statezero 0.1.0b5__py3-none-any.whl → 0.1.0b7__py3-none-any.whl

statezero/adaptors/django/actions.py

@@ -0,0 +1,171 @@
+import os
+from django.apps import apps
+from rest_framework.response import Response
+from rest_framework import fields
+from statezero.core.actions import action_registry
+
+
+class DjangoActionSchemaGenerator:
+    """Django-specific action schema generator that matches StateZero model schema format"""
+
+    @staticmethod
+    def generate_actions_schema():
+        """Generate schema for all registered actions matching StateZero model schema format"""
+        actions_schema = {}
+        all_app_configs = list(apps.get_app_configs())
+
+        for action_name, action_config in action_registry.get_actions().items():
+            func = action_config.get("function")
+            if not func:
+                raise ValueError(
+                    f"Action '{action_name}' is missing a function and cannot be processed."
+                )
+
+            func_path = os.path.abspath(func.__code__.co_filename)
+            found_app = None
+
+            for app_config in all_app_configs:
+                app_path = os.path.abspath(app_config.path)
+                if func_path.startswith(app_path + os.sep):
+                    if not found_app or len(app_path) > len(
+                        os.path.abspath(found_app.path)
+                    ):
+                        found_app = app_config
+
+            if not found_app:
+                raise LookupError(
+                    f"Action '{action_name}' from file '{func_path}' does not belong to any "
+                    f"installed Django app. Please ensure the parent app is in INSTALLED_APPS."
+                )
+
+            app_name = found_app.label
+            docstring = action_config.get("docstring")
+
+            schema_info = {
+                "action_name": action_name,
+                "app": app_name,
+                "title": action_name.replace("_", " ").title(),
+                "docstring": docstring,
+                "class_name": "".join(
+                    word.capitalize() for word in action_name.split("_")
+                ),
+                "input_properties": DjangoActionSchemaGenerator._get_serializer_schema(
+                    action_config["serializer"]
+                ),
+                "response_properties": DjangoActionSchemaGenerator._get_serializer_schema(
+                    action_config["response_serializer"]
+                ),
+                "permissions": [
+                    perm.__name__ for perm in action_config.get("permissions", [])
+                ],
+            }
+            actions_schema[action_name] = schema_info
+
+        return Response({"actions": actions_schema, "count": len(actions_schema)})
+
+    @staticmethod
+    def _get_serializer_schema(serializer_class):
+        if not serializer_class:
+            return {}
+        try:
+            serializer_instance = serializer_class()
+            properties = {}
+            for field_name, field in serializer_instance.fields.items():
+                field_info = {
+                    "type": DjangoActionSchemaGenerator._get_field_type(field),
+                    "title": getattr(field, "label")
+                    or field_name.replace("_", " ").title(),
+                    "required": field.required,
+                    "description": getattr(field, "help_text", None),
+                    "nullable": getattr(field, "allow_null", False),
+                    "format": DjangoActionSchemaGenerator._get_field_format(field),
+                    "max_length": getattr(field, "max_length", None),
+                    "choices": DjangoActionSchemaGenerator._get_field_choices(field),
+                    "default": DjangoActionSchemaGenerator._get_field_default(field),
+                    "validators": [],
+                    "max_digits": getattr(field, "max_digits", None),
+                    "decimal_places": getattr(field, "decimal_places", None),
+                    "read_only": field.read_only,
+                    "ref": None,
+                }
+                if hasattr(field, "max_value") and field.max_value is not None:
+                    field_info["max_value"] = field.max_value
+                if hasattr(field, "min_value") and field.min_value is not None:
+                    field_info["min_value"] = field.min_value
+                if hasattr(field, "min_length") and field.min_length is not None:
+                    field_info["min_length"] = field.min_length
+                properties[field_name] = field_info
+            return properties
+        except Exception as e:
+            return {"error": f"Could not inspect serializer: {str(e)}"}
+
+    @staticmethod
+    def _get_field_type(field):
+        type_mapping = {
+            fields.BooleanField: "boolean",
+            fields.CharField: "string",
+            fields.EmailField: "string",
+            fields.URLField: "string",
+            fields.UUIDField: "string",
+            fields.IntegerField: "integer",
+            fields.FloatField: "number",
+            fields.DecimalField: "string",
+            fields.DateField: "string",
+            fields.DateTimeField: "string",
+            fields.TimeField: "string",
+            fields.JSONField: "object",
+            fields.DictField: "object",
+            fields.ListField: "array",
+        }
+        return type_mapping.get(type(field), "string")
+
+    @staticmethod
+    def _get_field_format(field):
+        format_mapping = {
+            fields.EmailField: "email",
+            fields.URLField: "uri",
+            fields.UUIDField: "uuid",
+            fields.DateField: "date",
+            fields.DateTimeField: "date-time",
+            fields.TimeField: "time",
+        }
+        return format_mapping.get(type(field))
+
+    @staticmethod
+    def _get_field_choices(field):
+        if hasattr(field, "choices") and field.choices:
+            choices = field.choices
+            
+            # Handle dict format: {'low': 'Low', 'high': 'High'}
+            if isinstance(choices, dict):
+                return list(choices.keys())
+            
+            # Handle list/tuple format: [('low', 'Low'), ('high', 'High')]
+            elif isinstance(choices, (list, tuple)):
+                try:
+                    return [choice[0] for choice in choices]
+                except (IndexError, TypeError) as e:
+                    raise ValueError(
+                        f"Invalid choice format for field '{field}'. Expected list of tuples "
+                        f"like [('value', 'display')], but got: {choices}. Error: {e}"
+                    )
+            
+            # Handle unexpected format
+            else:
+                raise ValueError(
+                    f"Unsupported choice format for field '{field}'. Expected dict or list of tuples, "
+                    f"but got {type(choices)}: {choices}"
+                )
+        
+        return None
+
+    @staticmethod
+    def _get_field_default(field):
+        if hasattr(field, "default"):
+            default = field.default
+            if default is fields.empty:
+                return None
+            if callable(default):
+                return None
+            return default
+        return None

