalid phone number format"}
                 )
         return data
-class AddressValidatorAbstract:
-    """
-    Abstract base class for address validators.
-    This class defines the interface that all address validators must implement.
-    Note: This class is kept here for backwards compatibility.
-    New validators should use the karrio.validators.abstract.AddressValidatorAbstract class.
-    """
-    @staticmethod
-    def get_info(is_authenticated: bool = None) -> dict:
-        """
-        Get information about the validator.
-        Args:
-            is_authenticated: Whether authenticated information should be returned
-        Returns:
-            Dictionary with information about the validator
-        Raises:
-            Exception: If the method is not implemented
-        """
-        raise Exception("get_info method is not implemented")
-    @staticmethod
-    def validate(address: datatypes.Address) -> datatypes.AddressValidation:
-        """
-        Validate an address using the service.
-        Args:
-            address: Address object to validate
-        Returns:
-            Address validation result
-        Raises:
-            Exception: If the method is not implemented
-        """
-        raise Exception("validate method is not implemented")
-class Address:
-    """
-    Address validation service provider.
-    This class provides methods to validate addresses using various service providers
-    which are loaded as plugins.
-    """
-    @staticmethod
-    def get_info(is_authenticated: bool = True) -> dict:
-        """
-        Get information about the available address validation services.
-        Args:
-            is_authenticated: Whether to include sensitive information like API keys
-        Returns:
-            Dictionary with information about the available validators
-        """
-        # If references module is available, get validator plugins info
-        refs = references.REFERENCES
-        if len(refs.get("address_validators", {})) > 0:
-            # Return information about the first available validator
-            validator_name = next(iter(refs["address_validators"].keys()))
-            validator_class = None
-            # Try to get the validator class from the references
-            try:
-                # Import the validator module dynamically
-                import importlib
-                module = importlib.import_module(f"karrio.validators.{validator_name}")
-                if hasattr(module, "METADATA"):
-                    validator_class = module.METADATA.Validator
-            except (ImportError, AttributeError) as e:
-                logger.warning(f"Could not import validator {validator_name}: {e}")
-            if validator_class is not None:
-                # Return validator info with is_enabled=True
-                validator_info = validator_class.get_info(is_authenticated)
-                return {"is_enabled": True, **validator_info}
-        # Check for legacy config-based validation
-        is_enabled = any(
-            [config.GOOGLE_CLOUD_API_KEY, config.CANADAPOST_ADDRESS_COMPLETE_API_KEY]
-        )
-        if is_enabled:
-            # Legacy validation is enabled, use the legacy validator
-            return {
-                "is_enabled": is_enabled,
-                **Address._get_legacy_validator().get_info(is_authenticated),
-            }
-        # No validation is available
-        return dict(is_enabled=False)
-    @staticmethod
-    def _get_legacy_validator() -> typing.Type[AddressValidatorAbstract]:
-        """
-        Get a legacy validator instance based on configuration.
-        This method is used for backwards compatibility with the old validation system.
-        Returns:
-            An instance of a validator class
-        Raises:
-            Exception: If no validator is configured
-        """
-        # For backwards compatibility, check if Google or Canada Post is configured
-        if any(config.GOOGLE_CLOUD_API_KEY or ""):
-            from karrio.validators.googlegeocoding import Validator as GoogleGeocode
-            return GoogleGeocode
-        elif any(config.CANADAPOST_ADDRESS_COMPLETE_API_KEY or ""):
-            from karrio.validators.addresscomplete import Validator as AddressComplete
-            return AddressComplete
-        raise Exception("No address validation service provider configured")
-    @staticmethod
-    def get_validator() -> typing.Type:
-        """
-        Get a validator instance based on configuration or plugins.
-        This method first checks for validator plugins, then falls back to
-        legacy validators if no plugins are available.
-        Returns:
-            An instance of a validator class
-        Raises:
-            Exception: If no validator is configured
-        """
-        # If references module is available, check for validator plugins
-        refs = references.REFERENCES
-        if len(refs.get("address_validators", {})) > 0:
-            # Get the first available validator
-            validator_name = next(iter(refs["address_validators"].keys()))
-            # Try to get the validator class from the references
-            try:
-                # Import the validator module dynamically
-                import importlib
-                module = importlib.import_module(f"karrio.validators.{validator_name}")
-                if hasattr(module, "METADATA"):
-                    return module.METADATA.Validator
-            except (ImportError, AttributeError) as e:
-                logger.warning(f"Could not import validator {validator_name}: {e}")
-        # Fall back to legacy validator
-        return Address._get_legacy_validator()
-    @staticmethod
-    def validate(address: datatypes.Address) -> datatypes.AddressValidation:
-        """
-        Validate an address using the configured validator.
-        Args:
-            address: The address to validate
-        Returns:
-            AddressValidation object with validation results
-        """
-        validator = Address.get_validator()
-        result = validator.validate(address)
-        # Handle the case where the validator returns a dict instead of AddressValidation
-        if isinstance(result, dict):
-            return datatypes.AddressValidation(**result)
-        return result

