cloud-api/src/iam/schemas.py

"""
Pydantic models for the IAM module

Models follow the nomenclature of:
- Sub-models: "<Resource><Opt:>Schema"
- Models: "<Module><Method><Resource><Opt:Resource><Direction>" ie "IAMGetGroupPermissionsResponse"
"""

from typing import Optional, Annotated

from pydantic import EmailStr, ConfigDict, Field

from src.schemas import (
	CustomBaseModel,
	ResourceName,
	ServiceIDMixin,
	OrgIDMixin,
	UserIDMixin,
	PermIDMixin,
	GroupIDMixin,
	GroupSummary,
	OrgSummary,
	UserSummary,
)


class UserSchema(CustomBaseModel):
	model_config = ConfigDict(from_attributes=True, extra="ignore")

	id: int
	first_name: str
	last_name: str
	email: EmailStr


class PermissionSchema(CustomBaseModel):
	model_config = ConfigDict(from_attributes=True, extra="ignore")

	id: int
	service_name: str
	resource: str
	action: str


class GroupSchema(CustomBaseModel):
	id: int
	name: str


class IAMCAoRRequest(CustomBaseModel):
	action: str
	rn: ResourceName


class IAMGetGroupPermissionsResponse(CustomBaseModel):
	organisation: OrgSummary
	group: GroupSummary
	permissions: list[PermissionSchema]


class IAMGetGroupUsersResponse(CustomBaseModel):
	organisation: OrgSummary
	group: GroupSummary
	users: list[UserSummary]


class IAMPostGroupRequest(OrgIDMixin):
	name: str = Field(min_length=3)


class IAMPostGroupResponse(CustomBaseModel):
	group: GroupSchema


class IAMPutGroupPermissionRequest(GroupIDMixin, PermIDMixin, OrgIDMixin):
	pass


class IAMPutGroupPermissionResponse(CustomBaseModel):
	organisation: OrgSummary
	group: GroupSummary
	permissions: list[PermissionSchema]


class IAMPutGroupUserRequest(GroupIDMixin, UserIDMixin, OrgIDMixin):
	pass


class IAMPutGroupUserResponse(CustomBaseModel):
	group: GroupSchema
	users: list[UserSchema]


class IAMDeleteGroupPermissionResponse(CustomBaseModel):
	group: GroupSchema
	permissions: list[PermissionSchema]


class IAMDeleteGroupUserResponse(CustomBaseModel):
	group: GroupSchema
	users: list[UserSchema]


class IAMGetPermissionsResponse(CustomBaseModel):
	permissions: list[PermissionSchema]


class IAMPostPermissionRequest(ServiceIDMixin):
	resource: str
	action: str


class IAMPostPermissionResponse(CustomBaseModel):
	permission: PermissionSchema


class IAMGetPermissionsSearchRequest(OrgIDMixin):
	service_id: Annotated[int | None, Field(gt=0)] = None
	resource: Optional[str] = None
	action: Optional[str] = None


class IAMGetPermissionsSearchResponse(CustomBaseModel):
	permissions: list[PermissionSchema]


class IAMPutGroupInvitationRequest(OrgIDMixin, GroupIDMixin):
	user_email: EmailStr


