Web Views

class CustomUserDBModelView(MultiResourceUserMixin, UserDBModelView):
    """
    Customize permission names for FAB's builtin UserDBModelView.
    Handles database-authenticated users with password management capabilities.
    
    Attributes:
    - class_permission_name: Permission resource name mapping
    - method_permission_name: HTTP method to permission mapping
    - base_permissions: List of base permissions required
    """

class CustomUserLDAPModelView(MultiResourceUserMixin, UserLDAPModelView):
    """
    Customize permission names for FAB's builtin UserLDAPModelView.
    Handles LDAP-authenticated users without password management.
    """

class CustomUserOAuthModelView(MultiResourceUserMixin, UserOAuthModelView):
    """
    Customize permission names for FAB's builtin UserOAuthModelView.
    Handles OAuth-authenticated users.
    """

class CustomUserOIDModelView(MultiResourceUserMixin, UserOIDModelView):
    """
    Customize permission names for FAB's builtin UserOIDModelView.
    Handles OpenID-authenticated users.
    """

class CustomUserRemoteUserModelView(MultiResourceUserMixin, UserRemoteUserModelView):
    """
    Customize permission names for FAB's builtin UserRemoteUserModelView.
    Handles remote user authentication (e.g., from web server).
    """

class MultiResourceUserMixin:
    """
    Remaps UserModelView permissions to new resources and actions.
    Provides dynamic permission name resolution based on the current request.
    
    Attributes:
    - _class_permission_name: Base permission resource name
    - class_permission_name_mapping: Mapping of methods to permission resources
    - method_permission_name: HTTP method to permission action mapping
    - base_permissions: List of base permissions required
    """
    
    @property
    def class_permission_name(self) -> str:
        """
        Returns appropriate permission name depending on request method name.
        Dynamically resolves permission resource based on current request context.
        """
    
    @class_permission_name.setter
    def class_permission_name(self, name: str) -> None:
        """Set the class permission name."""
    
    @expose("/show/<pk>", methods=["GET"])
    @has_access
    def show(self, pk):
        """
        Custom show method that removes userinfoedit action from template.
        Displays user details with appropriate action buttons.
        """

class CustomRoleModelView(RoleModelView):
    """
    Customize permission names for FAB's builtin RoleModelView.
    Manages roles with custom permission mappings for Airflow integration.
    
    Attributes:
    - class_permission_name: RESOURCE_ROLE
    - method_permission_name: Method to permission mappings
    - base_permissions: CRUD permissions for role management
    """

class ActionModelView(PermissionModelView):
    """
    Customize permission names for FAB's builtin PermissionModelView.
    Manages security actions (can_read, can_edit, etc.).
    
    Attributes:
    - class_permission_name: RESOURCE_ACTION
    - route_base: "/actions"
    - method_permission_name: Method mappings
    - base_permissions: Read permission for action management
    - list_title: "List Actions"
    - label_columns: Column label mappings
    """

class PermissionPairModelView(PermissionViewModelView):
    """
    Customize permission names for FAB's builtin PermissionViewModelView.
    Manages permission pairs (action-resource combinations).
    
    Attributes:
    - class_permission_name: RESOURCE_PERMISSION
    - route_base: "/permissions" 
    - list_columns: ["action", "resource"]
    - label_columns: Action and resource label mappings
    """

class ResourceModelView(ViewMenuModelView):
    """
    Customize permission names for FAB's builtin ViewMenuModelView.
    Manages security resources (Users, DAGs, etc.).
    
    Attributes:
    - class_permission_name: RESOURCE_RESOURCE
    - route_base: "/resources"
    - list_title: "List Resources"
    - label_columns: Resource name label mappings
    """

class CustomResetMyPasswordView(ResetMyPasswordView):
    """
    Customize permission names for FAB's builtin ResetMyPasswordView.
    Allows users to reset their own passwords.
    
