Files
ss-tools/backend/src/models/auth.py
busya c6189876b3 chore(lint): apply ruff --fix (4443 auto-fixes)
Auto-fixed categories:
- F401: unused imports removed
- I001: import blocks sorted
- W293: trailing whitespace stripped
- UP035: deprecated typing imports replaced
- SIM: simplify suggestions applied
- ARG: unused args prefixed with underscore
- T201: print statements removed
- F841: unused variables removed
- RUF059: unpacked variables prefixed

Remaining ~1500 unfixable errors (C901, B904, N806, E402) require manual work.

Backend smoke tests: 13/13 passed.
2026-05-14 11:20:17 +03:00

131 lines
4.0 KiB
Python

# #region AuthModels [C:3] [TYPE Module] [SEMANTICS sqlalchemy, auth, model, schema, user]
# @BRIEF SQLAlchemy models for multi-user authentication and authorization.
# @LAYER: Domain
# @RELATION INHERITS_FROM -> [Base]
#
# @INVARIANT: Usernames and emails must be unique.
import uuid
from datetime import datetime
from sqlalchemy import Boolean, Column, DateTime, ForeignKey, String, Table
from sqlalchemy.orm import relationship
from .mapping import Base
# #region generate_uuid [TYPE Function]
# @BRIEF Generates a unique UUID string.
# @POST: Returns a string representation of a new UUID.
# @RELATION DEPENDS_ON -> [uuid]
def generate_uuid():
return str(uuid.uuid4())
# #endregion generate_uuid
# #region user_roles [TYPE Table]
# @BRIEF Association table for many-to-many relationship between Users and Roles.
# @RELATION DEPENDS_ON -> [Base]
# @RELATION DEPENDS_ON -> [User]
# @RELATION DEPENDS_ON -> [Role]
user_roles = Table(
"user_roles",
Base.metadata,
Column("user_id", String, ForeignKey("users.id"), primary_key=True),
Column("role_id", String, ForeignKey("roles.id"), primary_key=True),
)
# #endregion user_roles
# #region role_permissions [TYPE Table]
# @BRIEF Association table for many-to-many relationship between Roles and Permissions.
# @RELATION DEPENDS_ON -> [Base]
# @RELATION DEPENDS_ON -> [Role]
# @RELATION DEPENDS_ON -> [Permission]
role_permissions = Table(
"role_permissions",
Base.metadata,
Column("role_id", String, ForeignKey("roles.id"), primary_key=True),
Column("permission_id", String, ForeignKey("permissions.id"), primary_key=True),
)
# #endregion role_permissions
# #region User [TYPE Class]
# @BRIEF Represents an identity that can authenticate to the system.
# @RELATION HAS_MANY -> [Role]
class User(Base):
__tablename__ = "users"
id = Column(String, primary_key=True, default=generate_uuid)
username = Column(String, unique=True, index=True, nullable=False)
email = Column(String, unique=True, index=True, nullable=True)
password_hash = Column(String, nullable=True)
full_name = Column(String, nullable=True)
auth_source = Column(String, default="LOCAL") # LOCAL or ADFS
is_active = Column(Boolean, default=True)
is_ad_user = Column(Boolean, default=False)
created_at = Column(DateTime, default=datetime.utcnow)
last_login = Column(DateTime, nullable=True)
roles = relationship("Role", secondary=user_roles, back_populates="users")
# #endregion User
# #region Role [TYPE Class]
# @BRIEF Represents a collection of permissions.
# @RELATION HAS_MANY -> [User]
# @RELATION HAS_MANY -> [Permission]
class Role(Base):
__tablename__ = "roles"
id = Column(String, primary_key=True, default=generate_uuid)
name = Column(String, unique=True, index=True, nullable=False)
description = Column(String, nullable=True)
users = relationship("User", secondary=user_roles, back_populates="roles")
permissions = relationship(
"Permission", secondary=role_permissions, back_populates="roles"
)
# #endregion Role
# #region Permission [TYPE Class]
# @BRIEF Represents a specific capability within the system.
# @RELATION HAS_MANY -> [Role]
class Permission(Base):
__tablename__ = "permissions"
id = Column(String, primary_key=True, default=generate_uuid)
resource = Column(String, nullable=False) # e.g. "plugin:backup"
action = Column(String, nullable=False) # e.g. "READ", "EXECUTE", "WRITE"
roles = relationship(
"Role", secondary=role_permissions, back_populates="permissions"
)
# #endregion Permission
# #region ADGroupMapping [TYPE Class]
# @BRIEF Maps an Active Directory group to a local System Role.
# @RELATION DEPENDS_ON -> [Role]
class ADGroupMapping(Base):
__tablename__ = "ad_group_mappings"
id = Column(String, primary_key=True, default=generate_uuid)
ad_group = Column(String, unique=True, index=True, nullable=False)
role_id = Column(String, ForeignKey("roles.id"), nullable=False)
role = relationship("Role")
# #endregion ADGroupMapping
# #endregion AuthModels