Support non-id primary keys (#679)

Author: Dreamsorcerer

aiohttp_admin/backends/abc.py

@@ -1,5 +1,6 @@
 import asyncio
 import json
+import warnings
 from abc import ABC, abstractmethod
 from datetime import datetime
 from enum import Enum
@@ -85,7 +86,11 @@ class AbstractAdminResource(ABC):
     name: str
     fields: dict[str, FieldState]
     inputs: dict[str, InputState]
-    repr_field: str
+    primary_key: str
+
+    def __init__(self) -> None:
+        if "id" in self.fields and self.primary_key != "id":
+            warnings.warn("A non-PK 'id' column is likely to break the admin.", stacklevel=2)
 
     async def filter_by_permissions(self, request: web.Request, perm_type: str,
                                     record: Record, original: Optional[Record] = None) -> Record:
@@ -132,6 +137,10 @@ async def _get_list(self, request: web.Request) -> web.Response:
         await check_permission(request, f"admin.{self.name}.view", context=(request, None))
         query = parse_obj_as(GetListParams, request.query)
 
+        # When sort order refers to "id", this should be translated to primary key.
+        if query["sort"]["field"] == "id":
+            query["sort"]["field"] = self.primary_key
+
         # Add filters from advanced permissions.
         # The permissions will be cached on the request from a previous permissions check.
         permissions = permissions_as_dict(request["aiohttpadmin_permissions"])
@@ -144,6 +153,9 @@ async def _get_list(self, request: web.Request) -> web.Response:
         results = [await self.filter_by_permissions(request, "view", r) for r in results]
         results = [r for r in results if await permits(request, f"admin.{self.name}.view",
                                                        context=(request, r))]
+        # We need to set "id" for react-admin (in case there is no "id" primary key).
+        for r in results:
+            r["id"] = r[self.primary_key]
         return json_response({"data": results, "total": total})
 
     async def _get_one(self, request: web.Request) -> web.Response:
@@ -154,6 +166,7 @@ async def _get_one(self, request: web.Request) -> web.Response:
         if not await permits(request, f"admin.{self.name}.view", context=(request, result)):
             raise web.HTTPForbidden()
         result = await self.filter_by_permissions(request, "view", result)
+        result["id"] = result[self.primary_key]
         return json_response({"data": result})
 
     async def _get_many(self, request: web.Request) -> web.Response:
@@ -163,6 +176,8 @@ async def _get_many(self, request: web.Request) -> web.Response:
         results = await self.get_many(query)
         results = [await self.filter_by_permissions(request, "view", r) for r in results
                    if await permits(request, f"admin.{self.name}.view", context=(request, r))]
+        for r in results:
+            r["id"] = r[self.primary_key]
         return json_response({"data": results})
 
     async def _create(self, request: web.Request) -> web.Response:
@@ -175,12 +190,16 @@ async def _create(self, request: web.Request) -> web.Response:
 
         result = await self.create(query)
         result = await self.filter_by_permissions(request, "view", result)
+        result["id"] = result[self.primary_key]
         return json_response({"data": result})
 
     async def _update(self, request: web.Request) -> web.Response:
         await check_permission(request, f"admin.{self.name}.edit", context=(request, None))
         query = parse_obj_as(UpdateParams, request.query)
 
+        if self.primary_key != "id":
+            query["data"].pop("id", None)
+
         # Check original record is allowed by permission filters.
         original = await self.get_one({"id": query["id"]})
         if not await permits(request, f"admin.{self.name}.edit", context=(request, original)):
@@ -199,6 +218,7 @@ async def _update(self, request: web.Request) -> web.Response:
 
         result = await self.update(query)
         result = await self.filter_by_permissions(request, "view", result)
+        result["id"] = result[self.primary_key]
         return json_response({"data": result})
 
     async def _update_many(self, request: web.Request) -> web.Response:
@@ -230,6 +250,7 @@ async def _delete(self, request: web.Request) -> web.Response:
 
         result = await self.delete(query)
         result = await self.filter_by_permissions(request, "view", result)
+        result["id"] = result[self.primary_key]
         return json_response({"data": result})
 
     async def _delete_many(self, request: web.Request) -> web.Response:

aiohttp_admin/backends/sqlalchemy.py

@@ -82,13 +82,15 @@ def __init__(self, db: AsyncEngine, model_or_table: Union[sa.Table, Type[Declara
         self._db = db
         self._table = table
 
