PyPI - zrb - Versions diffs - 1.0.0b9__py3-none-any.whl → 1.1.0__py3-none-any.whl - Mend

zrb 1.0.0b9py3-none-any.whl → 1.1.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/subroute/auth.py CHANGED Viewed

@@ -1,8 +1,17 @@
+import os
 from typing import Annotated
-from fastapi import Depends, FastAPI, Response
+from fastapi import Depends, FastAPI, Request, Response
 from fastapi.security import OAuth2PasswordRequestForm
+from my_app_name.common.error import ForbiddenError, NotFoundError
 from my_app_name.module.auth.client.auth_client_factory import auth_client
+from my_app_name.module.gateway.util.auth import (
+    get_current_user,
+    get_refresh_token,
+    set_user_session_cookie,
+    unset_user_session_cookie,
+)
+from my_app_name.module.gateway.util.view import render_content, render_error
 from my_app_name.schema.permission import (
     MultiplePermissionResponse,
     PermissionCreate,
@@ -16,6 +25,7 @@ from my_app_name.schema.role import (
     RoleUpdateWithPermissions,
 )
 from my_app_name.schema.user import (
+    AuthUserResponse,
     MultipleUserResponse,
     UserCreateWithRoles,
     UserCredentials,
@@ -37,203 +47,426 @@ def serve_auth_route(app: FastAPI):
                 password=form_data.password,
             )
         )
+        set_user_session_cookie(response, user_session)
         return user_session
     @app.put("/api/v1/user-sessions", response_model=UserSessionResponse)
-    async def update_user_session(refresh_token: str) -> UserSessionResponse:
-        return await auth_client.update_user_session(refresh_token)
+    async def update_user_session(
+        request: Request, response: Response, refresh_token: str | None = None
+    ) -> UserSessionResponse:
+        actual_refresh_token = get_refresh_token(request, refresh_token)
+        if actual_refresh_token is None:
+            raise ForbiddenError("Refresh token needed")
+        try:
+            user_session = await auth_client.update_user_session(actual_refresh_token)
+        except NotFoundError:
+            raise ForbiddenError("Session not found")
+        set_user_session_cookie(response, user_session)
+        return user_session
     @app.delete("/api/v1/user-sessions", response_model=UserSessionResponse)
-    async def delete_user_session(refresh_token: str) -> UserSessionResponse:
-        return await auth_client.delete_user_session(refresh_token)
+    async def delete_user_session(
+        request: Request, response: Response, refresh_token: str | None = None
+    ) -> UserSessionResponse:
+        try:
+            actual_refresh_token = get_refresh_token(request, refresh_token)
+            if actual_refresh_token is None:
+                raise ForbiddenError("Refresh token needed")
+            user_session = await auth_client.delete_user_session(actual_refresh_token)
+            return user_session
+        finally:
+            unset_user_session_cookie(response)
     # Permission routes
+    @app.get("/auth/permissions", include_in_schema=False)
+    def permissions_crud_ui(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        page: int = 1,
+        page_size: int = 10,
+        sort: str | None = None,
+        filter: str | None = None,
+    ):
+        if not current_user.has_permission("permission:read"):
+            return render_error(error_message="Access denied", status_code=403)
+        return render_content(
+            view_path=os.path.join("auth", "permission.html"),
+            current_user=current_user,
+            page_name="auth.permission",
+            page=page,
+            page_size=page_size,
+            sort=sort,
+            filter=filter,
+            allow_create=current_user.has_permission("permission:create"),
+            allow_update=current_user.has_permission("permission:update"),
+            allow_delete=current_user.has_permission("permission:delete"),
+        )
     @app.get("/api/v1/permissions", response_model=MultiplePermissionResponse)
     async def get_permissions(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
         page: int = 1,
         page_size: int = 10,
         sort: str | None = None,
         filter: str | None = None,
     ) -> MultiplePermissionResponse:
+        if not current_user.has_permission("permission:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_permissions(
