Merge pull request #15 from PSNAppz/develop

shibu-narayanan · web-flow · commit e20afb9d5d26 · 2026-03-17T18:22:45.000+05:30
Added staff portal applications, roles, and actions to retrieve user-specific permissions
diff --git a/iam-staff-portal-api/src/iam_staff_portal_api/app.py b/iam-staff-portal-api/src/iam_staff_portal_api/app.py
@@ -6,10 +6,18 @@
 
 _config = Settings.get_config()
 
+print("DB datasource:", _config.db_datasource)
+
 from iam_core.models import LoginProvider
 from iam_core.user_auth.app import Initializer as AuthInitializer
 
 from .controllers.auth_controller import AuthController
+from .models import (
+    StaffApplicationAction,
+    StaffPortalApplication,
+    StaffRole,
+    StaffRoleAction,
+)
 
 
 class Initializer(AuthInitializer):
@@ -23,5 +31,9 @@ def migrate_database(self, args):
 
         async def migrate():
             await LoginProvider.create_migrate()
+            await StaffPortalApplication.create_migrate()
+            await StaffRole.create_migrate()
+            await StaffApplicationAction.create_migrate()
+            await StaffRoleAction.create_migrate()
 
         asyncio.run(migrate())
diff --git a/iam-staff-portal-api/src/iam_staff_portal_api/controllers/auth_controller.py b/iam-staff-portal-api/src/iam_staff_portal_api/controllers/auth_controller.py
@@ -3,6 +3,7 @@
 from fastapi import Depends, Request, Response
 from fastapi.responses import RedirectResponse
 from datetime import datetime, timedelta, timezone
+from openg2p_fastapi_common.context import dbengine
 from openg2p_fastapi_common.controller import BaseController
 from iam_core.schemas import (
     AuthPrincipal,
@@ -11,8 +12,16 @@
 )
 from iam_core.services import AuthService
 from iam_core.user_auth.dependencies import auth_principal, require_user_type
+from sqlalchemy import select
+from sqlalchemy.ext.asyncio import async_sessionmaker
 
 from ..config import Settings
+from ..models import (
+    StaffApplicationAction,
+    StaffPortalApplication,
+    StaffRole,
+    StaffRoleAction,
+)
 
 _config = Settings.get_config(strict=False)
 
@@ -41,6 +50,16 @@ def __init__(self, **kwargs):
             methods=["POST"],
         )
         self.router.add_api_route("/callback", self.oauth_callback, methods=["GET"])
+        self.router.add_api_route(
+            "/get_staff_portal_applications",
+            self.get_staff_portal_applications,
+            methods=["GET"],
+        )
+        self.router.add_api_route(
+            "/get_application_actions_for_user",
+            self.get_application_actions_for_user,
+            methods=["GET"],
+        )
 
