oxutils 0.1.5__py3-none-any.whl → 0.1.12__py3-none-any.whl

oxutils/oxiliere/authorization.py

@@ -0,0 +1,45 @@
+from django.conf import settings
+from django.db import transaction
+from oxutils.permissions.actions import ACTIONS
+from oxutils.permissions.models import Grant, Group, UserGroup
+from oxutils.oxiliere.utils import get_tenant_user_model
+from oxutils.oxiliere.models import BaseTenant
+
+
+@transaction.atomic
+def grant_manager_access_to_owners(tenant: BaseTenant):
+    tenant_user_model = get_tenant_user_model()
+    tenant_users = tenant_user_model.objects.select_related("user").filter(tenant=tenant, is_owner=True)
+
+    access_scope = getattr(settings, 'ACCESS_MANAGER_SCOPE')
+    access_group = getattr(settings, 'ACCESS_MANAGER_GROUP')
+
+    if access_group:
+        try:
+            group = Group.objects.get(slug=access_group)
+        except Group.DoesNotExist:
+            group = None
+
+    bulk_grant = []
+    for tenant_user in tenant_users:
+        if group:
+            user_group, _ = UserGroup.objects.get_or_create(
+                user=tenant_user.user,
+                group=group,
+            )
+        else:
+            user_group = None
+        
+        bulk_grant.append(
+            Grant(
+                user=tenant_user.user,
+                scope=access_scope,
+                role=None,
+                actions=ACTIONS,
+                context={},
+                user_group=user_group,
+                created_by=None,
+            )
+        )
+
+    Grant.objects.bulk_create(bulk_grant)

oxutils/oxiliere/caches.py

@@ -1,9 +1,16 @@
 from cacheops import cached_as, cached
-from oxutils.oxiliere.models import Tenant, TenantUser
-from django_tenants.utils import get_tenant_model
+from oxutils.oxiliere.utils import (
+    get_tenant_model,
+    get_tenant_user_model,
+    get_system_tenant_oxi_id
+)
+
+
+
 
 
 TenantModel = get_tenant_model()
+TenantUserModel = get_tenant_user_model()
 
 
 @cached_as(TenantModel, timeout=60*15)
@@ -12,22 +19,17 @@ def get_tenant_by_oxi_id(oxi_id: str):
 
 
 @cached_as(TenantModel, timeout=60*15)
-def get_tenant_by_schema_name(schema_name: str) -> Tenant:
+def get_tenant_by_schema_name(schema_name: str):
     return TenantModel.objects.get(schema_name=schema_name)
 
 
-@cached_as(TenantUser, timeout=60*15)
+@cached_as(TenantUserModel, timeout=60*15)
 def get_tenant_user(oxi_org_id: str, oxi_user_id: str):
-    return TenantUser.objects.get(
+    return TenantUserModel.objects.get(
         tenant__oxi_id=oxi_org_id,
         user__oxi_id=oxi_user_id
     )
 
 @cached(timeout=60*15)
 def get_system_tenant():
-    from oxutils.oxiliere.utils import oxid_to_schema_name
-
-    system_schema_name = oxid_to_schema_name(
-        getattr(settings, 'OXI_SYSTEM_TENANT', 'tenant_oxisystem')
-    )
-    return get_tenant_model().objects.get(schema_name=system_schema_name)
+    return get_tenant_model().objects.get(oxi_id=get_system_tenant_oxi_id())

oxutils/oxiliere/checks.py

@@ -0,0 +1,31 @@
+"""
+Check TENANT_MODEL & TENANT_USER_MODEL
+"""
+from django.conf import settings
+from django.core.checks import Error, register, Tags
+
+
+@register(Tags.models)
+def check_tenant_settings(app_configs, **kwargs):
+    """Check that TENANT_MODEL and TENANT_USER_MODEL are defined in settings."""
+    errors = []
+    
+    if not hasattr(settings, 'TENANT_MODEL'):
+        errors.append(
+            Error(
+                'TENANT_MODEL is not defined in settings',
+                hint='Add TENANT_MODEL = "app_label.ModelName" to your settings',
+                id='oxiliere.E001',
+            )
+        )
+    
+    if not hasattr(settings, 'TENANT_USER_MODEL'):
+        errors.append(
+            Error(
+                'TENANT_USER_MODEL is not defined in settings',
+                hint='Add TENANT_USER_MODEL = "app_label.ModelName" to your settings',
+                id='oxiliere.E002',
+            )
+        )
+    
+    return errors