             page=page, page_size=page_size, sort=sort, filter=filter
         )
     @app.get("/api/v1/permissions/{permission_id}", response_model=PermissionResponse)
-    async def get_permission_by_id(permission_id: str) -> PermissionResponse:
+    async def get_permission_by_id(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_id: str,
+    ) -> PermissionResponse:
+        if not current_user.has_permission("permission:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_permission_by_id(permission_id)
     @app.post(
         "/api/v1/permissions/bulk",
         response_model=list[PermissionResponse],
     )
-    async def create_permission_bulk(data: list[PermissionCreate]):
+    async def create_permission_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: list[PermissionCreate],
+    ) -> list[PermissionResponse]:
+        if not current_user.has_permission("permission:create"):
+            raise ForbiddenError("Access denied")
         return await auth_client.create_permission_bulk(
-            [row.with_audit(created_by="system") for row in data]
+            [row.with_audit(created_by=current_user.id) for row in data]
         )
     @app.post(
         "/api/v1/permissions",
         response_model=PermissionResponse,
     )
-    async def create_permission(data: PermissionCreate):
-        return await auth_client.create_permission(data.with_audit(created_by="system"))
+    async def create_permission(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: PermissionCreate,
+    ) -> PermissionResponse:
+        if not current_user.has_permission("permission:create"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.create_permission(
+            data.with_audit(created_by=current_user.id)
+        )
     @app.put(
         "/api/v1/permissions/bulk",
         response_model=list[PermissionResponse],
     )
-    async def update_permission_bulk(permission_ids: list[str], data: PermissionUpdate):
+    async def update_permission_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_ids: list[str],
+        data: PermissionUpdate,
+    ) -> list[PermissionResponse]:
+        if not current_user.has_permission("permission:update"):
+            raise ForbiddenError("Access denied")
         return await auth_client.update_permission_bulk(
-            permission_ids, data.with_audit(updated_by="system")
+            permission_ids, data.with_audit(updated_by=current_user.id)
         )
     @app.put(
         "/api/v1/permissions/{permission_id}",
         response_model=PermissionResponse,
     )
-    async def update_permission(permission_id: str, data: PermissionUpdate):
-        return await auth_client.update_permission(data.with_audit(updated_by="system"))
+    async def update_permission(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_id: str,
+        data: PermissionUpdate,
+    ) -> PermissionResponse:
+        if not current_user.has_permission("permission:update"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.update_permission(
+            permission_id, data.with_audit(updated_by=current_user.id)
+        )
     @app.delete(
         "/api/v1/permissions/bulk",
         response_model=list[PermissionResponse],
     )
-    async def delete_permission_bulk(permission_ids: list[str]):
+    async def delete_permission_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_ids: list[str],
+    ) -> list[PermissionResponse]:
+        if not current_user.has_permission("permission:delete"):
+            raise ForbiddenError("Access denied")
         return await auth_client.delete_permission_bulk(
-            permission_ids, deleted_by="system"
+            permission_ids, deleted_by=current_user.id
         )
     @app.delete(
         "/api/v1/permissions/{permission_id}",
         response_model=PermissionResponse,
     )
-    async def delete_permission(permission_id: str):
-        return await auth_client.delete_permission(permission_id, deleted_by="system")
+    async def delete_permission(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        permission_id: str,
+    ) -> PermissionResponse:
+        if not current_user.has_permission("permission:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_permission(
