search

pallets-eco / flask-security

Quick and simple security for Flask applications
MIT License
649 stars 154 forks source link

Adding `permissions` to the `Role` class triggers PyRight #1000

Closed savchenko closed 4 months ago

savchenko commented 4 months ago

PyRight reports reportIncompatibleVariableOverride on the following:

class Role(db.Model, RoleMixin):
    __tablename__ = "roles"

    id: Mapped[str] = mapped_column(
        UUID(as_uuid=False),
        server_default=text("gen_random_uuid()"),
        primary_key=True,
    )
    name: Mapped[str] = mapped_column(types.String(127), unique=True)
    description: Mapped[str] = mapped_column(types.String(255))
    permissions: Mapped[list[str] | None] = mapped_column(MutableList.as_mutable(AsaList()))

Which doesn't appear to be different from: https://github.com/Flask-Middleware/flask-security/blob/25ad68dd4168c4ce5ccd38d2a51ac58513f60b2f/flask_security/models/sqla.py#L87-L89

Full output:

"permissions" overrides symbol of same name in class "RoleMixin"
Variable is mutable so its type is invariant
Override type "Mapped[list[Unknown] | None]" is not the same as base type "list[str] | None"

Adding # type: ignore[assignment] silences the linter, but is this correct?

jwag956 commented 4 months ago

I ran into that as well - and add the ignore pragma. I don't plan on fighting mypy/pyright. From the application/users perspectice - it is a list of string - it shouldn't know about the ORM (since different ORMs are supported).