trovesuite 1.0.10__py3-none-any.whl → 1.0.11__py3-none-any.whl

trovesuite/auth/auth_read_dto.py

@@ -3,8 +3,8 @@ from pydantic import BaseModel
 
 class AuthControllerReadDto(BaseModel):
     org_id: Optional[str] = None
-    bus_id: Optional[str] = None 
-    app_id: Optional[str] = None 
+    bus_id: Optional[str] = None
+    app_id: Optional[str] = None
     shared_resource_id: Optional[str] = None
     user_id: Optional[str] = None
     group_id: Optional[str] = None
@@ -12,6 +12,7 @@ class AuthControllerReadDto(BaseModel):
     tenant_id: Optional[str] = None
     permissions: Optional[List[str]] = None
     resource_id: Optional[str] = None
+    resource_type: Optional[str] = None
 
 class AuthServiceReadDto(AuthControllerReadDto):
     pass

trovesuite/auth/auth_service.py

@@ -45,10 +45,10 @@ class AuthService:
         
     @staticmethod
     def authorize(data: AuthServiceWriteDto) -> Respons[AuthServiceReadDto]:
-        
+
         user_id: str = data.user_id
         tenant_id: str = data.tenant_id
-        
+
         """Check if a user is authorized based on login settings and roles"""
         # Input validation
         if not user_id or not isinstance(user_id, str):
@@ -59,7 +59,7 @@ class AuthService:
                 status_code=400,
                 error="INVALID_USER_ID"
             )
-        
+
         if not tenant_id or not isinstance(tenant_id, str):
             return Respons[AuthServiceReadDto](
                 detail="Invalid tenant_id: must be a non-empty string",
@@ -75,7 +75,7 @@ class AuthService:
                 f"SELECT is_verified FROM {db_settings.MAIN_TENANTS_TABLE} WHERE delete_status = 'NOT_DELETED' AND id = %s",
                 (tenant_id,),
             )
-            
+
             if not is_tenant_verified or len(is_tenant_verified) == 0:
                 logger.warning("Login failed - tenant not found: %s", tenant_id)
                 return Respons[AuthServiceReadDto](
@@ -85,7 +85,7 @@ class AuthService:
                     status_code=404,
                     error="TENANT_NOT_FOUND"
                 )
-            
+
             if not is_tenant_verified[0]['is_verified']:
                 logger.warning("Login failed - tenant not verified for user: %s, tenant: %s", user_id, tenant_id)
                 return Respons[AuthServiceReadDto](
@@ -96,14 +96,36 @@ class AuthService:
                     error="TENANT_NOT_VERIFIED"
                 )
 
-            login_settings_details = DatabaseManager.execute_query(
-                f"""SELECT user_id, group_id, is_suspended, can_always_login,
-                is_multi_factor_enabled, is_login_before, working_days,
-                login_on, logout_on FROM "{tenant_id}".{db_settings.TENANT_LOGIN_SETTINGS_TABLE} 
-                WHERE (delete_status = 'NOT_DELETED' AND is_active = true ) AND user_id = %s""",
-                (user_id,),
+            # 1️⃣ Get all groups the user belongs to
+            user_groups = DatabaseManager.execute_query(
+                f"""SELECT group_id FROM "{tenant_id}".{db_settings.TENANT_USER_GROUPS_TABLE}
+                    WHERE delete_status = 'NOT_DELETED' AND is_active = true AND user_id = %s""",(user_id,),
             )
 
+            # 2️⃣ Prepare list of group_ids
+            group_ids = [g["group_id"] for g in user_groups] if user_groups else []
+
+            # 3️⃣ Get login settings - check user-level first, then group-level
+            if group_ids:
+                login_settings_details = DatabaseManager.execute_query(
+                    f"""SELECT user_id, group_id, is_suspended, can_always_login,
+                    is_multi_factor_enabled, is_login_before, working_days,
+                    login_on, logout_on FROM "{tenant_id}".{db_settings.TENANT_LOGIN_SETTINGS_TABLE}
+                    WHERE (delete_status = 'NOT_DELETED' AND is_active = true )
+                    AND (user_id = %s OR group_id = ANY(%s))
+                    ORDER BY user_id NULLS LAST
+                    LIMIT 1""",
+                    (user_id, group_ids),
+                )
+            else:
+                login_settings_details = DatabaseManager.execute_query(
+                    f"""SELECT user_id, group_id, is_suspended, can_always_login,
+                    is_multi_factor_enabled, is_login_before, working_days,
+                    login_on, logout_on FROM "{tenant_id}".{db_settings.TENANT_LOGIN_SETTINGS_TABLE}
+                    WHERE (delete_status = 'NOT_DELETED' AND is_active = true ) AND user_id = %s""",
+                    (user_id,),
+                )
+
             if not login_settings_details or len(login_settings_details) == 0:
                 logger.warning("Authorization failed - user not found: %s in tenant: %s", user_id, tenant_id)
                 return Respons[AuthServiceReadDto](
@@ -126,17 +148,17 @@ class AuthService:
 
