| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- """Group model for permission-based access control."""
- from __future__ import annotations
- from datetime import datetime
- from typing import TYPE_CHECKING
- from sqlalchemy import Boolean, Column, DateTime, ForeignKey, Integer, String, Table, func
- from sqlalchemy.orm import Mapped, mapped_column, relationship
- from sqlalchemy.types import JSON
- from backend.app.core.database import Base
- if TYPE_CHECKING:
- from backend.app.models.user import User
- # Many-to-many association table between users and groups
- user_groups = Table(
- "user_groups",
- Base.metadata,
- Column("user_id", Integer, ForeignKey("users.id", ondelete="CASCADE"), primary_key=True),
- Column("group_id", Integer, ForeignKey("groups.id", ondelete="CASCADE"), primary_key=True),
- )
- class Group(Base):
- """Group model for organizing users and assigning permissions.
- Groups contain a list of permissions that are granted to all members.
- Users can belong to multiple groups, and their permissions are additive.
- System groups (Administrators, Operators, Viewers) cannot be deleted.
- """
- __tablename__ = "groups"
- id: Mapped[int] = mapped_column(primary_key=True)
- name: Mapped[str] = mapped_column(String(100), unique=True, index=True)
- description: Mapped[str | None] = mapped_column(String(500), nullable=True)
- permissions: Mapped[list[str]] = mapped_column(JSON, default=list)
- is_system: Mapped[bool] = mapped_column(Boolean, default=False)
- created_at: Mapped[datetime] = mapped_column(DateTime, server_default=func.now())
- updated_at: Mapped[datetime] = mapped_column(DateTime, server_default=func.now(), onupdate=func.now())
- # Relationship to users through association table
- users: Mapped[list[User]] = relationship(
- "User",
- secondary=user_groups,
- back_populates="groups",
- lazy="selectin",
- )
- def __repr__(self) -> str:
- return f"<Group {self.name}>"
|
