PyPI - zrb - Versions diffs - 1.0.0b10__py3-none-any.whl → 1.1.0__py3-none-any.whl - Mend

zrb 1.0.0b10py3-none-any.whl → 1.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/schema/navigation.py ADDED Viewed

@@ -0,0 +1,95 @@
+from my_app_name.schema.user import AuthUserResponse
+from pydantic import BaseModel
+class Page(BaseModel):
+    name: str
+    caption: str
+    url: str
+    permission: str | None = None
+class AccessiblePage(BaseModel):
+    name: str
+    caption: str
+    url: str
+    active: bool
+class PageGroup(BaseModel):
+    name: str
+    caption: str
+    pages: list[Page] = []
+    def append_page(self, submenu: Page) -> Page:
+        self.pages.append(submenu)
+        return submenu
+    def get_accessible_pages(
+        self, submenu_name: str | None = None, user: AuthUserResponse | None = None
+    ) -> list[AccessiblePage]:
+        return [
+            AccessiblePage(
+                name=page.name,
+                caption=page.caption,
+                url=page.url,
+                active=page.name == submenu_name,
+            )
+            for page in self.pages
+            if _has_permission(user, page.permission)
+        ]
+class AccessiblePageGroup(BaseModel):
+    name: str
+    caption: str
+    pages: list[AccessiblePage]
+    active: bool
+class Navigation(BaseModel):
+    items: list[PageGroup | Page] = []
+    def append_page_group(self, page_group: PageGroup) -> PageGroup:
+        self.items.append(page_group)
+        return page_group
+    def append_page(self, page: Page) -> Page:
+        self.items.append(page)
+        return page
+    def get_accessible_items(
+        self, page_name: str | None, user: AuthUserResponse | None
+    ) -> list[AccessiblePageGroup | AccessiblePage]:
+        accessible_items = []
+        for item in self.items:
+            if isinstance(item, Page) and _has_permission(user, item.permission):
+                accessible_items.append(
+                    AccessiblePage(
+                        name=item.name,
+                        caption=item.caption,
+                        url=item.url,
+                        active=item.name == page_name,
+                    )
+                )
+                continue
+            accessible_submenus = item.get_accessible_pages(page_name, user)
+            if accessible_submenus:
+                active = any(submenu.active for submenu in accessible_submenus)
+                accessible_items.append(
+                    AccessiblePageGroup(
+                        name=item.name,
+                        caption=item.caption,
+                        pages=accessible_submenus,
+                        active=active,
+                    )
+                )
+        return accessible_items
+def _has_permission(user: AuthUserResponse | None, permission: str | None):
+    if permission is None:
+        return True
+    if user is not None:
+        return user.has_permission(permission)
+    return False

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/subroute/auth.py CHANGED Viewed

