Skip to content

angee.base.models

Runtime model primitives shared by composed Angee applications.

AngeeQuerySet

python
class AngeeQuerySet(RebacQuerySet[_ModelT])

QuerySet API shared by Angee source and runtime models.

from_public_id

python
def from_public_id(value: str) -> _ModelT | None

Return the row addressed by value within this queryset policy.

apply_ambient_scope

python
def apply_ambient_scope() -> Self

Eagerly apply REBAC row scope using the queryset or ambient actor.

scoped_for_aggregate

python
def scoped_for_aggregate() -> Self

Return a row-scoped queryset safe for permission-naive aggregation.

Aggregate compilers run through .values()/.aggregate() shapes whose dict rows field-read redaction cannot touch, so field redaction is disabled and REBAC row scope is applied eagerly. It fails closed: a REBAC-typed model with no actor and no sudo bypass returns an empty queryset rather than leaking every row, independent of REBAC_STRICT_MODE. An explicit sudo — per-queryset .sudo() or an ambient system_context — aggregates across all rows, unscoped, by design.

AngeeManager

python
class AngeeManager(RebacManager.from_queryset(AngeeQuerySet))

Manager backed by AngeeQuerySet.

get_queryset

python
def get_queryset() -> AngeeQuerySet[Any]

Return the base Angee queryset for this manager's model.

check_create

python
def check_create(
        relationships: Mapping[str, Sequence[Any]] | None = None
) -> SubjectRef

Authorize the ambient actor to create one not-yet-persisted row.

The REBAC pre-save signal cannot evaluate a per-row create gate for a row that has no id yet, so manager factories preflight the schema's create permission with the relations the row would carry (rebac.check_new), run the insert under per-instance sudo, and re-bind the verified actor on the saved row with with_actor so the bypass ends with that one insert.

relationships values may be model instances or SubjectRefs; instances are resolved through their declared REBAC resource type. Returns the verified actor; raises MissingActorError without an ambient actor and PermissionDenied when the gate refuses.

AngeeModel

python
class AngeeModel(TimestampMixin, RebacMixin)

Abstract base model for Angee source and runtime models.

objects

Default REBAC manager with Angee queryset conveniences.

extends

Optional app_label.ModelName target this source model extends.

runtime

Whether this abstract source model materializes into the generated runtime.

The read is non-inherited: an abstract base can stay runtime = False and a concrete source subclass opts in by declaring runtime = True itself. Extensions use extends instead of this flag.

Meta

python
class Meta()

Django model options for Angee's abstract model base.

is_runtime_model

python
@classmethod
def is_runtime_model(cls) -> bool

Return whether this model class declares itself as a runtime model.

get_extension_target

python
@classmethod
def get_extension_target(cls) -> str | None

Return the normalized model label this source model extends.

get_extension_bases

python
@classmethod
def get_extension_bases(cls) -> tuple[type[models.Model], ...]

Return abstract model bases contributed by this extension.

public_id

python
@property
def public_id() -> str

Return the stable public identifier for this model instance.

from_public_id

python
@classmethod
def from_public_id(cls, value: str) -> Self | None

Return the instance addressed by value, if one exists.

public_id_lookup

python
@classmethod
def public_id_lookup(cls, value: str) -> dict[str, Any]

Return the Django lookup for this model's public identifier.

public_id_from_pk

python
@classmethod
def public_id_from_pk(cls, value: Any) -> str

Return the public id encoded from this model's primary-key value.

public_id_value

python
def public_id_value() -> Any

Return the raw public identifier value owned by this instance.

AngeeDataModel

python
class AngeeDataModel(SqidMixin, AngeeModel)

Abstract base for Angee rows that participate in public data contracts.

Meta

python
class Meta()

Django model options for Angee's public data model base.

SqidPublicIdentity

python
@dataclass(frozen=True, slots=True)
class SqidPublicIdentity()

Sqid public identity for a model Angee does not own with a field.

public_id_from_pk

python
def public_id_from_pk(value: Any) -> str

Return the public id encoded from a primary-key value.

public_id_to_pk

python
def public_id_to_pk(value: str) -> int | None

Decode one public id to the backing primary-key value.

public_id_lookup

python
def public_id_lookup(model: type[models.Model], value: str) -> dict[str, Any]

Return a Django lookup for value against model.

canonical_prefix

python
@property
def canonical_prefix() -> str

Return the canonical Angee sqid prefix.

public_data_id_field

python
def public_data_id_field(model: type[models.Model]) -> SqidField | None

Return the sqid field that makes model safe for public data surfaces.

instance_from_public_id

python
def instance_from_public_id(
        model: type[_ModelT],
        value: str,
        *,
        queryset: models.QuerySet[_ModelT] | None = None,
        public_identity: SqidPublicIdentity | None = None) -> _ModelT | None

Return model instance addressed by Angee or Django public ID.

public_id_of

python
def public_id_of(instance: models.Model) -> str

Return the Angee public id or Django primary key for instance.

The user model is swappable, so instance may be a plain Django model (e.g. django.contrib.auth.User) that Angee does not own — those carry no public_id_value and fall back to the primary key.

public_id_for

python
def public_id_for(model: type[models.Model],
                  pk: Any,
                  *,
                  public_identity: SqidPublicIdentity | None = None) -> str

Return the public id for model when only its primary key is known.

model may be a plain Django model Angee does not own (the swappable user model, or a third-party model reached with a public_identity decoder); one without the public-id contract falls back to its primary key.

Released under the AGPL-3.0 License.