PyPI - trovesuite - Versions diffs - 1.0.12__tar.gz → 1.0.14__tar.gz - Mend

trovesuite 1.0.12tar.gz → 1.0.14tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

{trovesuite-1.0.12/src/trovesuite.egg-info → trovesuite-1.0.14}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: trovesuite
-Version: 1.0.12
+Version: 1.0.14
 Summary: TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications
 Home-page: https://dev.azure.com/brightgclt/trovesuite/_git/packages
 Author: Bright Debrah Owusu

{trovesuite-1.0.12 → trovesuite-1.0.14}/pyproject.toml RENAMED Viewed

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 [tool.poetry]
 name = "trovesuite"
-version = "1.0.12"
+version = "1.0.14"
 description = "TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications"
 authors = ["brightgclt <brightgclt@gmail.com>"]
 license = "MIT"
@@ -58,7 +58,7 @@ Documentation = "https://dev.azure.com/brightgclt/trovesuite/_git/packages"
 [project]
 name = "trovesuite"
-version = "1.0.12"
+version = "1.0.14"
 description = "TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications"
 readme = "README.md"
 license = {text = "MIT"}
@@ -121,7 +121,7 @@ Documentation = "https://dev.azure.com/brightgclt/trovesuite/_git/packages"
 [tool.setuptools.packages.find]
 where = ["src"]
 include = ["trovesuite*"]
-exclude = ["*controller*", "*main*", "*test*"]
+exclude = ["*test*"]
 [tool.setuptools.package-dir]
 "" = "src"

{trovesuite-1.0.12 → trovesuite-1.0.14}/setup.py RENAMED Viewed

@@ -15,7 +15,7 @@ with open("pyproject.toml", "r", encoding="utf-8") as fh:
 setup(
     name="trovesuite",
-    version="1.0.12",
+    version="1.0.14",
     author="Bright Debrah Owusu",
     author_email="owusu.debrah@deladetech.com",
     description="TroveSuite services package providing authentication, authorization, notifications, and other enterprise services for TroveSuite applications",

{trovesuite-1.0.12 → trovesuite-1.0.14}/src/trovesuite/auth/auth_service.py RENAMED Viewed

@@ -225,18 +225,61 @@ class AuthService:
                     (user_id,),
                 )
+            # ✅ NEW: Get system-level roles from main.system_user_groups and main.system_assign_roles
+            logger.info(f"Fetching system-level roles for user: {user_id}")
+            system_roles = DatabaseManager.execute_query(
+                """
+                    SELECT DISTINCT sug.group_id, sug.user_id, sar.role_id, sar.resource_type
+                    FROM main.system_user_groups sug
+                    INNER JOIN main.system_assign_roles sar ON sug.group_id = sar.group_id
+                    WHERE sug.user_id = %s
+                    AND sar.is_active = true
+                    AND sar.delete_status = 'NOT_DELETED'
+                """,
+                (user_id,)
+            )
+            if system_roles:
+                logger.info(f"Found {len(system_roles)} system-level role(s) for user: {user_id}")
+            else:
+                logger.info(f"No system-level roles found for user: {user_id}")
+            # ✅ NEW: Also check for direct system role assignments (user_id in system_assign_roles)
+            direct_system_roles = DatabaseManager.execute_query(
+                """
+                    SELECT DISTINCT NULL as group_id, sar.user_id, sar.role_id, sar.resource_type
+                    FROM main.system_assign_roles sar
+                    WHERE sar.user_id = %s
+                    AND sar.is_active = true
+                    AND sar.delete_status = 'NOT_DELETED'
+                """,
+                (user_id,)
+            )
+            if direct_system_roles:
+                logger.info(f"Found {len(direct_system_roles)} direct system-level role assignment(s) for user: {user_id}")
+                system_roles.extend(direct_system_roles)
+            # ✅ NEW: Merge tenant-level and system-level roles
+            all_roles = get_user_roles + system_roles
+            logger.info(f"Total roles (tenant + system) for user {user_id}: {len(all_roles)}")
             # GET permissions and Append to Role
             get_user_roles_with_tenant_and_permissions = []
-            for role in get_user_roles:
+            for role in all_roles:
                 permissions = DatabaseManager.execute_query(
                     f"""SELECT permission_id FROM {db_settings.MAIN_ROLE_PERMISSIONS_TABLE} WHERE role_id = %s""",
-                    params=(role["role_id"],),)
+                    params=(role["role_id"],),
+                )
                 role_dict = {**role, "tenant_id": tenant_id, "permissions": [p['permission_id'] for p in permissions]}
                 get_user_roles_with_tenant_and_permissions.append(role_dict)
             roles_dto = Helper.map_to_dto(get_user_roles_with_tenant_and_permissions, AuthServiceReadDto)
+            logger.info(f"Authorization successful for user: {user_id} with {len(roles_dto)} total role entries")
             return Respons[AuthServiceReadDto](
                 detail="Authorized",
                 data=roles_dto,
@@ -249,7 +292,7 @@ class AuthService:
             raise http_ex
         except Exception as e:
-            logger.error("Authorization check failed for user: %s", str(e))
+            logger.error("Authorization check failed for user: %s - Error: %s", user_id, str(e), exc_info=True)
             return Respons[AuthServiceReadDto](
                 detail=None,
                 data=[],
@@ -258,6 +301,7 @@ class AuthService:
                 error="Authorization check failed due to an internal error"
             )
     @staticmethod
     def check_permission(users_data: list, action=None, resource_type=None) -> bool:
         """
@@ -302,18 +346,34 @@ class AuthService:
     def authorize_user_from_token(token: str) -> Respons[AuthServiceReadDto]:
         """
         Convenience method to authorize a user directly from a JWT token.
         Args:
             token: JWT token string
         Returns:
             Respons[AuthServiceReadDto]: Authorization result with user roles and permissions
         Raises:
             HTTPException: If token is invalid
         """
-        user_info = AuthService.decode_token(token)
-        return AuthService.authorize(user_info["user_id"], user_info["tenant_id"])
+        credentials_exception = HTTPException(
+            status_code=401,
+            detail="Could not validate credentials",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+        try:
+            payload = jwt.decode(token, db_settings.SECRET_KEY, algorithms=[db_settings.ALGORITHM])
+            user_id = payload.get("user_id")
+            tenant_id = payload.get("tenant_id")
+            if user_id is None or tenant_id is None:
+                raise credentials_exception
+            data = AuthServiceWriteDto(user_id=user_id, tenant_id=tenant_id)
+            return AuthService.authorize(data=data)
+        except jwt.InvalidTokenError as exc:
+            raise credentials_exception from exc
     @staticmethod
     def get_user_permissions(user_roles: list) -> list:

{trovesuite-1.0.12 → trovesuite-1.0.14/src/trovesuite.egg-info}/PKG-INFO RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: trovesuite
-Version: 1.0.12
+Version: 1.0.14
 Summary: TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications
 Home-page: https://dev.azure.com/brightgclt/trovesuite/_git/packages
 Author: Bright Debrah Owusu