    Attributes:
    - class_permission_name: RESOURCE_MY_PASSWORD
    - method_permission_name: GET/POST method mappings
    - base_permissions: Read and edit permissions
    """

class CustomResetPasswordView(ResetPasswordView):
    """
    Customize permission names for FAB's builtin ResetPasswordView.
    Allows administrators to reset user passwords.
    
    Attributes:
    - class_permission_name: RESOURCE_PASSWORD
    - method_permission_name: GET/POST method mappings
    - base_permissions: Read and edit permissions
    """

class CustomUserInfoEditView(UserInfoEditView):
    """
    Customize permission names for FAB's builtin UserInfoEditView.
    Allows users to edit their own profile information.
    
    Attributes:
    - class_permission_name: RESOURCE_MY_PROFILE
    - route_base: "/userinfoeditview"
    - method_permission_name: GET/POST method mappings
    - base_permissions: Read and edit permissions
    """

class CustomUserStatsChartView(UserStatsChartView):
    """
    Customize permission names for FAB's builtin UserStatsChartView.
    Displays user statistics and login charts.
    
    Attributes:
    - class_permission_name: RESOURCE_USER_STATS_CHART
    - route_base: "/userstatschartview"
    - method_permission_name: Chart and list method mappings
    - base_permissions: Read permission for statistics access
    """

# Resource Constants
RESOURCE_ACTION = "Permissions"
RESOURCE_MY_PASSWORD = "My Password"  
RESOURCE_MY_PROFILE = "My Profile"
RESOURCE_PASSWORD = "Passwords"
RESOURCE_PERMISSION = "Permission Views"
RESOURCE_RESOURCE = "View Menus"
RESOURCE_ROLE = "Roles"
RESOURCE_USER = "Users"
RESOURCE_USER_STATS_CHART = "User Stats Chart"

# Action Constants  
ACTION_CAN_CREATE = "can_create"
ACTION_CAN_READ = "can_read"
ACTION_CAN_EDIT = "can_edit"
ACTION_CAN_DELETE = "can_delete"

from airflow.www.fab_security.views import (
    CustomUserDBModelView,
    CustomRoleModelView,
    ActionModelView
)
from flask_appbuilder import AppBuilder

# Views are automatically registered by the security manager
security_manager = SecurityManager(app_builder)

# Access configured views
user_view = security_manager.user_view
role_view = app_builder.find_view_by_name("List Roles")

# Views have customizable titles and labels
class MyCustomUserView(CustomUserDBModelView):
    list_title = "Company Users"
    show_title = "User Details"
    edit_title = "Modify User"
    
    # Custom column labels
    label_columns = {
        'username': 'Login Name',
        'email': 'Email Address',
        'first_name': 'Given Name'
    }

# Views map HTTP methods to permission actions
method_permission_name = {
    'list': 'read',        # GET /users -> requires 'can_read' on 'Users'
    'show': 'read',        # GET /users/1 -> requires 'can_read' on 'Users'  
    'add': 'create',       # POST /users -> requires 'can_create' on 'Users'
    'edit': 'edit',        # PUT /users/1 -> requires 'can_edit' on 'Users'
    'delete': 'delete',    # DELETE /users/1 -> requires 'can_delete' on 'Users'
}

# MultiResourceUserMixin provides context-aware permissions
class ExampleView(MultiResourceUserMixin):
    class_permission_name_mapping = {
        'userinfo': RESOURCE_MY_PROFILE,      # User viewing own profile
        'userinfoedit': RESOURCE_MY_PROFILE,  # User editing own profile
        'resetpassword': RESOURCE_PASSWORD,    # Admin resetting passwords
    }
    
    # Permission resource changes based on the action being performed

# Views are registered with specific menu locations and icons
app_builder.add_view(
    CustomUserDBModelView,
    "List Users",
    icon="fa-user",
    label="List Users", 
    category="Security",
    category_icon="fa-cogs",
    category_label="Security"
)