statezero/adaptors/django/apps.py

@@ -27,27 +27,46 @@ class StateZeroDjangoConfig(DjangoAppConfig):
 
     def ready(self):
         # Import crud modules which register models in the registry.
-        if hasattr(settings, 'CONFIG_FILE_PREFIX'):
+        if hasattr(settings, "CONFIG_FILE_PREFIX"):
             config_file_prefix: str = settings.CONFIG_FILE_PREFIX
-            config_file_prefix = config_file_prefix.replace('.py', '')
-            if (not isinstance(config_file_prefix, str)) or (len(config_file_prefix) < 1):
-                raise ValueError(f"If provided, CONFIG_FILE_PREFIX must be a string with at least one character. In your settings.py it is set to {settings.CONFIG_FILE_PREFIX}. Either delete the setting completely or use a valid file name like 'crud'")
+            config_file_prefix = config_file_prefix.replace(".py", "")
+            if (not isinstance(config_file_prefix, str)) or (
+                len(config_file_prefix) < 1
+            ):
+                raise ValueError(
+                    f"If provided, CONFIG_FILE_PREFIX must be a string with at least one character. In your settings.py it is set to {settings.CONFIG_FILE_PREFIX}. Either delete the setting completely or use a valid file name like 'crud'"
+                )
         else:
             config_file_prefix = "crud"
         for app_config_instance in apps.get_app_configs():
             module_name = f"{app_config_instance.name}.{config_file_prefix}"
             try:
                 importlib.import_module(module_name)
-                logger.debug(f"Imported {config_file_prefix} module from {app_config_instance.name}")
+                logger.debug(
+                    f"Imported {config_file_prefix} module from {app_config_instance.name}"
+                )
+            except ModuleNotFoundError:
+                pass
+
+        # Import actions modules which register actions in the action registry.
+        from statezero.core.actions import action_registry
+
+        for app_config_instance in apps.get_app_configs():
+            actions_module_name = f"{app_config_instance.name}.actions"
+            try:
+                importlib.import_module(actions_module_name)
+                logger.debug(f"Imported actions module from {app_config_instance.name}")
             except ModuleNotFoundError:
                 pass
 
         # Once all the apps are imported, initialize StateZero and provide the registry to the event bus.
         config.initialize()
-        config.validate_exposed_models(registry) # Raises an exception if a non StateZero model is implicitly exposed
+        config.validate_exposed_models(
+            registry
+        )  # Raises an exception if a non StateZero model is implicitly exposed
         config.event_bus.set_registry(registry)
 