-        self._primary_key = tuple(filter(lambda c: table.c[c].primary_key, self._table.c.keys()))
-        if not self._primary_key:
+        pk = tuple(filter(lambda c: table.c[c].primary_key, self._table.c.keys()))
+        if not pk:
             raise ValueError("No primary key found.")
-        if len(self._primary_key) > 1:
+        if len(pk) > 1:
             # TODO: Test composite primary key
             raise NotImplementedError("Composite keys not supported yet.")
-        self.repr_field = self._primary_key[0]
+        self.primary_key = pk[0]
+
+        super().__init__()
 
     async def get_list(self, params: GetListParams) -> tuple[list[Record], int]:
         per_page = params["pagination"]["perPage"]
@@ -112,7 +114,7 @@ async def get_list(self, params: GetListParams) -> tuple[list[Record], int]:
 
     async def get_one(self, params: GetOneParams) -> Record:
         async with self._db.connect() as conn:
-            stmt = sa.select(self._table).where(self._table.c["id"] == params["id"])
+            stmt = sa.select(self._table).where(self._table.c[self.primary_key] == params["id"])
             result = await conn.execute(stmt)
             try:
                 return result.one()._asdict()
@@ -122,8 +124,7 @@ async def get_one(self, params: GetOneParams) -> Record:
 
     async def get_many(self, params: GetManyParams) -> list[Record]:
         async with self._db.connect() as conn:
-            # TODO: Handle primary key not called "id"
-            stmt = sa.select(self._table).where(self._table.c["id"].in_(params["ids"]))
+            stmt = sa.select(self._table).where(self._table.c[self.primary_key].in_(params["ids"]))
             result = await conn.execute(stmt)
             records = [r._asdict() for r in result]
         if records:
@@ -142,7 +143,7 @@ async def create(self, params: CreateParams) -> Record:
 
     async def update(self, params: UpdateParams) -> Record:
         async with self._db.begin() as conn:
-            stmt = sa.update(self._table).where(self._table.c["id"] == params["id"])
+            stmt = sa.update(self._table).where(self._table.c[self.primary_key] == params["id"])
             stmt = stmt.values(params["data"]).returning(*self._table.c)
             try:
                 row = await conn.execute(stmt)
@@ -157,8 +158,8 @@ async def update(self, params: UpdateParams) -> Record:
 
     async def update_many(self, params: UpdateManyParams) -> list[Union[str, int]]:
         async with self._db.begin() as conn:
-            stmt = sa.update(self._table).where(self._table.c["id"].in_(params["ids"]))
-            stmt = stmt.values(params["data"]).returning(self._table.c["id"])
+            stmt = sa.update(self._table).where(self._table.c[self.primary_key].in_(params["ids"]))
+            stmt = stmt.values(params["data"]).returning(self._table.c[self.primary_key])
             try:
                 r = await conn.scalars(stmt)
             except sa.exc.CompileError as e:
@@ -170,7 +171,7 @@ async def update_many(self, params: UpdateManyParams) -> list[Union[str, int]]:
 
     async def delete(self, params: DeleteParams) -> Record:
         async with self._db.begin() as conn:
-            stmt = sa.delete(self._table).where(self._table.c["id"] == params["id"])
+            stmt = sa.delete(self._table).where(self._table.c[self.primary_key] == params["id"])
             row = await conn.execute(stmt.returning(*self._table.c))
             try:
                 return row.one()._asdict()
@@ -180,9 +181,8 @@ async def delete(self, params: DeleteParams) -> Record:
 