+            permission_id, deleted_by=current_user.id
+        )
     # Role routes
+    @app.get("/auth/roles", include_in_schema=False)
+    def roles_crud_ui(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        page: int = 1,
+        page_size: int = 10,
+        sort: str | None = None,
+        filter: str | None = None,
+    ):
+        if not current_user.has_permission("role:read"):
+            return render_error(error_message="Access denied", status_code=403)
+        return render_content(
+            view_path=os.path.join("auth", "role.html"),
+            current_user=current_user,
+            page_name="auth.role",
+            page=page,
+            page_size=page_size,
+            sort=sort,
+            filter=filter,
+            allow_create=current_user.has_permission("role:create"),
+            allow_update=current_user.has_permission("role:update"),
+            allow_delete=current_user.has_permission("role:delete"),
+        )
     @app.get("/api/v1/roles", response_model=MultipleRoleResponse)
     async def get_roles(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
         page: int = 1,
         page_size: int = 10,
         sort: str | None = None,
         filter: str | None = None,
     ) -> MultipleRoleResponse:
+        if not current_user.has_permission("role:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_roles(
             page=page, page_size=page_size, sort=sort, filter=filter
         )
     @app.get("/api/v1/roles/{role_id}", response_model=RoleResponse)
-    async def get_role_by_id(role_id: str) -> RoleResponse:
+    async def get_role_by_id(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_id: str,
+    ) -> RoleResponse:
+        if not current_user.has_permission("role:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_role_by_id(role_id)
     @app.post(
         "/api/v1/roles/bulk",
         response_model=list[RoleResponse],
     )
-    async def create_role_bulk(data: list[RoleCreateWithPermissions]):
+    async def create_role_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: list[RoleCreateWithPermissions],
+    ) -> list[RoleResponse]:
+        if not current_user.has_permission("role:create"):
+            raise ForbiddenError("Access denied")
         return await auth_client.create_role_bulk(
-            [row.with_audit(created_by="system") for row in data]
+            [row.with_audit(created_by=current_user.id) for row in data]
         )
     @app.post(
         "/api/v1/roles",
         response_model=RoleResponse,
     )
-    async def create_role(data: RoleCreateWithPermissions):
-        return await auth_client.create_role(data.with_audit(created_by="system"))
+    async def create_role(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: RoleCreateWithPermissions,
+    ) -> RoleResponse:
+        if not current_user.has_permission("role:create"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.create_role(
+            data.with_audit(created_by=current_user.id)
+        )
     @app.put(
         "/api/v1/roles/bulk",
         response_model=list[RoleResponse],
     )
-    async def update_role_bulk(role_ids: list[str], data: RoleUpdateWithPermissions):
+    async def update_role_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_ids: list[str],
+        data: RoleUpdateWithPermissions,
+    ) -> list[RoleResponse]:
+        if not current_user.has_permission("role:update"):
+            raise ForbiddenError("Access denied")
         return await auth_client.update_role_bulk(
-            role_ids, data.with_audit(updated_by="system")
+            role_ids, data.with_audit(updated_by=current_user.id)
         )
     @app.put(
         "/api/v1/roles/{role_id}",
         response_model=RoleResponse,
     )
-    async def update_role(role_id: str, data: RoleUpdateWithPermissions):
-        return await auth_client.update_role(data.with_audit(updated_by="system"))
+    async def update_role(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_id: str,
+        data: RoleUpdateWithPermissions,
+    ) -> RoleResponse:
+        if not current_user.has_permission("role:update"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.update_role(
+            role_id, data.with_audit(updated_by=current_user.id)
+        )