-        # Print the list of published models (from registry) to confirm StateZero is running.
+        # Print the list of published models and actions to confirm StateZero is running.
         try:
             published_models = []
             for model in registry._models_config.keys():
@@ -55,20 +74,43 @@ class StateZeroDjangoConfig(DjangoAppConfig):
                 model_name = model.__name__
                 published_models.append(model_name)
 
+            # Get registered actions
+            registered_actions = list(action_registry.get_actions().keys())
+
+            # Build base message for models
             if published_models:
-                base_message = (
+                models_message = (
                     "[bold green]StateZero is exposing models:[/bold green] [bold yellow]"
                     + ", ".join(published_models)
-                    + "[/bold yellow]"  
+                    + "[/bold yellow]"
                 )
             else:
-                base_message = "[bold yellow]StateZero is running but no models are registered.[/bold yellow]"
+                models_message = "[bold yellow]StateZero is running but no models are registered.[/bold yellow]"
+
+            # Build message for actions (limit to first 10 to avoid cluttering console)
+            if registered_actions:
+                displayed_actions = registered_actions[:10]
+                actions_message = (
+                    "\n[bold green]StateZero is exposing actions:[/bold green] [bold cyan]"
+                    + ", ".join(displayed_actions)
+                )
+                if len(registered_actions) > 10:
+                    actions_message += (
+                        f" [dim](and {len(registered_actions) - 10} more)[/dim]"
+                    )
+                actions_message += "[/bold cyan]"
+            else:
+                actions_message = (
+                    "\n[bold yellow]No actions are registered.[/bold yellow]"
+                )
+
+            base_message = models_message + actions_message
 
             # Append the npm command instruction only in debug mode.
-            if published_models and settings.DEBUG:
+            if (published_models or registered_actions) and settings.DEBUG:
                 npm_message = (
-                    "\n[bold blue]Next step:[/bold blue] Run [italic]npm run sync-models[/italic] in your frontend project directory "
-                    "to generate or update the client-side code corresponding to these models. "
+                    "\n[bold blue]Next step:[/bold blue] Run [italic]npm run sync[/italic] in your frontend project directory "
+                    "to generate or update the client-side code corresponding to these models and actions. "
                     "Note: This command should only be executed in a development environment."
                 )
                 message = base_message + npm_message
@@ -85,13 +127,11 @@ class StateZeroDjangoConfig(DjangoAppConfig):
                 final_message = demarcation + message + demarcation
                 logger.info(final_message)
         except Exception as e:
-            error_message = (
-                f"[bold red]Error retrieving published models: {e}[/bold red]"
-            )
+            error_message = f"[bold red]Error retrieving published models and actions: {e}[/bold red]"
             if console:
                 final_message = Panel(error_message, expand=False)
                 console.print(final_message)
             else:
                 demarcation = "\n" + "-" * 50 + "\n"
                 final_message = demarcation + error_message + demarcation
-                logger.info(final_message)
+                logger.info(final_message)

statezero/adaptors/django/urls.py

@@ -1,6 +1,6 @@
 from django.urls import path
 
-from .views import EventsAuthView, ModelListView, ModelView, SchemaView, FileUploadView, FastUploadView
+from .views import EventsAuthView, ModelListView, ModelView, SchemaView, FileUploadView, FastUploadView, ActionSchemaView, ActionView
 
 app_name = "statezero"
 
@@ -9,6 +9,8 @@ urlpatterns = [
     path("models/", ModelListView.as_view(), name="model_list"),
     path("files/upload/", FileUploadView.as_view(), name="file_upload"),
     path("files/fast-upload/", FastUploadView.as_view(), name="fast_file_upload"),
+    path("actions/<str:action_name>/", ActionView.as_view(), name="action"),
+    path("actions-schema/", ActionSchemaView.as_view(), name="actions_schema"),
     path("<str:model_name>/", ModelView.as_view(), name="model_view"),
-    path("<str:model_name>/get-schema/", SchemaView.as_view(), name="schema_view")
-]
+    path("<str:model_name>/get-schema/", SchemaView.as_view(), name="schema_view"),
+]

