statezero 0.1.0b7__py3-none-any.whl → 0.1.0b8__py3-none-any.whl

statezero/adaptors/django/orm.py

@@ -962,4 +962,103 @@ class DjangoORMAdapter(AbstractORMProvider):
 
     def get_user(self, request):
         """Return the user from the request."""
-        return request.user
+        return request.user
+
+    def validate(
+        self,
+        model: Type[models.Model],
+        data: Dict[str, Any],
+        validate_type: str,
+        partial: bool,
+        request: RequestType,
+        permissions: List[Type[AbstractPermission]],
+        serializer,
+    ) -> bool:
+        """
+        Fast validation without database queries.
+        Only checks model-level permissions and serializer validation.
+
+        Args:
+            model: Django model class
+            data: Data to validate
+            validate_type: 'create' or 'update'
+            partial: Whether to allow partial validation (only validate provided fields)
+            request: Request object
+            permissions: Permission classes
+            serializer: Serializer instance
+
+        Returns:
+            bool: True if validation passes
+
+        Raises:
+            ValidationError: For serializer validation failures
+            PermissionDenied: For permission failures
+        """
+        # Basic model-level permission check (no DB query)
+        required_action = (
+            ActionType.CREATE if validate_type == "create" else ActionType.UPDATE
+        )
+
+        has_permission = False
+        for permission_class in permissions:
+            perm_instance = permission_class()
+            allowed_actions = perm_instance.allowed_actions(request, model)
+            if required_action in allowed_actions:
+                has_permission = True
+                break
+
+        if not has_permission:
+            # Let StateZero exception handling deal with this
+            raise PermissionDenied(f"{validate_type.title()} not allowed")
+
+        # Get field permissions
+        allowed_fields = self._get_allowed_fields(
+            model, permissions, request, validate_type
+        )
+
+        # Filter data to only allowed fields
+        filtered_data = {k: v for k, v in data.items() if k in allowed_fields}
+
+        # Create minimal fields map for serializer
+        model_name = config.orm_provider.get_model_name(model)
+        fields_map = {model_name: allowed_fields}
+
+        # Validate using serializer with partial flag - let ValidationError bubble up naturally
+        serializer.deserialize(
+            model=model,
+            data=filtered_data,
+            partial=partial,
+            request=request,
+            fields_map=fields_map,
+        )
+
+        # Only return success case - exceptions handle failures
+        return True
+
+    def _get_allowed_fields(
+        self,
+        model: Type[models.Model],
+        permissions: List[Type[AbstractPermission]],
+        request: RequestType,
+        validate_type: str,
+    ) -> Set[str]:
+        """Helper to get allowed fields based on validate_type."""
+        allowed_fields = set()
+
+        for permission_class in permissions:
+            perm_instance = permission_class()
+
+            if validate_type == "create":
+                create_fields = perm_instance.create_fields(request, model)
+                if create_fields == "__all__":
+                    return config.orm_provider.get_fields(model)
+                elif isinstance(create_fields, set):
+                    allowed_fields.update(create_fields)
+            else:  # update
+                editable_fields = perm_instance.editable_fields(request, model)
+                if editable_fields == "__all__":
+                    return config.orm_provider.get_fields(model)
+                elif isinstance(editable_fields, set):
+                    allowed_fields.update(editable_fields)
+
+        return allowed_fields

statezero/adaptors/django/urls.py

@@ -1,6 +1,6 @@
 from django.urls import path
 
-from .views import EventsAuthView, ModelListView, ModelView, SchemaView, FileUploadView, FastUploadView, ActionSchemaView, ActionView
+from .views import EventsAuthView, ModelListView, ModelView, SchemaView, FileUploadView, FastUploadView, ActionSchemaView, ActionView, ValidateView
 
 app_name = "statezero"
 
