Merge pull request #1455 from weaviate/rbac/add-helper-method-to-role-dataclass

dirkkul · web-flow · commit c917c22ef5d7 · 2024-12-05T10:14:24.000+01:00
Add `role.permissions` helper method, tidy export files for rbac classes
diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
@@ -17,8 +17,7 @@ env:
   WEAVIATE_125: 1.25.24
   WEAVIATE_126: 1.26.8
   WEAVIATE_127: 1.27.1
-  WEAVIATE_128: 1.28.0-dev-223bafc
-
+  WEAVIATE_128: 1.28.0-rc.0
 jobs:
   lint-and-format:
     name: Run Linter and Formatter
diff --git a/integration/test_rbac.py b/integration/test_rbac.py
@@ -161,7 +161,9 @@ def test_create_role(client_factory: ClientFactory, permissions, expected) -> No
                 permissions=permissions,
             )
             role = client.roles.by_name(expected.name)
+            assert role is not None
             assert role == expected
+            assert len(role.permissions) == 1
         finally:
             client.roles.delete(expected.name)
 
@@ -181,6 +183,7 @@ def test_add_permissions_to_existing(client_factory: ClientFactory) -> None:
             assert role is not None
             assert role.collections_permissions is not None
             assert len(role.collections_permissions) == 1
+            assert len(role.permissions) == 1
             assert role.collections_permissions[0].action == Actions.Collections.CREATE
 
             client.roles.add_permissions(
@@ -194,6 +197,7 @@ def test_add_permissions_to_existing(client_factory: ClientFactory) -> None:
             assert role is not None
             assert role.collections_permissions is not None
             assert len(role.collections_permissions) == 2
+            assert len(role.permissions) == 2
             assert role.collections_permissions[0].action == Actions.Collections.CREATE
             assert role.collections_permissions[1].action == Actions.Collections.DELETE
         finally:
@@ -215,6 +219,7 @@ def test_upsert_permissions(client_factory: ClientFactory) -> None:
             assert role is not None
             assert role.collections_permissions is not None
             assert len(role.collections_permissions) == 1
+            assert len(role.permissions) == 1
             assert role.collections_permissions[0].action == Actions.Collections.CREATE
         finally:
             client.roles.delete(role_name)
@@ -237,6 +242,7 @@ def test_downsert_permissions(client_factory: ClientFactory) -> None:
             assert role is not None
             assert role.collections_permissions is not None
             assert len(role.collections_permissions) == 2
+            assert len(role.permissions) == 2
             assert role.collections_permissions[0].action == Actions.Collections.CREATE
             assert role.collections_permissions[1].action == Actions.Collections.DELETE
 
@@ -249,6 +255,7 @@ def test_downsert_permissions(client_factory: ClientFactory) -> None:
             assert role is not None
             assert role.collections_permissions is not None
             assert len(role.collections_permissions) == 1
+            assert len(role.permissions) == 1
             assert role.collections_permissions[0].action == Actions.Collections.CREATE
 
             client.roles.remove_permissions(
@@ -287,6 +294,7 @@ def test_multiple_permissions(client_factory: ClientFactory) -> None:
 
             role = client.roles.by_name(role_name)
             assert role is not None
+            assert len(role.permissions) == 3
             assert role.collections_permissions is not None
             assert len(role.collections_permissions) == 1
             assert role.collections_permissions[0].action == Actions.Collections.READ
diff --git a/weaviate/classes/rbac.py b/weaviate/classes/rbac.py
@@ -1,3 +1,3 @@
-from weaviate.rbac.models import Permissions, Actions
+from weaviate.rbac.models import Permissions, Actions, PermissionsInputType
 
-__all__ = ["Actions", "Permissions"]
+__all__ = ["Actions", "Permissions", "PermissionsInputType"]
diff --git a/weaviate/outputs/rbac.py b/weaviate/outputs/rbac.py
@@ -0,0 +1,21 @@
+from weaviate.rbac.models import (
+    PermissionsOutputType,
+    BackupsPermission,
+    ClusterPermission,
+    CollectionsPermission,
+    DataPermission,
+    NodesPermission,
+    RolesPermission,
+    UsersPermission,
+)
+
+__all__ = [
+    "PermissionsOutputType",
+    "BackupsPermission",
+    "ClusterPermission",
+    "CollectionsPermission",
+    "DataPermission",
+    "NodesPermission",
+    "RolesPermission",
+    "UsersPermission",
+]
diff --git a/weaviate/rbac/models.py b/weaviate/rbac/models.py
@@ -257,6 +257,17 @@ class NodesPermission:
     action: NodesAction
 
 
+PermissionsOutputType = Union[
+    ClusterPermission,
+    CollectionsPermission,
+    DataPermission,
+    RolesPermission,
+    UsersPermission,
+    BackupsPermission,
+    NodesPermission,
+]
+
+
 @dataclass
 class Role:
     name: str
@@ -268,6 +279,18 @@ class Role:
     backups_permissions: List[BackupsPermission]
     nodes_permissions: List[NodesPermission]
 
