Colum filter & db pre-processor functions

[Slluxx]

Is your feature request related to a problem? Please describe.
I enjoy using FastCRUD. It works beautifully for my admin-apis but it seemingly falls short when trying to use with restricted user apis.

For example: I have a table for "items" and and item is linked to a user by their id. Now, i dont want anyone to be able to submit a userid from the frontend (as to prevent creating items on other users behalf). So my thought was to use dependencies to check the http-only cookie, get the database user from it and modify the "item" to have (or set) the correct userid. It appears that dependencies can not modify what has been send though. (some sort of database-pre-processing)

Another thing would be to only grab items that belong to the currenctly logged in user. (some sort of column filter)

I saw that i can implement something like that (with FastCRUD) but its so much extra code that i feel like its not worth to use it and simply go the traditional route, which also cant be the solution.

Describe the solution you'd like
A way to modify data directly before its written to the database (as to not mess wth schemas) & a way to simplify user-tailored apis with column filters. Both could be smilar to the "dependencies". A MITM function basically.

Describe alternatives you've considered
I dont know of any alternatives.

Additional context

[igorbenav]

Hey, @Slluxx, thanks for the issue!
I'm pretty sure #229 fixes this, I was just with basically no time to review PRs for quite some time, but I'll get to it tomorrow.

[Slluxx]

@igorbenav Thanks for the quick response. Will this also fix the "pre-processor"?
EG editing the data before it is written to the database, to add/change column data programatically.

class ItemCreateSchema(BaseModel):
    name: str
    userId: int # should be set by api

Obviously userId is something that i need to map an item to a user but it should not be set in the frontend/javascript side. Which means i have to get the userId in the backend from the http-only cookie token. I tried sending a bogus userId (-1) and then modifying it within a dependency function but that just did not work for me.

[igorbenav]

I think I understand now, you mean something like this?

from fastcrud import crud_router, CreateConfig, UpdateConfig

async def get_current_user_id(auth: UserInfo = Depends(get_auth_user)):
    return auth.user_id

async def get_current_timestamp():
    return datetime.utcnow()

# Proposed API for automatic field injection
create_config = CreateConfig(
    auto_fields={
        "user_id": get_current_user_id,        # Override any frontend user_id
        "created_by": get_current_user_id,     # Set audit fields
        "created_at": get_current_timestamp,   # Set timestamps
    },
    # These fields should be excluded from the request schema entirely
    exclude_from_schema=["user_id", "created_by", "created_at"]
)

update_config = UpdateConfig(
    auto_fields={
        "updated_by": get_current_user_id,
        "updated_at": get_current_timestamp,
    },
    exclude_from_schema=["updated_by", "updated_at"]
)

router = crud_router(
    # ... other params
    create_config=create_config,
    update_config=update_config,
    filter_config=FilterConfig(user_id=get_current_user_id),
)