Merge pull request #1 from JWDobken/pypi-package

Pypi package

Author: JWDobken

ci.yml .github/workflows/ci.ymlci.yml renamed to .github/workflows/ci.yml

@@ -4,7 +4,7 @@ on:
   push:
     # Avoid using all the resources/limits available by checking only
     # relevant branches and tags. Other branches can be checked via PRs.
-    branches: [main]
+    branches: [main, pypi-package]
     tags: ["v[0-9]*", "[0-9]+.[0-9]+*"] # Match tags that resemble a version
   pull_request: # Run in every PR
   workflow_dispatch: # Allow manually triggering the workflow
@@ -32,7 +32,7 @@ jobs:
         with: { fetch-depth: 0 } # deep clone for setuptools-scm
       - uses: actions/setup-python@v4
         id: setup-python
-        with: { python-version: "3.11" }
+        with: { python-version: "3.10" }
       - name: Run static analysis and format checkers
         run: pipx run pre-commit run --all-files --show-diff-on-failure
       - name: Build package distribution files
@@ -56,13 +56,25 @@ jobs:
     strategy:
       matrix:
         python:
-          - "3.7" # oldest Python supported by PSF
-          - "3.11" # newest Python that is stable
+          - "3.7"
+          - "3.10"
         platform:
           - ubuntu-latest
-          - macos-latest
-          - windows-latest
+          # - macos-latest NO DOCKER
+          # - windows-latest NO DOCKER
     runs-on: ${{ matrix.platform }}
+
+    services:
+      postgres:
+        image: postgres:latest
+        env:
+          POSTGRES_USER: jwdobken
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_DB: test_db
+        ports:
+          - 5432:5432
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
+
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4
@@ -79,34 +91,34 @@ jobs:
           -- -rFEx --durations 10 --color yes  # pytest args
       - name: Generate coverage report
         run: pipx run coverage lcov -o coverage.lcov
-      - name: Upload partial coverage report
-        uses: coverallsapp/github-action@master
-        with:
-          path-to-lcov: coverage.lcov
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          flag-name: ${{ matrix.platform }} - py${{ matrix.python }}
-          parallel: true
+      # - name: Upload partial coverage report
+      #   uses: coverallsapp/github-action@master
+      #   with:
+      #     path-to-lcov: coverage.lcov
+      #     github-token: ${{ secrets.GITHUB_TOKEN }}
+      #     flag-name: ${{ matrix.platform }} - py${{ matrix.python }}
+      #     parallel: true
 
-  finalize:
-    needs: test
-    runs-on: ubuntu-latest
-    steps:
-      - name: Finalize coverage report
-        uses: coverallsapp/github-action@master
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          parallel-finished: true
+  # finalize:
+  #   needs: test
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #     - name: Finalize coverage report
+  #       uses: coverallsapp/github-action@master
+  #       with:
+  #         github-token: ${{ secrets.GITHUB_TOKEN }}
+  #         parallel-finished: true
 
   publish:
-    needs: finalize
+    needs: test # finalize
     if: ${{ github.event_name == 'push' && contains(github.ref, 'refs/tags/') }}
     runs-on: ubuntu-latest
     permissions:
       contents: write
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-python@v4
-        with: { python-version: "3.11" }
+        with: { python-version: "3.10" }
       - name: Retrieve pre-built distribution files
         uses: actions/download-artifact@v3
         with: { name: python-distribution-files, path: dist/ }

.github/workflows/pytest.yml

@@ -1,65 +1,62 @@
-exclude: '^docs/conf.py'
+exclude: "^docs/conf.py"
 
 repos:
-- repo: https://github.com/pre-commit/pre-commit-hooks
-  rev: v4.4.0
-  hooks:
-  - id: trailing-whitespace
-  - id: check-added-large-files
-  - id: check-ast
-  - id: check-json
-  - id: check-merge-conflict
-  - id: check-xml
-  - id: check-yaml
-  - id: debug-statements
-  - id: end-of-file-fixer
-  - id: requirements-txt-fixer
-  - id: mixed-line-ending
-    args: ['--fix=auto']  # replace 'auto' with 'lf' to enforce Linux/Mac line endings or 'crlf' for Windows
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.4.0
+    hooks:
+      - id: trailing-whitespace
+      - id: check-added-large-files
+      - id: check-ast
+      - id: check-json
+      - id: check-merge-conflict
+      - id: check-xml
+      - id: check-yaml
+      - id: debug-statements
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+        args: ["--fix=auto"] # replace 'auto' with 'lf' to enforce Linux/Mac line endings or 'crlf' for Windows
 