oxutils/oxiliere/constants.py

@@ -0,0 +1,3 @@
+OXI_SYSTEM_TENANT = 'tenant_oxisystem'
+OXI_SYSTEM_DOMAIN = 'system.oxiliere.com'
+OXI_SYSTEM_OWNER_EMAIL = 'dev@oxiliere.com'

oxutils/oxiliere/context.py

@@ -0,0 +1,16 @@
+import contextvars
+from oxutils.oxiliere.utils import get_system_tenant_oxi_id
+
+
+current_tenant_schema_name: contextvars.ContextVar[str] = contextvars.ContextVar(
+    "current_tenant_schema_name",
+    default=f"[oxi_id] {get_system_tenant_oxi_id()}"
+)
+
+
+def get_current_tenant_schema_name() -> str:
+    return current_tenant_schema_name.get()
+
+
+def set_current_tenant_schema_name(schema_name: str):
+    current_tenant_schema_name.set(schema_name)

oxutils/oxiliere/exceptions.py

@@ -0,0 +1,16 @@
+# exceptions
+
+class InactiveError(Exception):
+    pass
+
+
+class ExistsError(Exception):
+    pass
+
+
+class DeleteError(Exception):
+    pass
+
+
+class SchemaError(Exception):
+    pass

oxutils/oxiliere/management/commands/grant_tenant_owners.py

@@ -0,0 +1,19 @@
+from django.core.management.base import BaseCommand
+from django.db import connection
+from django_tenants.management.commands import InteractiveTenantOption
+from oxutils.oxiliere.authorization import grant_manager_access_to_owners
+
+
+class Command(InteractiveTenantOption, BaseCommand):
+    help = "Wrapper around django commands for use with an individual tenant"
+
+    def add_arguments(self, parser):
+        super().add_arguments(parser)
+
+    def handle(self, *args, **options):
+        tenant = self.get_tenant_from_options_or_interactive(**options)
+        connection.set_tenant(tenant)
+        options.pop('schema_name', None)
+
+        grant_manager_access_to_owners(tenant)
+        self.stdout.write(self.style.SUCCESS('Successfully granted manager access to owners'))

oxutils/oxiliere/management/commands/init_oxiliere_system.py

@@ -1,11 +1,22 @@
 import uuid
 from django.core.management.base import BaseCommand
 from django.conf import settings
-from django.db import transaction
+from django.db import transaction, connection
 from django.contrib.auth import get_user_model
-from django_tenants.utils import get_tenant_model
-from oxutils.oxiliere.models import Domain, TenantUser
-from oxutils.oxiliere.utils import oxid_to_schema_name
+from django_tenants.utils import (
+    get_tenant_model,
+    get_tenant_domain_model,
+)
+from oxutils.oxiliere.utils import (
+    oxid_to_schema_name,
+    get_tenant_user_model
+)
+from oxutils.oxiliere.constants import (
+    OXI_SYSTEM_TENANT,
+    OXI_SYSTEM_DOMAIN,
+    OXI_SYSTEM_OWNER_EMAIL
+)
+from oxutils.oxiliere.authorization import grant_manager_access_to_owners
 
 
 
@@ -18,17 +29,17 @@ class Command(BaseCommand):
         UserModel = get_user_model()
         
         # Configuration du tenant système depuis settings
-        system_slug = getattr(settings, 'OXI_SYSTEM_TENANT', 'tenant_oxisystem')
+        system_slug = getattr(settings, 'OXI_SYSTEM_TENANT', OXI_SYSTEM_TENANT)
         schema_name = oxid_to_schema_name(system_slug)
-        system_domain = getattr(settings, 'OXI_SYSTEM_DOMAIN', 'system.oxiliere.com')
-        owner_email = getattr(settings, 'OXI_SYSTEM_OWNER_EMAIL', 'dev@oxiliere.com')
+        system_domain = getattr(settings, 'OXI_SYSTEM_DOMAIN', OXI_SYSTEM_DOMAIN)
+        owner_email = getattr(settings, 'OXI_SYSTEM_OWNER_EMAIL', OXI_SYSTEM_OWNER_EMAIL)
         owner_oxi_id = uuid.uuid4()
         
         self.stdout.write(self.style.WARNING(f'Initialisation du tenant système...'))
         