             if not login_settings_details[0]['can_always_login']:
                 current_day = datetime.now().strftime("%A").upper()
-                
+
                 if current_day not in login_settings_details[0]['working_days']:
                     logger.warning("Authorization failed - outside working days for user: %s checking custom login period", user_id)
-              
+
                     # Get current datetime (full date and time) with timezone
                     current_datetime = datetime.now(timezone.utc).replace(microsecond=0, second=0)
-                    
+
                     # Get from database (should already be datetime objects)
                     login_on = login_settings_details[0]['login_on']
                     logout_on = login_settings_details[0]['logout_on']
-                    
+
                     # Set defaults if None (with timezone awareness)
                     if not login_on:
                         login_on = datetime.min.replace(tzinfo=timezone.utc)
@@ -153,27 +175,19 @@ class AuthService:
                             status_code=403,
                             error="LOGIN_TIME_RESTRICTED"
                         )
-            
-            # 1️⃣ Get all groups the user belongs to
-            user_groups = DatabaseManager.execute_query(
-                f"""SELECT group_id FROM "{tenant_id}".{db_settings.TENANT_USER_GROUPS_TABLE}
-                    WHERE delete_status = 'NOT_DELETED' AND is_active = true AND user_id = %s""",(user_id,),
-            )
-
-            # 2️⃣ Prepare list of group_ids
-            group_ids = [g["group_id"] for g in user_groups] if user_groups else []
 
-            # 3️⃣ Build query dynamically to include groups (if any) + user
+            # 4️⃣ Build query dynamically to include groups (if any) + user
+            # ⚠️ CHANGED: Simplified to new schema - only select user_id, group_id, role_id, resource_type
             if group_ids:
                 get_user_roles = DatabaseManager.execute_query(
                     f"""
-                        SELECT DISTINCT ON (org_id, group_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id)
-                            org_id, group_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id
+                        SELECT DISTINCT ON (group_id, user_id, role_id)
+                            group_id, user_id, role_id, resource_type
                         FROM "{tenant_id}".{db_settings.TENANT_ASSIGN_ROLES_TABLE}
                         WHERE delete_status = 'NOT_DELETED'
                         AND is_active = true
                         AND (user_id = %s OR group_id = ANY(%s))
-                        ORDER BY org_id, group_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id;
+                        ORDER BY group_id, user_id, role_id;
                     """,
                     (user_id, group_ids),
                 )
@@ -181,13 +195,13 @@ class AuthService:
                 # No groups, just check roles for user
                 get_user_roles = DatabaseManager.execute_query(
                     f"""
-                        SELECT DISTINCT ON (org_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id)
-                            org_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id
+                        SELECT DISTINCT ON (user_id, role_id)
+                            user_id, role_id, resource_type
                         FROM "{tenant_id}".{db_settings.TENANT_ASSIGN_ROLES_TABLE}
                         WHERE delete_status = 'NOT_DELETED'
                         AND is_active = true
                         AND user_id = %s
-                        ORDER BY org_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id;
+                        ORDER BY user_id, role_id;
                     """,
                     (user_id,),
                 )
@@ -224,31 +238,27 @@ class AuthService:
                 status_code=500,
                 error="Authorization check failed due to an internal error"
             )
-        
+
     @staticmethod
-    def check_permission(users_data: list, action=None, org_id=None, bus_id=None, app_id=None,
-                     resource_id=None, shared_resource_id=None) -> bool:
+    def check_permission(users_data: list, action=None, resource_type=None) -> bool:
         """
-        Check if user has a given permission (action) for a specific target.
-        
-        Hierarchy: organization > business > app > location > resource/shared_resource
-        If a field in role is None, it applies to all under that level.
+        Check if user has a given permission (action).
+
+        Args:
+            users_data: List of user authorization data containing roles and permissions
+            action: The permission/action to check for
+            resource_type: Optional resource type filter (e.g., 'rt-user', 'rt-group')
+
+        Returns:
+            bool: True if user has the permission, False otherwise
         """
         for user_data in users_data:
-            # Check hierarchy: None means "all"
-            if user_data.org_id not in (None, org_id):
-                continue
-            if user_data.bus_id not in (None, bus_id):
-                continue
-            if user_data.app_id not in (None, app_id):
-                continue
-            if user_data.resource_id not in (None, resource_id):
-                continue
-            if user_data.shared_resource_id not in (None, shared_resource_id):
+            # Check resource_type if specified
+            if resource_type and user_data.resource_type and user_data.resource_type != resource_type:
                 continue
 
