trovesuite 1.0.9__py3-none-any.whl → 1.0.11__py3-none-any.whl

trovesuite/__init__.py

@@ -1,16 +1,21 @@
 """
-TroveSuite Auth Package
+TroveSuite Package
 
-A comprehensive authentication and authorization service for ERP systems.
-Provides JWT token validation, user authorization, and permission checking.
+A comprehensive authentication, authorization, notification, and storage service for ERP systems.
+Provides JWT token validation, user authorization, permission checking, notification capabilities,
+and Azure Storage blob management.
 """
 
 from .auth import AuthService
+from .notification import NotificationService
+from .storage import StorageService
 
-__version__ = "1.0.8"
+__version__ = "1.0.7"
 __author__ = "Bright Debrah Owusu"
 __email__ = "owusu.debrah@deladetech.com"
 
 __all__ = [
-    "AuthService"
+    "AuthService",
+    "NotificationService",
+    "StorageService"
 ]

trovesuite/auth/__init__.py

@@ -5,12 +5,10 @@ Authentication and authorization services for ERP systems.
 """
 
 from .auth_service import AuthService
-from .auth_base import AuthBase
-from .auth_read_dto import AuthServiceReadDto, AuthControllerReadDto
+from .auth_write_dto import AuthServiceWriteDto
 
 __all__ = [
     "AuthService",
-    "AuthBase", 
-    "AuthServiceReadDto",
-    "AuthControllerReadDto"
+    "AuthServiceWriteDto"
 ]
+

trovesuite/auth/auth_base.py

@@ -2,3 +2,4 @@ from pydantic import BaseModel
 
 class AuthBase(BaseModel):
     token: str
+

trovesuite/auth/auth_controller.py

@@ -1,10 +1,11 @@
 from fastapi import APIRouter
-from src.trovesuite.auth.auth_write_dto import AuthControllerWriteDto
-from src.trovesuite.auth.auth_read_dto import AuthControllerReadDto
-from src.trovesuite.auth.auth_service import AuthService
+from .auth_write_dto import AuthControllerWriteDto
+from .auth_read_dto import AuthControllerReadDto
+from .auth_service import AuthService
+from ..entities.sh_response import Respons
 
-auth_router = APIRouter()
+auth_router = APIRouter(tags=["Auth"])
 
-@auth_router.post("/auth", response_model=AuthControllerReadDto)
+@auth_router.post("/auth", response_model=Respons[AuthControllerReadDto])
 async def authorize(data: AuthControllerWriteDto):
     return AuthService.authorize(data=data)

trovesuite/auth/auth_read_dto.py

@@ -3,16 +3,17 @@ from pydantic import BaseModel
 
 class AuthControllerReadDto(BaseModel):
     org_id: Optional[str] = None
-    bus_id: Optional[str] = None 
-    app_id: Optional[str] = None 
+    bus_id: Optional[str] = None
+    app_id: Optional[str] = None
     shared_resource_id: Optional[str] = None
     user_id: Optional[str] = None
     group_id: Optional[str] = None
     role_id: Optional[str] = None
     tenant_id: Optional[str] = None
     permissions: Optional[List[str]] = None
-    shared_resource_id: Optional[str] = None
     resource_id: Optional[str] = None
+    resource_type: Optional[str] = None
 
 class AuthServiceReadDto(AuthControllerReadDto):
     pass
+

trovesuite/auth/auth_service.py

@@ -45,7 +45,7 @@ class AuthService:
         
     @staticmethod
     def authorize(data: AuthServiceWriteDto) -> Respons[AuthServiceReadDto]:
-        
+
         user_id: str = data.user_id
         tenant_id: str = data.tenant_id
 
@@ -59,7 +59,7 @@ class AuthService:
                 status_code=400,
                 error="INVALID_USER_ID"
             )
-        
+
         if not tenant_id or not isinstance(tenant_id, str):
             return Respons[AuthServiceReadDto](
                 detail="Invalid tenant_id: must be a non-empty string",
@@ -68,7 +68,7 @@ class AuthService:
                 status_code=400,
                 error="INVALID_TENANT_ID"
             )
-        
+
         try:
 
             is_tenant_verified = DatabaseManager.execute_query(
@@ -85,7 +85,7 @@ class AuthService:
                     status_code=404,
                     error="TENANT_NOT_FOUND"
                 )
-            
+
             if not is_tenant_verified[0]['is_verified']:
                 logger.warning("Login failed - tenant not verified for user: %s, tenant: %s", user_id, tenant_id)
                 return Respons[AuthServiceReadDto](
@@ -96,14 +96,36 @@ class AuthService:
                     error="TENANT_NOT_VERIFIED"
                 )
 