         # Vérifier si le tenant système existe déjà
-        if TenantModel.objects.filter(schema_name=schema_name).exists():
-            self.stdout.write(self.style.ERROR(f'Le tenant système "{schema_name}" existe déjà!'))
+        if TenantModel.objects.filter(oxi_id=system_slug).exists():
+            self.stdout.write(self.style.ERROR(f'Le tenant système "{system_slug}" existe déjà!'))
             return
         
         # Créer le tenant système
@@ -44,12 +55,15 @@ class Command(BaseCommand):
         
         # Créer le domaine pour le tenant système
         self.stdout.write(f'Création du domaine: {system_domain}')
-        domain = Domain.objects.create(
+    
+        domain = get_tenant_domain_model().objects.create(
             domain=system_domain,
             tenant=tenant,
             is_primary=True
         )
         self.stdout.write(self.style.SUCCESS(f'✓ Domaine créé: {domain.domain}'))
+
+        connection.set_tenant(tenant)
         
         self.stdout.write(f'Création du superuser: {owner_email}')
         try:
@@ -66,7 +80,7 @@ class Command(BaseCommand):
         
         # Lier le superuser au tenant système
         self.stdout.write('Liaison du superuser au tenant système')
-        tenant_user, created = TenantUser.objects.get_or_create(
+        tenant_user, created = get_tenant_user_model().objects.get_or_create(
             tenant=tenant,
             user=superuser,
             defaults={
@@ -76,6 +90,11 @@ class Command(BaseCommand):
         )
         if created:
             self.stdout.write(self.style.SUCCESS(f'✓ Superuser lié au tenant système'))
+            try:
+                grant_manager_access_to_owners(tenant)
+                self.stdout.write(self.style.SUCCESS(f'✓ Droits mis en place'))
+            except Exception as e:
+                self.stdout.write(self.style.ERROR(f'Erreur lors de la mise en place des droits: {str(e)}'))
         else:
             self.stdout.write(self.style.WARNING(f'⚠ Liaison existe déjà'))
         

oxutils/oxiliere/middleware.py

@@ -7,9 +7,22 @@ from django.utils.deprecation import MiddlewareMixin
 
 from django_tenants.utils import (
     get_public_schema_name,
-    get_public_schema_urlconf
+    get_public_schema_urlconf,
+    get_tenant_types,
+    has_multi_type_tenants,
 )
-from oxutils.constants import ORGANIZATION_HEADER_KEY
+from oxutils.settings import oxi_settings
+from oxutils.constants import (
+    ORGANIZATION_HEADER_KEY,
+    ORGANIZATION_TOKEN_COOKIE_KEY
+)
+from oxutils.oxiliere.utils import is_system_tenant
+from oxutils.jwt.models import TokenTenant
+from oxutils.jwt.tokens import OrganizationAccessToken
+from oxutils.oxiliere.context import set_current_tenant_schema_name
+
+
+
 
 class TenantMainMiddleware(MiddlewareMixin):
     TENANT_NOT_FOUND_EXCEPTION = Http404
@@ -38,21 +51,62 @@ class TenantMainMiddleware(MiddlewareMixin):
         connection.set_schema_to_public()
         
         oxi_id = self.get_org_id_from_request(request)
-        if not oxi_id:
-            from django.http import HttpResponseBadRequest
-            return HttpResponseBadRequest('Missing X-Organization-ID header')
 
-        tenant_model = connection.tenant_model
-        try:
-            tenant = self.get_tenant(tenant_model, oxi_id)
-        except tenant_model.DoesNotExist:
-            default_tenant = self.no_tenant_found(request, oxi_id)
-            return default_tenant
+        # Try to get tenant from cookie token first
+        tenant_token = request.COOKIES.get(ORGANIZATION_TOKEN_COOKIE_KEY)
+        tenant = None
+        request._should_set_tenant_cookie = False
+        
+        if tenant_token:
+            tenant = TokenTenant.for_token(tenant_token)
+            # Verify the token's oxi_id matches the request
+            if not is_system_tenant(tenant) and tenant.oxi_id != oxi_id:
+                tenant = None
+        
+        # If no valid token, fetch from database
+        if not tenant:
+            if oxi_id: # fetch with oxi_id on tenant
+                tenant_model = connection.tenant_model
+                try:
+                    tenant = self.get_tenant(tenant_model, oxi_id)
+                    # Mark that we need to set the cookie in the response
+                    request._should_set_tenant_cookie = True
+                except tenant_model.DoesNotExist:
+                    default_tenant = self.no_tenant_found(request, oxi_id)
+                    return default_tenant
+            else: # try to return the system tenant
+                try:
+                    from oxutils.oxiliere.caches import get_system_tenant
+                    tenant = get_system_tenant()
+                    request._should_set_tenant_cookie = True
+                except Exception as e:
+                    from django.http import HttpResponseBadRequest
+                    return HttpResponseBadRequest('Missing X-Organization-ID header')
+
+        if tenant.is_deleted or not tenant.is_active:
+            return self.no_tenant_found(request, oxi_id)
 