karrio/server/core/views/oauth.py CHANGED Viewed

@@ -1,9 +1,7 @@
-import logging
 from django.views.decorators.csrf import csrf_exempt
 from django.utils.decorators import method_decorator
 from oauth2_provider.views import TokenView as BaseTokenView
-logger = logging.getLogger(__name__)
+from karrio.server.core.logging import logger
 @method_decorator(csrf_exempt, name='dispatch')
@@ -20,11 +18,12 @@ class CustomTokenView(BaseTokenView):
         """
         Handle token requests with grant type conversion.
         """
-        print(f"CustomTokenView called")
-        print(f"Request method: {request.method}")
-        print(f"Request content type: {request.content_type}")
-        print(f"Request POST: {dict(request.POST)}")
-        print(f"Request body: {request.body.decode('utf-8') if request.body else 'Empty'}")
+        logger.debug("CustomTokenView called")
+        logger.debug("Processing token request",
+                    method=request.method,
+                    content_type=request.content_type,
+                    post_data=dict(request.POST),
+                    body=request.body.decode('utf-8') if request.body else 'Empty')
         # Parse the request body if POST data is empty
         if not request.POST and request.body:
@@ -54,21 +53,23 @@ class CustomTokenView(BaseTokenView):
         }
         original_grant_type = request.POST.get('grant_type')
-        print(f"Original grant type after parsing: {original_grant_type}")
+        logger.debug("Grant type parsed", grant_type=original_grant_type)
         if original_grant_type in grant_type_mapping:
             # Create a mutable copy of the POST data
             post_data = request.POST.copy()
             converted_grant_type = grant_type_mapping[original_grant_type]
-            print(f"Converting grant type from '{original_grant_type}' to '{converted_grant_type}'")
+            logger.debug("Converting grant type",
+                        original=original_grant_type,
+                        converted=converted_grant_type)
             post_data['grant_type'] = converted_grant_type
             # Replace the request POST data
             request.POST = post_data
             request._post = post_data
-            print(f"Updated grant type: {request.POST.get('grant_type')}")
+            logger.debug("Grant type updated", grant_type=request.POST.get('grant_type'))
         else:
-            print(f"No conversion needed for grant type: {original_grant_type}")
+            logger.debug("No grant type conversion needed", grant_type=original_grant_type)
         # Call the parent token view with converted grant type
         return super().post(request, *args, **kwargs)

karrio/server/core/views/references.py CHANGED Viewed

@@ -73,9 +73,9 @@ def references(request: Request):
             status=status.HTTP_200_OK,
         )
     except Exception as e:
-        import logging
+        from karrio.server.core.logging import logger
-        logging.exception(e)
+        logger.exception("Failed to retrieve references", error=str(e))
         raise e

karrio/server/iam/apps.py CHANGED Viewed

@@ -9,13 +9,10 @@ class IamConfig(AppConfig):
     def ready(self):
         from karrio.server.core import utils
-        from karrio.server.iam import signals, permissions
+        from karrio.server.iam import signals
         @utils.skip_on_commands()
         def _init():
             signals.register_all()
-            # Setup default permission groups and apply to existing orgs on start up
-            utils.run_on_all_tenants(permissions.setup_groups)()
         _init()

karrio/server/iam/migrations/0002_setup_carrier_permission_groups.py ADDED Viewed