@@ -1,14 +1,17 @@
+import os
 from typing import Annotated
-from fastapi import Depends, FastAPI, Response
+from fastapi import Depends, FastAPI, Request, Response
 from fastapi.security import OAuth2PasswordRequestForm
-from my_app_name.common.error import ForbiddenError
+from my_app_name.common.error import ForbiddenError, NotFoundError
 from my_app_name.module.auth.client.auth_client_factory import auth_client
 from my_app_name.module.gateway.util.auth import (
     get_current_user,
+    get_refresh_token,
     set_user_session_cookie,
     unset_user_session_cookie,
 )
+from my_app_name.module.gateway.util.view import render_content, render_error
 from my_app_name.schema.permission import (
     MultiplePermissionResponse,
     PermissionCreate,
@@ -49,22 +52,56 @@ def serve_auth_route(app: FastAPI):
     @app.put("/api/v1/user-sessions", response_model=UserSessionResponse)
     async def update_user_session(
-        response: Response, refresh_token: str
+        request: Request, response: Response, refresh_token: str | None = None
     ) -> UserSessionResponse:
-        user_session = await auth_client.update_user_session(refresh_token)
+        actual_refresh_token = get_refresh_token(request, refresh_token)
+        if actual_refresh_token is None:
+            raise ForbiddenError("Refresh token needed")
+        try:
+            user_session = await auth_client.update_user_session(actual_refresh_token)
+        except NotFoundError:
+            raise ForbiddenError("Session not found")
         set_user_session_cookie(response, user_session)
         return user_session
     @app.delete("/api/v1/user-sessions", response_model=UserSessionResponse)
     async def delete_user_session(
-        response: Response, refresh_token: str
+        request: Request, response: Response, refresh_token: str | None = None
     ) -> UserSessionResponse:
-        user_session = await auth_client.delete_user_session(refresh_token)
-        unset_user_session_cookie(response)
-        return user_session
+        try:
+            actual_refresh_token = get_refresh_token(request, refresh_token)
+            if actual_refresh_token is None:
+                raise ForbiddenError("Refresh token needed")
+            user_session = await auth_client.delete_user_session(actual_refresh_token)
+            return user_session
+        finally:
+            unset_user_session_cookie(response)
     # Permission routes
+    @app.get("/auth/permissions", include_in_schema=False)
+    def permissions_crud_ui(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        page: int = 1,
+        page_size: int = 10,
+        sort: str | None = None,
+        filter: str | None = None,
+    ):
+        if not current_user.has_permission("permission:read"):
+            return render_error(error_message="Access denied", status_code=403)
+        return render_content(
+            view_path=os.path.join("auth", "permission.html"),
+            current_user=current_user,
+            page_name="auth.permission",
+            page=page,
+            page_size=page_size,
+            sort=sort,
+            filter=filter,
+            allow_create=current_user.has_permission("permission:create"),
+            allow_update=current_user.has_permission("permission:update"),
+            allow_delete=current_user.has_permission("permission:delete"),
+        )
     @app.get("/api/v1/permissions", response_model=MultiplePermissionResponse)
     async def get_permissions(
         current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
@@ -176,6 +213,29 @@ def serve_auth_route(app: FastAPI):
     # Role routes
+    @app.get("/auth/roles", include_in_schema=False)
+    def roles_crud_ui(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        page: int = 1,
+        page_size: int = 10,
+        sort: str | None = None,
+        filter: str | None = None,
+    ):
+        if not current_user.has_permission("role:read"):
+            return render_error(error_message="Access denied", status_code=403)
+        return render_content(
+            view_path=os.path.join("auth", "role.html"),
+            current_user=current_user,
+            page_name="auth.role",
+            page=page,
+            page_size=page_size,
+            sort=sort,
+            filter=filter,
+            allow_create=current_user.has_permission("role:create"),
+            allow_update=current_user.has_permission("role:update"),
+            allow_delete=current_user.has_permission("role:delete"),
+        )
     @app.get("/api/v1/roles", response_model=MultipleRoleResponse)
     async def get_roles(
         current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
@@ -283,6 +343,29 @@ def serve_auth_route(app: FastAPI):
     # User routes
+    @app.get("/auth/users", include_in_schema=False)
+    def users_crud_ui(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        page: int = 1,
+        page_size: int = 10,
+        sort: str | None = None,
+        filter: str | None = None,
+    ):
+        if not current_user.has_permission("user:read"):
+            return render_error(error_message="Access denied", status_code=403)
+        return render_content(
+            view_path=os.path.join("auth", "user.html"),
+            current_user=current_user,
+            page_name="auth.user",
+            page=page,
+            page_size=page_size,
+            sort=sort,
+            filter=filter,
+            allow_create=current_user.has_permission("user:create"),
+            allow_update=current_user.has_permission("user:update"),
+            allow_delete=current_user.has_permission("user:delete"),
+        )
     @app.get("/api/v1/users", response_model=MultipleUserResponse)
     async def get_users(
         current_user: Annotated[AuthUserResponse, Depends(get_current_user)],

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/util/auth.py CHANGED Viewed