statezero/adaptors/django/views.py

@@ -12,15 +12,20 @@ from django.utils.module_loading import import_string
 from datetime import datetime
 from django.conf import settings
 from django.core.files.storage import default_storage
+from statezero.core.exceptions import NotFound, PermissionDenied
 import math
+from typing import Type
 import mimetypes
 
 from statezero.adaptors.django.config import config, registry
 from statezero.adaptors.django.exception_handler import \
     explicit_exception_handler
 from statezero.adaptors.django.permissions import ORMBridgeViewAccessGate
-from statezero.core.interfaces import AbstractEventEmitter
+from statezero.adaptors.django.actions import DjangoActionSchemaGenerator
+from statezero.core.interfaces import AbstractEventEmitter, AbstractActionPermission
 from statezero.core.process_request import RequestProcessor
+from statezero.core.actions import action_registry
+from statezero.core.interfaces import AbstractActionPermission
 
 logger = logging.getLogger(__name__)
 logger.setLevel(logging.DEBUG)
@@ -114,7 +119,7 @@ class SchemaView(APIView):
         except Exception as original_exception:
             return explicit_exception_handler(original_exception)
         return Response(result, status=status.HTTP_200_OK)
-    
+
 class FileUploadView(APIView):
     """Standard file upload - returns permanent URL"""
     parser_classes = [MultiPartParser]
@@ -161,17 +166,17 @@ class FileUploadView(APIView):
 class FastUploadView(APIView):
     """Fast upload with S3 presigned URLs - single or multipart based on chunks"""
     permission_classes = [permission_class]
-    
+
     def post(self, request):
         action = request.data.get('action', 'initiate')
-        
+
         if action == 'initiate':
             return self._initiate_upload(request)
         elif action == 'complete':
             return self._complete_upload(request)
         else:
             return Response({'error': 'Invalid action'}, status=400)
-    
+
     def _initiate_upload(self, request):
         """Generate presigned URLs - single or multipart based on num_chunks"""
         filename = request.data.get('filename')
@@ -179,24 +184,24 @@ class FastUploadView(APIView):
         file_size = request.data.get('file_size', 0)
         num_chunks_str = request.data.get('num_chunks', 1)  # Client decides chunking
         num_chunks = int(num_chunks_str)
-        
+
         if not filename:
             return Response({'error': 'filename required'}, status=400)
-        
+
         # Generate file path
         upload_dir = getattr(settings, 'STATEZERO_UPLOAD_DIR', 'statezero')
         file_path = f"{upload_dir}/{filename}"
-        
+
         if not content_type:
             content_type, _ = mimetypes.guess_type(filename)
             content_type = content_type or 'application/octet-stream'
-        
+
         if not self._is_s3_storage():
             return Response({'error': 'Fast upload requires S3 storage backend'}, status=400)
-        
+
         try:
             s3_client = self._get_s3_client()
-            
+
             if num_chunks == 1:
                 # Single upload (existing logic)
                 presigned_url = s3_client.generate_presigned_url(
@@ -209,28 +214,28 @@ class FastUploadView(APIView):
                     ExpiresIn=3600,
                     HttpMethod='PUT',
                 )
-                
+
                 return Response({
                     'upload_type': 'single',
                     'upload_url': presigned_url,
                     'file_path': file_path,
                     'content_type': content_type
                 })
-            
+
             else:
                 # Multipart upload
                 if num_chunks > 10000:
                     return Response({'error': 'Too many chunks (max 10,000)'}, status=400)
-                
+
                 # Initiate multipart upload
                 response = s3_client.create_multipart_upload(
                     Bucket=settings.AWS_STORAGE_BUCKET_NAME,
                     Key=file_path,
                     ContentType=content_type
                 )
-                
+
                 upload_id = response['UploadId']
-                
+
                 # Generate presigned URLs for all parts
                 upload_urls = {}
                 for part_number in range(1, num_chunks + 1):
@@ -246,7 +251,7 @@ class FastUploadView(APIView):
                         HttpMethod='PUT'
                     )
                     upload_urls[part_number] = url
-                
+
                 return Response({
                     'upload_type': 'multipart',
                     'upload_id': upload_id,
@@ -254,51 +259,51 @@ class FastUploadView(APIView):
                     'file_path': file_path,
                     'content_type': content_type
                 })
-                
+
         except Exception as e:
             logger.error(f"Upload initiation failed: {e}")
             return Response({'error': 'Upload unavailable'}, status=500)
-    
+
     def _complete_upload(self, request):
         """Complete upload - single or multipart"""
         file_path = request.data.get('file_path')
         original_name = request.data.get('original_name')
         upload_id = request.data.get('upload_id')  # Only present for multipart
         parts = request.data.get('parts', [])  # Only present for multipart
-        
+
         if not file_path:
             return Response({'error': 'file_path required'}, status=400)
-        
+
         try:
             if upload_id and parts:
                 # Complete multipart upload
                 s3_client = self._get_s3_client()
-                
+
                 # Sort parts by PartNumber to ensure correct order
                 sorted_parts = sorted(parts, key=lambda x: x['PartNumber'])
-                
+
                 response = s3_client.complete_multipart_upload(
                     Bucket=settings.AWS_STORAGE_BUCKET_NAME,
                     Key=file_path,
                     UploadId=upload_id,