-            login_settings_details = DatabaseManager.execute_query(
-                f"""SELECT user_id, group_id, is_suspended, can_always_login,
-                is_multi_factor_enabled, is_login_before, working_days,
-                login_on, logout_on FROM "{tenant_id}".{db_settings.TENANT_LOGIN_SETTINGS_TABLE} 
-                WHERE (delete_status = 'NOT_DELETED' AND is_active = true ) AND user_id = %s""",
-                (user_id,),
+            # 1️⃣ Get all groups the user belongs to
+            user_groups = DatabaseManager.execute_query(
+                f"""SELECT group_id FROM "{tenant_id}".{db_settings.TENANT_USER_GROUPS_TABLE}
+                    WHERE delete_status = 'NOT_DELETED' AND is_active = true AND user_id = %s""",(user_id,),
             )
 
+            # 2️⃣ Prepare list of group_ids
+            group_ids = [g["group_id"] for g in user_groups] if user_groups else []
+
+            # 3️⃣ Get login settings - check user-level first, then group-level
+            if group_ids:
+                login_settings_details = DatabaseManager.execute_query(
+                    f"""SELECT user_id, group_id, is_suspended, can_always_login,
+                    is_multi_factor_enabled, is_login_before, working_days,
+                    login_on, logout_on FROM "{tenant_id}".{db_settings.TENANT_LOGIN_SETTINGS_TABLE}
+                    WHERE (delete_status = 'NOT_DELETED' AND is_active = true )
+                    AND (user_id = %s OR group_id = ANY(%s))
+                    ORDER BY user_id NULLS LAST
+                    LIMIT 1""",
+                    (user_id, group_ids),
+                )
+            else:
+                login_settings_details = DatabaseManager.execute_query(
+                    f"""SELECT user_id, group_id, is_suspended, can_always_login,
+                    is_multi_factor_enabled, is_login_before, working_days,
+                    login_on, logout_on FROM "{tenant_id}".{db_settings.TENANT_LOGIN_SETTINGS_TABLE}
+                    WHERE (delete_status = 'NOT_DELETED' AND is_active = true ) AND user_id = %s""",
+                    (user_id,),
+                )
+
             if not login_settings_details or len(login_settings_details) == 0:
                 logger.warning("Authorization failed - user not found: %s in tenant: %s", user_id, tenant_id)
                 return Respons[AuthServiceReadDto](
@@ -126,17 +148,17 @@ class AuthService:
 
             if not login_settings_details[0]['can_always_login']:
                 current_day = datetime.now().strftime("%A").upper()
-                
+
                 if current_day not in login_settings_details[0]['working_days']:
                     logger.warning("Authorization failed - outside working days for user: %s checking custom login period", user_id)
-              
+
                     # Get current datetime (full date and time) with timezone
                     current_datetime = datetime.now(timezone.utc).replace(microsecond=0, second=0)
-                    
+
                     # Get from database (should already be datetime objects)
                     login_on = login_settings_details[0]['login_on']
                     logout_on = login_settings_details[0]['logout_on']
-                    
+
                     # Set defaults if None (with timezone awareness)
                     if not login_on:
                         login_on = datetime.min.replace(tzinfo=timezone.utc)
@@ -153,27 +175,19 @@ class AuthService:
                             status_code=403,
                             error="LOGIN_TIME_RESTRICTED"
                         )
-            
-            # 1️⃣ Get all groups the user belongs to
-            user_groups = DatabaseManager.execute_query(
-                f"""SELECT group_id FROM "{tenant_id}".{db_settings.USER_GROUPS_TABLE}
-                    WHERE delete_status = 'NOT_DELETED' AND is_active = true AND user_id = %s""",(user_id,),
-            )
-
-            # 2️⃣ Prepare list of group_ids
-            group_ids = [g["group_id"] for g in user_groups] if user_groups else []
 