@@ -15,6 +15,15 @@ from typing_extensions import Annotated
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/user-sessions", auto_error=False)
+def get_refresh_token(request: Request, refresh_token: str | None) -> str | None:
+    if refresh_token is not None and refresh_token != "":
+        return refresh_token
+    cookie_refresh_token = request.cookies.get(APP_AUTH_REFRESH_TOKEN_COOKIE_NAME)
+    if cookie_refresh_token is not None and cookie_refresh_token != "":
+        return cookie_refresh_token
+    return None
 async def get_current_user(
     request: Request,
     response: Response,

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/util/view.py CHANGED Viewed

@@ -1,18 +1,24 @@
 import os
 from typing import Any
+import my_app_name.config as CFG
 from fastapi.responses import HTMLResponse
 from my_app_name.common.util.view import render_page, render_str
 from my_app_name.config import (
+    APP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES,
     APP_GATEWAY_CSS_PATH_LIST,
     APP_GATEWAY_FAVICON_PATH,
+    APP_GATEWAY_FOOTER,
     APP_GATEWAY_JS_PATH_LIST,
     APP_GATEWAY_LOGO_PATH,
+    APP_GATEWAY_PICO_CSS_PATH,
     APP_GATEWAY_SUBTITLE,
     APP_GATEWAY_TITLE,
     APP_GATEWAY_VIEW_DEFAULT_TEMPLATE_PATH,
     APP_GATEWAY_VIEW_PATH,
 )
+from my_app_name.module.gateway.config.navigation import APP_NAVIGATION
+from my_app_name.schema.user import AuthUserResponse
 _DEFAULT_TEMPLATE_PATH = os.path.join(
     APP_GATEWAY_VIEW_PATH, APP_GATEWAY_VIEW_DEFAULT_TEMPLATE_PATH
@@ -24,32 +30,47 @@ _DEFAULT_ERROR_TEMPLATE_PATH = os.path.join(
 _DEFAULT_PARTIALS = {
     "title": APP_GATEWAY_TITLE,
     "subtitle": APP_GATEWAY_SUBTITLE,
+    "footer": APP_GATEWAY_FOOTER,
     "logo_path": APP_GATEWAY_LOGO_PATH,
     "favicon_path": APP_GATEWAY_FAVICON_PATH,
+    "pico_css_path": APP_GATEWAY_PICO_CSS_PATH,
     "css_path_list": APP_GATEWAY_CSS_PATH_LIST,
     "js_path_list": APP_GATEWAY_JS_PATH_LIST,
+    "show_user_info": True,
+    "should_refresh_session": True,
+    "refresh_session_interval_seconds": f"{APP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES * 60 / 3}",
 }
-def render(
+def render_content(
     view_path: str,
     template_path: str = _DEFAULT_TEMPLATE_PATH,
     status_code: int = 200,
-    headers: dict[str, str] = None,
+    headers: dict[str, str] | None = None,
     media_type: str | None = None,
+    current_user: AuthUserResponse | None = None,
+    page_name: str | None = None,
     partials: dict[str, Any] = {},
-    **data: Any
+    **data: Any,
 ) -> HTMLResponse:
     rendered_partials = {key: val for key, val in _DEFAULT_PARTIALS.items()}
     for key, val in partials.items():
         rendered_partials[key] = val
+    rendered_partials["page_name"] = page_name
+    rendered_partials["current_user"] = current_user
+    rendered_partials["navigations"] = APP_NAVIGATION.get_accessible_items(
+        page_name, current_user
+    )
     return render_page(
         template_path=template_path,
         status_code=status_code,
         headers=headers,
         media_type=media_type,
-        partials=rendered_partials,
-        content=render_str(template_path=view_path, **data),
+        content=render_str(
+            template_path=os.path.join(APP_GATEWAY_VIEW_PATH, "content", view_path),
+            **data,
+        ),
+        **rendered_partials,
     )
@@ -58,17 +79,21 @@ def render_error(
     status_code: int = 500,
     view_path: str = _DEFAULT_ERROR_TEMPLATE_PATH,
     template_path: str = _DEFAULT_TEMPLATE_PATH,
-    headers: dict[str, str] = None,
+    headers: dict[str, str] | None = None,
     media_type: str | None = None,
+    current_user: AuthUserResponse | None = None,
+    page_name: str | None = None,
     partials: dict[str, Any] = {},
 ):
-    return render(
+    return render_content(
         view_path=view_path,
         template_path=template_path,
         status_code=status_code,
         headers=headers,
         media_type=media_type,
-        partials=partials,
+        current_user=current_user,
+        page_name=page_name,
+        partials={"show_user_info": False, **partials},
         error_status_code=status_code,
         error_message=error_message,
     )