                     MultipartUpload={'Parts': sorted_parts}
                 )
-                
+
                 logger.info(f"Multipart upload completed for {file_path}")
-            
+
             # For single uploads, file is already there after PUT
             # For multipart, it's now assembled
-            
+
             if not default_storage.exists(file_path):
                 return Response({'error': 'File not found'}, status=404)
-            
+
             return Response({
                 'file_path': file_path,
                 'file_url': default_storage.url(file_path),
                 'original_name': original_name,
                 'size': default_storage.size(file_path)
             })
-            
+
         except Exception as e:
             logger.error(f"Upload completion failed: {e}")
             # Clean up failed multipart upload
@@ -314,7 +319,7 @@ class FastUploadView(APIView):
                 except Exception as cleanup_error:
                     logger.error(f"Failed to abort multipart upload: {cleanup_error}")
             return Response({'error': 'Upload completion failed'}, status=500)
-    
+
     def _get_s3_client(self):
         """Get S3 client"""
         import boto3
@@ -325,7 +330,7 @@ class FastUploadView(APIView):
             aws_secret_access_key=settings.AWS_SECRET_ACCESS_KEY,
             endpoint_url=getattr(settings, 'AWS_S3_ENDPOINT_URL', None)
         )
-    
+
     def _is_s3_storage(self) -> bool:
         """Check if using S3-compatible storage"""
         try:
@@ -333,4 +338,101 @@ class FastUploadView(APIView):
             from storages.backends.s3 import S3Storage
         except ImportError:
             return False
-        return isinstance(default_storage, (S3Boto3Storage, S3Storage))
+        return isinstance(default_storage, (S3Boto3Storage, S3Storage))
+
+
+class ActionView(APIView):
+    """
+    Django view to handle StateZero action execution.
+    It uses a single try/except block to catch all errors, including
+    not found actions and permission denials, and formats them with the
+    explicit_exception_handler.
+    """
+
+    permission_classes = [permission_class]
+
+    def post(self, request, action_name):
+        """Execute a registered action."""
+        try:
+            action_config = action_registry.get_action(action_name)
+
+            if not action_config:
+                # Raise an exception to be handled by the central handler
+                raise NotFound(detail=f"Action '{action_name}' not found")
+
+            # This will raise PermissionDenied on failure
+            self._check_permissions(request, action_config, action_name)
+
+            # Validate input data
+            validated_data = {}
+            if action_config["serializer"]:
+                serializer = action_config["serializer"](
+                    data=request.data, context={"request": request}
+                )
+                # Using raise_exception=True automatically triggers the handler
+                # for validation errors.
+                serializer.is_valid(raise_exception=True)
+                validated_data = serializer.validated_data
+            else:
+                validated_data = request.data
+
+            # This will also raise PermissionDenied on failure
+            self._check_action_permissions(
+                request, action_config, action_name, validated_data
+            )
+
+            # Execute the core action function
+            action_func = action_config["function"]
+            result = action_func(**validated_data, request=request)
+
+            # Validate the response data
+            if action_config["response_serializer"]:
+                response_serializer = action_config["response_serializer"](data=result)
+                if not response_serializer.is_valid():
+                    # This indicates an issue with the action's implementation
+                    return Response(
+                        {
+                            "error": f"Action returned invalid response: {response_serializer.errors}"
+                        },
+                        status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+                    )
+                return Response(response_serializer.validated_data)
+            else:
+                return Response(result)
+
+        except Exception as original_exception:
+            # This single block now handles all runtime exceptions
+            return explicit_exception_handler(original_exception)
+
+    def _check_permissions(self, request, action_config, action_name) -> None:
+        """Check view-level permissions, raising an exception on failure."""
+        permissions = action_config.get("permissions", [])
+        for permission_class in permissions:
+            permission_instance = permission_class()
+            if not permission_instance.has_permission(request, action_name):
+                raise PermissionDenied(
+                    detail="You do not have permission to perform this action."
+                )
+
+    def _check_action_permissions(
+        self, request, action_config, action_name, validated_data
+    ) -> None:
+        """Check action-level permissions, raising an exception on failure."""
+        permissions = action_config.get("permissions", [])
+        for permission_class in permissions:
+            permission_instance: Type[AbstractActionPermission] = permission_class()
+            if not permission_instance.has_action_permission(
+                request, action_name, validated_data
+            ):
+                raise PermissionDenied(
+                    detail="You do not have permission for this specific request."
+                )
+
+
+class ActionSchemaView(APIView):
+    """Django view to provide action schema information for frontend generation"""
+    permission_classes = [ORMBridgeViewAccessGate]
+    
+    def get(self, request):
+        """Return schema information for all registered actions"""
+        return DjangoActionSchemaGenerator.generate_actions_schema()