-            # 3️⃣ Build query dynamically to include groups (if any) + user
+            # 4️⃣ Build query dynamically to include groups (if any) + user
+            # ⚠️ CHANGED: Simplified to new schema - only select user_id, group_id, role_id, resource_type
             if group_ids:
                 get_user_roles = DatabaseManager.execute_query(
                     f"""
-                        SELECT DISTINCT ON (org_id, group_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id)
-                            org_id, group_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id
-                        FROM "{tenant_id}".{db_settings.ASSIGN_ROLES_TABLE}
+                        SELECT DISTINCT ON (group_id, user_id, role_id)
+                            group_id, user_id, role_id, resource_type
+                        FROM "{tenant_id}".{db_settings.TENANT_ASSIGN_ROLES_TABLE}
                         WHERE delete_status = 'NOT_DELETED'
                         AND is_active = true
                         AND (user_id = %s OR group_id = ANY(%s))
-                        ORDER BY org_id, group_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id;
+                        ORDER BY group_id, user_id, role_id;
                     """,
                     (user_id, group_ids),
                 )
@@ -181,13 +195,13 @@ class AuthService:
                 # No groups, just check roles for user
                 get_user_roles = DatabaseManager.execute_query(
                     f"""
-                        SELECT DISTINCT ON (org_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id)
-                            org_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id
-                        FROM "{tenant_id}".{db_settings.ASSIGN_ROLES_TABLE}
+                        SELECT DISTINCT ON (user_id, role_id)
+                            user_id, role_id, resource_type
+                        FROM "{tenant_id}".{db_settings.TENANT_ASSIGN_ROLES_TABLE}
                         WHERE delete_status = 'NOT_DELETED'
                         AND is_active = true
                         AND user_id = %s
-                        ORDER BY org_id, bus_id, app_id, shared_resource_id, resource_id, user_id, role_id;
+                        ORDER BY user_id, role_id;
                     """,
                     (user_id,),
                 )
@@ -196,7 +210,7 @@ class AuthService:
             get_user_roles_with_tenant_and_permissions = []
             for role in get_user_roles:
                 permissions = DatabaseManager.execute_query(
-                    f"""SELECT permission_id FROM {db_settings.ROLE_PERMISSIONS_TABLE} WHERE role_id = %s""",
+                    f"""SELECT permission_id FROM {db_settings.MAIN_ROLE_PERMISSIONS_TABLE} WHERE role_id = %s""",
                     params=(role["role_id"],),)
 
                 role_dict = {**role, "tenant_id": tenant_id, "permissions": [p['permission_id'] for p in permissions]}
@@ -224,31 +238,27 @@ class AuthService:
                 status_code=500,
                 error="Authorization check failed due to an internal error"
             )
-        
+
     @staticmethod
-    def check_permission(users_data: list, action=None, org_id=None, bus_id=None, app_id=None,
-                     resource_id=None, shared_resource_id=None) -> bool:
+    def check_permission(users_data: list, action=None, resource_type=None) -> bool:
         """
-        Check if user has a given permission (action) for a specific target.
-        
-        Hierarchy: organization > business > app > location > resource/shared_resource
-        If a field in role is None, it applies to all under that level.
+        Check if user has a given permission (action).
+
+        Args:
+            users_data: List of user authorization data containing roles and permissions
+            action: The permission/action to check for
+            resource_type: Optional resource type filter (e.g., 'rt-user', 'rt-group')
+
+        Returns:
+            bool: True if user has the permission, False otherwise
         """
         for user_data in users_data:
-            # Check hierarchy: None means "all"
-            if user_data.org_id not in (None, org_id):
-                continue
-            if user_data.bus_id not in (None, bus_id):
-                continue
-            if user_data.app_id not in (None, app_id):
-                continue
-            if user_data.resource_id not in (None, resource_id):
-                continue
-            if user_data.shared_resource_id not in (None, shared_resource_id):
+            # Check resource_type if specified
+            if resource_type and user_data.resource_type and user_data.resource_type != resource_type:
                 continue
 
             # Check if the permission exists
-            if action in user_data.permissions:
+            if action and action in user_data.permissions:
                 return True
 
         return False

trovesuite/auth/auth_write_dto.py

@@ -4,7 +4,8 @@ from pydantic import BaseModel
 
 class AuthControllerWriteDto(BaseModel):
     user_id: Optional[str] = None
-    tenant: Optional[str] = None
+    tenant_id: Optional[str] = None
 
 class AuthServiceWriteDto(AuthControllerWriteDto):
     pass
+

trovesuite/configs/database.py

@@ -13,24 +13,32 @@ logger = get_logger("database")
 
