trovesuite 1.0.20__py3-none-any.whl → 1.0.23__py3-none-any.whl

trovesuite/__init__.py

@@ -11,7 +11,7 @@ from .notification import NotificationService
 from .storage import StorageService
 from .utils import Helper
 
-__version__ = "1.0.16"
+__version__ = "1.0.20"
 __author__ = "Bright Debrah Owusu"
 __email__ = "owusu.debrah@deladetech.com"
 

trovesuite/auth/auth_service.py

@@ -229,26 +229,25 @@ class AuthService:
                     (tenant_id, user_id,),
                 )
 
-            # ✅ NEW: Get system-level roles from cp_user_groups and cp_assign_roles with is_system=true
+            # ✅ NEW: Get system-level roles from cp_assign_roles with is_system=true
             # NOTE: system_groups, system_user_groups, and system_assign_roles are now consolidated
             # into cp_groups, cp_user_groups, and cp_assign_roles with is_system flag
+            # Use LEFT JOIN starting from cp_assign_roles to find BOTH direct user assignments AND group-based assignments
             logger.info(f"Fetching system-level roles for user: {user_id}")
 
             system_roles = DatabaseManager.execute_query(
                 f"""
-                    SELECT DISTINCT sug.group_id, sug.user_id, sar.role_id, sar.resource_type
-                    FROM {db_settings.CORE_PLATFORM_USER_GROUPS_TABLE} sug
-                    INNER JOIN {db_settings.CORE_PLATFORM_ASSIGN_ROLES_TABLE} sar 
-                        ON sug.group_id = sar.group_id AND sug.tenant_id = sar.tenant_id
-                    WHERE sug.user_id = %s AND sug.tenant_id = %s
-                    AND sug.is_system = true
-                    AND sug.is_active = true
-                    AND sug.delete_status = 'NOT_DELETED'
-                    AND sar.is_active = true
-                    AND sar.delete_status = 'NOT_DELETED'
+                    SELECT DISTINCT COALESCE(sar.group_id::TEXT, NULL) as group_id, sar.user_id, sar.role_id, sar.resource_type
+                    FROM {db_settings.CORE_PLATFORM_ASSIGN_ROLES_TABLE} sar
+                    LEFT JOIN {db_settings.CORE_PLATFORM_USER_GROUPS_TABLE} sug 
+                        ON sar.group_id = sug.group_id AND sar.tenant_id = sug.tenant_id
+                    WHERE sar.tenant_id = 'system-tenant-id'
                     AND sar.is_system = true
+                    AND sar.delete_status = 'NOT_DELETED'
+                    AND sar.is_active = true
+                    AND (sar.user_id = %s OR (sug.user_id = %s AND sug.tenant_id = 'system-tenant-id' AND sug.is_system = true AND sug.is_active = true AND sug.delete_status = 'NOT_DELETED'))
                 """,
-                (user_id, 'system-tenant-id')
+                (user_id, user_id)
             )
 
             if system_roles:
@@ -256,47 +255,78 @@ class AuthService:
             else:
                 logger.info(f"No system-level roles found for user: {user_id}")
 
-            # ✅ NEW: Also check for direct system role assignments (user_id in cp_assign_roles with is_system=true)
-            direct_system_roles = DatabaseManager.execute_query(
-                f"""
-                    SELECT DISTINCT NULL as group_id, sar.user_id, sar.role_id, sar.resource_type
-                    FROM {db_settings.CORE_PLATFORM_ASSIGN_ROLES_TABLE} sar
-                    WHERE sar.user_id = %s AND sar.tenant_id = %s
-                    AND sar.is_active = true
-                    AND sar.delete_status = 'NOT_DELETED'
-                    AND sar.is_system = true
-                """,
-                (user_id, 'system-tenant-id')
-            )
-
-            if direct_system_roles:
-                logger.info(f"Found {len(direct_system_roles)} direct system-level role assignment(s) for user: {user_id}")
-                system_roles.extend(direct_system_roles)
-
             # ✅ NEW: Merge tenant-level and system-level roles
             all_roles = get_user_roles + system_roles
             logger.info(f"Total roles (tenant + system) for user {user_id}: {len(all_roles)}")
 