statezero/core/actions.py

@@ -0,0 +1,88 @@
+import inspect
+from typing import Dict, Any, Callable, List, Union, Optional
+from .interfaces import AbstractActionPermission
+
+
+class ActionRegistry:
+    """Framework-agnostic action registry"""
+
+    def __init__(self):
+        self._actions: Dict[str, Dict] = {}
+
+    def register(
+        self,
+        func: Callable = None,
+        *,
+        docstring: Optional[str] = None,
+        serializer=None,
+        response_serializer=None,
+        permissions: Union[
+            List[AbstractActionPermission], AbstractActionPermission, None
+        ] = None,
+        name: Optional[str] = None,
+    ):
+        """Register an action function with an optional, explicit docstring."""
+
+        def decorator(func: Callable):
+            action_name = name or func.__name__
+
+            # Determine the docstring, prioritizing the explicit parameter over the function's own.
+            final_docstring = docstring or func.__doc__
+            if final_docstring:
+                # Clean up indentation and whitespace from the docstring.
+                final_docstring = inspect.cleandoc(final_docstring)
+
+            if permissions is None:
+                permission_list = []
+            elif isinstance(permissions, list):
+                permission_list = permissions
+            else:
+                permission_list = [permissions]
+
+            self._actions[action_name] = {
+                "function": func,
+                "serializer": serializer,
+                "response_serializer": response_serializer,
+                "permissions": permission_list,
+                "name": action_name,
+                "module": func.__module__,
+                "docstring": final_docstring,  # Store the determined docstring
+            }
+            return func
+
+        if func is None:
+            return decorator
+        return decorator(func)
+
+    def get_actions(self) -> Dict[str, Dict]:
+        return self._actions
+
+    def get_action(self, name: str) -> Optional[Dict]:
+        return self._actions.get(name)
+
+
+# Global registry instance
+action_registry = ActionRegistry()
+
+
+# Convenient decorator
+def action(
+    func: Callable = None,
+    *,
+    docstring: Optional[str] = None,
+    serializer=None,
+    response_serializer=None,
+    permissions: Union[
+        List[AbstractActionPermission], AbstractActionPermission, None
+    ] = None,
+    name: Optional[str] = None,
+):
+    """Framework-agnostic decorator to register an action."""
+    return action_registry.register(
+        func,
+        docstring=docstring,
+        serializer=serializer,
+        response_serializer=response_serializer,
+        permissions=permissions,
+        name=name,
+    )

