feat: last changes

Author: KShivendu

supertokens_python/recipe/session/with_jwt/session_class.py

@@ -15,7 +15,7 @@
 from __future__ import annotations
 
 from math import ceil
-from typing import TYPE_CHECKING, Any, Dict, Union
+from typing import TYPE_CHECKING, Any, Dict, Union, Optional
 
 from jwt import decode
 from supertokens_python.recipe.session.with_jwt.constants import (
@@ -40,11 +40,14 @@ def get_session_with_jwt(
     original_update_access_token_payload = original_session.update_access_token_payload
 
     async def update_access_token_payload(
-        new_access_token_payload: Dict[str, Any],
+        new_access_token_payload: Optional[Dict[str, Any]],
         user_context: Union[None, Dict[str, Any]] = None,
     ) -> None:
         if user_context is None:
             user_context = {}
+        if new_access_token_payload is None:
+            new_access_token_payload = {}
+
         access_token_payload = original_session.get_access_token_payload()
 
         if ACCESS_TOKEN_PAYLOAD_JWT_PROPERTY_NAME_KEY not in access_token_payload:

supertokens_python/recipe/thirdparty/recipe.py

@@ -138,7 +138,7 @@ async def handle_api_request(
         if request_id == APPLE_REDIRECT_HANDLER:
             return await handle_apple_redirect_api(self.api_implementation, api_options)
 
-        return None  # TODO: Node PR returns False, but here signature is different. Verify if this is correct.
+        return None
 
     async def handle_error(
         self, request: BaseRequest, err: SuperTokensError, response: BaseResponse

supertokens_python/recipe/userroles/__init__.py

@@ -13,10 +13,14 @@
 # under the License.
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Callable, Union
+from typing import TYPE_CHECKING, Callable, Union, Optional
 
 from . import utils
 from .recipe import UserRolesRecipe
+from . import recipe
+
+PermissionClaim = recipe.PermissionClaim
+UserRoleClaim = recipe.UserRoleClaim
 
 if TYPE_CHECKING:
     from supertokens_python.supertokens import AppInfo
@@ -25,6 +29,12 @@
 
 
 def init(
-    override: Union[utils.InputOverrideConfig, None] = None
+    skip_adding_roles_to_access_token: Optional[bool] = None,
+    skip_adding_permissions_to_access_token: Optional[bool] = None,
+    override: Union[utils.InputOverrideConfig, None] = None,
 ) -> Callable[[AppInfo], RecipeModule]:
-    return UserRolesRecipe.init(override)
+    return UserRolesRecipe.init(
+        skip_adding_roles_to_access_token,
+        skip_adding_permissions_to_access_token,
+        override,
+    )

supertokens_python/recipe/userroles/permission_claim.py

@@ -15,7 +15,7 @@
 from __future__ import annotations
 
 from os import environ
-from typing import List, Union
+from typing import List, Union, Optional, Dict, Any, Set
 
 from supertokens_python.exceptions import SuperTokensError, raise_general_exception
 from supertokens_python.framework import BaseRequest, BaseResponse
@@ -29,7 +29,11 @@
 from supertokens_python.supertokens import AppInfo
 
 from .exceptions import SuperTokensUserRolesError
+from .interfaces import GetPermissionsForRoleOkResult
 from .utils import InputOverrideConfig
+from ..session import SessionRecipe
+from ..session.claim_base_classes.primitive_array_claim import PrimitiveArrayClaim
+from ...post_init_callbacks import PostSTInitCallbacks
 
 
 class UserRolesRecipe(RecipeModule):
@@ -40,17 +44,35 @@ def __init__(
         self,
         recipe_id: str,
         app_info: AppInfo,
+        skip_adding_roles_to_access_token: Optional[bool] = None,
+        skip_adding_permissions_to_access_token: Optional[bool] = None,
         override: Union[InputOverrideConfig, None] = None,
     ):
         super().__init__(recipe_id, app_info)
-        self.config = validate_and_normalise_user_input(self, app_info, override)
+        self.config = validate_and_normalise_user_input(
+            self,
+            app_info,
+            skip_adding_roles_to_access_token,
+            skip_adding_permissions_to_access_token,
+            override,
+        )
         recipe_implementation = RecipeImplementation(Querier.get_instance(recipe_id))
         self.recipe_implementation = (
             recipe_implementation
             if self.config.override.functions is None
             else self.config.override.functions(recipe_implementation)
         )
 
+        def callback():
+            if self.config.skip_adding_roles_to_access_token is False:
+                SessionRecipe.get_instance().add_claim_from_other_recipe(UserRoleClaim)
+            if self.config.skip_adding_permissions_to_access_token is False:
+                SessionRecipe.get_instance().add_claim_from_other_recipe(
+                    PermissionClaim
+                )
+
+        PostSTInitCallbacks.add_post_init_callback(callback)
+
     def is_error_from_this_recipe_based_on_instance(self, err: Exception) -> bool:
         return isinstance(err, SuperTokensError) and (
             isinstance(err, SuperTokensUserRolesError)
@@ -78,11 +100,19 @@ def get_all_cors_headers(self) -> List[str]:
         return []
 
