Use evaluate() function with Component/Function types (#757)

Author: Dreamsorcerer

.pre-commit-config.yaml

@@ -4,7 +4,7 @@ repos:
   hooks:
   - id: check-merge-conflict
 - repo: https://github.com/asottile/yesqa
-  rev: v1.4.0
+  rev: v1.5.0
   hooks:
   - id: yesqa
     additional_dependencies: ["flake8-bandit", "flake8-bugbear"]
@@ -38,7 +38,7 @@ repos:
   - id: detect-private-key
     exclude: ^examples/
 - repo: https://github.com/PyCQA/flake8
-  rev: '6.0.0'
+  rev: '6.1.0'
   hooks:
   - id: flake8
     exclude: "^docs/"

admin-js/src/App.js

@@ -65,8 +65,7 @@ const COMPONENTS = {
     BooleanInput, DateInput, DateTimeInput, NumberInput, ReferenceInput, SelectInput,
     TextInput, TimeInput
 };
-const USER_FUNCS = {};
-const VALIDATORS = {email, maxLength, maxValue, minLength, minValue, regex, required};
+const FUNCTIONS = {email, maxLength, maxValue, minLength, minValue, regex, required};
 const _body = document.querySelector("body");
 const STATE = Object.freeze(JSON.parse(_body.dataset.state));
 
@@ -76,8 +75,7 @@ if (STATE["js_module"]) {
     // browser's import() function. Needed to dynamically import a module.
     MODULE_LOADER = import(/* webpackIgnore: true */ STATE["js_module"]).then((mod) => {
         Object.assign(COMPONENTS, mod.components);
-        Object.assign(VALIDATORS, mod.validators);
-        Object.assign(USER_FUNCS, mod.funcs);
+        Object.assign(FUNCTIONS, mod.functions);
     });
 } else {
     MODULE_LOADER = Promise.resolve();
@@ -157,46 +155,58 @@ const authProvider = {
     },
 };
 
+function evaluate(obj) {
+    if (obj === null || obj === undefined)
+        return obj;
+    if (Array.isArray(obj))
+        return obj.map(evaluate);
+    if (obj["__type__"] === "component") {
+        const C = COMPONENTS[obj["type"]];
+        if (C === undefined)
+            throw Error(`Unknown component '${obj["type"]}'`);
+
+        let {children, ...props} = obj["props"];
+        props = Object.fromEntries(Object.entries(props).map(([k, v]) => [k, evaluate(v)]));
+        if (children)
+            return <C {...props}>{evaluate(children)}</C>;
+        return <C {...props} />;
+    }
+    if (obj["__type__"] === "function") {
+        const f = FUNCTIONS[obj["name"]];
+        if (f === undefined)
+            throw Error(`Unknown function '${obj["name"]}'`);
+        if (obj["args"] === null)
+            return f;
+        return f(...evaluate(obj["args"]));
+    }
+    if (obj["__type__"] === "regexp")
+        return new RegExp(obj["value"]);
+    return obj;
+}
+
 
-function createFields(resource, name, permissions) {
+function createFields(fields, name, permissions) {
     let components = [];
-    for (const [field, state] of Object.entries(resource["fields"])) {
+    for (const [field, state] of Object.entries(fields)) {
         if (!hasPermission(`${name}.${field}.view`, permissions))
             continue;
 
-        const C = COMPONENTS[state["type"]];
-        if (C === undefined)
-            throw Error(`Unknown component '${state["type"]}'`);
-
-        const {children, ...props} = state["props"];
-        let c;
-        if (children) {
-            let child_fields = createFields(
-                {"fields": children, "display": Object.keys(children)}, name, permissions);
-            c = <C source={field} {...props}>{child_fields}</C>;
-        } else {
-            c = <C source={field} {...props} />;
-        }
-        if (field === "_") {
-            // Layout component, not related to a specific field.
-            components.push(c);
-        } else {
-            const withRecordProps = {
-                "source": field, "label": props["label"], "sortable": props["sortable"],
-                "sortBy": props["sortBy"], "sortByOrder": props["sortByOrder"]}
-            // Show icon if user doesn't have permission to view this field (based on filters).
-            components.push(<WithRecord {...withRecordProps} render={
-                (record) => hasPermission(`${name}.${field}.view`, permissions, record) ? c : <VisibilityOffIcon />
-            } />);
-        }
+        const c = evaluate(state);
+        const withRecordPropNames = ["label", "sortable", "sortBy", "sortByOrder"];
+        const withRecordProps = Object.fromEntries(withRecordPropNames.map(
+            (k) => [k, evaluate(state["props"][k])]));
+        // Show icon if user doesn't have permission to view this field (based on filters).
+        components.push(<WithRecord source={field} {...withRecordProps} render={
+            (record) => hasPermission(`${name}.${field}.view`, permissions, record) ? c : <VisibilityOffIcon />
+        } />);
     }
     return components;
 }
 
