feat: Add security model signals for User, Role, and Group CRUD operations (#2432)

* feat: Add security model signals for User, Role, and Group CRUD operations

* fix tests

* fix tests

* fix tests

* refactor: Use self.current_user instead of custom _get_current_user method

Simplify signal triggered_by by using the existing current_user property
from BaseSecurityManager instead of a redundant helper method.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: Handle missing app/request context in signal emission

- Add app context check in _signals_enabled() to prevent errors during
  app initialization
- Add _get_triggered_by_user() helper to safely get current user,
  returning None when outside request context

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* test: Add coverage tests for security signals

Add tests for:
- SecurityModelChangeEvent properties (is_pre_commit, is_create, is_update, is_delete)
- Post-commit error handling (errors logged but not raised)
- _signals_enabled behavior outside app context
- _get_triggered_by_user returning None without request context

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix: Use mock for app context test to avoid CI issues

Mock has_app_context instead of relying on actual context teardown
which behaves differently in CI environment.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* Update tests/test_security_signals.py

Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com>

* Update tests/test_security_signals.py

Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com>

* fix: Correct assertIsEqual to assertEqual in test

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com>

Author: 3 people

flask_appbuilder/const.py

@@ -85,8 +85,24 @@
 """ User added, format with username """
 LOGMSG_INF_SEC_UPD_USER = "Updated user %s"
 """ User updated, format with username """
+LOGMSG_INF_SEC_DEL_USER = "Deleted user %s"
+""" User deleted, format with user id """
+LOGMSG_ERR_SEC_DEL_USER = "Error deleting user: %s"
+""" Error deleting user, format with err message """
 LOGMSG_INF_SEC_UPD_ROLE = "Updated role %s"
 """ Role updated, format with role name """
+LOGMSG_INF_SEC_DEL_ROLE = "Deleted role %s"
+""" Role deleted, format with role id """
+LOGMSG_ERR_SEC_DEL_ROLE = "Error deleting role: %s"
+""" Error deleting role, format with err message """
+LOGMSG_INF_SEC_ADD_GROUP = "Added group %s"
+""" Group added, format with group name """
+LOGMSG_INF_SEC_UPD_GROUP = "Updated group %s"
+""" Group updated, format with group name """
+LOGMSG_INF_SEC_DEL_GROUP = "Deleted group %s"
+""" Group deleted, format with group id """
+LOGMSG_ERR_SEC_DEL_GROUP = "Error deleting group: %s"
+""" Error deleting group, format with err message """
 LOGMSG_ERR_SEC_UPD_ROLE = "An error occurred updating role %s"
 """ Role updated Error, format with role name """
 

flask_appbuilder/security/events.py

@@ -0,0 +1,84 @@
+"""
+Event classes for Flask-AppBuilder security signals.
+
+This module defines the event payload structures sent with security signals.
+"""
+
+from dataclasses import dataclass, field
+from datetime import datetime
+from typing import Any, Dict, Literal, Optional
+
+
+@dataclass
+class SecurityModelChangeEvent:
+    """
+    Payload sent with security model change signals.
+
+    This event is passed to signal handlers when User, Role, or Group
+    models are created, updated, or deleted.
+
+    Attributes:
+        model_type: The type of model ("user", "role", or "group")
+        action: The action being performed. Pre-commit actions use present
+            participle ("creating", "updating", "deleting"). Post-commit
+            actions use past tense ("created", "updated", "deleted").
+        model_id: The primary key of the model. For creates, this is
+            available after flush() but before commit().
+        model: The model instance. For deletes, this may be None or
+            an expired instance after commit.
+        timestamp: When the event was created.
+        changes: For updates, a dict of changed fields with old/new values.
+            Example: {"email": {"old": "a@b.com", "new": "x@y.com"}}
+        triggered_by: The User who triggered this change, if available.
+        is_committed: False for pre-commit signals, True for post-commit.
+
+    Example::
+
+        @user_creating.connect
+        def handle_user_creating(sender, event):
+            print(f"Creating user {event.model.username}")
+            print(f"User ID (from flush): {event.model_id}")
+            print(f"Is committed: {event.is_committed}")  # False
+
+        @user_updated.connect
+        def handle_user_updated(sender, event):
+            print(f"Updated user {event.model_id}")
+            print(f"Changes: {event.changes}")
+            print(f"Changed by: {event.triggered_by}")
+    """
+
+    model_type: Literal["user", "role", "group"]
+    action: Literal[
+        "creating",
+        "updating",
+        "deleting",  # Pre-commit
+        "created",
+        "updated",
+        "deleted",  # Post-commit
+    ]
+    model_id: Any
+    model: Optional[Any] = None
+    timestamp: datetime = field(default_factory=datetime.utcnow)
+    changes: Optional[Dict[str, Dict[str, Any]]] = None
+    triggered_by: Optional[Any] = None
+    is_committed: bool = False
+
+    @property
+    def is_pre_commit(self) -> bool:
+        """True if this is a pre-commit event (transaction still open)."""
+        return not self.is_committed
+
+    @property
+    def is_create(self) -> bool:
+        """True if this is a create operation."""
+        return self.action in ("creating", "created")
+
+    @property
+    def is_update(self) -> bool:
+        """True if this is an update operation."""
+        return self.action in ("updating", "updated")
+
+    @property
+    def is_delete(self) -> bool:
+        """True if this is a delete operation."""
+        return self.action in ("deleting", "deleted")

