fix: finalize semantic repair and test updates
This commit is contained in:
@@ -1,3 +1,3 @@
|
||||
# [DEF:src.models:Package]
|
||||
# [DEF:ModelsPackage:Package]
|
||||
# @PURPOSE: Domain model package root.
|
||||
# [/DEF:src.models:Package]
|
||||
# [/DEF:ModelsPackage:Package]
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
# @SEMANTICS: auth, models, user, role, permission, sqlalchemy
|
||||
# @PURPOSE: SQLAlchemy models for multi-user authentication and authorization.
|
||||
# @LAYER: Domain
|
||||
# @RELATION: INHERITS_FROM -> [MappingModels:Base]
|
||||
# @RELATION: INHERITS_FROM -> [Base]
|
||||
#
|
||||
# @INVARIANT: Usernames and emails must be unique.
|
||||
|
||||
@@ -17,19 +17,22 @@ from sqlalchemy.orm import relationship
|
||||
from .mapping import Base
|
||||
# [/SECTION]
|
||||
|
||||
|
||||
# [DEF:generate_uuid:Function]
|
||||
# @PURPOSE: Generates a unique UUID string.
|
||||
# @POST: Returns a string representation of a new UUID.
|
||||
# @RELATION: DEPENDS_ON -> uuid
|
||||
# @RELATION: DEPENDS_ON -> [uuid]
|
||||
def generate_uuid():
|
||||
return str(uuid.uuid4())
|
||||
|
||||
|
||||
# [/DEF:generate_uuid:Function]
|
||||
|
||||
# [DEF:user_roles:Table]
|
||||
# @PURPOSE: Association table for many-to-many relationship between Users and Roles.
|
||||
# @RELATION: DEPENDS_ON -> Base.metadata
|
||||
# @RELATION: DEPENDS_ON -> User
|
||||
# @RELATION: DEPENDS_ON -> Role
|
||||
# @RELATION: DEPENDS_ON -> [Base]
|
||||
# @RELATION: DEPENDS_ON -> [User]
|
||||
# @RELATION: DEPENDS_ON -> [Role]
|
||||
user_roles = Table(
|
||||
"user_roles",
|
||||
Base.metadata,
|
||||
@@ -40,9 +43,9 @@ user_roles = Table(
|
||||
|
||||
# [DEF:role_permissions:Table]
|
||||
# @PURPOSE: Association table for many-to-many relationship between Roles and Permissions.
|
||||
# @RELATION: DEPENDS_ON -> Base.metadata
|
||||
# @RELATION: DEPENDS_ON -> Role
|
||||
# @RELATION: DEPENDS_ON -> Permission
|
||||
# @RELATION: DEPENDS_ON -> [Base]
|
||||
# @RELATION: DEPENDS_ON -> [Role]
|
||||
# @RELATION: DEPENDS_ON -> [Permission]
|
||||
role_permissions = Table(
|
||||
"role_permissions",
|
||||
Base.metadata,
|
||||
@@ -51,65 +54,81 @@ role_permissions = Table(
|
||||
)
|
||||
# [/DEF:role_permissions:Table]
|
||||
|
||||
|
||||
# [DEF:User:Class]
|
||||
# @PURPOSE: Represents an identity that can authenticate to the system.
|
||||
# @RELATION: HAS_MANY -> Role (via user_roles)
|
||||
# @RELATION: HAS_MANY -> [Role]
|
||||
class User(Base):
|
||||
__tablename__ = "users"
|
||||
|
||||
|
||||
id = Column(String, primary_key=True, default=generate_uuid)
|
||||
username = Column(String, unique=True, index=True, nullable=False)
|
||||
email = Column(String, unique=True, index=True, nullable=True)
|
||||
password_hash = Column(String, nullable=True)
|
||||
full_name = Column(String, nullable=True)
|
||||
auth_source = Column(String, default="LOCAL") # LOCAL or ADFS
|
||||
auth_source = Column(String, default="LOCAL") # LOCAL or ADFS
|
||||
is_active = Column(Boolean, default=True)
|
||||
is_ad_user = Column(Boolean, default=False)
|
||||
created_at = Column(DateTime, default=datetime.utcnow)
|
||||
last_login = Column(DateTime, nullable=True)
|
||||
|
||||
|
||||
roles = relationship("Role", secondary=user_roles, back_populates="users")
|
||||
|
||||
|
||||
# [/DEF:User:Class]
|
||||
|
||||
|
||||
# [DEF:Role:Class]
|
||||
# @PURPOSE: Represents a collection of permissions.
|
||||
# @RELATION: HAS_MANY -> User (via user_roles)
|
||||
# @RELATION: HAS_MANY -> Permission (via role_permissions)
|
||||
# @RELATION: HAS_MANY -> [User]
|
||||
# @RELATION: HAS_MANY -> [Permission]
|
||||
class Role(Base):
|
||||
__tablename__ = "roles"
|
||||
|
||||
|
||||
id = Column(String, primary_key=True, default=generate_uuid)
|
||||
name = Column(String, unique=True, index=True, nullable=False)
|
||||
description = Column(String, nullable=True)
|
||||
|
||||
|
||||
users = relationship("User", secondary=user_roles, back_populates="roles")
|
||||
permissions = relationship("Permission", secondary=role_permissions, back_populates="roles")
|
||||
permissions = relationship(
|
||||
"Permission", secondary=role_permissions, back_populates="roles"
|
||||
)
|
||||
|
||||
|
||||
# [/DEF:Role:Class]
|
||||
|
||||
|
||||
# [DEF:Permission:Class]
|
||||
# @PURPOSE: Represents a specific capability within the system.
|
||||
# @RELATION: HAS_MANY -> Role (via role_permissions)
|
||||
# @RELATION: HAS_MANY -> [Role]
|
||||
class Permission(Base):
|
||||
__tablename__ = "permissions"
|
||||
|
||||
|
||||
id = Column(String, primary_key=True, default=generate_uuid)
|
||||
resource = Column(String, nullable=False) # e.g. "plugin:backup"
|
||||
action = Column(String, nullable=False) # e.g. "READ", "EXECUTE", "WRITE"
|
||||
|
||||
roles = relationship("Role", secondary=role_permissions, back_populates="permissions")
|
||||
resource = Column(String, nullable=False) # e.g. "plugin:backup"
|
||||
action = Column(String, nullable=False) # e.g. "READ", "EXECUTE", "WRITE"
|
||||
|
||||
roles = relationship(
|
||||
"Role", secondary=role_permissions, back_populates="permissions"
|
||||
)
|
||||
|
||||
|
||||
# [/DEF:Permission:Class]
|
||||
|
||||
|
||||
# [DEF:ADGroupMapping:Class]
|
||||
# @PURPOSE: Maps an Active Directory group to a local System Role.
|
||||
# @RELATION: DEPENDS_ON -> Role
|
||||
# @RELATION: DEPENDS_ON -> [Role]
|
||||
class ADGroupMapping(Base):
|
||||
__tablename__ = "ad_group_mappings"
|
||||
|
||||
|
||||
id = Column(String, primary_key=True, default=generate_uuid)
|
||||
ad_group = Column(String, unique=True, index=True, nullable=False)
|
||||
role_id = Column(String, ForeignKey("roles.id"), nullable=False)
|
||||
|
||||
|
||||
role = relationship("Role")
|
||||
|
||||
|
||||
# [/DEF:ADGroupMapping:Class]
|
||||
|
||||
# [/DEF:AuthModels:Module]
|
||||
# [/DEF:AuthModels:Module]
|
||||
|
||||
Reference in New Issue
Block a user