feat(rbac): hide unauthorized menu sections and enforce route guards

backend/src/models/profile.py

@@ -0,0 +1,46 @@
+# [DEF:backend.src.models.profile:Module]
+#
+# @TIER:      STANDARD
+# @SEMANTICS: profile, preferences, persistence, user, dashboard-filter, sqlalchemy
+# @PURPOSE:   Defines persistent per-user dashboard filter preferences.
+# @LAYER:     Domain
+# @RELATION:  DEPENDS_ON -> backend.src.models.auth
+# @RELATION:  INHERITS_FROM -> backend.src.models.mapping.Base
+#
+# @INVARIANT: Exactly one preference row exists per user_id.
+
+# [SECTION: IMPORTS]
+import uuid
+from datetime import datetime
+from sqlalchemy import Column, String, Boolean, DateTime, ForeignKey
+from sqlalchemy.orm import relationship
+from .mapping import Base
+# [/SECTION]
+
+
+# [DEF:UserDashboardPreference:Class]
+# @TIER: STANDARD
+# @PURPOSE: Stores Superset username binding and default "my dashboards" toggle for one authenticated user.
+class UserDashboardPreference(Base):
+    __tablename__ = "user_dashboard_preferences"
+
+    id = Column(String, primary_key=True, default=lambda: str(uuid.uuid4()))
+    user_id = Column(String, ForeignKey("users.id"), nullable=False, unique=True, index=True)
+
+    superset_username = Column(String, nullable=True)
+    superset_username_normalized = Column(String, nullable=True, index=True)
+
+    show_only_my_dashboards = Column(Boolean, nullable=False, default=False)
+
+    created_at = Column(DateTime, nullable=False, default=datetime.utcnow)
+    updated_at = Column(
+        DateTime,
+        nullable=False,
+        default=datetime.utcnow,
+        onupdate=datetime.utcnow,
+    )
+
+    user = relationship("User")
+# [/DEF:UserDashboardPreference:Class]
+
+# [/DEF:backend.src.models.profile:Module]