     @app.delete(
         "/api/v1/roles/bulk",
         response_model=list[RoleResponse],
     )
-    async def delete_role_bulk(role_ids: list[str]):
-        return await auth_client.delete_role_bulk(role_ids, deleted_by="system")
+    async def delete_role_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_ids: list[str],
+    ) -> list[RoleResponse]:
+        if not current_user.has_permission("role:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_role_bulk(role_ids, deleted_by=current_user.id)
     @app.delete(
         "/api/v1/roles/{role_id}",
         response_model=RoleResponse,
     )
-    async def delete_role(role_id: str):
-        return await auth_client.delete_role(role_id, deleted_by="system")
+    async def delete_role(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        role_id: str,
+    ) -> RoleResponse:
+        if not current_user.has_permission("role:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_role(role_id, deleted_by=current_user.id)
     # User routes
+    @app.get("/auth/users", include_in_schema=False)
+    def users_crud_ui(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        page: int = 1,
+        page_size: int = 10,
+        sort: str | None = None,
+        filter: str | None = None,
+    ):
+        if not current_user.has_permission("user:read"):
+            return render_error(error_message="Access denied", status_code=403)
+        return render_content(
+            view_path=os.path.join("auth", "user.html"),
+            current_user=current_user,
+            page_name="auth.user",
+            page=page,
+            page_size=page_size,
+            sort=sort,
+            filter=filter,
+            allow_create=current_user.has_permission("user:create"),
+            allow_update=current_user.has_permission("user:update"),
+            allow_delete=current_user.has_permission("user:delete"),
+        )
     @app.get("/api/v1/users", response_model=MultipleUserResponse)
     async def get_users(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
         page: int = 1,
         page_size: int = 10,
         sort: str | None = None,
         filter: str | None = None,
     ) -> MultipleUserResponse:
+        if not current_user.has_permission("user:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_users(
             page=page, page_size=page_size, sort=sort, filter=filter
         )
     @app.get("/api/v1/users/{user_id}", response_model=UserResponse)
-    async def get_user_by_id(user_id: str) -> UserResponse:
+    async def get_user_by_id(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_id: str,
+    ) -> UserResponse:
+        if not current_user.has_permission("user:read"):
+            raise ForbiddenError("Access denied")
         return await auth_client.get_user_by_id(user_id)
     @app.post(
         "/api/v1/users/bulk",
         response_model=list[UserResponse],
     )
-    async def create_user_bulk(data: list[UserCreateWithRoles]):
+    async def create_user_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: list[UserCreateWithRoles],
+    ) -> list[UserResponse]:
+        if not current_user.has_permission("user:create"):
+            raise ForbiddenError("Access denied")
         return await auth_client.create_user_bulk(
-            [row.with_audit(created_by="system") for row in data]
+            [row.with_audit(created_by=current_user.id) for row in data]
         )
     @app.post(
         "/api/v1/users",
         response_model=UserResponse,
     )
-    async def create_user(data: UserCreateWithRoles):
-        return await auth_client.create_user(data.with_audit(created_by="system"))
+    async def create_user(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        data: UserCreateWithRoles,
+    ) -> UserResponse:
+        if not current_user.has_permission("user:create"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.create_user(
+            data.with_audit(created_by=current_user.id)
+        )
     @app.put(
         "/api/v1/users/bulk",
         response_model=list[UserResponse],
     )
-    async def update_user_bulk(user_ids: list[str], data: UserUpdateWithRoles):
+    async def update_user_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_ids: list[str],
+        data: UserUpdateWithRoles,