-## If you want to automatically "modernize" your Python code:
-# - repo: https://github.com/asottile/pyupgrade
-#   rev: v3.7.0
-#   hooks:
-#   - id: pyupgrade
-#     args: ['--py37-plus']
-
-## If you want to avoid flake8 errors due to unused vars or imports:
-# - repo: https://github.com/PyCQA/autoflake
-#   rev: v2.1.1
-#   hooks:
-#   - id: autoflake
-#     args: [
-#       --in-place,
-#       --remove-all-unused-imports,
-#       --remove-unused-variables,
-#     ]
+  ## If you want to automatically "modernize" your Python code:
+  # - repo: https://github.com/asottile/pyupgrade
+  #   rev: v3.7.0
+  #   hooks:
+  #   - id: pyupgrade
+  #     args: ['--py37-plus']
 
-- repo: https://github.com/PyCQA/isort
-  rev: 5.11.5
-  hooks:
-  - id: isort
+  ## If you want to avoid flake8 errors due to unused vars or imports:
+  # - repo: https://github.com/PyCQA/autoflake
+  #   rev: v2.1.1
+  #   hooks:
+  #   - id: autoflake
+  #     args: [
+  #       --in-place,
+  #       --remove-all-unused-imports,
+  #       --remove-unused-variables,
+  #     ]
 
-- repo: https://github.com/psf/black
-  rev: stable
-  hooks:
-  - id: black
-    language_version: python3
-
-## If like to embrace black styles even in the docs:
-# - repo: https://github.com/asottile/blacken-docs
-#   rev: v1.13.0
-#   hooks:
-#   - id: blacken-docs
-#     additional_dependencies: [black]
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.11.5
+    hooks:
+      - id: isort
 
-- repo: https://github.com/PyCQA/flake8
-  rev: 5.0.4
-  hooks:
-  - id: flake8
-  ## You can add flake8 plugins via `additional_dependencies`:
-  #  additional_dependencies: [flake8-bugbear]
+  - repo: https://github.com/psf/black
+    rev: stable
+    hooks:
+      - id: black
+        language_version: python3
 
+  ## If like to embrace black styles even in the docs:
+  # - repo: https://github.com/asottile/blacken-docs
+  #   rev: v1.13.0
+  #   hooks:
+  #   - id: blacken-docs
+  #     additional_dependencies: [black]
+  - repo: https://github.com/PyCQA/flake8
+    rev: 5.0.4
+    hooks:
+      - id: flake8
+    ## You can add flake8 plugins via `additional_dependencies`:
+    #  additional_dependencies: [flake8-bugbear]
 ## Check for misspells in documentation files:
 # - repo: https://github.com/codespell-project/codespell
 #   rev: v2.2.5

.pre-commit-config.yaml

@@ -14,8 +14,7 @@
 
 Row-Level Security (RLS) in SQLAlchemy for PostgreSQL with [Row Security Policies](https://www.postgresql.org/docs/current/ddl-rowsecurity.html):
 
-- Restrict access to specific rows 🔒 based on user permissions, minimizing unauthorized data exposure.
-- Managing who sees what becomes a breeze 😎, without solely relying on application-level permissions.
+- Restrict access to specific rows 🔒 minimizing unauthorized data exposure.
 - Perfect for Scalability and Multi-Tenancy: keep the data playground organized 🏢, ensuring each tenant plays in their own sandbox.
 
