From 5b484f3b4a731886f8bf0babecca9717f45a19d8 Mon Sep 17 00:00:00 2001 From: Thonyk Date: Sat, 3 Jan 2026 03:00:32 +0100 Subject: [PATCH 1/5] feat: initialiaze basic auth permission on startup --- app/app.py | 28 +++++++++++++++++++++++----- tests/config.test.yaml | 2 +- tests/core/test_auth.py | 6 +++--- 3 files changed, 27 insertions(+), 9 deletions(-) diff --git a/app/app.py b/app/app.py index ec8572ee1e..29a9ebd750 100644 --- a/app/app.py +++ b/app/app.py @@ -28,7 +28,7 @@ from app.core.core_endpoints import coredata_core from app.core.google_api.google_api import GoogleAPI from app.core.groups import models_groups -from app.core.groups.groups_type import GroupType +from app.core.groups.groups_type import AccountType, GroupType from app.core.notification.cruds_notification import get_notification_topic from app.core.schools import models_schools from app.core.schools.schools_type import SchoolType @@ -49,6 +49,7 @@ ) from app.types.sqlalchemy import Base from app.utils import initialization +from app.utils.auth.providers import AuthPermissions from app.utils.communication.notifications import NotificationManager from app.utils.redis import limiter from app.utils.state import LifespanState @@ -293,6 +294,8 @@ def initialize_module_visibility( hyperion_error_logger: logging.Logger, ) -> None: """Add the default module visibilities for Titan""" + AUTH_PERMISSIONS_CONSTANT = [AuthPermissions.app, AuthPermissions.api] + AUTH_PERMISSIONS_LIST =[ list(AccountType), list(AccountType)] with Session(sync_engine) as db: module_awareness = initialization.get_core_data_sync( @@ -303,11 +306,14 @@ def initialize_module_visibility( module for module in module_list if module.root not in module_awareness.roots + ] + new_auth = [ + auth for auth in AUTH_PERMISSIONS_CONSTANT if auth.value not in module_awareness.roots ] # Is run to create default module visibilities or when the table is empty - if new_modules: + if new_modules or new_auth: hyperion_error_logger.info( - f"Startup: Some modules visibility settings are empty, initializing them : ({[module.root for module in new_modules]})", + f"Startup: Some modules visibility or auth settings are empty, initializing them : ({[module.root for module in new_modules] + new_auth})", ) for module in new_modules: module_permissions = ( @@ -342,14 +348,26 @@ def initialize_module_visibility( hyperion_error_logger.fatal( f"Startup: Could not add module visibility {module.root} in the database: {error}", ) + for i,auth in enumerate(new_auth): + for account_type in AUTH_PERMISSIONS_LIST[i]: + try: + initialization.create_account_type_permission_sync( + account_type=account_type, + permission_name=auth, + db=db, + ) + except ValueError as error: + hyperion_error_logger.fatal( + f"Startup: Could not add auth visibility {auth} in the database: {error}", + ) initialization.set_core_data_sync( coredata_core.ModuleVisibilityAwareness( - roots=[module.root for module in module_list], + roots=[module.root for module in module_list] + AUTH_PERMISSIONS_CONSTANT, ), db, ) hyperion_error_logger.info( - f"Startup: Modules visibility settings initialized for {[module.root for module in new_modules]}", + f"Startup: Modules visibility settings initialized for {[module.root for module in new_modules ] + new_auth}", ) else: hyperion_error_logger.info( diff --git a/tests/config.test.yaml b/tests/config.test.yaml index 8dd68b8298..183315b857 100644 --- a/tests/config.test.yaml +++ b/tests/config.test.yaml @@ -95,7 +95,7 @@ AUTH_CLIENTS: secret: "secret" redirect_uri: - http://127.0.0.1:8000/docs - auth_client: "AppAuthClient" + auth_client: "NextcloudAuthClient" AccountTypePermissionAuthClient: secret: "secret" redirect_uri: diff --git a/tests/core/test_auth.py b/tests/core/test_auth.py index b09257850a..8044a9fe72 100644 --- a/tests/core/test_auth.py +++ b/tests/core/test_auth.py @@ -43,9 +43,9 @@ async def init_objects() -> None: ), ) await add_object_to_db( - models_permissions.CorePermissionAccountType( - account_type=AccountType.student, - permission_name=AuthPermissions.app.name, + models_permissions.CorePermissionGroup( + group_id=group.id, + permission_name=AuthPermissions.nextcloud.name, ), ) From 949bd707f92e540de07e27d7f139a31ad7926b47 Mon Sep 17 00:00:00 2001 From: Thonyk Date: Sat, 3 Jan 2026 16:02:56 +0100 Subject: [PATCH 2/5] format --- app/app.