perfact-api-app 0.6__tar.gz

perfact_api_app-0.6/PKG-INFO

@@ -0,0 +1,45 @@
+Metadata-Version: 2.4
+Name: perfact-api-app
+Version: 0.6
+Summary: PerFact API - SQLAlchemy models for the app namespace
+Author-email: Viktor Dick <viktor.dick@perfact.de>
+License: GPL-2.0-or-later
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: SQL
+Classifier: Operating System :: POSIX :: Linux
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: sqlalchemy
+Requires-Dist: perfact-api-base-model
+
+# perfact-api-app
+
+SQLAlchemy models for the `app` namespace of the PerFact API.
+
+## Models
+
+Provides ORM models under `perfact.api.app.model`:
+
+- `AppUser` / `AppUserKey` / `AppUserLogin` — user accounts, API keys, login sessions
+- `AppStc` — org areas (Strukturknoten), hierarchical
+- `AppPerm` / `AppPermXGroup` / `AppPermXStc` — permissions and their assignments
+- `AppGroup` / `AppUserXPerm` / `AppUserXStc` — group and user-permission mappings
+- `AppTblCleanup` — table cleanup job model
+
+## Installation
+
+```sh
+pip install perfact-api-app
+```
+
+## Development
+
+```sh
+pip install -e ../perfact-api-base-model/
+pip install -e .
+tox
+```
+
+## Maintainers
+
+- Viktor Dick <viktor.dick@perfact.de>

perfact_api_app-0.6/README.md

@@ -0,0 +1,31 @@
+# perfact-api-app
+
+SQLAlchemy models for the `app` namespace of the PerFact API.
+
+## Models
+
+Provides ORM models under `perfact.api.app.model`:
+
+- `AppUser` / `AppUserKey` / `AppUserLogin` — user accounts, API keys, login sessions
+- `AppStc` — org areas (Strukturknoten), hierarchical
+- `AppPerm` / `AppPermXGroup` / `AppPermXStc` — permissions and their assignments
+- `AppGroup` / `AppUserXPerm` / `AppUserXStc` — group and user-permission mappings
+- `AppTblCleanup` — table cleanup job model
+
+## Installation
+
+```sh
+pip install perfact-api-app
+```
+
+## Development
+
+```sh
+pip install -e ../perfact-api-base-model/
+pip install -e .
+tox
+```
+
+## Maintainers
+
+- Viktor Dick <viktor.dick@perfact.de>

perfact_api_app-0.6/pyproject.toml

@@ -0,0 +1,40 @@
+[build-system]
+requires = ["setuptools>=61.2", "setuptools-scm>=8.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "perfact-api-app"
+authors = [
+    {name="Viktor Dick", email="viktor.dick@perfact.de"},
+]
+description = "PerFact API - SQLAlchemy models for the app namespace"
+readme = "README.md"
+license = {text = "GPL-2.0-or-later"}
+classifiers = [
+    "Programming Language :: Python :: 3",
+    "Programming Language :: SQL",
+    "Operating System :: POSIX :: Linux",
+]
+dependencies = [
+    "sqlalchemy",
+    "perfact-api-base-model",
+]
+dynamic = ["version"]
+requires-python = ">=3.10"
+
+[tool.distutils.bdist_wheel]
+universal = 1
+
+[tool.setuptools]
+include-package-data = true
+
+[tool.setuptools.packages.find]
+where = ["src"]
+
+[tool.setuptools_scm]
+root = ".."
+fallback_version = "0.0.0"
+
+[tool.ruff]
+[tool.ruff.lint]
+select = ["E", "F", "W", "I"]

perfact_api_app-0.6/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

perfact_api_app-0.6/src/perfact/api/app/model/__init__.py

@@ -0,0 +1,28 @@
+from .appgroup import AppGroup
+from .appperm import AppPerm
+from .apppermxgroup import AppPermXGroup
+from .apppermxstc import AppPermXStc
+from .appstc import AppStc, AppStc_Paths
+from .appuser import AppUser
+from .appuserkey import AppUserKey
+from .appuserlogin import AppUserLogin
+from .appuserxperm import AppUserXPerm
+from .appuserxstc import AppUserXStc
+from .authinfo import AuthInfo
+from .selfilterable import Selfilterable
+
+__all__ = [
+    "AppGroup",
+    "AppPerm",
+    "AppPermXGroup",
+    "AppPermXStc",
+    "AppStc",
+    "AppStc_Paths",
+    "AppUser",
+    "AppUserKey",
+    "AppUserLogin",
+    "AppUserXPerm",
+    "AppUserXStc",
+    "Selfilterable",
+    "AuthInfo",
+]