 function createInputs(resource, name, perm_type, permissions) {
     let components = [];
     const resource_filters = getFilters(name, perm_type, permissions);
-    for (const [field, state] of Object.entries(resource["inputs"])) {
+    for (let [field, state] of Object.entries(resource["inputs"])) {
         if ((perm_type === "add" && !state["show_create"])
             || !hasPermission(`${name}.${field}.${perm_type}`, permissions))
             continue;
@@ -216,19 +226,11 @@ function createInputs(resource, name, perm_type, permissions) {
                 <SelectInput source={field} choices={choices} defaultValue={nullable < 0 && fvalues[0]}
                     validate={nullable < 0 && required()} disabled={disabled} />);
         } else {
-            const C = COMPONENTS[state["type"]];
-            if (C === undefined)
-                throw Error(`Unknown component '${state["type"]}'`);
-
-            let validators = [];
-            if (perm_type !== "view") {
-                for (let validator of state["validators"]) {
-                    if (validator[0] === "regex")
-                        validator[1] = new RegExp(validator[1]);
-                    validators.push(VALIDATORS[validator[0]](...validator.slice(1)))
-                }
+            if (perm_type === "view") {
+                state = structuredClone(state);
+                delete state["props"]["validate"];
             }
-            const c = <C source={field} validate={validators} {...state["props"]} />;
+            const c = evaluate(state);
             if (perm_type === "edit")
                 // Don't render if filters disallow editing this field.
                 components.push(<WithRecord source={field} render={
@@ -277,7 +279,7 @@ const AiohttpList = (resource, name, permissions) => {
     return (
         <List actions={<ListActions />} filters={createInputs(resource, name, "view", permissions)}>
             <DatagridConfigurable omit={resource["list_omit"]} rowClick="show" bulkActionButtons={<BulkActionButtons />}>
-                {createFields(resource, name, permissions)}
+                {createFields(resource["fields"], name, permissions)}
                 <WithRecord label="[Edit]" render={(record) => hasPermission(`${name}.edit`, permissions, record) && <EditButton />} />
             </DatagridConfigurable>
         </List>
@@ -294,7 +296,7 @@ const AiohttpShow = (resource, name, permissions) => {
     return (
         <Show actions={<ShowActions />}>
             <SimpleShowLayout>
-                {createFields(resource, name, permissions)}
+                {createFields(resource["fields"], name, permissions)}
             </SimpleShowLayout>
         </Show>
     );

aiohttp_admin/__init__.py

@@ -7,10 +7,10 @@
 from aiohttp import web
 from aiohttp.typedefs import Handler
 from aiohttp_session.cookie_storage import EncryptedCookieStorage
-from pydantic import ValidationError, parse_obj_as
+from pydantic import ValidationError
 
 from .routes import setup_resources, setup_routes
-from .security import AdminAuthorizationPolicy, Permissions, TokenIdentityPolicy
+from .security import AdminAuthorizationPolicy, Permissions, TokenIdentityPolicy, check
 from .types import Schema, UserDetails
 
 __all__ = ("Permissions", "Schema", "UserDetails", "setup")
@@ -67,7 +67,7 @@ def value(r: web.RouteDef) -> tuple[str, str]:
             m = res["model"]
             admin["state"]["resources"][m.name]["urls"] = {key(r): value(r) for r in m.routes}
 
-    schema = parse_obj_as(Schema, schema)
+    schema = check(Schema, schema)
     if secret is None:
         secret = secrets.token_bytes()
 

aiohttp_admin/backends/abc.py

@@ -1,19 +1,25 @@
 import asyncio
 import json
+import sys
 import warnings
 from abc import ABC, abstractmethod
 from datetime import date, datetime, time
 from enum import Enum
 from functools import cached_property, partial
 from types import MappingProxyType
-from typing import Any, Literal, Optional, TypedDict, Union
+from typing import Any, Literal, Optional, Union
 
 from aiohttp import web
 from aiohttp_security import check_permission, permits
-from pydantic import Json, parse_obj_as
+from pydantic import Json
 
-from ..security import permissions_as_dict
-from ..types import FieldState, InputState
+from ..security import check, permissions_as_dict
+from ..types import ComponentState, InputState
+
+if sys.version_info >= (3, 12):
+    from typing import TypedDict
+else:
+    from typing_extensions import TypedDict
 
 Record = dict[str, object]
 
@@ -93,7 +99,7 @@ class DeleteManyParams(_Params):
 
 class AbstractAdminResource(ABC):
     name: str
-    fields: dict[str, FieldState]
+    fields: dict[str, ComponentState]
     inputs: dict[str, InputState]
     primary_key: str
     omit_fields: set[str]
@@ -149,7 +155,7 @@ async def delete_many(self, params: DeleteManyParams) -> list[Union[int, str]]:
 
     async def _get_list(self, request: web.Request) -> web.Response:
         await check_permission(request, f"admin.{self.name}.view", context=(request, None))
-        query = parse_obj_as(GetListParams, request.query)
+        query = check(GetListParams, request.query)
 