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/app.py b/app/app.py index 29a9ebd750..88012acceb 100644 --- a/app/app.py +++ b/app/app.py @@ -306,7 +306,7 @@ def initialize_module_visibility( module for module in module_list if module.root not in module_awareness.roots - ] + ] new_auth = [ auth for auth in AUTH_PERMISSIONS_CONSTANT if auth.value not in module_awareness.roots ] From 294aa090ad37015bd1d349866ed4afcfc568b608 Mon Sep 17 00:00:00 2001 From: Thonyk Date: Sat, 3 Jan 2026 16:33:57 +0100 Subject: [PATCH 3/5] format --- app/app.py | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/app/app.py b/app/app.py index 88012acceb..86f03c9c46 100644 --- a/app/app.py +++ b/app/app.py @@ -295,7 +295,7 @@ def initialize_module_visibility( ) -> None: """Add the default module visibilities for Titan""" AUTH_PERMISSIONS_CONSTANT = [AuthPermissions.app, AuthPermissions.api] - AUTH_PERMISSIONS_LIST =[ list(AccountType), list(AccountType)] + AUTH_PERMISSIONS_LIST = [list(AccountType), list(AccountType)] with Session(sync_engine) as db: module_awareness = initialization.get_core_data_sync( @@ -308,7 +308,9 @@ def initialize_module_visibility( if module.root not in module_awareness.roots ] new_auth = [ - auth for auth in AUTH_PERMISSIONS_CONSTANT if auth.value not in module_awareness.roots + auth + for auth in AUTH_PERMISSIONS_CONSTANT + if auth.value not in module_awareness.roots ] # Is run to create default module visibilities or when the table is empty if new_modules or new_auth: @@ -348,7 +350,7 @@ def initialize_module_visibility( hyperion_error_logger.fatal( f"Startup: Could not add module visibility {module.root} in the database: {error}", ) - for i,auth in enumerate(new_auth): + for i, auth in enumerate(new_auth): for account_type in AUTH_PERMISSIONS_LIST[i]: try: initialization.create_account_type_permission_sync( @@ -362,12 +364,13 @@ def initialize_module_visibility( ) initialization.set_core_data_sync( coredata_core.ModuleVisibilityAwareness( - roots=[module.root for module in module_list] + AUTH_PERMISSIONS_CONSTANT, + roots=[module.root for module in module_list] + + AUTH_PERMISSIONS_CONSTANT, ), db, ) hyperion_error_logger.info( - f"Startup: Modules visibility settings initialized for {[module.root for module in new_modules ] + new_auth}", + f"Startup: Modules visibility settings initialized for {[module.root for module in new_modules] + new_auth}", ) else: hyperion_error_logger.info( From c2a3f522048c90deec0955cf9760efa04cd1dbf7 Mon Sep 17 00:00:00 2001 From: Thonyk Date: Sun, 4 Jan 2026 11:05:07 +0100 Subject: [PATCH 4/5] refacto: simplify logic --- app/app.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/app.py b/app/app.py index 86f03c9c46..e62bc81c84 100644 --- a/app/app.py +++ b/app/app.py @@ -295,7 +295,6 @@ def initialize_module_visibility( ) -> None: """Add the default module visibilities for Titan""" AUTH_PERMISSIONS_CONSTANT = [AuthPermissions.app, AuthPermissions.api] - AUTH_PERMISSIONS_LIST = [list(AccountType), list(AccountType)] with Session(sync_engine) as db: module_awareness = initialization.get_core_data_sync( @@ -350,8 +349,8 @@ def initialize_module_visibility( hyperion_error_logger.fatal( f"Startup: Could not add module visibility {module.root} in the database: {error}", ) - for i, auth in enumerate(new_auth): - for account_type in AUTH_PERMISSIONS_LIST[i]: + for auth in new_auth: + for account_type in list(AccountType): try: initialization.create_account_type_permission_sync( account_type=account_type, From 89b53348e836a2642d144b140847a15844bde6d8 Mon Sep 17 00:00:00 2001 From: Thonyk Date: Sun, 4 Jan 2026 11:07:11 +0100 Subject: [PATCH 5/5] Bump version to 5.0.0 --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index b7fdb6a101..8ee04b34ba 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -6,7 +6,7 @@ authors = [{ name = "AEECL ECLAIR" }] # Hyperion follows Semantic Versioning # https://semver.org/ -version = "4.12.0" +version = "5.0.0" requires-python = ">= 3.12, < 3.15" license = "MIT"