perfact_api_app-0.6/src/perfact/api/app/model/appgroup.py

@@ -0,0 +1,5 @@
+from perfact.api.base.model import Base, Mapped
+
+
+class AppGroup(Base):
+    zoperole: Mapped[str]

perfact_api_app-0.6/src/perfact/api/app/model/appperm.py

@@ -0,0 +1,5 @@
+from perfact.api.base.model import Base, Mapped
+
+
+class AppPerm(Base):
+    name: Mapped[str]

perfact_api_app-0.6/src/perfact/api/app/model/apppermxgroup.py

@@ -0,0 +1,11 @@
+from perfact.api.base.model import Base, ForeignKey, Mapped, mapped_column, relationship
+
+from .appgroup import AppGroup
+from .appperm import AppPerm
+
+
+class AppPermXGroup(Base):
+    appgroup_id: Mapped[int] = mapped_column(ForeignKey(AppGroup.id))
+    appperm_id: Mapped[int] = mapped_column(ForeignKey(AppPerm.id))
+    perm: Mapped[AppPerm] = relationship()
+    group: Mapped[AppGroup] = relationship()

perfact_api_app-0.6/src/perfact/api/app/model/apppermxstc.py

@@ -0,0 +1,12 @@
+from perfact.api.base.model import Base, ForeignKey, Mapped, mapped_column, relationship
+
+from .appperm import AppPerm
+from .appstc import AppStc
+
+
+class AppPermXStc(Base):
+    appperm_id: Mapped[int] = mapped_column(ForeignKey(AppPerm.id))
+    appstc_id: Mapped[int] = mapped_column(ForeignKey(AppStc.id))
+
+    perm: Mapped[AppPerm] = relationship()
+    stc: Mapped[AppStc] = relationship()

perfact_api_app-0.6/src/perfact/api/app/model/appstc.py

@@ -0,0 +1,16 @@
+from perfact.api.base.model import Base, ForeignKey, Mapped, View, mapped_column
+from sqlalchemy.types import ARRAY, Integer
+
+
+class AppStc(Base):
+    name: Mapped[str]
+    parent_appstc_id: Mapped[int | None] = mapped_column(ForeignKey("appstc.id"))
+
+
+class AppStc_Paths(View):
+    __tablename__ = "appstc_paths"
+    id: Mapped[int] = mapped_column("id", primary_key=True)
+    id_path: Mapped[list[int]] = mapped_column(
+        "id_path", ARRAY(Integer, as_tuple=True, zero_indexes=True)
+    )
+    depth: Mapped[int] = mapped_column("depth")