 # Database connection pool
 _connection_pool: Optional[psycopg2.pool.ThreadedConnectionPool] = None
-_sqlmodel_engine = None
 
 
 class DatabaseConfig:
     """Database configuration and connection management"""
-    
+
     def __init__(self):
         self.settings = db_settings
+        self.database_url = self.settings.database_url
         self.pool_size = 5
         self.max_overflow = 10
-    
-    @property
-    def database_url(self):
-        """Get database URL (lazy evaluation)"""
-        return self.settings.database_url
-        
+
     def get_connection_params(self) -> dict:
         """Get database connection parameters"""
+        if self.settings.DATABASE_URL:
+            # Use full DATABASE_URL if available
+            return {
+                "dsn": self.settings.DATABASE_URL,
+                "cursor_factory": RealDictCursor,
+                "keepalives": 1,
+                "keepalives_idle": 30,
+                "keepalives_interval": 10,
+                "keepalives_count": 5,
+                "connect_timeout": 10
+            }
+
+        # fallback to individual DB_* variables
         return {
             "host": self.settings.DB_HOST,
             "port": self.settings.DB_PORT,
@@ -38,9 +46,14 @@ class DatabaseConfig:
             "user": self.settings.DB_USER,
             "password": self.settings.DB_PASSWORD,
             "cursor_factory": RealDictCursor,
-            "application_name": f"{self.settings.APP_NAME}_{self.settings.ENVIRONMENT}"
+            "application_name": f"{self.settings.APP_NAME}_{self.settings.ENVIRONMENT}",
+            "keepalives": 1,
+            "keepalives_idle": 30,
+            "keepalives_interval": 10,
+            "keepalives_count": 5,
+            "connect_timeout": 10
         }
-    
+
     def create_connection_pool(self) -> psycopg2.pool.ThreadedConnectionPool:
         """Create a connection pool for psycopg2"""
         try:
@@ -54,7 +67,7 @@ class DatabaseConfig:
         except Exception as e:
             logger.error(f"Failed to create database connection pool: {str(e)}")
             raise
-    
+
     def test_connection(self) -> bool:
         """Test database connection"""
         try:
@@ -78,17 +91,17 @@ db_config = DatabaseConfig()
 def initialize_database():
     """Initialize database connections and pool"""
     global _connection_pool
-    
+
     try:
         # Test connection first
         if not db_config.test_connection():
             raise Exception("Database connection test failed")
-        
+
         # Create connection pool
         _connection_pool = db_config.create_connection_pool()
-        
+
         logger.info("Database initialization completed successfully")
-        
+
     except Exception as e:
         logger.error(f"Database initialization failed: {str(e)}")
         raise
@@ -98,16 +111,28 @@ def get_connection_pool() -> psycopg2.pool.ThreadedConnectionPool:
     """Get the database connection pool"""
     global _connection_pool
     if _connection_pool is None:
-        raise Exception("Database not initialized. Call initialize_database() first.")
+        error_msg = (
+            "Database not initialized. This usually means:\n"
+            "1. Missing or incorrect .env file in app/ directory\n"
+            "2. Database credentials are wrong\n"
+            "3. Database container is not running\n"
+            "4. Database initialization failed during startup\n"
+            "Please check the startup logs for more details."
+        )
+        logger.error(error_msg)
+        raise Exception(error_msg)
     return _connection_pool
 
 
-def get_sqlmodel_engine():
-    """Get the SQLModel engine"""
-    global _sqlmodel_engine
-    if _sqlmodel_engine is None:
-        raise Exception("Database not initialized. Call initialize_database() first.")
-    return _sqlmodel_engine
+def _validate_connection(conn) -> bool:
+    """Validate if a connection is still alive"""
+    try:
+        # Test if connection is alive with a simple query
+        with conn.cursor() as cursor:
+            cursor.execute("SELECT 1")
+        return True
+    except (psycopg2.OperationalError, psycopg2.InterfaceError):
+        return False
 
 
 @contextmanager
@@ -117,52 +142,79 @@ def get_db_connection():
     conn = None
     try:
         conn = pool.getconn()
+
+        # Validate connection before using it
+        if not _validate_connection(conn):
+            logger.warning("Stale connection detected, getting new connection")
+            pool.putconn(conn, close=True)
+            conn = pool.getconn()
+
         logger.debug("Database connection acquired from pool")
         yield conn
     except Exception as e:
         logger.error(f"Database connection error: {str(e)}")
         if conn:
-            conn.rollback()
+            try:
+                # Only rollback if connection is still open
+                if not conn.closed:
+                    conn.rollback()
+            except (psycopg2.OperationalError, psycopg2.InterfaceError) as rollback_error:
+                logger.warning(f"Could not rollback closed connection: {str(rollback_error)}")
         raise
     finally:
         if conn:
-            pool.putconn(conn)
-            logger.debug("Database connection returned to pool")
+            try:
+                # If connection is broken, close it instead of returning to pool
+                if conn.closed:
+                    pool.putconn(conn, close=True)
+                else:
+                    pool.putconn(conn)
+                logger.debug("Database connection returned to pool")
+            except Exception as put_error:
+                logger.error(f"Error returning connection to pool: {str(put_error)}")
 