     @staticmethod
-    def init(override: Union[InputOverrideConfig, None] = None):
+    def init(
+        skip_adding_roles_to_access_token: Optional[bool] = None,
+        skip_adding_permissions_to_access_token: Optional[bool] = None,
+        override: Union[InputOverrideConfig, None] = None,
+    ):
         def func(app_info: AppInfo):
             if UserRolesRecipe.__instance is None:
                 UserRolesRecipe.__instance = UserRolesRecipe(
-                    UserRolesRecipe.recipe_id, app_info, override
+                    UserRolesRecipe.recipe_id,
+                    app_info,
+                    skip_adding_roles_to_access_token,
+                    skip_adding_permissions_to_access_token,
+                    override,
                 )
                 return UserRolesRecipe.__instance
             raise Exception(
@@ -107,3 +137,52 @@ def get_instance() -> UserRolesRecipe:
         raise_general_exception(
             "Initialisation not done. Did you forget to call the SuperTokens.init or UserRoles.init function?"
         )
+
+
+class PermissionClaimClass(PrimitiveArrayClaim[List[str]]):
+    def __init__(self) -> None:
+        key = "st-perm"
+
+        async def fetch_value(user_id: str, user_context: Dict[str, Any]) -> List[str]:
+            recipe = UserRolesRecipe.get_instance()
+
+            user_roles = await recipe.recipe_implementation.get_roles_for_user(
+                user_id, user_context
+            )
+
+            user_permissions: Set[str] = set()
+
+            for role in user_roles.roles:
+                role_permissions = (
+                    await recipe.recipe_implementation.get_permissions_for_role(
+                        role, user_context
+                    )
+                )
+
+                if isinstance(role_permissions, GetPermissionsForRoleOkResult):
+                    for permission in role_permissions.permissions:
+                        user_permissions.add(permission)
+
+            return list(user_permissions)
+
+        super().__init__(key, fetch_value)
+
+
+PermissionClaim = PermissionClaimClass()
+
+
+class UserRoleClaimClass(PrimitiveArrayClaim[List[str]]):
+    def __init__(self) -> None:
+        key = "st-role"
+
+        async def fetch_value(user_id: str, user_context: Dict[str, Any]) -> List[str]:
+            recipe = UserRolesRecipe.get_instance()
+            res = await recipe.recipe_implementation.get_roles_for_user(
+                user_id, user_context
+            )
+            return res.roles
+
+        super().__init__(key, fetch_value)
+
+
+UserRoleClaim = UserRoleClaimClass()

supertokens_python/recipe/userroles/recipe.py

@@ -14,7 +14,7 @@
 
 from __future__ import annotations
 
-from typing import TYPE_CHECKING, Callable, Union
+from typing import TYPE_CHECKING, Callable, Union, Optional
 
 from supertokens_python.recipe.userroles.interfaces import APIInterface, RecipeInterface
 from supertokens_python.supertokens import AppInfo
@@ -34,13 +34,24 @@ def __init__(
 
 
 class UserRolesConfig:
-    def __init__(self, override: InputOverrideConfig) -> None:
+    def __init__(
+        self,
+        skip_adding_roles_to_access_token: bool,
+        skip_adding_permissions_to_access_token: bool,
+        override: InputOverrideConfig,
+    ) -> None:
+        self.skip_adding_roles_to_access_token = skip_adding_roles_to_access_token
+        self.skip_adding_permissions_to_access_token = (
+            skip_adding_permissions_to_access_token
+        )
         self.override = override
 
 
 def validate_and_normalise_user_input(
     _recipe: UserRolesRecipe,
     _app_info: AppInfo,
+    skip_adding_roles_to_access_token: Optional[bool] = None,
+    skip_adding_permissions_to_access_token: Optional[bool] = None,
     override: Union[InputOverrideConfig, None] = None,
 ) -> UserRolesConfig:
     if override is not None and not isinstance(override, InputOverrideConfig):  # type: ignore
@@ -49,4 +60,13 @@ def validate_and_normalise_user_input(
     if override is None:
         override = InputOverrideConfig()
 
-    return UserRolesConfig(override=override)
+    if skip_adding_roles_to_access_token is None:
+        skip_adding_roles_to_access_token = False
+    if skip_adding_permissions_to_access_token is None:
+        skip_adding_permissions_to_access_token = False
+
+    return UserRolesConfig(
+        skip_adding_roles_to_access_token=skip_adding_roles_to_access_token,
+        skip_adding_permissions_to_access_token=skip_adding_permissions_to_access_token,
+        override=override,
+    )