statezero/core/interfaces.py

@@ -452,6 +452,29 @@ class AbstractEventEmitter(ABC):
 # --- Permissions ---
 
 
+class AbstractActionPermission(ABC):
+    """
+    Permission class for StateZero actions.
+    Similar to DRF BasePermission but with access to validated data and
+    gives the action instead of the view.
+    """
+
+    @abstractmethod
+    def has_permission(self, request, action_name: str) -> bool:
+        """
+        View-level permission check (before validation).
+        Similar to DRF BasePermission.has_permission
+        """
+        pass
+
+    @abstractmethod
+    def has_action_permission(self, request, action_name: str, validated_data: dict) -> bool:
+        """
+        Action-level permission check (after validation).
+        This is where you check permissions that depend on the actual data.
+        """
+        pass
+
 class AbstractPermission(ABC):
     @abstractmethod
     def filter_queryset(
@@ -526,7 +549,6 @@ class AbstractPermission(ABC):
         """
         pass
 
-
 class AbstractSearchProvider(ABC):
     """Base class for search providers in StateZero."""
 
@@ -613,4 +635,4 @@ class AbstractQueryOptimizer(ABC):
             ValueError: If required parameters (like 'fields' or init config
                         for generation) are missing.
         """
-        raise NotImplementedError
+        raise NotImplementedError

{statezero-0.1.0b5.dist-info → statezero-0.1.0b7.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: statezero
-Version: 0.1.0b5
+Version: 0.1.0b7
 Summary: Connect your Python backend to a modern JavaScript SPA frontend with 90% less complexity.
 Author-email: Robert <robert.herring@statezero.dev>
 Project-URL: homepage, https://www.statezero.dev
@@ -222,7 +222,7 @@ npm i @statezero/core
 ### Generate TypeScript Models
 
 ```bash
-npx statezero sync-models
+npx statezero sync
 ```
 