perfact_api_app-0.6/src/perfact/api/app/model/apptblcleanup.py

@@ -0,0 +1,99 @@
+import time
+from dataclasses import dataclass
+from typing import Optional
+
+from perfact.api.base.model import Base
+from sqlalchemy import (
+    Column,
+    DateTime,
+    Integer,
+    MetaData,
+    Table,
+    delete,
+    select,
+    text,
+)
+from sqlalchemy.orm import Mapped, Session
+
+metadata_obj = MetaData()
+
+
+class AppTblCleanup(Base):
+    tablename: Mapped[str]
+    range: Mapped[Optional[str]]
+    filter: Mapped[Optional[str]]
+
+    @dataclass
+    class RunResult:
+        count: int  # number of deleted records
+        elapsed: float  # time in seconds it took
+        limit_reached: bool  # if the limit was reached
+
+    def run(self, session: Session) -> RunResult:
+        """
+        Execute cleanup for the selected table.
+        """
+        start = time.monotonic()
+        LIMIT = 100_000
+        table = Table(
+            self.tablename,
+            metadata_obj,
+            Column(f"{self.tablename}_id", Integer, primary_key=True, key="id"),
+            Column(f"{self.tablename}_modtime", DateTime(timezone=True), key="modtime"),
+            extend_existing=True,
+        )
+        ids_select = (
+            select(table.c.id)
+            .where(table.c.modtime < text("now() - (:ival)::interval"))
+            .where(text(self.filter or "true"))
+            .params(ival=self.range)
+            .order_by(table.c.id)
+            .limit(LIMIT)
+        )
+        # Use connection().execute() (Core layer) instead of session.execute()
+        # (ORM layer): return type is CursorResult, which exposes rowcount.
+        # Also skips autoflush — intentional, this worker runs in its own
+        # session with no pending state.
+        result = session.connection().execute(
+            delete(table).where(table.c.id.in_(ids_select))
+        )
+        count = result.rowcount
+        elapsed = time.monotonic() - start
+        return AppTblCleanup.RunResult(
+            count=count,
+            limit_reached=(count == LIMIT),
+            elapsed=elapsed,
+        )
+
+    @staticmethod
+    def run_cleanup_batches(session: Session):
+        """
+        Clean up data according to given rules in apptblcleanup.
+        Commits after each processed batch. Returns a mapping from table name to
+        number of entries deleted.
+        """
+
+        result = session.execute(select(AppTblCleanup))
+        rows = list(result.scalars().all())
+        stats = {
+            row.tablename: AppTblCleanup.RunResult(
+                count=0,
+                elapsed=0.0,
+                limit_reached=False,
+            )
+            for row in rows
+        }
+        while rows:
+            new_rows = []
+            for row in rows:
+                res = row.run(session)
+                tgt = stats[row.tablename]
+                tgt.count += res.count
+                tgt.elapsed += res.elapsed
+                tgt.limit_reached = tgt.limit_reached or res.limit_reached
+                if res.limit_reached:
+                    new_rows.append(row)
+
+                yield stats
+
+            rows = new_rows

perfact_api_app-0.6/src/perfact/api/app/model/appuser.py

@@ -0,0 +1,6 @@
+from perfact.api.base.model import Base, Mapped
+
+
+class AppUser(Base):
+    name: Mapped[str]
+    password: Mapped[str | None]

perfact_api_app-0.6/src/perfact/api/app/model/appuserkey.py

@@ -0,0 +1,9 @@
+from perfact.api.base.model import Base, ForeignKey, Mapped, mapped_column, relationship
+
+from .appuser import AppUser
+
+
+class AppUserKey(Base):
+    appuser_id: Mapped[int] = mapped_column(ForeignKey(AppUser.id))
+    key: Mapped[str]
+    appuser: Mapped[AppUser] = relationship()

perfact_api_app-0.6/src/perfact/api/app/model/appuserlogin.py

@@ -0,0 +1,11 @@
+from perfact.api.base.model import Base, ForeignKey, Mapped, mapped_column, relationship
+
+from .appuser import AppUser
+
+
+class AppUserLogin(Base):
+    appuser_id: Mapped[int] = mapped_column(ForeignKey(AppUser.id))
+    cookie: Mapped[str | None]
+    nextcookie: Mapped[str | None]
+    done: Mapped[bool] = mapped_column(default=False)
+    user: Mapped[AppUser] = relationship()

perfact_api_app-0.6/src/perfact/api/app/model/appuserxperm.py

@@ -0,0 +1,12 @@
+from perfact.api.base.model import Base, ForeignKey, Mapped, mapped_column, relationship
+
+from .appperm import AppPerm
+from .appuser import AppUser
+
+
+class AppUserXPerm(Base):
+    appuser_id: Mapped[int] = mapped_column(ForeignKey(AppUser.id))
+    appperm_id: Mapped[int] = mapped_column(ForeignKey(AppPerm.id))
+    needsgrant: Mapped[bool] = mapped_column(server_default="false")
+    user: Mapped[AppUser] = relationship()
+    perm: Mapped[AppPerm] = relationship()

perfact_api_app-0.6/src/perfact/api/app/model/appuserxstc.py

@@ -0,0 +1,12 @@
+from perfact.api.base.model import Base, ForeignKey, Mapped, mapped_column, relationship
+
+from .appstc import AppStc
+from .appuser import AppUser
+
+
+class AppUserXStc(Base):
+    appuser_id: Mapped[int] = mapped_column(ForeignKey(AppUser.id))
+    appstc_id: Mapped[int] = mapped_column(ForeignKey(AppStc.id))
+
+    user: Mapped[AppUser] = relationship()
+    stc: Mapped[AppStc] = relationship()