         request.tenant = tenant
+        set_current_tenant_schema_name(tenant.schema_name)
         connection.set_tenant(request.tenant)
         self.setup_url_routing(request)
 
+    def process_response(self, request, response):
+        """Set the tenant token cookie if needed."""
+        if hasattr(request, '_should_set_tenant_cookie') and request._should_set_tenant_cookie:
+            if hasattr(request, 'tenant') and not isinstance(request.tenant, TokenTenant):
+                # Generate token from DB tenant
+                token = OrganizationAccessToken.for_tenant(request.tenant)
+                response.set_cookie(
+                    key=ORGANIZATION_TOKEN_COOKIE_KEY,
+                    value=str(token),
+                    max_age=60 * oxi_settings.jwt_org_access_token_lifetime,
+                    httponly=True,
+                    secure=getattr(settings, 'SESSION_COOKIE_SECURE', False),
+                    samesite='Lax',
+                )
+        return response
+
     def no_tenant_found(self, request, oxi_id):
         """ What should happen if no tenant is found.
         This makes it easier if you want to override the default behavior """

oxutils/oxiliere/models.py

@@ -1,18 +1,44 @@
+import time
+import uuid
+import structlog
 from django.db import models
+from django.utils import timezone
+from django.contrib.auth.models import AbstractBaseUser
 from django.conf import settings
-from django_tenants.models import TenantMixin, DomainMixin
+from django.utils.translation import gettext_lazy as _
+from django_tenants.models import TenantMixin
 from oxutils.models import (
-    TimestampMixin,
     BaseModelMixin,
 )
 from oxutils.oxiliere.enums import TenantStatus
+from oxutils.oxiliere.exceptions import DeleteError
+from oxutils.oxiliere.signals import (
+    tenant_user_removed,
+    tenant_user_added,
+)
+from oxutils.oxiliere.utils import (
+    is_system_tenant,
+    generate_schema_name,
+)
+
+logger = structlog.get_logger(__name__)
+
 
+class TenantQuerySet(models.QuerySet):
+    def active(self):
+        return self.filter(is_deleted=False)
 
+    def deleted(self):
+        return self.filter(is_deleted=True)
 
+class TenantManager(models.Manager):
+    def get_queryset(self):
+        return TenantQuerySet(self.model, using=self._db).active()
 
-class Tenant(TenantMixin, TimestampMixin):
+
+class BaseTenant(TenantMixin, BaseModelMixin):
     name = models.CharField(max_length=100)
-    oxi_id = models.UUIDField(unique=True)
+    oxi_id = models.CharField(unique=True, max_length=25)
     subscription_plan = models.CharField(max_length=255, null=True, blank=True)
     subscription_status = models.CharField(max_length=255, null=True, blank=True)
     subscription_end_date = models.DateTimeField(null=True, blank=True)
@@ -22,21 +48,126 @@ class Tenant(TenantMixin, TimestampMixin):
         default=TenantStatus.ACTIVE
     )
 