     async def delete_many(self, params: DeleteManyParams) -> list[Union[str, int]]:
         async with self._db.begin() as conn:
-            # TODO: Handle primary key not called "id"
-            stmt = sa.delete(self._table).where(self._table.c["id"].in_(params["ids"]))
-            r = await conn.scalars(stmt.returning(self._table.c["id"]))
+            stmt = sa.delete(self._table).where(self._table.c[self.primary_key].in_(params["ids"]))
+            r = await conn.scalars(stmt.returning(self._table.c[self.primary_key]))
             ids = list(r)
         if ids:
             return ids

aiohttp_admin/routes.py

@@ -25,7 +25,7 @@ def setup_resources(admin: web.Application, schema: Schema) -> None:
             if not all(f in m.fields for f in display_fields):
                 raise ValueError(f"Display includes non-existent field {display_fields}")
 
-        repr_field = r.get("repr", m.repr_field)
+        repr_field = r.get("repr", m.primary_key)
 
         for k, v in m.inputs.items():
             if k in display_fields:

tests/test_backends_sqlalchemy.py

@@ -1,11 +1,19 @@
-from typing import Type
+import json
+from typing import Awaitable, Callable, Type
 
+import pytest
 import sqlalchemy as sa
-from sqlalchemy.ext.asyncio import AsyncEngine
+from aiohttp import web
+from aiohttp.test_utils import TestClient
+from sqlalchemy.ext.asyncio import AsyncEngine, async_sessionmaker, create_async_engine
 from sqlalchemy.orm import DeclarativeBase, Mapped, mapped_column, relationship
 
+import aiohttp_admin
+from _auth import check_credentials
 from aiohttp_admin.backends.sqlalchemy import SAResource
 
+_Login = Callable[[TestClient], Awaitable[dict[str, str]]]
+
 
 def test_pk(base: Type[DeclarativeBase], mock_engine: AsyncEngine) -> None:
     class TestModel(base):  # type: ignore[misc,valid-type]
@@ -15,7 +23,7 @@ class TestModel(base):  # type: ignore[misc,valid-type]
 
     r = SAResource(mock_engine, TestModel)
     assert r.name == "dummy"
-    assert r.repr_field == "id"
+    assert r.primary_key == "id"
     assert r.fields == {
         "id": {"type": "NumberField", "props": {}},
         "num": {"type": "TextField", "props": {}}
@@ -34,7 +42,7 @@ def test_table(mock_engine: AsyncEngine) -> None:
 
     r = SAResource(mock_engine, dummy_table)
     assert r.name == "dummy"
-    assert r.repr_field == "id"
+    assert r.primary_key == "id"
     assert r.fields == {
         "id": {"type": "NumberField", "props": {}},
         "num": {"type": "TextField", "props": {}}
@@ -57,7 +65,7 @@ class TestChildModel(base):  # type: ignore[misc,valid-type]
 