+    ) -> list[UserResponse]:
+        if not current_user.has_permission("user:update"):
+            raise ForbiddenError("Access denied")
         return await auth_client.update_user_bulk(
-            user_ids, data.with_audit(updated_by="system")
+            user_ids, data.with_audit(updated_by=current_user.id)
         )
     @app.put(
         "/api/v1/users/{user_id}",
         response_model=UserResponse,
     )
-    async def update_user(user_id: str, data: UserUpdateWithRoles):
-        return await auth_client.update_user(data.with_audit(updated_by="system"))
+    async def update_user(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_id: str,
+        data: UserUpdateWithRoles,
+    ) -> UserResponse:
+        if not current_user.has_permission("user:update"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.update_user(
+            user_id, data.with_audit(updated_by=current_user.id)
+        )
     @app.delete(
         "/api/v1/users/bulk",
         response_model=list[UserResponse],
     )
-    async def delete_user_bulk(user_ids: list[str]):
-        return await auth_client.delete_user_bulk(user_ids, deleted_by="system")
+    async def delete_user_bulk(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_ids: list[str],
+    ) -> list[UserResponse]:
+        if not current_user.has_permission("user:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_user_bulk(user_ids, deleted_by=current_user.id)
     @app.delete(
         "/api/v1/users/{user_id}",
         response_model=UserResponse,
     )
-    async def delete_user(user_id: str):
-        return await auth_client.delete_user(user_id, deleted_by="system")
+    async def delete_user(
+        current_user: Annotated[AuthUserResponse, Depends(get_current_user)],
+        user_id: str,
+    ) -> UserResponse:
+        if not current_user.has_permission("user:delete"):
+            raise ForbiddenError("Access denied")
+        return await auth_client.delete_user(user_id, deleted_by=current_user.id)

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/util/auth.py ADDED Viewed

@@ -0,0 +1,66 @@
+import datetime
+from fastapi import Depends, Request, Response
+from fastapi.security import OAuth2PasswordBearer
+from my_app_name.config import (
+    APP_AUTH_ACCESS_TOKEN_COOKIE_NAME,
+    APP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES,
+    APP_AUTH_REFRESH_TOKEN_COOKIE_NAME,
+    APP_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES,
+)
+from my_app_name.module.auth.client.auth_client_factory import auth_client
+from my_app_name.schema.user import AuthUserResponse, UserSessionResponse
+from typing_extensions import Annotated
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/user-sessions", auto_error=False)
+def get_refresh_token(request: Request, refresh_token: str | None) -> str | None:
+    if refresh_token is not None and refresh_token != "":
+        return refresh_token
+    cookie_refresh_token = request.cookies.get(APP_AUTH_REFRESH_TOKEN_COOKIE_NAME)
+    if cookie_refresh_token is not None and cookie_refresh_token != "":
+        return cookie_refresh_token
+    return None
+async def get_current_user(
+    request: Request,
+    response: Response,
+    bearer_access_token: Annotated[str, Depends(oauth2_scheme)],
+) -> AuthUserResponse:
+    # Bearer token exists
+    if bearer_access_token is not None and bearer_access_token != "":
+        return await auth_client.get_current_user(bearer_access_token)
+    cookie_access_token = request.cookies.get(APP_AUTH_ACCESS_TOKEN_COOKIE_NAME)
+    # Cookie exists
+    if cookie_access_token is not None and cookie_access_token != "":
+        cookie_user = await auth_client.get_current_user(cookie_access_token)
+        if cookie_user.is_guest:
+            # If user is guest, the cookie is not needed
+            unset_user_session_cookie(response)
+        return cookie_user
+    # No bearer token or cookie
+    return await auth_client.get_current_user("")
+def set_user_session_cookie(response: Response, user_session: UserSessionResponse):
+    response.set_cookie(
+        key=APP_AUTH_ACCESS_TOKEN_COOKIE_NAME,
+        value=user_session.access_token,
+        httponly=True,
+        max_age=60 * APP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES,
