,`oh<ddlZddlmZddlmZmZmZmZddlmZm Z ddl m Z m Z m Z ddlmZddlmZmZddlmZdd lmZdd lmZmZdd lmZdd lmZmZdd lm Z m!Z!m"Z"ddl#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.ej^e0Z1 d2dede!de2dee2de3de3de$defdZ4dede!de2de$deef dZ5d3dede2de6deeeffd Z7 d4ded!e de$de6d"e6d#e6deeeffd$Z8dede2d!e"de$def d%Z9ded&e2defd'Z:gfded(e3d)ee2ddfd*Z;d5ded+e2defd,Zded-e2dee3fd0Z?defd1Z@y)6N)datetime)DictListOptionalUnion) HTTPExceptionstatus)and_funcor_)IntegrityError)Session joinedload)Query) Permission)Roleroles_permissions_map)UserPermissions)PermissionSchema RoleSchema)RoleCreateRequestSchemaRoleListFilterSchemaRoleUpdateRequestSchema)Users)settings) API_PREFIXES)generate_unique_slug)QueryPaginator) RoleSeederdbfiltersfieldssort_bypageper_page current_userreturnc Kddg}|jt}|r]t||jd{} |jdk(r/ |j tj j| }|rt|jd} | D]^} | |vr0ttjd| dd j| |jttt| }`|j rr |j t#tj$j'd |j d tj(j'd |j d }g} |r\|D]W} | j+d d }tt|}| j-d r|j/}| j1|Y| r|j2| }|dz |z}t5|t6d jt9t;j<t>j@g||}|jC}||d<|S7#ttjd| d xYww)ax List roles with pagination, filtering, and sorting. Args: db: Database session filters: Filter parameters fields: Additional related fields to include sort_by: List of fields to sort by (prefix with - for descending order) page: Page number for pagination per_page: Items per page current_user: Current authenticated user information permissions created_byr user_idNF,z!Cannot fetch unidentified field 'z'. Allowed fields are z,  status_codedetail%-&Cannot sort with unidentified column '')queryschemaurloffsetlimitallowed_fields)"r7rget_user_role_idsr,show_all_rolesfilteridnotin_splitrr HTTP_422_UNPROCESSABLE_ENTITYjoinoptionsrgetattrsearchr labelilikeslugreplace startswithdescappendorder_byrrstrr api_base_urlrROLE_PERMISSIONpaginate)r r!r"r#r$r%r& allowed_joinsdb_query self_role_ids sql_joinsj sort_queryscol sort_orderr: paginatorresults h/var/www/html/wine-match-dev/backend/winematch-backend/src/apps/role_permission/services/role_service.py list_rolesr`sP,#L1Mxx~H):b,J^J^)_#_  ! !U * Mtww~~m'DEH LL%  FA %# & D D>qcAWX\XaXaboXpWqr '' 743C(DEH  F~~%??    1W^^$4A!67 !GNN#31 56  J A iiR($T3/ <<$!+!2J!!*- $8$$j1Qh( "F GGS..01<3O3OP Q I   !F,F  Mq$`F # & D DCA3aHs*6I4I D?I49AI BI4!I11I4c K|jtjtjdk(}t ||j d{}d|vrMt ||j d{}|jtjj|}|jr |jttjjd|jdtjjd|jdtjjd|jd}g}t|dkDrm|j!d}|D]W} | j#dd } t%t| } | j'dr| j)} |j+| Y|r|j4|}|j7D cgc]} t9j:| } } | S77#t,$r t/t0j2d | d  wxYwcc} ww) z! Permissions Master List Tr+N super_adminr1rr-r2r3r4r5r.)r7rr? is_activeget_user_role_slugsr,get_user_permission_idsr@in_rGr modulerI operationoperation_labellenrBrKrFrLrMrN Exceptionrr rCrOallrmodel_validate)r r!r#r&rU user_roleuser_permissionsrY sort_by_listrZr[r\permresultss r_list_permissionsrsts xx #**:+?