             # GET permissions and Append to Role
             get_user_roles_with_tenant_and_permissions = []
-            # Track system role IDs for quick lookup
-            system_role_ids = {r["role_id"] for r in system_roles} if system_roles else set()
-            if direct_system_roles:
-                system_role_ids.update({r["role_id"] for r in direct_system_roles})
+            
+            # Track system role IDs by querying cp_roles table for is_system flag (more reliable)
+            system_role_ids = set()
+            if all_roles:
+                role_ids = [r.get("role_id") for r in all_roles if r.get("role_id")]
+                if role_ids:
+                    try:
+                        # Check which roles are system roles by querying the roles table
+                        system_roles_check = DatabaseManager.execute_query(
+                            f"""SELECT id FROM {db_settings.CORE_PLATFORM_ROLES_TABLE} 
+                            WHERE id = ANY(%s) AND is_system = true AND delete_status = 'NOT_DELETED'""",
+                            params=(role_ids,),
+                        )
+                        if system_roles_check:
+                            for role_record in system_roles_check:
+                                role_id = role_record.get("id") if isinstance(role_record, dict) else (role_record[0] if isinstance(role_record, (list, tuple)) and len(role_record) > 0 else None)
+                                if role_id:
+                                    system_role_ids.add(role_id)
+                        
+                        logger.info(f"Identified {len(system_role_ids)} system roles for user {user_id}")
+                    except Exception as e:
+                        logger.warning(f"Error checking system roles: {str(e)}")
+                        # Fallback: use system_roles query results
+                        system_role_ids = {r.get("role_id") for r in system_roles if r.get("role_id")} if system_roles else set()
             
             for role in all_roles:
-                role_id = role["role_id"]
-                # For system roles, use system-tenant-id; for tenant roles, use tenant_id
-                if role_id in system_role_ids:
-                    role_tenant_id = 'system-tenant-id'
+                role_id = role.get("role_id")
+                if not role_id:
+                    logger.warning(f"Skipping role with missing role_id: {role}")
+                    continue
+                
+                # Determine which tenant_id to use for querying permissions
+                # For system roles, use 'system-tenant-id'; for tenant roles, use the user's tenant_id
+                is_system_role = role_id in system_role_ids
+                
+                # Try the primary tenant_id first based on whether it's a system role
+                if is_system_role:
+                    primary_tenant_id = 'system-tenant-id'
+                    fallback_tenant_id = tenant_id
                 else:
-                    role_tenant_id = tenant_id
+                    primary_tenant_id = tenant_id
+                    fallback_tenant_id = 'system-tenant-id'
                 
-                permissions = DatabaseManager.execute_query(
-                    f"""SELECT permission_id FROM {db_settings.CORE_PLATFORM_ROLE_PERMISSIONS_TABLE} 
-                        WHERE role_id = %s AND tenant_id = %s""",
-                    params=(role_id, role_tenant_id),
-                )
+                # Query permissions for this role with primary tenant_id
+                permissions = []
+                try:
+                    permissions = DatabaseManager.execute_query(
+                        f"""SELECT permission_id FROM {db_settings.CORE_PLATFORM_ROLE_PERMISSIONS_TABLE} 
+                        WHERE role_id = %s AND tenant_id = %s AND delete_status = 'NOT_DELETED'""",
+                        params=(role_id, primary_tenant_id),
+                    )
+                    
+                    # If no permissions found with primary tenant_id, try fallback (handles edge cases)
+                    if not permissions or len(permissions) == 0:
+                        logger.debug(f"No permissions found for role {role_id} with tenant {primary_tenant_id}, trying fallback {fallback_tenant_id}")
+                        fallback_permissions = DatabaseManager.execute_query(
+                            f"""SELECT permission_id FROM {db_settings.CORE_PLATFORM_ROLE_PERMISSIONS_TABLE} 
+                            WHERE role_id = %s AND tenant_id = %s AND delete_status = 'NOT_DELETED'""",
+                            params=(role_id, fallback_tenant_id),
+                        )
+                        if fallback_permissions and len(fallback_permissions) > 0:
+                            permissions = fallback_permissions
+                            logger.info(f"Found permissions for role {role_id} in fallback tenant {fallback_tenant_id}")
+                except Exception as e:
+                    logger.error(f"Error querying permissions for role {role_id}: {str(e)}", exc_info=True)
+                    permissions = []
 
                 role_dict = {**role, "tenant_id": tenant_id, "permissions": [p['permission_id'] for p in permissions]}
                 get_user_roles_with_tenant_and_permissions.append(role_dict)