@@ -11,6 +11,7 @@ urlpatterns = [
     path("files/fast-upload/", FastUploadView.as_view(), name="fast_file_upload"),
     path("actions/<str:action_name>/", ActionView.as_view(), name="action"),
     path("actions-schema/", ActionSchemaView.as_view(), name="actions_schema"),
-    path("<str:model_name>/", ModelView.as_view(), name="model_view"),
+    path("<str:model_name>/validate/", ValidateView.as_view(), name="validate"),
     path("<str:model_name>/get-schema/", SchemaView.as_view(), name="schema_view"),
+    path("<str:model_name>/", ModelView.as_view(), name="model_view"),
 ]

statezero/adaptors/django/views.py

@@ -432,7 +432,56 @@ class ActionView(APIView):
 class ActionSchemaView(APIView):
     """Django view to provide action schema information for frontend generation"""
     permission_classes = [ORMBridgeViewAccessGate]
-    
+
     def get(self, request):
         """Return schema information for all registered actions"""
         return DjangoActionSchemaGenerator.generate_actions_schema()
+
+
+class ValidateView(APIView):
+    """
+    Fast validation endpoint that bypasses the AST system for performance.
+    """
+
+    permission_classes = [ORMBridgeViewAccessGate]
+
+    def post(self, request, model_name):
+        """Validate model data without saving."""
+        try:
+            # Create processor following the same pattern as other views
+            processor = RequestProcessor(config=config, registry=registry)
+
+            # Get model and config using the processor's ORM provider
+            model = processor.orm_provider.get_model_by_name(model_name)
+            if not model:
+                return Response({"error": f"Model {model_name} not found"}, status=404)
+
+            try:
+                model_config = processor.registry.get_config(model)
+            except ValueError:
+                return Response(
+                    {"error": f"Model {model_name} not registered"}, status=404
+                )
+
+            # Extract request data
+            data = request.data.get("data", {})
+            validate_type = request.data.get("validate_type", "create")
+            partial = request.data.get("partial", False)  # Default to False
+
+            # Call validate - let exceptions bubble up to explicit_exception_handler
+            result = processor.orm_provider.validate(
+                model=model,
+                data=data,
+                validate_type=validate_type,
+                partial=partial,
+                request=request,
+                permissions=model_config.permissions,
+                serializer=processor.data_serializer,
+            )
+
+            # Only success case returns here - return simple boolean
+            return Response({"valid": True}, status=200)
+
+        except Exception as original_exception:
+            # Let StateZero's exception handler deal with ValidationError, PermissionDenied, etc.
+            return explicit_exception_handler(original_exception)

statezero/core/interfaces.py

@@ -37,6 +37,38 @@ class AbstractORMProvider(ABC):
 
     # === Query Engine Methods (UPDATED: Now stateless) ===
 
+    @abstractmethod
+    def validate(
+        self,
+        model: Type,
+        data: Dict[str, Any],
+        validate_type: str,
+        partial: bool,
+        request: Any,
+        permissions: List[Type],
+        serializer: Any,
+    ) -> bool:
+        """
+        Validate model data without saving to database.
+
+        Args:
+            model: The model class to validate against
+            data: Data to validate
+            validate_type: 'create' or 'update'
+            partial: Whether to allow partial validation (only validate provided fields)
+            request: Request object for permission context
+            permissions: List of permission classes
+            serializer: Serializer instance for validation
+
+        Returns:
+            bool: True if validation passes
+
+        Raises:
+            ValidationError: For serializer validation failures
+            PermissionDenied: For permission failures
+        """
+        pass
+
     @abstractmethod
     def get_fields(self, model: ORMModel) -> Set[str]:
         """

{statezero-0.1.0b7.dist-info → statezero-0.1.0b8.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: statezero
-Version: 0.1.0b7
+Version: 0.1.0b8
 Summary: Connect your Python backend to a modern JavaScript SPA frontend with 90% less complexity.
 Author-email: Robert <robert.herring@statezero.dev>
 Project-URL: homepage, https://www.statezero.dev