+?4+GHH)R9M9MNNII%!8B H\H\!]]??:==#4#45E#FG~~%?? !!''!GNN+;1(=>$$**Qw~~.>a+@A**001W^^4DA1FG  J 7|a}}S)  A iiR($Z5 <<$!+!2J!!*- $8$$j1AIP..t4PGP NMO]4 # & D DCA3aH QsJAI H"I 5H6DI 9AH %I 2II I )II rJ return_rawc>K|jtjtjtj |j k(j }|r|r|Stj|Sttjdw)z" Fetch a role by its slug zNo such role foundr.) r7rr?r lowerrJfirstrrmrr HTTP_404_NOT_FOUND)r rJrtroles r_fetch_role_by_slugrzsv 88D> DII!6$**,!F G M M OD K((.. --# sBBpayload is_seedinguse_provided_slugcxK t|dr|jr|r|jtj tj|jk(j }|rg|r$r,} ttjdtA| d} ~ wwxYww)a Create a new role (synchronous version) This function is used for seeding data during app startup. Args: db: Database session payload: Role creation data current_user: User performing the action return_raw: Whether to return the raw DB model or schema is_seeding: Whether this is being called during initial seeding use_provided_slug: Whether to use the slug provided in payload instead of generating rJzRole with slug z" already exists, skipping creationz already existsr.)r instance slug_labelFN)rHrJ is_default created_at created_by_idrole_id permission_idrr ruser_idsz#Attempting to create duplicate rolezCannot create role: )!hasattrrJr7rr?rwloggerinforrmrr HTTP_400_BAD_REQUESTrrHrrnowr@addcommitrefreshrinsertvaluesr)executeusersrjassign_role_to_usersr rkrP) r r{r&rtr|r}existing role_slugnew_rolepidpermission_map_statementes r_ create_rolers**,m 7F # 9Jxx~,,TYY',,-FGMMOHKK/',,?a bc'18Zz7P7PQY7ZZ'$*$?$?/ZaZfZfYggvHw I,Tgmm\I--))2U||~",$,//   x  8#8#?#?#A#H#HGNGZGZ [s ; [$   +,  8 ==S/!3&"hkkGMMZ Z Z O((22 \ [ s(C(CLqrr m(C(CNbcfghcibjLkllmsmJ:BIJ:I*J:+C7I"I8BI:I;IJ:IJ:I,J7 'J22J77J:cKt||dd{}|jrttjdg|_|j tjj|j Dcgc]}|j|dc}}|j||j |j||jrBt|jdkDr*t||j|jd{ |j |j |_|j|j|_|j |j|t#j$|S7|cc}w7}#t&$r,}ttj(d t+|d}~wwxYww) z Update a role T)r rJrtNz*Default role cannot be modified or deletedr.rrrzCannot update role: )rzrrr rCr)rrrrr@rrrrjrrHrrmrkrrP)r rJr{r&ryrrrs r_ update_rolersz$rF FD <<?  DIIK4;;=DD?F?R?RSTWWs 3S JJ'(IIKJJt}}W]]+a/"b$''GMMRRR m == $ DJ    )%00DO  4((..= G T S m(C(CNbcfghcibjLkllmsTGFA-GFBGFG A/FGG G#'G  GGslugsc`K |jtjtjdk(j Dcgc]}|j }}|j dDcgc]}|j}}|D]}|jtjtj |k(j}|sttjd|d|jtjtj|jk(j}||vrttjd|sttj d|jtjtj j#|j%d |j'd diScc}wcc}w#t$rt($r,} ttjd t+| d } ~ wwxYww) z% Remove a role entry by slug Tr-zRole with slug 'z ' not found.r.zCannot delete default role.zThe role is assigned to user.F)synchronize_sessiondeletedzCannot delete role: N)r7rr?rrlrJrBstriprwrr rxrrr@rHTTP_412_PRECONDITION_FAILEDrfdeleterrkrP) r rxdefault_role_slugsrZ to_deleterJryuser_permissionrs r_ remove_roler$sm.0hhtn.C.CDOOW[D[.\.`.