+    # soft delete
+    is_deleted = models.BooleanField(default=False)
+    deleted_at = models.DateTimeField(null=True, blank=True)
+
+    suffix = models.CharField(max_length=8, editable=False)
+
     # default true, schema will be automatically created and synced when it is saved
     auto_create_schema = True
+    # Schema will be automatically deleted when related tenant is deleted
+    auto_drop_schema = True
+
+    objects = models.Manager()
+    active = TenantManager()
+
+
+    def __str__(self):
+        return self.name
+
+    def save(self, *args, **kwargs):
+        if self._state.adding:
+            self.suffix = uuid.uuid4().hex[:8]
+            self.schema_name = generate_schema_name(self.oxi_id, self.suffix)
+        super().save(*args, **kwargs)
+
+    def delete(self, *args, force_drop: bool = False, **kwargs) -> None:
+        """Override deleting of Tenant object.
+
+        Args:
+            force_drop (bool): If True, forces the deletion of the object. Defaults to False.
+            *args: Variable length argument list.
+            **kwargs: Arbitrary keyword arguments.
+        """
+        if force_drop:
+            super().delete(force_drop, *args, **kwargs)
+        else:
+            logger.warning("Tenant deletion is not allowed. Use delete_tenant to delete the tenant.")
+            raise DeleteError(_("Tenant deletion is not allowed. Use delete_tenant to delete the tenant."))
+
+    def delete_tenant(self) -> None:
+        """Mark tenant for deletion."""
 
+        if self.is_deleted:
+            return
 
-class Domain(DomainMixin):
-    pass
+        # Prevent public tenant schema from being deleted
+        if is_system_tenant(self):
+            logger.warning("Cannot delete public tenant schema.")
+            raise ValueError(_("Cannot delete public tenant schema"))
 
+        time_string = str(int(time.time()))
+        new_id = f"{time_string}-deleted-{self.oxi_id}"
 
+        self.oxi_id = new_id
+        self.deleted_at = timezone.now()
+        self.is_deleted = True
+        self.is_active = False
+        self.status = TenantStatus.DELETED
 
-class TenantUser(BaseModelMixin):
+        self.save(update_fields=[
+            'oxi_id', 'deleted_at', 'is_deleted', 'is_active', 'status'
+        ])
+
+    def restore(self):
+        if not self.is_deleted:
+            return
+
+        oxi_id = self.oxi_id.split("-deleted-")[1]
+        self.oxi_id = oxi_id
+        self.is_deleted = False
+        self.deleted_at = None
+        self.is_active = True
+        self.status = TenantStatus.ACTIVE
+        self.save(update_fields=["oxi_id", "is_deleted", "deleted_at", "is_active", "status"])
+
+    
+    def add_user(self, user: AbstractBaseUser, is_owner: bool = False, is_admin: bool = False):
+        """Add user to tenant."""
+
+        if self.users.filter(user=user).exists():
+            logger.warning("User is already a member of this tenant.")
+            raise ValueError(_("User is already a member of this tenant."))
+
+        self.users.create(user=user, is_owner=is_owner, is_admin=is_admin)
+        tenant_user_added.send(sender=self.__class__, tenant=self, user=user)
+        
+
+    def remove_user(self, user: AbstractBaseUser):
+        """Remove user from tenant."""
+
+        if not self.users.filter(user=user).exists():
+            logger.warning("User is not a member of this tenant.")
+            raise ValueError("User is not a member of this tenant.")
+
+        self.users.filter(user=user).delete()
+        logger.info("User removed from tenant.")
+        tenant_user_removed.send(sender=self.__class__, tenant=self, user=user)
+        
+
+    class Meta:
+        abstract = True
+        verbose_name = _('Tenant')
+        verbose_name_plural = _('Tenants')
+        indexes = [
+            models.Index(fields=['schema_name']),
+            models.Index(fields=['oxi_id']),
+            models.Index(fields=['is_deleted']),
+            models.Index(fields=['oxi_id', 'is_deleted'])
+        ]
+
+
+class BaseTenantUser(BaseModelMixin):
     tenant = models.ForeignKey(
-        settings.TENANT_MODEL, on_delete=models.CASCADE
+        settings.TENANT_MODEL, 
+        on_delete=models.CASCADE,
+        related_name='users'
     )
     user = models.ForeignKey(
-        settings.AUTH_USER_MODEL, on_delete=models.CASCADE
+        settings.AUTH_USER_MODEL, 
+        on_delete=models.CASCADE,
+        related_name='tenants'
     )
     is_owner = models.BooleanField(default=False)
     is_admin = models.BooleanField(default=False)
@@ -47,9 +178,15 @@ class TenantUser(BaseModelMixin):
     )
 
     class Meta:
+        abstract = True
+        verbose_name = 'Tenant User'
+        verbose_name_plural = 'Tenant Users'
         constraints = [
             models.UniqueConstraint(
                 fields=['tenant', 'user'],
                 name='unique_tenant_user'
             )
         ]
+        indexes = [
+            models.Index(fields=['tenant', 'user'])
+        ]