trovesuite 1.0.20__tar.gz → 1.0.23__tar.gz

{trovesuite-1.0.20/src/trovesuite.egg-info → trovesuite-1.0.23}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: trovesuite
-Version: 1.0.20
+Version: 1.0.23
 Summary: TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications
 Home-page: https://dev.azure.com/brightgclt/trovesuite/_git/packages
 Author: Bright Debrah Owusu

{trovesuite-1.0.20 → trovesuite-1.0.23}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [tool.poetry]
 name = "trovesuite"
-version = "1.0.20"
+version = "1.0.23"
 description = "TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications"
 authors = ["brightgclt <brightgclt@gmail.com>"]
 license = "MIT"
@@ -58,7 +58,7 @@ Documentation = "https://dev.azure.com/brightgclt/trovesuite/_git/packages"
 
 [project]
 name = "trovesuite"
-version = "1.0.20"
+version = "1.0.23"
 description = "TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications"
 readme = "README.md"
 license = {text = "MIT"}

{trovesuite-1.0.20 → trovesuite-1.0.23}/setup.py

@@ -15,7 +15,7 @@ with open("pyproject.toml", "r", encoding="utf-8") as fh:
 
 setup(
     name="trovesuite",
-    version="1.0.20",
+    version="1.0.23",
     author="Bright Debrah Owusu",
     author_email="owusu.debrah@deladetech.com",
     description="TroveSuite services package providing authentication, authorization, notifications, and other enterprise services for TroveSuite applications",

{trovesuite-1.0.20 → trovesuite-1.0.23}/src/trovesuite/__init__.py

@@ -11,7 +11,7 @@ from .notification import NotificationService
 from .storage import StorageService
 from .utils import Helper
 
-__version__ = "1.0.16"
+__version__ = "1.0.20"
 __author__ = "Bright Debrah Owusu"
 __email__ = "owusu.debrah@deladetech.com"
 

{trovesuite-1.0.20 → trovesuite-1.0.23}/src/trovesuite/auth/auth_service.py

@@ -229,26 +229,25 @@ class AuthService:
                     (tenant_id, user_id,),
                 )
 
-            # ✅ NEW: Get system-level roles from cp_user_groups and cp_assign_roles with is_system=true
+            # ✅ NEW: Get system-level roles from cp_assign_roles with is_system=true
             # NOTE: system_groups, system_user_groups, and system_assign_roles are now consolidated
             # into cp_groups, cp_user_groups, and cp_assign_roles with is_system flag
+            # Use LEFT JOIN starting from cp_assign_roles to find BOTH direct user assignments AND group-based assignments
             logger.info(f"Fetching system-level roles for user: {user_id}")
 
             system_roles = DatabaseManager.execute_query(
                 f"""
-                    SELECT DISTINCT sug.group_id, sug.user_id, sar.role_id, sar.resource_type
-                    FROM {db_settings.CORE_PLATFORM_USER_GROUPS_TABLE} sug
-                    INNER JOIN {db_settings.CORE_PLATFORM_ASSIGN_ROLES_TABLE} sar 
-                        ON sug.group_id = sar.group_id AND sug.tenant_id = sar.tenant_id
-                    WHERE sug.user_id = %s AND sug.tenant_id = %s
-                    AND sug.is_system = true
-                    AND sug.is_active = true
-                    AND sug.delete_status = 'NOT_DELETED'
-                    AND sar.is_active = true
-                    AND sar.delete_status = 'NOT_DELETED'
+                    SELECT DISTINCT COALESCE(sar.group_id::TEXT, NULL) as group_id, sar.user_id, sar.role_id, sar.resource_type
+                    FROM {db_settings.CORE_PLATFORM_ASSIGN_ROLES_TABLE} sar
+                    LEFT JOIN {db_settings.CORE_PLATFORM_USER_GROUPS_TABLE} sug 
+                        ON sar.group_id = sug.group_id AND sar.tenant_id = sug.tenant_id
+                    WHERE sar.tenant_id = 'system-tenant-id'
                     AND sar.is_system = true
+                    AND sar.delete_status = 'NOT_DELETED'
+                    AND sar.is_active = true
+                    AND (sar.user_id = %s OR (sug.user_id = %s AND sug.tenant_id = 'system-tenant-id' AND sug.is_system = true AND sug.is_active = true AND sug.delete_status = 'NOT_DELETED'))
                 """,
-                (user_id, 'system-tenant-id')
+                (user_id, user_id)
             )
 
             if system_roles:
@@ -256,47 +255,78 @@ class AuthService:
             else:
                 logger.info(f"No system-level roles found for user: {user_id}")
 
-            # ✅ NEW: Also check for direct system role assignments (user_id in cp_assign_roles with is_system=true)
-            direct_system_roles = DatabaseManager.execute_query(
-                f"""
-                    SELECT DISTINCT NULL as group_id, sar.user_id, sar.role_id, sar.resource_type
-                    FROM {db_settings.CORE_PLATFORM_ASSIGN_ROLES_TABLE} sar
-                    WHERE sar.user_id = %s AND sar.tenant_id = %s
-                    AND sar.is_active = true
-                    AND sar.delete_status = 'NOT_DELETED'
-                    AND sar.is_system = true
-                """,
-                (user_id, 'system-tenant-id')
-            )
-
-            if direct_system_roles:
-                logger.info(f"Found {len(direct_system_roles)} direct system-level role assignment(s) for user: {user_id}")
-                system_roles.extend(direct_system_roles)
-
             # ✅ NEW: Merge tenant-level and system-level roles
             all_roles = get_user_roles + system_roles
             logger.info(f"Total roles (tenant + system) for user {user_id}: {len(all_roles)}")
 