`.bcaffcc(- C(891QWWY9 9 D88D>((d):;AACD#0I0ITdeidjjvRwxx hh7>>?V?VZ^ZaZa?abhhjO))#0K0KTqrr # & C CLk  diimmI67>>SX>Y 4  +d9(  m(C(CNbcfghcibjLkllmsOH.AG- G#G-1G(CG-"BG-"H.# G--H+?'H&&H++H.rrcK|jtjtj|k(j }|s0|st d|dyt tjd|g}|D]}|jtjtj|k(j }|sI|jtjtj|jk(tj|jk(j }|r|jt|j|j |r"|j||jyy#t $r,}t tjdt#|d}~wwxYww)z Assign roles to users (synchronous version) Args: db: Database session role_id: ID of the role to assign user_ids: List of user IDs to assign the role to zWarning: Role with ID z# not found, but no users to assign.NzNo such role found with id: r.)r,rzCannot assign role: )r7rr?r@rwprintrr rrr,rrrNbulk_save_objectsrrkrP) r rrruser_permission_recordsr, user_recordrole_already_assignedrs r_rrEsxx~$$TWW%78>>@H  *7)3VW X "77B^_f^g@h !ihhuo,,U]]g-EFLLN   HH_ % V'';>>9''8;;6UW % # * *?;>>[c[f[f+g h!i$m "  !8 9 IIK # m(C(CNbcfghcibjLkllms0D.G12G$#F G F>'F99F>>GkeyscK|jtjtjdk(tjdk(j }|sdddS|jt jt jdk(jDcgc]}|j}}|sdddS tj|Dcgc]}||jdc}}|j||jd diScc}wcc}w#t$r}dt|dcYd }~Sd }~wwxYww) z Reset role permissions Tinvoice_view_costFzPermission not found)reseterrorownerzNo default roles foundrrN)r7rr?rcrhrwrrJrlr@rrrrrkrP)r r permissionrdefault_role_idsrrrs r_run_map_role_permissionsrts ##J$8$8D$@*BVBVZmBmnttv )?@@&(hhtn&;&;DII>H  HHTN ! !$''++h"7 8 < < >E"' A$74+@DII AA ? Bs(BBAB/BBBBcK|jtjtj|k(j }|sgS|jt jt j|j k(t jdk7j}|Dcgc]}|j}}t||d{}|jtjtjjj|j}|Dcgc]}|j} }tt|| z} | Scc}w7cc}ww)zGet user's permission IDsNr+)r7rr?r,rwrr@rrlr=rcrrflistset) r r,rdirect_permissionsrdirect_permission_idsrrole_permissionsrprole_permission_idsall_permission_idss r_reres( 88E? ! !%--7": ; A A CD   ! ''4772O4Q4QUY4Y Z  9KK"R--KK&"g>>Hxx 56==>S>U>U>]>]>a>abj>klppr6FG2++GGc"7:M"MNO L>Hs1B+E.-E"E.E'A!E.4E)!E.)E.c:tj}|D]s}|jtj tj |dk(j }|rLt|d|d|d}|j|u|jddiS)zQ Seed default templates: welcome user, verify user, and forgot password. keynamer)rJrHrmessagez!Default data seeded successfully.) rrr7rr?rJrwrr)r rryexistsrs r_seed_default_rolesrs   E  HHTN ! !$))tE{": ; A A C %[6l -H FF8  IIK : ;;)r6 N)F)FFF)N)Aloggingrtypingrrrrfastapirr sqlalchemyr r r sqlalchemy.excr sqlalchemy.ormrrsqlalchemy.orm.queryr0src.apps.role_permission.models.permission_modelr*src.apps.role_permission.models.role_modelrr5src.apps.role_permission.models.user_permission_modelr'src.apps.role_permission.schemas.commonrr)src.apps.role_permission.schemas.requestsrrrsrc.apps.user.models.user_modelrsrc.core.configrsrc.utils.constantsrsrc.utils.helpers.functionsrsrc.utils.helpers.paginationrsrc.utils.template_seederr getLogger__name__rrPintr`rsboolrzrrrrrr=rdrerrr_rs..)&&).&GRQP 2$,<70   8 $SS !S S#Y S  S  SS Sl....9<.LQ. .b    RWXbdhXhRi &# AmAm $AmAm Am  Am  Am :t AmH)m)m )m%)m )m  )mXm'm#m$mBQS,m7,mS,mDI,mW[,m^1w1c1T1833#3$s)3B'BCBDIBgS 2<7