angee.base.models
Runtime model primitives shared by composed Angee applications.
AngeeQuerySet
class AngeeQuerySet(RebacQuerySet[_ModelT])QuerySet API shared by Angee source and runtime models.
from_public_id
def from_public_id(value: str) -> _ModelT | NoneReturn the row addressed by value within this queryset policy.
apply_ambient_scope
def apply_ambient_scope() -> SelfEagerly apply REBAC row scope using the queryset or ambient actor.
scoped_for_aggregate
def scoped_for_aggregate() -> SelfReturn a row-scoped queryset safe for permission-naive aggregation.
Aggregate compilers run through .values()/.aggregate() shapes whose dict rows field-read redaction cannot touch, so field redaction is disabled and REBAC row scope is applied eagerly. It fails closed: a REBAC-typed model with no actor and no sudo bypass returns an empty queryset rather than leaking every row, independent of REBAC_STRICT_MODE. An explicit sudo — per-queryset .sudo() or an ambient system_context — aggregates across all rows, unscoped, by design.
AngeeManager
class AngeeManager(RebacManager.from_queryset(AngeeQuerySet))Manager backed by AngeeQuerySet.
get_queryset
def get_queryset() -> AngeeQuerySet[Any]Return the base Angee queryset for this manager's model.
check_create
def check_create(
relationships: Mapping[str, Sequence[Any]] | None = None
) -> SubjectRefAuthorize the ambient actor to create one not-yet-persisted row.
The REBAC pre-save signal cannot evaluate a per-row create gate for a row that has no id yet, so manager factories preflight the schema's create permission with the relations the row would carry (rebac.check_new), run the insert under per-instance sudo, and re-bind the verified actor on the saved row with with_actor so the bypass ends with that one insert.
relationships values may be model instances or SubjectRefs; instances are resolved through their declared REBAC resource type. Returns the verified actor; raises MissingActorError without an ambient actor and PermissionDenied when the gate refuses.
AngeeModel
class AngeeModel(TimestampMixin, RebacMixin)Abstract base model for Angee source and runtime models.
objects
Default REBAC manager with Angee queryset conveniences.
extends
Optional app_label.ModelName target this source model extends.
runtime
Whether this abstract source model materializes into the generated runtime.
The read is non-inherited: an abstract base can stay runtime = False and a concrete source subclass opts in by declaring runtime = True itself. Extensions use extends instead of this flag.
Meta
class Meta()Django model options for Angee's abstract model base.
is_runtime_model
@classmethod
def is_runtime_model(cls) -> boolReturn whether this model class declares itself as a runtime model.
get_extension_target
@classmethod
def get_extension_target(cls) -> str | NoneReturn the normalized model label this source model extends.
get_extension_bases
@classmethod
def get_extension_bases(cls) -> tuple[type[models.Model], ...]Return abstract model bases contributed by this extension.
public_id
@property
def public_id() -> strReturn the stable public identifier for this model instance.
from_public_id
@classmethod
def from_public_id(cls, value: str) -> Self | NoneReturn the instance addressed by value, if one exists.
public_id_lookup
@classmethod
def public_id_lookup(cls, value: str) -> dict[str, Any]Return the Django lookup for this model's public identifier.
public_id_from_pk
@classmethod
def public_id_from_pk(cls, value: Any) -> strReturn the public id encoded from this model's primary-key value.
public_id_value
def public_id_value() -> AnyReturn the raw public identifier value owned by this instance.
AngeeDataModel
class AngeeDataModel(SqidMixin, AngeeModel)Abstract base for Angee rows that participate in public data contracts.
Meta
class Meta()Django model options for Angee's public data model base.
SqidPublicIdentity
@dataclass(frozen=True, slots=True)
class SqidPublicIdentity()Sqid public identity for a model Angee does not own with a field.
public_id_from_pk
def public_id_from_pk(value: Any) -> strReturn the public id encoded from a primary-key value.
public_id_to_pk
def public_id_to_pk(value: str) -> int | NoneDecode one public id to the backing primary-key value.
public_id_lookup
def public_id_lookup(model: type[models.Model], value: str) -> dict[str, Any]Return a Django lookup for value against model.
canonical_prefix
@property
def canonical_prefix() -> strReturn the canonical Angee sqid prefix.
public_data_id_field
def public_data_id_field(model: type[models.Model]) -> SqidField | NoneReturn the sqid field that makes model safe for public data surfaces.
instance_from_public_id
def instance_from_public_id(
model: type[_ModelT],
value: str,
*,
queryset: models.QuerySet[_ModelT] | None = None,
public_identity: SqidPublicIdentity | None = None) -> _ModelT | NoneReturn model instance addressed by Angee or Django public ID.
public_id_of
def public_id_of(instance: models.Model) -> strReturn the Angee public id or Django primary key for instance.
The user model is swappable, so instance may be a plain Django model (e.g. django.contrib.auth.User) that Angee does not own — those carry no public_id_value and fall back to the primary key.
public_id_for
def public_id_for(model: type[models.Model],
pk: Any,
*,
public_identity: SqidPublicIdentity | None = None) -> strReturn the public id for model when only its primary key is known.
model may be a plain Django model Angee does not own (the swappable user model, or a third-party model reached with a public_identity decoder); one without the public-id contract falls back to its primary key.