{statezero-0.1.0b7.dist-info → statezero-0.1.0b8.dist-info}/RECORD

@@ -10,13 +10,13 @@ statezero/adaptors/django/exception_handler.py,sha256=cQF1Fm5IjH91ydB54TK9sqXiAO
 statezero/adaptors/django/f_handler.py,sha256=yvITFj9UAnz8-r-aLEcWoz48tBhZ08-VMq9Fsm2uiN8,12305
 statezero/adaptors/django/helpers.py,sha256=0Dyq5vboDuTUaH-KpS3oVDjastA9yv6xI6XpBuvRM3I,5974
 statezero/adaptors/django/middleware.py,sha256=YVr8fkqCk51xJQM-ovtrUiB9Kt9H81cLd9xv4cM9YlM,410
-statezero/adaptors/django/orm.py,sha256=-9tWH9hW2Ta5AipXysoWy-em7R-ybHKmPLtBX89nYQc,37118
+statezero/adaptors/django/orm.py,sha256=Z62XheCvuKIpKOoIIiLLOwrpJ5jPhv-BGxg-pqPgNaU,40757
 statezero/adaptors/django/permissions.py,sha256=fU2c4bKK0zX2uuVB0UazZHTI-5OkiI5-BtPNcPEWmW0,9525
 statezero/adaptors/django/query_optimizer.py,sha256=-GNqL7Xn8WP8OsLEAAxXpIszSyEwm-l6WjgdkEFzxUM,38541
 statezero/adaptors/django/schemas.py,sha256=shq8ed9qHCnbCfYVsRxVE7V3R3GhGIKeRRj7dI3r1IU,12728
 statezero/adaptors/django/serializers.py,sha256=YFFDu6bzoWkSEOVH5Wmc4yJ8SaOkUA6HbXXYt6djlfc,23296
-statezero/adaptors/django/urls.py,sha256=_Ylta5Bba0eI6pDvO7XddMt9ffEutx3JmZS2mSSi5DQ,828
-statezero/adaptors/django/views.py,sha256=RTBuGc5iFnt6fjdatA-mNttzAZ3-aNA3Brf5f0ODyFI,17974
+statezero/adaptors/django/urls.py,sha256=OrGQ60vj_wrbiREAKmYDZTwohpKmgjH9n0fdOw1qPaY,924
+statezero/adaptors/django/views.py,sha256=HliMoUqMIYkyh_kBxbWtGUVRJaLMU0eprhWeoEEiUqQ,19954
 statezero/adaptors/django/extensions/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 statezero/adaptors/django/extensions/custom_field_serializers/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 statezero/adaptors/django/extensions/custom_field_serializers/file_fields.py,sha256=BaOaJPmyzCp-YFwpsTOvGHjHpk6s8UJuZ5JsF-PEGV4,4518
@@ -38,11 +38,11 @@ statezero/core/event_bus.py,sha256=2IFLBHSkLzpm1AX0MfSXSmF2X-lXK-gOoODZCtB2Jdw,6
 statezero/core/event_emitters.py,sha256=qjMbeUmdn4bG7WiVfqTmNdaflEea5amnTEpOn5X0J44,2046
 statezero/core/exceptions.py,sha256=_krMHWW9qBbMXvvqFdWf85a3Kayn7XbJczfC3x3gmBI,3330
 statezero/core/hook_checks.py,sha256=uqtvwRx1qGsF7Vc49elAWdOjMzhuv3RADKY1wiLvhK4,3425
-statezero/core/interfaces.py,sha256=uUWSq6k_hXqryhUILvBQP3L2bGMEpFKXglxIT-Tom7U,19818
+statezero/core/interfaces.py,sha256=I0_AYqKN5sBeN5ghkXoSsr1ZHhMTp-IRKeavG_QNb3o,20802
 statezero/core/process_request.py,sha256=dwIeBEVOE8zA-oE1h65XNOGiVqFbbXA7SzTAguLNgZk,8060
 statezero/core/types.py,sha256=K9x9AU5J6yd2AWvqRz27CeAY6UYfuQoQ7xTEwTijrmM,1982
-statezero-0.1.0b7.dist-info/licenses/license.md,sha256=0uKjybTt9K_YbEmYgf25JN292qjjJ-BPofvIZ3wdtX4,7411
-statezero-0.1.0b7.dist-info/METADATA,sha256=GzBRo7i-WnqLOPVX_HYJ7CfzbeEpkrlDD3jOZ4Iz57M,7145
-statezero-0.1.0b7.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-statezero-0.1.0b7.dist-info/top_level.txt,sha256=UAuZYPKczradU1kcMQxsGjUzEW0qdgsqzhXyscrcLpw,10
-statezero-0.1.0b7.dist-info/RECORD,,
+statezero-0.1.0b8.dist-info/licenses/license.md,sha256=0uKjybTt9K_YbEmYgf25JN292qjjJ-BPofvIZ3wdtX4,7411
+statezero-0.1.0b8.dist-info/METADATA,sha256=qxTysj5kbjUJUj4NGDWI-pz0SuMNbwmHifHU2hLV5MA,7145
+statezero-0.1.0b8.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+statezero-0.1.0b8.dist-info/top_level.txt,sha256=UAuZYPKczradU1kcMQxsGjUzEW0qdgsqzhXyscrcLpw,10
+statezero-0.1.0b8.dist-info/RECORD,,