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/view/content/auth/permission.html ADDED Viewed

@@ -0,0 +1,311 @@
+<link rel="stylesheet" href="/static/crud/style.css">
+<main class="container">
+    <article>
+        <h1>Permission</h1>
+        <fieldset id="crud-table-fieldset" role="group" class="grid">
+            <input id="crud-filter" onchange="applySearch()" placeholder="🔍 Filter" aria-label="Search" />
+            <button onclick="applySearch()">🔍 Search</button>
+            {% if allow_create %}
+            <button class="contrast" onclick="showCreateForm(event)">➕ Add</button>
+            {% endif %}
+        </fieldset>
+        <div id="crud-table-container">
+            <table id="crud-table" class="striped">
+                <thead>
+                    <tr>
+                        <th scope="col">ID</th>
+                        <th scope="col">Name</th>
+                        <th scope="col">Description</th>
+                        <!-- Update this -->
+                        {% if allow_update or allow_delete %}
+                        <th scope="col">Actions</th>
+                        {% endif %}
+                    </tr>
+                </thead>
+                <tbody></tbody>
+            </table>
+        </div>
+        <div id="crud-pagination"></div>
+        {% if allow_create %}
+        <dialog id="crud-create-form-dialog">
+            <article>
+                <h2>New Permission</h2>
+                <form id="crud-create-form">
+                    <label>
+                        Name:
+                        <input type="text" name="name" required>
+                    </label>
+                    <label>
+                        Description:
+                        <input type="text" name="description" required>
+                    </label>
+                    <!-- Update this -->
+                    <footer>
+                        <button onclick="createRow(event)">➕ Save</button>
+                        <button class="secondary" onclick="hideCreateForm(event)">❌ Cancel</button>
+                    </footer>
+                </form>
+            </article>
+        </dialog>
+        {% endif %}
+        {% if allow_update %}
+        <dialog id="crud-update-form-dialog">
+            <article>
+                <h2>Update Permission</h2>
+                <form id="crud-update-form">
+                    <label>
+                        Name:
+                        <input type="text" name="name" required>
+                    </label>
+                    <label>
+                        Description:
+                        <input type="text" name="description" required>
+                    </label>
+                    <!-- Update this -->
+                    <footer>
+                        <button onclick="updateRow(event)">✏️ Save</button>
+                        <button class="secondary" onclick="hideUpdateForm(event)">❌ Cancel</button>
+                    </footer>
+                </form>
+            </article>
+        </dialog>
+        {% endif %}
+        {% if allow_delete %}
+        <dialog id="crud-delete-form-dialog">
+            <article>
+                <h2>Delete Permission</h2>
+                <form id="crud-delete-form">
+                    <label>
+                        Name:
+                        <input type="text" name="name" readonly>
+                    </label>
+                    <label>
+                        Description:
+                        <input type="text" name="description" readonly>
+                    </label>
+                    <!-- Update this -->
+                    <footer>
+                        <button class="secondary" onclick="hideDeleteForm()">❌ Cancel</button>
+                        <button onclick="deleteRow()">🗑️ Delete</button>
+                    </footer>
+                </form>
+            </article>
+        </dialog>
+        {% endif %}
+        <dialog id="crud-alert-dialog">
+            <article>
+                <h2 id="crud-alert-title">Error</h2>
+                <pre id="crud-alert-message"></pre>
+                <footer>