             # GET permissions and Append to Role
             get_user_roles_with_tenant_and_permissions = []
-            # Track system role IDs for quick lookup
-            system_role_ids = {r["role_id"] for r in system_roles} if system_roles else set()
-            if direct_system_roles:
-                system_role_ids.update({r["role_id"] for r in direct_system_roles})
+            
+            # Track system role IDs by querying cp_roles table for is_system flag (more reliable)
+            system_role_ids = set()
+            if all_roles:
+                role_ids = [r.get("role_id") for r in all_roles if r.get("role_id")]
+                if role_ids:
+                    try:
+                        # Check which roles are system roles by querying the roles table
+                        system_roles_check = DatabaseManager.execute_query(
+                            f"""SELECT id FROM {db_settings.CORE_PLATFORM_ROLES_TABLE} 
+                            WHERE id = ANY(%s) AND is_system = true AND delete_status = 'NOT_DELETED'""",
+                            params=(role_ids,),
+                        )
+                        if system_roles_check:
+                            for role_record in system_roles_check:
+                                role_id = role_record.get("id") if isinstance(role_record, dict) else (role_record[0] if isinstance(role_record, (list, tuple)) and len(role_record) > 0 else None)
+                                if role_id:
+                                    system_role_ids.add(role_id)
+                        
+                        logger.info(f"Identified {len(system_role_ids)} system roles for user {user_id}")
+                    except Exception as e:
+                        logger.warning(f"Error checking system roles: {str(e)}")
+                        # Fallback: use system_roles query results
+                        system_role_ids = {r.get("role_id") for r in system_roles if r.get("role_id")} if system_roles else set()
             
             for role in all_roles:
-                role_id = role["role_id"]
-                # For system roles, use system-tenant-id; for tenant roles, use tenant_id
-                if role_id in system_role_ids:
-                    role_tenant_id = 'system-tenant-id'
+                role_id = role.get("role_id")
+                if not role_id:
+                    logger.warning(f"Skipping role with missing role_id: {role}")
+                    continue
+                
+                # Determine which tenant_id to use for querying permissions
+                # For system roles, use 'system-tenant-id'; for tenant roles, use the user's tenant_id
+                is_system_role = role_id in system_role_ids
+                
+                # Try the primary tenant_id first based on whether it's a system role
+                if is_system_role:
+                    primary_tenant_id = 'system-tenant-id'
+                    fallback_tenant_id = tenant_id
                 else:
-                    role_tenant_id = tenant_id
+                    primary_tenant_id = tenant_id
+                    fallback_tenant_id = 'system-tenant-id'
                 
-                permissions = DatabaseManager.execute_query(
-                    f"""SELECT permission_id FROM {db_settings.CORE_PLATFORM_ROLE_PERMISSIONS_TABLE} 
-                        WHERE role_id = %s AND tenant_id = %s""",
-                    params=(role_id, role_tenant_id),
-                )
+                # Query permissions for this role with primary tenant_id
+                permissions = []
+                try:
+                    permissions = DatabaseManager.execute_query(
+                        f"""SELECT permission_id FROM {db_settings.CORE_PLATFORM_ROLE_PERMISSIONS_TABLE} 
+                        WHERE role_id = %s AND tenant_id = %s AND delete_status = 'NOT_DELETED'""",
+                        params=(role_id, primary_tenant_id),
+                    )
+                    
+                    # If no permissions found with primary tenant_id, try fallback (handles edge cases)
+                    if not permissions or len(permissions) == 0:
+                        logger.debug(f"No permissions found for role {role_id} with tenant {primary_tenant_id}, trying fallback {fallback_tenant_id}")
+                        fallback_permissions = DatabaseManager.execute_query(
+                            f"""SELECT permission_id FROM {db_settings.CORE_PLATFORM_ROLE_PERMISSIONS_TABLE} 
+                            WHERE role_id = %s AND tenant_id = %s AND delete_status = 'NOT_DELETED'""",
+                            params=(role_id, fallback_tenant_id),
+                        )
+                        if fallback_permissions and len(fallback_permissions) > 0:
+                            permissions = fallback_permissions
+                            logger.info(f"Found permissions for role {role_id} in fallback tenant {fallback_tenant_id}")
+                except Exception as e:
+                    logger.error(f"Error querying permissions for role {role_id}: {str(e)}", exc_info=True)
+                    permissions = []
 
                 role_dict = {**role, "tenant_id": tenant_id, "permissions": [p['permission_id'] for p in permissions]}
                 get_user_roles_with_tenant_and_permissions.append(role_dict)

{trovesuite-1.0.20 → trovesuite-1.0.23/src/trovesuite.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: trovesuite
-Version: 1.0.20
+Version: 1.0.23
 Summary: TroveSuite services package providing authentication, authorization, notifications, Azure Storage, and other enterprise services for TroveSuite applications
 Home-page: https://dev.azure.com/brightgclt/trovesuite/_git/packages
 Author: Bright Debrah Owusu