flask_appbuilder/security/signals.py

@@ -0,0 +1,123 @@
+"""
+Signals for Flask-AppBuilder security model changes.
+
+This module provides Blinker signals that fire when User, Role, and Group
+models are created, updated, or deleted. There are two types of signals:
+
+**Pre-commit signals** (e.g., `user_creating`):
+    Fire BEFORE the transaction is committed. Handlers can modify the
+    database session and their changes will be committed atomically
+    with the original operation.
+
+**Post-commit signals** (e.g., `user_created`):
+    Fire AFTER the transaction is committed. Use these for notifications,
+    logging, or other side effects that don't need transactional guarantees.
+
+Example usage::
+
+    from flask_appbuilder.security.signals import user_creating, user_created
+
+    # Pre-commit handler - runs in same transaction
+    @user_creating.connect
+    def on_user_creating(sender, event):
+        # Add related record in same transaction
+        my_record = MyModel(user_id=event.model.id)
+        db.session.add(my_record)  # Will commit with User
+
+    # Post-commit handler - runs after transaction
+    @user_created.connect
+    def on_user_created(sender, event):
+        # Send notification (transaction already committed)
+        send_welcome_email(event.model.email)
+"""
+
+from blinker import Namespace
+
+# Create a namespace for FAB security signals
+_signals = Namespace()
+
+# =============================================================================
+# PRE-COMMIT SIGNALS
+# These fire BEFORE commit - handlers can modify the session
+# =============================================================================
+
+# User signals (pre-commit)
+user_creating = _signals.signal("user-creating")
+"""Signal sent before a user is created and committed.
+
+:param sender: The SecurityManager instance
+:param event: SecurityModelChangeEvent with model_type="user"
+"""
+
+user_updating = _signals.signal("user-updating")
+"""Signal sent before a user update is committed.
+
+:param sender: The SecurityManager instance
+:param event: SecurityModelChangeEvent with model_type="user"
+"""
+
+user_deleting = _signals.signal("user-deleting")
+"""Signal sent before a user is deleted and committed.
+
+:param sender: The SecurityManager instance
+:param event: SecurityModelChangeEvent with model_type="user"
+"""
+
+# Role signals (pre-commit)
+role_creating = _signals.signal("role-creating")
+"""Signal sent before a role is created and committed."""
+
+role_updating = _signals.signal("role-updating")
+"""Signal sent before a role update is committed."""
+
+role_deleting = _signals.signal("role-deleting")
+"""Signal sent before a role is deleted and committed."""
+
+# Group signals (pre-commit)
+group_creating = _signals.signal("group-creating")
+"""Signal sent before a group is created and committed."""
+
+group_updating = _signals.signal("group-updating")
+"""Signal sent before a group update is committed."""
+
+group_deleting = _signals.signal("group-deleting")
+"""Signal sent before a group is deleted and committed."""
+
+# =============================================================================
+# POST-COMMIT SIGNALS
+# These fire AFTER commit - for notifications and side effects only
+# =============================================================================
+
+# User signals (post-commit)
+user_created = _signals.signal("user-created")
+"""Signal sent after a user has been created and committed.
+
+:param sender: The SecurityManager instance
+:param event: SecurityModelChangeEvent with model_type="user"
+"""
+
+user_updated = _signals.signal("user-updated")
+"""Signal sent after a user update has been committed."""
+
+user_deleted = _signals.signal("user-deleted")
+"""Signal sent after a user has been deleted and committed."""
+
+# Role signals (post-commit)
+role_created = _signals.signal("role-created")
+"""Signal sent after a role has been created and committed."""
+
+role_updated = _signals.signal("role-updated")
+"""Signal sent after a role update has been committed."""
+
+role_deleted = _signals.signal("role-deleted")
+"""Signal sent after a role has been deleted and committed."""
+
+# Group signals (post-commit)
+group_created = _signals.signal("group-created")
+"""Signal sent after a group has been created and committed."""
+
+group_updated = _signals.signal("group-updated")
+"""Signal sent after a group update has been committed."""
+
+group_deleted = _signals.signal("group-deleted")
+"""Signal sent after a group has been deleted and committed."""