 ## Why Choose StateZero Over...

{statezero-0.1.0b5.dist-info → statezero-0.1.0b7.dist-info}/RECORD

@@ -1,7 +1,8 @@
 statezero/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 statezero/adaptors/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 statezero/adaptors/django/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-statezero/adaptors/django/apps.py,sha256=UtL1XTZ70_9-q0ZEct0getDnaxJxnEjo_P9iEIqiYYE,4388
+statezero/adaptors/django/actions.py,sha256=Rm6riu-0zcaJKy65Eni2_GQ_NBg6-62sHit1WW4qFdo,7242
+statezero/adaptors/django/apps.py,sha256=51ZvUIDmHeAIazoG2qraUZuBGbONJJzLQ28ob_-smU8,6055
 statezero/adaptors/django/config.py,sha256=FVoKf-bYv0GAeAFjpQhfDnvn-L1c2noKXAg0B79egVo,3878
 statezero/adaptors/django/context_manager.py,sha256=Vrscb63wGJ2frXnOPPcJGULiyDkPnRO2SUhN-K-pJeI,379
 statezero/adaptors/django/event_emitters.py,sha256=Lb7NW7yFf_KxczVbj8g0vRcKZEny15t25m7PyIi2d3s,3057
@@ -14,8 +15,8 @@ statezero/adaptors/django/permissions.py,sha256=fU2c4bKK0zX2uuVB0UazZHTI-5OkiI5-
 statezero/adaptors/django/query_optimizer.py,sha256=-GNqL7Xn8WP8OsLEAAxXpIszSyEwm-l6WjgdkEFzxUM,38541
 statezero/adaptors/django/schemas.py,sha256=shq8ed9qHCnbCfYVsRxVE7V3R3GhGIKeRRj7dI3r1IU,12728
 statezero/adaptors/django/serializers.py,sha256=YFFDu6bzoWkSEOVH5Wmc4yJ8SaOkUA6HbXXYt6djlfc,23296
-statezero/adaptors/django/urls.py,sha256=G4LAUVG1WtPCyB_POQ3wa_VKqKCSI6p3fHZGy6GV99g,636
-statezero/adaptors/django/views.py,sha256=ZoTocBkqv8sdxaq5bMOZpsj1zko5FDcSYP1C9m8s9Hw,13723
+statezero/adaptors/django/urls.py,sha256=_Ylta5Bba0eI6pDvO7XddMt9ffEutx3JmZS2mSSi5DQ,828
+statezero/adaptors/django/views.py,sha256=RTBuGc5iFnt6fjdatA-mNttzAZ3-aNA3Brf5f0ODyFI,17974
 statezero/adaptors/django/extensions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 statezero/adaptors/django/extensions/custom_field_serializers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 statezero/adaptors/django/extensions/custom_field_serializers/file_fields.py,sha256=BaOaJPmyzCp-YFwpsTOvGHjHpk6s8UJuZ5JsF-PEGV4,4518
@@ -27,6 +28,7 @@ statezero/adaptors/django/search_providers/__init__.py,sha256=47DEQpj8HBSa-_TImW
 statezero/adaptors/django/search_providers/basic_search.py,sha256=5_GJ1r_B6JdIYXL6yYEYn5mik88EolSH5aZvygc_UF0,977
 statezero/adaptors/django/search_providers/postgres_search.py,sha256=IMoHxzfi-Y3hAxPND4Xc6GatrPs1eXAqpmcfwt5Zr14,2459
 statezero/core/__init__.py,sha256=Z6RTutAAElLMEjBFphVVmpySPdJBA55j-Uo0BtR7c5E,1040
+statezero/core/actions.py,sha256=uwN9O0NOcDhZtW3X3cq066_H9CyO-8WtjO38gyxxudo,2752
 statezero/core/ast_parser.py,sha256=ezEHqVB1Afqw_GSyUs4Dh0W94xFM4aaNEaxyYMk-rr4,38756
 statezero/core/ast_validator.py,sha256=YZAflPyba0kXWBNhd1Z_XeEk-_zUzM6MkY9zSlX1PMs,11582
 statezero/core/classes.py,sha256=-rJ8szqGGzsFxE3TvbtYHFHFP9Kg2WP24aYi74Io338,4923
@@ -36,11 +38,11 @@ statezero/core/event_bus.py,sha256=2IFLBHSkLzpm1AX0MfSXSmF2X-lXK-gOoODZCtB2Jdw,6
 statezero/core/event_emitters.py,sha256=qjMbeUmdn4bG7WiVfqTmNdaflEea5amnTEpOn5X0J44,2046
 statezero/core/exceptions.py,sha256=_krMHWW9qBbMXvvqFdWf85a3Kayn7XbJczfC3x3gmBI,3330
 statezero/core/hook_checks.py,sha256=uqtvwRx1qGsF7Vc49elAWdOjMzhuv3RADKY1wiLvhK4,3425
-statezero/core/interfaces.py,sha256=VCekst5esL9Yh739tW8PSedRS_s50qhEzlnJ8pwaxtU,19064
+statezero/core/interfaces.py,sha256=uUWSq6k_hXqryhUILvBQP3L2bGMEpFKXglxIT-Tom7U,19818
 statezero/core/process_request.py,sha256=dwIeBEVOE8zA-oE1h65XNOGiVqFbbXA7SzTAguLNgZk,8060
 statezero/core/types.py,sha256=K9x9AU5J6yd2AWvqRz27CeAY6UYfuQoQ7xTEwTijrmM,1982
-statezero-0.1.0b5.dist-info/licenses/license.md,sha256=0uKjybTt9K_YbEmYgf25JN292qjjJ-BPofvIZ3wdtX4,7411
-statezero-0.1.0b5.dist-info/METADATA,sha256=cHmsrjlDYnl5F-H5HSHcgqpP13UMLfZr9M8gqoC7UZc,7152
-statezero-0.1.0b5.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-statezero-0.1.0b5.dist-info/top_level.txt,sha256=UAuZYPKczradU1kcMQxsGjUzEW0qdgsqzhXyscrcLpw,10
-statezero-0.1.0b5.dist-info/RECORD,,
+statezero-0.1.0b7.dist-info/licenses/license.md,sha256=0uKjybTt9K_YbEmYgf25JN292qjjJ-BPofvIZ3wdtX4,7411
+statezero-0.1.0b7.dist-info/METADATA,sha256=GzBRo7i-WnqLOPVX_HYJ7CfzbeEpkrlDD3jOZ4Iz57M,7145
+statezero-0.1.0b7.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+statezero-0.1.0b7.dist-info/top_level.txt,sha256=UAuZYPKczradU1kcMQxsGjUzEW0qdgsqzhXyscrcLpw,10
+statezero-0.1.0b7.dist-info/RECORD,,