+    @property
+    def permissions(self) -> List[PermissionsOutputType]:
+        permissions: List[PermissionsOutputType] = []
+        permissions.extend(self.cluster_permissions)
+        permissions.extend(self.collections_permissions)
+        permissions.extend(self.data_permissions)
+        permissions.extend(self.roles_permissions)
+        permissions.extend(self.users_permissions)
+        permissions.extend(self.backups_permissions)
+        permissions.extend(self.nodes_permissions)
+        return permissions
+
     @classmethod
     def _from_weaviate_role(cls, role: WeaviateRole) -> "Role":
         cluster_permissions: List[ClusterPermission] = []
@@ -354,7 +377,7 @@ class User:
 ActionsType = Union[_Action, Sequence[_Action]]
 
 
-PermissionsType = Union[
+PermissionsInputType = Union[
     _Permission,
     Sequence[_Permission],
     Sequence[Sequence[_Permission]],
@@ -575,7 +598,3 @@ def cluster(*, read: bool = False) -> PermissionsCreateType:
         if read:
             permissions.append(_ClusterFactory.read())
         return permissions
-
-
-class RBAC:
-    permissions = Permissions
diff --git a/weaviate/rbac/roles.py b/weaviate/rbac/roles.py
@@ -5,7 +5,7 @@
 from weaviate.connect.v4 import _ExpectedStatusCodes
 from weaviate.rbac.models import (
     _Permission,
-    PermissionsType,
+    PermissionsInputType,
     Role,
     User,
     WeaviatePermission,
@@ -213,7 +213,7 @@ async def delete(self, role: str) -> None:
         """
         return await self._delete_role(role)
 
-    async def create(self, *, name: str, permissions: PermissionsType) -> Role:
+    async def create(self, *, name: str, permissions: PermissionsInputType) -> Role:
         """Create a new role.
 
         Args:
@@ -249,7 +249,7 @@ async def revoke(self, *, roles: Union[str, List[str]], user: str) -> None:
         """
         await self._revoke_roles_from_user([roles] if isinstance(roles, str) else roles, user)
 
-    async def add_permissions(self, *, permissions: PermissionsType, role: str) -> None:
+    async def add_permissions(self, *, permissions: PermissionsInputType, role: str) -> None:
         """Add permissions to a role.
 
         Note: This method is an upsert operation. If the permission already exists, it will be updated. If it does not exist, it will be created.
@@ -264,7 +264,7 @@ async def add_permissions(self, *, permissions: PermissionsType, role: str) -> N
             [permission._to_weaviate() for permission in _flatten_permissions(permissions)], role
         )
 
-    async def remove_permissions(self, *, permissions: PermissionsType, role: str) -> None:
+    async def remove_permissions(self, *, permissions: PermissionsInputType, role: str) -> None:
         """Remove permissions from a role.
 
         Note: This method is a downsert operation. If the permission does not exist, it will be ignored. If these permissions are the only permissions of the role, the role will be deleted.
@@ -280,7 +280,7 @@ async def remove_permissions(self, *, permissions: PermissionsType, role: str) -
         )
 
 
-def _flatten_permissions(permissions: PermissionsType) -> List[_Permission]:
+def _flatten_permissions(permissions: PermissionsInputType) -> List[_Permission]:
     if isinstance(permissions, _Permission):
         return [permissions]
     flattened_permissions: List[_Permission] = []
diff --git a/weaviate/rbac/sync.pyi b/weaviate/rbac/sync.pyi
@@ -1,6 +1,6 @@
 from typing import Dict, List, Optional, Union
 
-from weaviate.rbac.models import PermissionsType, Role, User
+from weaviate.rbac.models import PermissionsInputType, Role, User
 from weaviate.rbac.roles import _RolesBase
 
 class _Roles(_RolesBase):
@@ -10,8 +10,8 @@ class _Roles(_RolesBase):
     def by_user(self, user: str) -> Dict[str, Role]: ...
     def users(self, role: str) -> Dict[str, User]: ...
     def delete(self, role: str) -> None: ...
-    def create(self, *, name: str, permissions: PermissionsType) -> Role: ...
+    def create(self, *, name: str, permissions: PermissionsInputType) -> Role: ...
     def assign(self, *, roles: Union[str, List[str]], user: str) -> None: ...
     def revoke(self, *, roles: Union[str, List[str]], user: str) -> None: ...
-    def add_permissions(self, *, permissions: PermissionsType, role: str) -> None: ...
-    def remove_permissions(self, *, permissions: PermissionsType, role: str) -> None: ...
+    def add_permissions(self, *, permissions: PermissionsInputType, role: str) -> None: ...
+    def remove_permissions(self, *, permissions: PermissionsInputType, role: str) -> None: ...