     async def get_user_profile(
         self,
@@ -107,3 +126,93 @@ async def oauth_callback(self, request: Request):
             secure=_config.auth_cookie_secure,
         )
         return response
+
+    async def get_staff_portal_applications(
+        self,
+        auth: Annotated[
+            AuthPrincipal,
+            Depends(require_user_type("staff", auth_dependency=auth_principal)),
+        ],
+    ):
+        apps = await StaffPortalApplication.get_all()
+        return [
+            {
+                "id": app.id,
+                "application_mnemonic": app.application_mnemonic,
+                "application_description": app.application_description,
+                "icon_base64": app.icon_base64,
+            }
+            for app in apps
+        ]
+
+    async def get_application_actions_for_user(
+        self,
+        auth: Annotated[
+            AuthPrincipal,
+            Depends(require_user_type("staff", auth_dependency=auth_principal)),
+        ],
+    ):
+        client_roles = auth.client_roles or {}
+        if not client_roles:
+            return []
+
+        result = []
+        async_session = async_sessionmaker(dbengine.get())
+        async with async_session() as session:
+            for client_id, roles in client_roles.items():
+                # Find the application by mnemonic (= Keycloak client_id)
+                stmt = select(StaffPortalApplication).where(
+                    StaffPortalApplication.application_mnemonic == client_id,
+                    StaffPortalApplication.active == True,  # noqa: E712
+                )
+                app_row = (await session.execute(stmt)).scalars().first()
+                if not app_row:
+                    continue
+
+                # Find role IDs matching the token roles for this application
+                role_stmt = select(StaffRole).where(
+                    StaffRole.application_id == app_row.id,
+                    StaffRole.role_mnemonic.in_(roles),
+                    StaffRole.active == True,  # noqa: E712
+                )
+                role_rows = (await session.execute(role_stmt)).scalars().all()
+                role_ids = [r.id for r in role_rows]
+
+                if not role_ids:
+                    continue
+
+                # Get action IDs mapped to those roles
+                mapping_stmt = select(StaffRoleAction.action_id).where(
+                    StaffRoleAction.role_id.in_(role_ids),
+                    StaffRoleAction.active == True,  # noqa: E712
+                )
+                action_ids = (
+                    (await session.execute(mapping_stmt)).scalars().all()
+                )
+
+                if not action_ids:
+                    continue
+
+                # Get the action details
+                action_stmt = select(StaffApplicationAction).where(
+                    StaffApplicationAction.id.in_(action_ids),
+                    StaffApplicationAction.active == True,  # noqa: E712
+                )
+                action_rows = (
+                    (await session.execute(action_stmt)).scalars().all()
+                )
+
+                actions = sorted(
+                    set(a.action_mnemonic for a in action_rows)
+                )
+
+                if actions:
+                    result.append(
+                        {
+                            "application_id": app_row.id,
+                            "application_mnemonic": app_row.application_mnemonic,
+                            "actions": actions,
+                        }
+                    )
+
+        return result
diff --git a/iam-staff-portal-api/src/iam_staff_portal_api/models/__init__.py b/iam-staff-portal-api/src/iam_staff_portal_api/models/__init__.py
@@ -0,0 +1,4 @@
+from .staff_portal_application import StaffPortalApplication
+from .staff_role import StaffRole
+from .staff_application_action import StaffApplicationAction
+from .staff_role_action import StaffRoleAction
diff --git a/iam-staff-portal-api/src/iam_staff_portal_api/models/staff_application_action.py b/iam-staff-portal-api/src/iam_staff_portal_api/models/staff_application_action.py
@@ -0,0 +1,13 @@
+from typing import Optional
+
+from openg2p_fastapi_common.models import BaseORMModelWithTimes
+from sqlalchemy import Integer, String
+from sqlalchemy.orm import Mapped, mapped_column
+
+
+class StaffApplicationAction(BaseORMModelWithTimes):
+    __tablename__ = "staff_application_actions"
+
+    action_mnemonic: Mapped[str] = mapped_column(String, nullable=False)
+    action_description: Mapped[Optional[str]] = mapped_column(String, nullable=True)
+    application_id: Mapped[int] = mapped_column(Integer, nullable=False)
diff --git a/iam-staff-portal-api/src/iam_staff_portal_api/models/staff_portal_application.py b/iam-staff-portal-api/src/iam_staff_portal_api/models/staff_portal_application.py
@@ -0,0 +1,13 @@
+from typing import Optional
+
+from openg2p_fastapi_common.models import BaseORMModelWithTimes
+from sqlalchemy import String
+from sqlalchemy.orm import Mapped, mapped_column
+
+
+class StaffPortalApplication(BaseORMModelWithTimes):
+    __tablename__ = "staff_portal_applications"
+
+    application_mnemonic: Mapped[str] = mapped_column(String, unique=True, nullable=False)
+    application_description: Mapped[Optional[str]] = mapped_column(String, nullable=True)
+    icon_base64: Mapped[Optional[str]] = mapped_column(String, nullable=True)
diff --git a/iam-staff-portal-api/src/iam_staff_portal_api/models/staff_role.py b/iam-staff-portal-api/src/iam_staff_portal_api/models/staff_role.py
@@ -0,0 +1,13 @@
+from typing import Optional
+
+from openg2p_fastapi_common.models import BaseORMModelWithTimes
+from sqlalchemy import Integer, String
+from sqlalchemy.orm import Mapped, mapped_column
+
+
+class StaffRole(BaseORMModelWithTimes):
+    __tablename__ = "staff_roles"
+
+    role_mnemonic: Mapped[str] = mapped_column(String, nullable=False)
+    role_description: Mapped[Optional[str]] = mapped_column(String, nullable=True)
+    application_id: Mapped[int] = mapped_column(Integer, nullable=False)
diff --git a/iam-staff-portal-api/src/iam_staff_portal_api/models/staff_role_action.py b/iam-staff-portal-api/src/iam_staff_portal_api/models/staff_role_action.py
@@ -0,0 +1,10 @@
+from openg2p_fastapi_common.models import BaseORMModelWithTimes
+from sqlalchemy import Integer
+from sqlalchemy.orm import Mapped, mapped_column
+
+
+class StaffRoleAction(BaseORMModelWithTimes):
+    __tablename__ = "staff_role_actions"
+
+    role_id: Mapped[int] = mapped_column(Integer, nullable=False)
+    action_id: Mapped[int] = mapped_column(Integer, nullable=False)