 
 @contextmanager
 def get_db_cursor():
     """Get a database cursor (context manager)"""
     with get_db_connection() as conn:
-        cursor = conn.cursor()
+        cursor = conn.cursor(cursor_factory=RealDictCursor)
         try:
             yield cursor
-            conn.commit()
+            if not conn.closed:
+                conn.commit()
         except Exception as e:
-            conn.rollback()
+            if not conn.closed:
+                try:
+                    conn.rollback()
+                except (psycopg2.OperationalError, psycopg2.InterfaceError) as rollback_error:
+                    logger.warning(f"Could not rollback transaction on closed connection: {str(rollback_error)}")
             logger.error(f"Database cursor error: {str(e)}")
             raise
         finally:
-            cursor.close()
+            try:
+                cursor.close()
+            except Exception as close_error:
+                logger.warning(f"Error closing cursor: {str(close_error)}")
 
 
 class DatabaseManager:
     """Database manager for common operations"""
-    
+
     @staticmethod
     def execute_query(query: str, params: tuple = None) -> list:
         """Execute a SELECT query and return results"""
         with get_db_cursor() as cursor:
             cursor.execute(query, params)
             return cursor.fetchall()
-    
+
     @staticmethod
     def execute_update(query: str, params: tuple = None) -> int:
         """Execute an INSERT/UPDATE/DELETE query and return affected rows"""
         with get_db_cursor() as cursor:
             cursor.execute(query, params)
             return cursor.rowcount
-    
+
     @staticmethod
     def execute_scalar(query: str, params: tuple = None):
         """Execute a query and return a single value"""
@@ -178,7 +230,41 @@ class DatabaseManager:
                     # Handle tuple result
                     return result[0] if len(result) > 0 else None
             return None
-    
+
+    @staticmethod
+    @contextmanager
+    def transaction():
+        """
+        Context manager for database transactions.
+        Wraps multiple operations in a single transaction.
+
+        Usage:
+            with DatabaseManager.transaction() as cursor:
+                cursor.execute("INSERT INTO table1 ...")
+                cursor.execute("INSERT INTO table2 ...")
+                # Auto-commits on success, auto-rollbacks on exception
+        """
+        with get_db_connection() as conn:
+            cursor = conn.cursor(cursor_factory=RealDictCursor)
+            try:
+                yield cursor
+                if not conn.closed:
+                    conn.commit()
+                    logger.debug("Transaction committed successfully")
+            except Exception as e:
+                if not conn.closed:
+                    try:
+                        conn.rollback()
+                        logger.warning(f"Transaction rolled back due to error: {str(e)}")
+                    except (psycopg2.OperationalError, psycopg2.InterfaceError) as rollback_error:
+                        logger.error(f"Could not rollback transaction: {str(rollback_error)}")
+                raise
+            finally:
+                try:
+                    cursor.close()
+                except Exception as close_error:
+                    logger.warning(f"Error closing transaction cursor: {str(close_error)}")
+
     @staticmethod
     def health_check() -> dict:
         """Perform database health check"""
@@ -186,7 +272,7 @@ class DatabaseManager:
             with get_db_cursor() as cursor:
                 cursor.execute("SELECT version(), current_database(), current_user")
                 result = cursor.fetchone()
-                
+
                 if result:
                     # Handle RealDictRow (dictionary-like) result
                     if hasattr(result, 'get'):
@@ -217,5 +303,13 @@ class DatabaseManager:
             }
 
 
-# Database initialization is done lazily when needed
-# Call initialize_database() explicitly when you need to use the database
+# Database initialization on module import
+try:
+    initialize_database()
+except Exception as e:
+    logger.error(f"Failed to initialize database on startup: {str(e)}")
+    logger.error("⚠️  CRITICAL: Application started without database connection!")
+    logger.error("⚠️  Please check your .env file and database configuration")
+    logger.error("⚠️  The application will not function properly without a database connection")
+    # Don't raise here to allow the app to start even if DB is unavailable
+    # But log it clearly so it's obvious what's wrong