flip_api.db.models.user_models

Classes

`Permission`	Permission table.
`PermissionRef`	Enum for predefined permissions.
`RoleRef`	Enum for predefined roles.
`UserRole`	User role mapping table.
`UserProfile`	DB-backed profile data for a Cognito user.
`Role`	Role table.
`RolePermission`	Role permission mapping table.
`UsersAudit`	Audit table for user changes.

Module Contents

class flip_api.db.models.user_models.Permission

Bases: sqlmodel.SQLModel

Permission table.

__tablename__ = 'permission'

id: uuid.UUID

permission_name: str

permission_description: str

__repr__()

class flip_api.db.models.user_models.PermissionRef(*args, **kwds)

Bases: enum.Enum

Enum for predefined permissions.

Values are real UUID objects, not strings. Consumers should pass .value directly to SQLModel UUID columns or compare against UUIDs fetched from the DB — no UUID(...) wrapping needed.

CAN_ACCESS_ADMIN_PANEL

CAN_APPROVE_PROJECTS

CAN_CREATE_PROJECTS

CAN_DELETE_ANY_PROJECT

CAN_MANAGE_DEPLOYMENTS

CAN_MANAGE_PROJECTS

CAN_MANAGE_SITE_BANNER

CAN_MANAGE_USERS

CAN_UNSTAGE_PROJECTS

class flip_api.db.models.user_models.RoleRef(*args, **kwds)

Bases: enum.Enum

Enum for predefined roles.

Values are real UUID objects, not strings. See PermissionRef for the same contract.

ADMIN

RESEARCHER

VIEWER

class flip_api.db.models.user_models.UserRole

Bases: sqlmodel.SQLModel

User role mapping table.

user_id holds a Cognito sub UUID. There is intentionally no FK to a local users table — Cognito is the source of truth for user identity.

__tablename__ = 'user_role'

user_id: uuid.UUID

role_id: uuid.UUID

class flip_api.db.models.user_models.UserProfile

Bases: sqlmodel.SQLModel

DB-backed profile data for a Cognito user.

name and organisation are operator-supplied strings rendered to other users via Vue {{ }} interpolation (project card owner_name, audit log actor labels, etc.). Vue escapes {{ }} by default, so the current UI is safe. Treat both fields as UNTRUSTED CONTENT — if you ever render them via v-html, export them to PDF/CSV, or paste them into an email template, re-escape at that boundary. The 255-char cap is a length bound, not a content filter.

__tablename__ = 'user_profile'

user_id: uuid.UUID

name: str

organisation: str

created_at: datetime.datetime

updated_at: datetime.datetime

class flip_api.db.models.user_models.Role

Bases: sqlmodel.SQLModel

Role table.

__tablename__ = 'roles'

id: uuid.UUID

name: str

description: str

created_at: datetime.datetime

updated_at: datetime.datetime

class flip_api.db.models.user_models.RolePermission

Bases: sqlmodel.SQLModel

Role permission mapping table.

__tablename__ = 'role_permission'

id: uuid.UUID

role_id: uuid.UUID

permission_id: uuid.UUID

class flip_api.db.models.user_models.UsersAudit

Bases: sqlmodel.SQLModel

Audit table for user changes.

__tablename__ = 'users_audit'

id: uuid.UUID

action: str

user_id: uuid.UUID

modified_by_user_id: uuid.UUID

timestamp: datetime.datetime