         # When sort order refers to "id", this should be translated to primary key.
         if query["sort"]["field"] == "id":
@@ -174,7 +180,7 @@ async def _get_list(self, request: web.Request) -> web.Response:
 
     async def _get_one(self, request: web.Request) -> web.Response:
         await check_permission(request, f"admin.{self.name}.view", context=(request, None))
-        query = parse_obj_as(GetOneParams, request.query)
+        query = check(GetOneParams, request.query)
 
         result = await self.get_one(query)
         if not await permits(request, f"admin.{self.name}.view", context=(request, result)):
@@ -185,7 +191,7 @@ async def _get_one(self, request: web.Request) -> web.Response:
 
     async def _get_many(self, request: web.Request) -> web.Response:
         await check_permission(request, f"admin.{self.name}.view", context=(request, None))
-        query = parse_obj_as(GetManyParams, request.query)
+        query = check(GetManyParams, request.query)
 
         results = await self.get_many(query)
         if not results:
@@ -198,12 +204,12 @@ async def _get_many(self, request: web.Request) -> web.Response:
         return json_response({"data": results})
 
     async def _create(self, request: web.Request) -> web.Response:
-        query = parse_obj_as(CreateParams, request.query)
+        query = check(CreateParams, request.query)
         # TODO(Pydantic): Dissallow extra arguments
         for k in query["data"]:
             if k not in self.inputs and k != "id":
                 raise web.HTTPBadRequest(reason=f"Invalid field '{k}'")
-        query["data"] = parse_obj_as(self._record_type, query["data"])
+        query["data"] = check(self._record_type, query["data"])
         await check_permission(request, f"admin.{self.name}.add", context=(request, query["data"]))
         for k, v in query["data"].items():
             if v is not None:
@@ -217,13 +223,13 @@ async def _create(self, request: web.Request) -> web.Response:
 
     async def _update(self, request: web.Request) -> web.Response:
         await check_permission(request, f"admin.{self.name}.edit", context=(request, None))
-        query = parse_obj_as(UpdateParams, request.query)
+        query = check(UpdateParams, request.query)
         # TODO(Pydantic): Dissallow extra arguments
         for k in query["data"]:
             if k not in self.inputs and k != "id":
                 raise web.HTTPBadRequest(reason=f"Invalid field '{k}'")
-        query["data"] = parse_obj_as(self._record_type, query["data"])
-        query["previousData"] = parse_obj_as(self._record_type, query["previousData"])
+        query["data"] = check(self._record_type, query["data"])
+        query["previousData"] = check(self._record_type, query["previousData"])
 
         if self.primary_key != "id":
             query["data"].pop("id", None)
@@ -251,12 +257,12 @@ async def _update(self, request: web.Request) -> web.Response:
 
     async def _update_many(self, request: web.Request) -> web.Response:
         await check_permission(request, f"admin.{self.name}.edit", context=(request, None))
-        query = parse_obj_as(UpdateManyParams, request.query)
+        query = check(UpdateManyParams, request.query)
         # TODO(Pydantic): Dissallow extra arguments
         for k in query["data"]:
             if k not in self.inputs and k != "id":
                 raise web.HTTPBadRequest(reason=f"Invalid field '{k}'")
-        query["data"] = parse_obj_as(self._record_type, query["data"])
+        query["data"] = check(self._record_type, query["data"])
 
         # Check original records are allowed by permission filters.
         originals = await self.get_many({"ids": query["ids"]})
@@ -278,8 +284,8 @@ async def _update_many(self, request: web.Request) -> web.Response:
 
     async def _delete(self, request: web.Request) -> web.Response:
         await check_permission(request, f"admin.{self.name}.delete", context=(request, None))
-        query = parse_obj_as(DeleteParams, request.query)
-        query["previousData"] = parse_obj_as(self._record_type, query["previousData"])
+        query = check(DeleteParams, request.query)
+        query["previousData"] = check(self._record_type, query["previousData"])
 
         original = await self.get_one({"id": query["id"]})
         if not await permits(request, f"admin.{self.name}.delete", context=(request, original)):
@@ -292,7 +298,7 @@ async def _delete(self, request: web.Request) -> web.Response:
 
     async def _delete_many(self, request: web.Request) -> web.Response:
         await check_permission(request, f"admin.{self.name}.delete", context=(request, None))
-        query = parse_obj_as(DeleteManyParams, request.query)
+        query = check(DeleteManyParams, request.query)
 
         originals = await self.get_many(query)
         allowed = await asyncio.gather(*(permits(request, f"admin.{self.name}.delete",