 > **Warning**
@@ -81,3 +80,8 @@ then ...
 - [ ] Support for Alembic
 - [ ] How to deal with `BYPASSRLS` such as table owners?
 - [ ] When item is tried to delete, no error is raised?
+- [ ] Python 3.11
+
+## Final note
+
+At the moment this module is work-in-progress and therefore experimental. All feedback and ideas are 100% welcome! So feel free to contribute or reach out to me!

README.md

@@ -50,7 +50,7 @@ package_dir =
 install_requires =
     importlib-metadata; python_version<"3.8"
     alembic_utils>=0.8
-    pydantic>=2.6
+    pydantic>=2.5
 
 
 [options.packages.find]
@@ -68,6 +68,10 @@ testing =
     setuptools
     pytest
     pytest-cov
+    pytest_asyncio
+    faker
+    asyncpg
+    greenlet
 
 [options.entry_points]
 # Add here console scripts like:

setup.cfg

@@ -6,6 +6,7 @@
     PyScaffold helps you to put up the scaffold of your new Python project.
     Learn more under: https://pyscaffold.org/
 """
+
 from setuptools import setup
 
 if __name__ == "__main__":

setup.py

@@ -1,24 +1,24 @@
 from typing import List
 
 from alembic_utils.pg_function import PGFunction
-from sqlalchemy import Connection
 
 drop_all_policies_on_table = PGFunction(
     schema="public",
     signature="drop_all_policies_on_table(target_schema text,target_table_name text)",
     definition="""
 RETURNS void LANGUAGE plpgsql AS $$
-        DECLARE 
+        DECLARE
             policy_name text;
             sql_text    text;
-        BEGIN 
+        BEGIN
             FOR policy_name IN (
-                SELECT policyname 
-                FROM pg_policies 
+                SELECT policyname
+                FROM pg_policies
                 WHERE schemaname = target_schema AND tablename = target_table_name
             )
             LOOP
-                sql_text := format('DROP POLICY "%s" on %I.%I', policy_name, target_schema, target_table_name);
+                sql_text := format('DROP POLICY "%s" on %I.%I',
+                    policy_name, target_schema, target_table_name);
                 RAISE NOTICE '%', sql_text;
                 EXECUTE sql_text;
             END LOOP;
@@ -29,4 +29,3 @@
 
 def get_functions() -> List[PGFunction]:
     return []
-    return [drop_all_policies_on_table]

src/fastapi_rowsecurity/functions.py

@@ -1,11 +1,8 @@
 from typing import Type
 
 from sqlalchemy import event
-
-# from sqlalchemy.dialects.postgresql.asyncpg import ProgrammingError
 from sqlalchemy.ext.declarative import DeclarativeMeta
 
-from .functions import get_functions
 from .policies import get_policies
 
 

src/fastapi_rowsecurity/main.py

@@ -13,12 +13,23 @@ def get_policies(Base) -> List[PGPolicy]:
         table_name = mapper.tables[0].fullname
         schema_name = mapper.tables[0].schema or "public"
         # Set the default row-level security policy
-        policy_lists.append(EnableRowLevelSecurity(schema=schema_name, on_entity=table_name))
-        policy_lists.append(ForceRowLevelSecurity(schema=schema_name, on_entity=table_name))
+        policy_lists.append(
+            EnableRowLevelSecurity(schema=schema_name, on_entity=table_name)
+        )
+        policy_lists.append(
+            ForceRowLevelSecurity(schema=schema_name, on_entity=table_name)
+        )
         for ix, permission in enumerate(mapper.class_.__rls_policies__()):
-            table_policies = [permission.policy] if isinstance(permission.policy, str) else permission.policy
+            table_policies = (
+                [permission.policy]
+                if isinstance(permission.policy, str)
+                else permission.policy
+            )
             for pol in table_policies:
-                policy_name = f"{table_name}_{permission.__class__.__name__}_{pol}_policy_{ix}".lower()
+                policy_name = (
+                    f"{table_name}_{permission.__class__.__name__}"
+                    f"_{pol}_policy_{ix}".lower()
+                )
                 if pol in ["ALL", "SELECT", "UPDATE", "DELETE"]:
                     policy_lists.append(
                         PGPolicy(