flip_api.db.models.user_models ============================== .. py:module:: flip_api.db.models.user_models Classes ------- .. autoapisummary:: flip_api.db.models.user_models.Permission flip_api.db.models.user_models.PermissionRef flip_api.db.models.user_models.RoleRef flip_api.db.models.user_models.UserRole flip_api.db.models.user_models.UserProfile flip_api.db.models.user_models.Role flip_api.db.models.user_models.RolePermission flip_api.db.models.user_models.UsersAudit Module Contents --------------- .. py:class:: Permission Bases: :py:obj:`sqlmodel.SQLModel` Permission table. .. py:attribute:: __tablename__ :value: 'permission' .. py:attribute:: id :type: uuid.UUID .. py:attribute:: permission_name :type: str .. py:attribute:: permission_description :type: str .. py:method:: __repr__() .. py:class:: PermissionRef(*args, **kwds) Bases: :py:obj:`enum.Enum` Enum for predefined permissions. Values are real :class:`UUID` objects, not strings. Consumers should pass ``.value`` directly to SQLModel UUID columns or compare against UUIDs fetched from the DB — no ``UUID(...)`` wrapping needed. .. py:attribute:: CAN_ACCESS_ADMIN_PANEL .. py:attribute:: CAN_APPROVE_PROJECTS .. py:attribute:: CAN_CREATE_PROJECTS .. py:attribute:: CAN_DELETE_ANY_PROJECT .. py:attribute:: CAN_MANAGE_DEPLOYMENTS .. py:attribute:: CAN_MANAGE_PROJECTS .. py:attribute:: CAN_MANAGE_SITE_BANNER .. py:attribute:: CAN_MANAGE_USERS .. py:attribute:: CAN_UNSTAGE_PROJECTS .. py:class:: RoleRef(*args, **kwds) Bases: :py:obj:`enum.Enum` Enum for predefined roles. Values are real :class:`UUID` objects, not strings. See :class:`PermissionRef` for the same contract. .. py:attribute:: ADMIN .. py:attribute:: RESEARCHER .. py:attribute:: VIEWER .. py:class:: UserRole Bases: :py:obj:`sqlmodel.SQLModel` User role mapping table. ``user_id`` holds a Cognito ``sub`` UUID. There is intentionally no FK to a local users table — Cognito is the source of truth for user identity. .. py:attribute:: __tablename__ :value: 'user_role' .. py:attribute:: user_id :type: uuid.UUID .. py:attribute:: role_id :type: uuid.UUID .. py:class:: UserProfile Bases: :py:obj:`sqlmodel.SQLModel` DB-backed profile data for a Cognito user. `name` and `organisation` are operator-supplied strings rendered to other users via Vue `{{ }}` interpolation (project card `owner_name`, audit log actor labels, etc.). Vue escapes `{{ }}` by default, so the current UI is safe. Treat both fields as UNTRUSTED CONTENT — if you ever render them via `v-html`, export them to PDF/CSV, or paste them into an email template, re-escape at that boundary. The 255-char cap is a length bound, not a content filter. .. py:attribute:: __tablename__ :value: 'user_profile' .. py:attribute:: user_id :type: uuid.UUID .. py:attribute:: name :type: str .. py:attribute:: organisation :type: str .. py:attribute:: created_at :type: datetime.datetime .. py:attribute:: updated_at :type: datetime.datetime .. py:class:: Role Bases: :py:obj:`sqlmodel.SQLModel` Role table. .. py:attribute:: __tablename__ :value: 'roles' .. py:attribute:: id :type: uuid.UUID .. py:attribute:: name :type: str .. py:attribute:: description :type: str .. py:attribute:: created_at :type: datetime.datetime .. py:attribute:: updated_at :type: datetime.datetime .. py:class:: RolePermission Bases: :py:obj:`sqlmodel.SQLModel` Role permission mapping table. .. py:attribute:: __tablename__ :value: 'role_permission' .. py:attribute:: id :type: uuid.UUID .. py:attribute:: role_id :type: uuid.UUID .. py:attribute:: permission_id :type: uuid.UUID .. py:class:: UsersAudit Bases: :py:obj:`sqlmodel.SQLModel` Audit table for user changes. .. py:attribute:: __tablename__ :value: 'users_audit' .. py:attribute:: id :type: uuid.UUID .. py:attribute:: action :type: str .. py:attribute:: user_id :type: uuid.UUID .. py:attribute:: modified_by_user_id :type: uuid.UUID .. py:attribute:: timestamp :type: datetime.datetime