perfact_api_app-0.6/src/perfact/api/app/model/authinfo.py

@@ -0,0 +1,13 @@
+from dataclasses import dataclass
+from typing import Optional
+
+
+@dataclass
+class AuthInfo:
+    """
+    Authentication information for the current user
+    """
+
+    name: str
+    roles: list[str]
+    appstc: Optional[int]

perfact_api_app-0.6/src/perfact/api/app/model/selfilterable.py

@@ -0,0 +1,137 @@
+from typing import List, Optional, Sequence, Type
+
+from perfact.api.base.model import Base
+from sqlalchemy import (
+    ARRAY,
+    BigInteger,
+    ColumnElement,
+    ScalarSelect,
+    Select,
+    and_,
+    cast,
+    func,
+    join,
+    literal,
+    or_,
+    select,
+)
+from sqlalchemy.dialects.postgresql import array
+
+from .appstc import AppStc_Paths
+from .authinfo import AuthInfo
+
+
+class Selfilterable:
+    """
+    selfilters is a mechanism which creates visibility rules for a table.
+    The rule is defined by a SQL WHERE statement.
+    This statement should be added to all queries to the database.
+    The selfilter can be retrived by calling the classmethod `get_selfilter`.
+    """
+
+    @classmethod
+    def get_selfilter(cls, auth: Optional[AuthInfo]) -> ColumnElement[bool]:
+        """
+        returns the selfilter as a ColumnElement which can be used in
+        a WHERE/filter statement.
+
+        usage:
+            select(MtArt).filter(
+                MtArt.get_selfilter(...)
+            )
+        """
+        raise NotImplementedError(f"No selfilter defined for {cls.__name__}")
+
+    @staticmethod
+    def generate_selfilter_stc_query(
+        entity: Type[Base],
+        stcrefcol: Optional[str] = None,
+        stcmxntable: Optional[Type[Base]] = None,
+        mxnflags: Sequence[str] = [],
+        appstc_ids=None,
+        inherit=False,
+    ) -> Select:
+        """
+        this implements
+        PerFact.WebApp.db_selfilter_sql_d.methods.appstc_query_iq
+        the sqlalchemy way.
+
+        The stcrefcol-column (e.g. <entity>_appstc_id) is used via AppStc_Paths to
+        find object ids linked to the given appstc.
+        If `stcmxntable` is set, the mxn-table is used to find
+        the object ids linked to the given appstc.
+
+        mxnflags:
+            Optional list of flags that must exist as additional boolean
+            columns of the MxN table. If set, only entries with this flag are
+            considered.
+
+        returns:
+        filter statement returning all object ids that are
+        mapped to the given appstc and allowed to present to the user.
+
+        usage:
+            conditions = [
+                MtArt.generate_selfilter_stc_query(appstc_ids=[stc.id]),
+            ]
+
+        """
+        if (stcmxntable is None) == (stcrefcol is None):
+            raise RuntimeError("Either mxn or refcol need to be supplied")
+
+        main_table = entity
+        tbl = main_table.__tablename__
+
+        # build up where statement
+        conditions: List[ColumnElement[bool]] = [
+            AppStc_Paths.id_path.bool_op("&&")(
+                cast(array(appstc_ids), ARRAY(BigInteger))
+            ),
+        ]
+
+        if inherit:
+            subquery: ScalarSelect[bool] = (
+                select(
+                    func.bool_or(
+                        AppStc_Paths.id_path.op("&&")(func.array(AppStc_Paths.id))
+                    )
+                )
+                .filter(AppStc_Paths.id.in_(appstc_ids))
+                .scalar_subquery()
+            )
+
+            conditions.append(subquery)
+
+        if stcmxntable:
+            mxn_table = entity.metadata.tables[stcmxntable.__tablename__]
+
+            column_names = mxn_table.c[f"{tbl}_id"]
+
+            join_on = [or_(AppStc_Paths.id == mxn_table.c["appstc_id"])]
+
+            for flag in mxnflags:
+                join_on.append(mxn_table.c[flag])
+
+            j = join(
+                mxn_table,
+                AppStc_Paths,
+                and_(*join_on),
+            )
+        elif stcrefcol:
+            column_names = getattr(main_table, "id")
+            j = join(
+                tbl,
+                AppStc_Paths,
+                AppStc_Paths.id == getattr(main_table, stcrefcol),
+            )
+
+        query = select(column_names).select_from(j).where(or_(*conditions))
+        return query
+
+    @staticmethod
+    def generate_selfilter_open():
+        """
+        this implements a open selfilter (everything is accessible)
+        the sqlalchemy way.
+        """
+        return literal(True)