@@ -0,0 +1,103 @@
+# Generated by Django migration for carrier permission groups
+from django.db import migrations
+def setup_carrier_groups(apps, schema_editor):
+    """
+    Create read_carriers and write_carriers permission groups and update
+    existing organization user permissions to include read_carriers.
+    This migration addresses the permission regression where:
+    1. read_carriers and write_carriers groups were added to ROLES_GROUPS
+    2. But existing user ContextPermissions weren't updated with these groups
+    """
+    Group = apps.get_model('user', 'Group')
+    Permission = apps.get_model('auth', 'Permission')
+    ContentType = apps.get_model('contenttypes', 'ContentType')
+    ContextPermission = apps.get_model('iam', 'ContextPermission')
+    # Create the new permission groups if they don't exist
+    read_carriers_group, _ = Group.objects.get_or_create(name='read_carriers')
+    write_carriers_group, _ = Group.objects.get_or_create(name='write_carriers')
+    # Get providers content types for permissions
+    try:
+        providers_ct = ContentType.objects.filter(app_label='providers')
+        # Set up read_carriers with view permissions
+        view_perms = Permission.objects.filter(
+            content_type__in=providers_ct,
+            codename__icontains='view'
+        )
+        if view_perms.exists():
+            read_carriers_group.permissions.set(view_perms)
+        # Set up write_carriers with all providers permissions
+        all_provider_perms = Permission.objects.filter(content_type__in=providers_ct)
+        if all_provider_perms.exists():
+            write_carriers_group.permissions.set(all_provider_perms)
+    except Exception:
+        # Providers app may not be installed yet
+        pass
+    # Update all existing ContextPermissions that have manage_carriers to also include read_carriers
+    manage_carriers_group = Group.objects.filter(name='manage_carriers').first()
+    if manage_carriers_group:
+        # Find all context permissions that have manage_carriers
+        context_perms_with_manage = ContextPermission.objects.filter(
+            groups=manage_carriers_group
+        )
+        # Add read_carriers and write_carriers to these context permissions
+        for ctx_perm in context_perms_with_manage:
+            ctx_perm.groups.add(read_carriers_group)
+            ctx_perm.groups.add(write_carriers_group)
+    # Also update any OrganizationUser context permissions based on their roles
+    # This ensures all users who should have read_carriers get it
+    try:
+        OrganizationUser = apps.get_model('orgs', 'OrganizationUser')
+        org_user_ct = ContentType.objects.get_for_model(OrganizationUser)
+        # Roles that should have read_carriers (all roles)
+        org_user_context_perms = ContextPermission.objects.filter(
+            content_type=org_user_ct
+        )
+        for ctx_perm in org_user_context_perms:
+            # All organization users should have read_carriers by default
+            ctx_perm.groups.add(read_carriers_group)
+    except Exception:
+        # Orgs app may not be installed
+        pass
+def reverse_migration(apps, schema_editor):
+    """Reverse migration - remove the new groups from context permissions."""
+    Group = apps.get_model('user', 'Group')
+    ContextPermission = apps.get_model('iam', 'ContextPermission')
+    read_carriers_group = Group.objects.filter(name='read_carriers').first()
+    write_carriers_group = Group.objects.filter(name='write_carriers').first()
+    if read_carriers_group:
+        for ctx_perm in ContextPermission.objects.filter(groups=read_carriers_group):
+            ctx_perm.groups.remove(read_carriers_group)
+    if write_carriers_group:
+        for ctx_perm in ContextPermission.objects.filter(groups=write_carriers_group):
+            ctx_perm.groups.remove(write_carriers_group)
+class Migration(migrations.Migration):
+    dependencies = [
+        ('iam', '0001_initial'),
+        ('user', '0004_group'),
+    ]
+    operations = [
+        migrations.RunPython(setup_carrier_groups, reverse_migration),
+    ]

karrio-server-core 2025.5rc12__py3-none-any.whl → 2026.1.1__py3-none-any.whl

karrio-server-core 2025.5rc12py3-none-any.whl → 2026.1.1py3-none-any.whl