{trovesuite-1.0.20.dist-info → trovesuite-1.0.23.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: trovesuite
-Version: 1.0.20
+Version: 1.0.23
 Summary: TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications
 Home-page: https://dev.azure.com/brightgclt/trovesuite/_git/packages
 Author: Bright Debrah Owusu

{trovesuite-1.0.20.dist-info → trovesuite-1.0.23.dist-info}/RECORD

@@ -1,9 +1,9 @@
-trovesuite/__init__.py,sha256=_L_7xg3oeOXLmq1MpXPwZvkXiPL0zrw-H3STHUmEMNg,646
+trovesuite/__init__.py,sha256=vKnbXtMVw2mVbOuJLD1GhwcIx0oaNnyUL7Mrpk9Qa-I,646
 trovesuite/auth/__init__.py,sha256=OjZllVvjul1glDazJ-d5TrNjgHFigFlQQi1G99DYshk,239
 trovesuite/auth/auth_base.py,sha256=rZHQVLeJRBQ8GClgF5UwG-er4_HXVX5-nt8o6_Z29uY,75
 trovesuite/auth/auth_controller.py,sha256=PAgaVlf5TYEfkSfK4vGGsvO84i8zEmeVVXyUF2YBppI,420
 trovesuite/auth/auth_read_dto.py,sha256=e27JqKVPVUM83A_mYF452QCflsvGNo7aKje7q_urwFc,571
-trovesuite/auth/auth_service.py,sha256=L_X8gofmiTHB5MsWCtEx_mKo00fTn_vmXCiJ-qZNkXI,19702
+trovesuite/auth/auth_service.py,sha256=TQOJFG0AzhPGwZBAXVxMkHxyG2wyct4Zcoq4z0cVBO4,22201
 trovesuite/auth/auth_write_dto.py,sha256=rdwI7w6-9QZGv1H0PAGrjkLBCzaMHjgPIXeLb9RmNec,234
 trovesuite/configs/__init__.py,sha256=h1mSZOaZ3kUy1ZMO_m9O9KklsxywM0RfMVZLh9h9WvQ,328
 trovesuite/configs/database.py,sha256=IPSu8fXjxyYeJ3bFknJG06Qm2L2ub6Ht19xhKv8g7nA,11731
@@ -27,8 +27,8 @@ trovesuite/storage/storage_write_dto.py,sha256=vl1iCZ93bpFmpvkCrn587QtMtOA_TPDse
 trovesuite/utils/__init__.py,sha256=mDZuY77BphvQFYLmcWxjP5Tcq9ZZ3WXJWBKB1v6wzHU,185
 trovesuite/utils/helper.py,sha256=NySt18kl4Dc78tN5HiB7SpsCH5DWy3QvG1AMtl-ASBM,26951
 trovesuite/utils/templates.py,sha256=_92k4-EkqWs-h0LNJxPgorbspmp24kDngS7O3qWIFyQ,20388
-trovesuite-1.0.20.dist-info/licenses/LICENSE,sha256=EJT35ct-Q794JYPdAQy3XNczQGKkU1HzToLeK1YVw2s,1070
-trovesuite-1.0.20.dist-info/METADATA,sha256=V-X2zCbuvkbw0ED9GIztWA6APS4YpNugE3dWWf1c0vQ,21737
-trovesuite-1.0.20.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-trovesuite-1.0.20.dist-info/top_level.txt,sha256=GzKhG_-MTaxeHrIgkGkBH_nof2vroGFBrjeHKWUIwNc,11
-trovesuite-1.0.20.dist-info/RECORD,,
+trovesuite-1.0.23.dist-info/licenses/LICENSE,sha256=EJT35ct-Q794JYPdAQy3XNczQGKkU1HzToLeK1YVw2s,1070
+trovesuite-1.0.23.dist-info/METADATA,sha256=jkuPAVvbn9wDBw_R2Yvk-m7HlhaN7NSnBHpiGQjLXYw,21737
+trovesuite-1.0.23.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+trovesuite-1.0.23.dist-info/top_level.txt,sha256=GzKhG_-MTaxeHrIgkGkBH_nof2vroGFBrjeHKWUIwNc,11
+trovesuite-1.0.23.dist-info/RECORD,,