+                    <button onclick="hideAlert(event)">Close</button>
+                </footer>
+            </article>
+        </dialog>
+    </article>
+</main>
+<script src="/static/crud/util.js"></script>
+<script>
+    const apiUrl = "/api/v1/permissions";
+    const crudState = {
+        pageSize: {{page_size | tojson}},
+        currentPage: {{page | tojson}},
+        sort: {{sort | tojson}},
+        filter: {{filter | tojson}},
+        allowCreate: {{allow_create | tojson}},
+        allowUpdate: {{allow_update | tojson}},
+        allowDelete: {{allow_delete | tojson}},
+        updatedRowId: null,
+        deletedRowId: null,
+    };
+    async function applySearch() {
+        const filterInput = document.getElementById("crud-filter");
+        crudState.filter = filterInput.value;
+        return await fetchRows(crudState.currentPage);
+    }
+    async function fetchRows(page = null) {
+        try {
+            if (typeof page !== 'undefined' && page !== null) {
+                crudState.currentPage = page;
+            }
+            const defaultSearchColumn = "name"
+            // update address bar
+            const searchParam = CRUD_UTIL.getSearchParam(crudState, defaultSearchColumn, false);
+            const newUrl = `${window.location.pathname}?${searchParam}`;
+            window.history.pushState({ path: newUrl }, "", newUrl);
+            // update table and pagination
+            const apiSearchParam = CRUD_UTIL.getSearchParam(crudState, defaultSearchColumn, true);
+            const result = await UTIL.fetchAPI(
+                `${apiUrl}?${apiSearchParam}`, { method: "GET" }
+            );
+            renderRows(result.data);
+            const crudPagination = document.getElementById("crud-pagination");
+            CRUD_UTIL.renderPagination(
+                crudPagination, crudState, result.count, "fetchRows"
+            );
+        } catch (error) {
+            console.error("Error fetching items:", error);
+        }
+    }
+    function renderRows(rows) {
+        const tableBody = document.querySelector("#crud-table tbody");
+        tableBody.innerHTML = "";
+        rows.forEach(row => {
+            let rowComponent = getRowComponents(row);
+            actionColumn = "";
+            if (crudState.allowUpdate) {
+                actionColumn += `<button class="contrast" onclick="showUpdateForm('${row.id}')">✏️ Edit</button>`;
+            }
+            if (crudState.allowDelete) {
+                actionColumn += `<button class="secondary" onclick="showDeleteForm('${row.id}')">🗑️ Delete</button>`;
+            }
+            if (crudState.allowUpdate || crudState.allowDelete) {
+                actionColumn = `<td><fieldset class="grid" role="group">${actionColumn}</fieldset></td>`;
+            }
+            tableBody.innerHTML += `<tr>${rowComponent.join('')}${actionColumn}</tr>`;
+        });
+    }
+    function getRowComponents(row) {
+        let rowComponents = [];
+        rowComponents.push(`<td>${row.id}</td>`);
+        rowComponents.push(`<td>${row.name}</td>`);
+        rowComponents.push(`<td>${row.description}</td>`);
+        // Update this
+        return rowComponents;
+    }
+    {% if allow_create %}
+    async function showCreateForm(id) {
+        const createFormDialog = document.getElementById("crud-create-form-dialog");
+        const createForm = document.getElementById("crud-create-form");
+        UTIL.clearFormData(createForm);
+        createFormDialog.showModal();
+    }
+    async function createRow(event = null) {
+        if (event != null) {
+            event.preventDefault();
+        }
+        try {
+            const createForm = document.getElementById("crud-create-form");
+            const formData = JSON.stringify(UTIL.getFormData(createForm));
+            await UTIL.fetchAPI(apiUrl, {method: "POST", body: formData});
+            await fetchRows();
+            hideCreateForm();
+        } catch(error) {
+            showAlert("Create Permission Error", error);
+        }
+    }
+    function hideCreateForm(event = null) {
+        if (event != null) {
+            event.preventDefault();
+        }