perfact_api_app-0.6/src/perfact_api_app.egg-info/PKG-INFO

@@ -0,0 +1,45 @@
+Metadata-Version: 2.4
+Name: perfact-api-app
+Version: 0.6
+Summary: PerFact API - SQLAlchemy models for the app namespace
+Author-email: Viktor Dick <viktor.dick@perfact.de>
+License: GPL-2.0-or-later
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: SQL
+Classifier: Operating System :: POSIX :: Linux
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Requires-Dist: sqlalchemy
+Requires-Dist: perfact-api-base-model
+
+# perfact-api-app
+
+SQLAlchemy models for the `app` namespace of the PerFact API.
+
+## Models
+
+Provides ORM models under `perfact.api.app.model`:
+
+- `AppUser` / `AppUserKey` / `AppUserLogin` — user accounts, API keys, login sessions
+- `AppStc` — org areas (Strukturknoten), hierarchical
+- `AppPerm` / `AppPermXGroup` / `AppPermXStc` — permissions and their assignments
+- `AppGroup` / `AppUserXPerm` / `AppUserXStc` — group and user-permission mappings
+- `AppTblCleanup` — table cleanup job model
+
+## Installation
+
+```sh
+pip install perfact-api-app
+```
+
+## Development
+
+```sh
+pip install -e ../perfact-api-base-model/
+pip install -e .
+tox
+```
+
+## Maintainers
+
+- Viktor Dick <viktor.dick@perfact.de>

perfact_api_app-0.6/src/perfact_api_app.egg-info/SOURCES.txt

@@ -0,0 +1,22 @@
+README.md
+pyproject.toml
+tox.ini
+src/perfact/api/app/model/__init__.py
+src/perfact/api/app/model/appgroup.py
+src/perfact/api/app/model/appperm.py
+src/perfact/api/app/model/apppermxgroup.py
+src/perfact/api/app/model/apppermxstc.py
+src/perfact/api/app/model/appstc.py
+src/perfact/api/app/model/apptblcleanup.py
+src/perfact/api/app/model/appuser.py
+src/perfact/api/app/model/appuserkey.py
+src/perfact/api/app/model/appuserlogin.py
+src/perfact/api/app/model/appuserxperm.py
+src/perfact/api/app/model/appuserxstc.py
+src/perfact/api/app/model/authinfo.py
+src/perfact/api/app/model/selfilterable.py
+src/perfact_api_app.egg-info/PKG-INFO
+src/perfact_api_app.egg-info/SOURCES.txt
+src/perfact_api_app.egg-info/dependency_links.txt
+src/perfact_api_app.egg-info/requires.txt
+src/perfact_api_app.egg-info/top_level.txt

perfact_api_app-0.6/src/perfact_api_app.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

perfact_api_app-0.6/src/perfact_api_app.egg-info/requires.txt

@@ -0,0 +1,2 @@
+sqlalchemy
+perfact-api-base-model

perfact_api_app-0.6/src/perfact_api_app.egg-info/top_level.txt

@@ -0,0 +1 @@
+perfact

perfact_api_app-0.6/tox.ini

@@ -0,0 +1,31 @@
+[tox]
+envlist = py3
+isolated_build = true
+
+[pytest]
+
+[testenv]
+passenv = SSH_AUTH_SOCK, PYTHONPATH, HTTP_PROXY, HTTPS_PROXY
+setenv =
+    GIT_SSH_VARIANT=ssh
+    GIT_SSH_COMMAND=ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
+    LOCALDBMODE=pgctl
+
+deps =
+    ruff
+    pytest
+    coverage
+    psycopg[binary]
+    pytest-postgresql
+    pytest-cov
+    pytest-typing
+    bandit
+    mypy
+    perfact-api-base-model
+
+commands =
+    ruff format --check
+    ruff check
+    bandit --configfile {toxinidir}/../bandit.yml -r src
+    mypy src
+    # pytest --doctest-modules --cov-branch --cov=src --cov-report=term-missing {posargs:src}