+        expires=user_session.access_token_expired_at.astimezone(datetime.timezone.utc),
+    )
+    response.set_cookie(
+        key=APP_AUTH_REFRESH_TOKEN_COOKIE_NAME,
+        value=user_session.refresh_token,
+        httponly=True,
+        max_age=60 * APP_AUTH_REFRESH_TOKEN_EXPIRE_MINUTES,
+        expires=user_session.refresh_token_expired_at.astimezone(datetime.timezone.utc),
+    )
+def unset_user_session_cookie(response: Response):
+    response.delete_cookie(APP_AUTH_ACCESS_TOKEN_COOKIE_NAME)
+    response.delete_cookie(APP_AUTH_REFRESH_TOKEN_COOKIE_NAME)

zrb/builtin/project/add/fastapp/fastapp_template/my_app_name/module/gateway/util/view.py CHANGED Viewed

@@ -1,18 +1,24 @@
 import os
 from typing import Any
+import my_app_name.config as CFG
 from fastapi.responses import HTMLResponse
 from my_app_name.common.util.view import render_page, render_str
 from my_app_name.config import (
+    APP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES,
     APP_GATEWAY_CSS_PATH_LIST,
     APP_GATEWAY_FAVICON_PATH,
+    APP_GATEWAY_FOOTER,
     APP_GATEWAY_JS_PATH_LIST,
     APP_GATEWAY_LOGO_PATH,
+    APP_GATEWAY_PICO_CSS_PATH,
     APP_GATEWAY_SUBTITLE,
     APP_GATEWAY_TITLE,
     APP_GATEWAY_VIEW_DEFAULT_TEMPLATE_PATH,
     APP_GATEWAY_VIEW_PATH,
 )
+from my_app_name.module.gateway.config.navigation import APP_NAVIGATION
+from my_app_name.schema.user import AuthUserResponse
 _DEFAULT_TEMPLATE_PATH = os.path.join(
     APP_GATEWAY_VIEW_PATH, APP_GATEWAY_VIEW_DEFAULT_TEMPLATE_PATH
@@ -24,32 +30,47 @@ _DEFAULT_ERROR_TEMPLATE_PATH = os.path.join(
 _DEFAULT_PARTIALS = {
     "title": APP_GATEWAY_TITLE,
     "subtitle": APP_GATEWAY_SUBTITLE,
+    "footer": APP_GATEWAY_FOOTER,
     "logo_path": APP_GATEWAY_LOGO_PATH,
     "favicon_path": APP_GATEWAY_FAVICON_PATH,
+    "pico_css_path": APP_GATEWAY_PICO_CSS_PATH,
     "css_path_list": APP_GATEWAY_CSS_PATH_LIST,
     "js_path_list": APP_GATEWAY_JS_PATH_LIST,
+    "show_user_info": True,
+    "should_refresh_session": True,
+    "refresh_session_interval_seconds": f"{APP_AUTH_ACCESS_TOKEN_EXPIRE_MINUTES * 60 / 3}",
 }
-def render(
+def render_content(
     view_path: str,
     template_path: str = _DEFAULT_TEMPLATE_PATH,
     status_code: int = 200,
-    headers: dict[str, str] = None,
+    headers: dict[str, str] | None = None,
     media_type: str | None = None,
+    current_user: AuthUserResponse | None = None,
+    page_name: str | None = None,
     partials: dict[str, Any] = {},
-    **data: Any
+    **data: Any,
 ) -> HTMLResponse:
     rendered_partials = {key: val for key, val in _DEFAULT_PARTIALS.items()}
     for key, val in partials.items():
         rendered_partials[key] = val
+    rendered_partials["page_name"] = page_name
+    rendered_partials["current_user"] = current_user
+    rendered_partials["navigations"] = APP_NAVIGATION.get_accessible_items(
+        page_name, current_user
+    )
     return render_page(
         template_path=template_path,
         status_code=status_code,
         headers=headers,
         media_type=media_type,
-        partials=rendered_partials,
-        content=render_str(template_path=view_path, **data),
+        content=render_str(
+            template_path=os.path.join(APP_GATEWAY_VIEW_PATH, "content", view_path),
+            **data,
+        ),
+        **rendered_partials,
     )
@@ -58,17 +79,21 @@ def render_error(
     status_code: int = 500,
     view_path: str = _DEFAULT_ERROR_TEMPLATE_PATH,
     template_path: str = _DEFAULT_TEMPLATE_PATH,
-    headers: dict[str, str] = None,
+    headers: dict[str, str] | None = None,
     media_type: str | None = None,
+    current_user: AuthUserResponse | None = None,
+    page_name: str | None = None,
     partials: dict[str, Any] = {},
 ):
-    return render(
+    return render_content(
         view_path=view_path,
         template_path=template_path,
         status_code=status_code,
         headers=headers,
         media_type=media_type,
-        partials=partials,
+        current_user=current_user,
+        page_name=page_name,
+        partials={"show_user_info": False, **partials},
         error_status_code=status_code,
         error_message=error_message,
     )

zrb 1.0.0b9__py3-none-any.whl → 1.1.0__py3-none-any.whl

zrb 1.0.0b9py3-none-any.whl → 1.1.0py3-none-any.whl