     r = SAResource(mock_engine, TestChildModel)
     assert r.name == "child"
-    assert r.repr_field == "id"
+    assert r.primary_key == "id"
     assert r.fields == {"id": {"type": "ReferenceField", "props": {"reference": "dummy"}}}
     # PK with FK constraint should be shown in create form.
     assert r.inputs == {"id": {
@@ -82,3 +90,104 @@ class TestOne(base):  # type: ignore[misc,valid-type]
         "props": {"children": {"id": {"props": {}, "type": "NumberField"}},
                   "label": "Ones", "reference": "one", "source": "id", "target": "many_id"}}
     assert "ones" not in r.inputs
+
+
+async def test_nonid_pk(base: Type[DeclarativeBase], mock_engine: AsyncEngine) -> None:
+    class TestModel(base):  # type: ignore[misc,valid-type]
+        __tablename__ = "test"
+        num: Mapped[int] = mapped_column(primary_key=True)
+        other: Mapped[str]
+
+    r = SAResource(mock_engine, TestModel)
+    assert r.name == "test"
+    assert r.primary_key == "num"
+    assert r.fields == {
+        "num": {"type": "NumberField", "props": {}},
+        "other": {"type": "TextField", "props": {}}
+    }
+    assert r.inputs == {
+        "num": {"type": "NumberInput", "show_create": False, "props": {}},
+        "other": {"type": "TextInput", "show_create": True, "props": {}}
+    }
+
+
+async def test_id_nonpk(base: Type[DeclarativeBase], mock_engine: AsyncEngine) -> None:
+    class NotPK(base):  # type: ignore[misc,valid-type]
+        __tablename__ = "notpk"
+        name: Mapped[str] = mapped_column(primary_key=True)
+        id: Mapped[int]
+
+    class CompositePK(base):  # type: ignore[misc,valid-type]
+        __tablename__ = "compound"
+        id: Mapped[int] = mapped_column(primary_key=True)
+        other: Mapped[int] = mapped_column(primary_key=True)
+
+    with pytest.warns(UserWarning, match="A non-PK 'id' column is likely to break the admin."):
+        SAResource(mock_engine, NotPK)
+    # TODO: Support composite PK.
+    # with pytest.warns(UserWarning, match="'id' column in a composite PK is likely to"
+    #                   + " break the admin"):
+    #     SAResource(mock_engine, CompositePK)
+
+
+async def test_nonid_pk_api(
+    base: DeclarativeBase, aiohttp_client: Callable[[web.Application], Awaitable[TestClient]],
+    login: _Login
+) -> None:
+    class TestModel(base):  # type: ignore[misc,valid-type]
+        __tablename__ = "test"
+        num: Mapped[int] = mapped_column(primary_key=True)
+        other: Mapped[str]
+
+    app = web.Application()
+    engine = create_async_engine("sqlite+aiosqlite:///:memory:")
+    db = async_sessionmaker(engine, expire_on_commit=False)
+    async with engine.begin() as conn:
+        await conn.run_sync(base.metadata.create_all)
+    async with db.begin() as sess:
+        sess.add(TestModel(num=5, other="foo"))
+        sess.add(TestModel(num=8, other="bar"))
+
+    schema: aiohttp_admin.Schema = {
+        "security": {
+            "check_credentials": check_credentials,
+            "secure": False
+        },
+        "resources": ({"model": SAResource(engine, TestModel)},)
+    }
+    app["admin"] = aiohttp_admin.setup(app, schema)
+
+    admin_client = await aiohttp_client(app)
+    assert admin_client.app
+    h = await login(admin_client)
+
+    url = app["admin"].router["test_get_list"].url_for()
+    p = {"pagination": json.dumps({"page": 1, "perPage": 10}),
+         "sort": json.dumps({"field": "id", "order": "DESC"}), "filter": "{}"}
+    async with admin_client.get(url, params=p, headers=h) as resp:
+        assert resp.status == 200
+        assert await resp.json() == {"data": [{"id": 8, "num": 8, "other": "bar"},
+                                              {"id": 5, "num": 5, "other": "foo"}], "total": 2}
+
+    url = app["admin"].router["test_get_one"].url_for()
+    async with admin_client.get(url, params={"id": 8}, headers=h) as resp:
+        assert resp.status == 200
+        assert await resp.json() == {"data": {"id": 8, "num": 8, "other": "bar"}}
+
+    url = app["admin"].router["test_get_many"].url_for()
+    async with admin_client.get(url, params={"ids": "[5, 8]"}, headers=h) as resp:
+        assert resp.status == 200
+        assert await resp.json() == {"data": [{"id": 5, "num": 5, "other": "foo"},
+                                              {"id": 8, "num": 8, "other": "bar"}]}
+
+    url = app["admin"].router["test_create"].url_for()
+    p = {"data": json.dumps({"num": 12, "other": "this"})}
+    async with admin_client.post(url, params=p, headers=h) as resp:
+        assert resp.status == 200
+        assert await resp.json() == {"data": {"id": 12, "num": 12, "other": "this"}}
+
+    url = app["admin"].router["test_update"].url_for()
+    p1 = {"id": 5, "data": json.dumps({"id": 5, "other": "that"}), "previousData": "{}"}
+    async with admin_client.put(url, params=p1, headers=h) as resp:
+        assert resp.status == 200
+        assert await resp.json() == {"data": {"id": 5, "num": 5, "other": "that"}}