+        const createFormDialog = document.getElementById("crud-create-form-dialog");
+        createFormDialog.close();
+    }
+    {% endif %}
+    {% if allow_update %}
+    async function showUpdateForm(id) {
+        crudState.updatedRowId = id;
+        const updateFormDialog = document.getElementById("crud-update-form-dialog");
+        const updateForm = document.getElementById("crud-update-form");
+        result = await UTIL.fetchAPI(`${apiUrl}/${id}`, { method: "GET" });
+        UTIL.setFormData(updateForm, result);
+        updateFormDialog.showModal();
+    }
+    async function updateRow(event = null) {
+        if (event != null) {
+            event.preventDefault();
+        }
+        try {
+            const updateForm = document.getElementById("crud-update-form");
+            const formData = JSON.stringify(UTIL.getFormData(updateForm));
+            await UTIL.fetchAPI(
+                `${apiUrl}/${crudState.updatedRowId}`, {method: "PUT", body: formData},
+            );
+            await fetchRows();
+            hideUpdateForm();
+        } catch(error) {
+            showAlert("Update Permission Error", error);
+        }
+    }
+    function hideUpdateForm(event = null) {
+        if (event != null) {
+            event.preventDefault();
+        }
+        const updateFormDialog = document.getElementById("crud-update-form-dialog");
+        updateFormDialog.close();
+    }
+    {% endif %}
+    {% if allow_delete %}
+    async function showDeleteForm(id) {
+        crudState.deletedRowId = id;
+        const deleteFormDialog = document.getElementById("crud-delete-form-dialog");
+        const deleteForm = document.getElementById("crud-delete-form");
+        result = await UTIL.fetchAPI(`${apiUrl}/${id}`, { method: "GET" });
+        UTIL.setFormData(deleteForm, result);
+        deleteFormDialog.showModal();
+    }
+    async function deleteRow(event = null) {
+        if (event != null) {
+            event.preventDefault();
+        }
+        try {
+            await UTIL.fetchAPI(`${apiUrl}/${crudState.deletedRowId}`, {method: "DELETE",});
+            await fetchRows();
+            hideDeleteForm();
+        } catch(error) {
+            showAlert("Delete Permission Error", error);
+        }
+    }
+    function hideDeleteForm(event = null) {
+        if (event != null) {
+            event.preventDefault();
+        }
+        const deleteFormDialog = document.getElementById("crud-delete-form-dialog");
+        deleteFormDialog.close();
+    }
+    {% endif %}
+    function showAlert(title, error) {
+        const alertDialog = document.getElementById("crud-alert-dialog");
+        const alertTitle = document.getElementById("crud-alert-title");
+        const alertMessage = document.getElementById("crud-alert-message");
+        const errorMessage = error.message ? error.message : String(error);
+        alertTitle.textContent = title;
+        alertMessage.textContent = errorMessage;
+        alertDialog.showModal();
+    }
+    function hideAlert(event = null) {
+        if (event != null) {
+            event.preventDefault();
+        }
+        const alertDialog = document.getElementById("crud-alert-dialog");
+        alertDialog.close();
+    }
+    document.addEventListener("DOMContentLoaded", () => {
+        const filterInput = document.getElementById("crud-filter");
+        filterInput.value = crudState.filter;
+        fetchRows(crudState.currentPage);
+    });
+</script>

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/view/content/auth/role.html ADDED Viewed

File without changes

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/view/content/auth/user.html ADDED Viewed

File without changes

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/view/content/error.html CHANGED Viewed

@@ -1,6 +1,9 @@
 <main class="container">
     <article>
-        <h2>{{error_status_code}}</h2>
+        <h1>{{error_status_code}}</h1>
         <p>{{error_message}}</p>
+        <footer>
+            <a role="button" class="primary" href="/">🏠 Go Back</a>
+        </footer>
     </article>
 </main>

zrb 1.0.0b10__py3-none-any.whl → 1.1.0__py3-none-any.whl

zrb 1.0.0b10py3-none-any.whl → 1.1.0py3-none-any.whl