             # Check if the permission exists
-            if action in user_data.permissions:
+            if action and action in user_data.permissions:
                 return True
 
         return False

{trovesuite-1.0.10.dist-info → trovesuite-1.0.11.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: trovesuite
-Version: 1.0.10
+Version: 1.0.11
 Summary: TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications
 Home-page: https://dev.azure.com/brightgclt/trovesuite/_git/packages
 Author: Bright Debrah Owusu

{trovesuite-1.0.10.dist-info → trovesuite-1.0.11.dist-info}/RECORD

@@ -2,8 +2,8 @@ trovesuite/__init__.py,sha256=QIY7iN7TVyJKjCoB6CBA4pSqm_mL41frcFgFS4maO8k,555
 trovesuite/auth/__init__.py,sha256=OjZllVvjul1glDazJ-d5TrNjgHFigFlQQi1G99DYshk,239
 trovesuite/auth/auth_base.py,sha256=rZHQVLeJRBQ8GClgF5UwG-er4_HXVX5-nt8o6_Z29uY,75
 trovesuite/auth/auth_controller.py,sha256=PAgaVlf5TYEfkSfK4vGGsvO84i8zEmeVVXyUF2YBppI,420
-trovesuite/auth/auth_read_dto.py,sha256=pQT1ouRVZMAiJn4wAG7NQOKQKTquTMWUe-dYcpLTmEo,533
-trovesuite/auth/auth_service.py,sha256=if2RFI6F1DpbNEuCTSpPbhHVBdYQEg4hVkoxTCnvC4k,14298
+trovesuite/auth/auth_read_dto.py,sha256=e27JqKVPVUM83A_mYF452QCflsvGNo7aKje7q_urwFc,571
+trovesuite/auth/auth_service.py,sha256=CRGGXCdaAknznwq68ghmhtZ13NM73tu32OPJK8JJ2_Y,14488
 trovesuite/auth/auth_write_dto.py,sha256=rdwI7w6-9QZGv1H0PAGrjkLBCzaMHjgPIXeLb9RmNec,234
 trovesuite/configs/__init__.py,sha256=h1mSZOaZ3kUy1ZMO_m9O9KklsxywM0RfMVZLh9h9WvQ,328
 trovesuite/configs/database.py,sha256=IPSu8fXjxyYeJ3bFknJG06Qm2L2ub6Ht19xhKv8g7nA,11731
@@ -26,8 +26,8 @@ trovesuite/storage/storage_service.py,sha256=V7LIePIV6b_iuhm-9x8r4zwpZHgeRPL1YIe
 trovesuite/storage/storage_write_dto.py,sha256=vl1iCZ93bpFmpvkCrn587QtMtOA_TPDseXSoTuj9RTQ,1355
 trovesuite/utils/__init__.py,sha256=3UPKTz9cluTgAM-ldNsJxsnoPTZiqacXlAmzUEHy6q8,143
 trovesuite/utils/helper.py,sha256=lvZ1mvaqY84dkIPB5Ov0uwYDOWBziAS8twobEJZh2Ik,1002
-trovesuite-1.0.10.dist-info/licenses/LICENSE,sha256=EJT35ct-Q794JYPdAQy3XNczQGKkU1HzToLeK1YVw2s,1070
-trovesuite-1.0.10.dist-info/METADATA,sha256=LMpOSCZRz-a7s54MlVZLsRBmsb7jL1y9x5EjegdYYK4,21737
-trovesuite-1.0.10.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-trovesuite-1.0.10.dist-info/top_level.txt,sha256=GzKhG_-MTaxeHrIgkGkBH_nof2vroGFBrjeHKWUIwNc,11
-trovesuite-1.0.10.dist-info/RECORD,,
+trovesuite-1.0.11.dist-info/licenses/LICENSE,sha256=EJT35ct-Q794JYPdAQy3XNczQGKkU1HzToLeK1YVw2s,1070
+trovesuite-1.0.11.dist-info/METADATA,sha256=HTQhhc9Yps3NbrJz8JqfP493kSVIMux4ToJB2F31_-8,21737
+trovesuite-1.0.11.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+trovesuite-1.0.11.dist-info/top_level.txt,sha256=GzKhG_-MTaxeHrIgkGkBH_nof2vroGFBrjeHKWUIwNc,11
+trovesuite-1.0.11.dist-info/RECORD,,