class IAMPutGroupInvitationAcceptRequest(CustomBaseModel):
	jwt: str
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00			`"""`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`Pydantic models for the IAM module`
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00
docs: iam docstrings Issue: #13 2026-05-28 13:22:24 +01:00			`Models follow the nomenclature of:`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`- Sub-models: "<Resource><Opt:>Schema"`
docs: iam docstrings Issue: #13 2026-05-28 13:22:24 +01:00			`- Models: "<Module><Method><Resource><Opt:Resource><Direction>" ie "IAMGetGroupPermissionsResponse"`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`"""`
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
fix: permission search typing 2026-06-02 15:55:50 +01:00			`from typing import Optional, Annotated`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: min length on group name post 2026-06-02 13:37:42 +01:00			`from pydantic import EmailStr, ConfigDict, Field`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
feat: schema mixins moved to project level Resolves circular dependency issues. 2026-06-09 13:17:31 +01:00			`from src.schemas import (`
			`CustomBaseModel,`
feat: improved caor request model Issue: #23 2026-06-10 09:32:02 +01:00			`ResourceName,`
feat: schema mixins moved to project level Resolves circular dependency issues. 2026-06-09 13:17:31 +01:00			`ServiceIDMixin,`
			`OrgIDMixin,`
			`UserIDMixin,`
			`PermIDMixin,`
			`GroupIDMixin,`
feat: more ids returned on endpoints Issue: #23 2026-06-10 13:48:59 +01:00			`GroupSummary,`
			`OrgSummary,`
			`UserSummary,`
feat: schema mixins moved to project level Resolves circular dependency issues. 2026-06-09 13:17:31 +01:00			`)`
feat: custom exceptions instead of direct fastapi.httpexceptions Resolves #2 2026-05-27 14:58:10 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`class UserSchema(CustomBaseModel):`
fix: userschema config Required for Pydantic to map a SQLAlchemy model to it. 2026-06-02 14:37:07 +01:00			`model_config = ConfigDict(from_attributes=True, extra="ignore")`
fix: permission search changed to post Get requests cannot have bodies. 2026-06-02 15:13:00 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`id: int`
			`first_name: str`
			`last_name: str`
			`email: EmailStr`

minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`class PermissionSchema(CustomBaseModel):`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`model_config = ConfigDict(from_attributes=True, extra="ignore")`

feat: id returned with permission details 2026-06-09 14:04:21 +01:00			`id: int`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`service_name: str`
			`resource: str`
			`action: str`

minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`class GroupSchema(CustomBaseModel):`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`id: int`
			`name: str`

minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: improved caor request model Issue: #23 2026-06-10 09:32:02 +01:00			`class IAMCAoRRequest(CustomBaseModel):`
			`action: str`
			`rn: ResourceName`


feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMGetGroupPermissionsResponse(CustomBaseModel):`
feat: more ids returned on endpoints Issue: #23 2026-06-10 13:48:59 +01:00			`organisation: OrgSummary`
			`group: GroupSummary`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`permissions: list[PermissionSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMGetGroupUsersResponse(CustomBaseModel):`
feat: more ids returned on endpoints Issue: #23 2026-06-10 13:48:59 +01:00			`organisation: OrgSummary`
			`group: GroupSummary`
			`users: list[UserSummary]`
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
feat: org dependencies Org endpoints use query/body model dependencies to perform initial db lookups. Issue #6 Org ID path params have been replaced with either query params (get endpoints) or body values. Resolves #10 Endpoints in other modules that rely on an org model lookup have also been updated. 2026-05-27 12:21:03 +01:00			`class IAMPostGroupRequest(OrgIDMixin):`
minor: min length on group name post 2026-06-02 13:37:42 +01:00			`name: str = Field(min_length=3)`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMPostGroupResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`group: GroupSchema`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
fix: missing org id in req body 2026-06-02 13:50:13 +01:00			`class IAMPutGroupPermissionRequest(GroupIDMixin, PermIDMixin, OrgIDMixin):`
feat: iam dependencies IAM endpoints now use dependencies to perform most initial database get requests. Issue #6 2026-05-27 11:11:19 +01:00			`pass`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMPutGroupPermissionResponse(CustomBaseModel):`
feat: more ids returned on endpoints Issue: #23 2026-06-10 13:48:59 +01:00			`organisation: OrgSummary`
			`group: GroupSummary`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`permissions: list[PermissionSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
fix: missing org id in req 2026-06-02 14:21:05 +01:00			`class IAMPutGroupUserRequest(GroupIDMixin, UserIDMixin, OrgIDMixin):`
feat: custom exceptions instead of direct fastapi.httpexceptions Resolves #2 2026-05-27 14:58:10 +01:00			`pass`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMPutGroupUserResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`group: GroupSchema`
			`users: list[UserSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMDeleteGroupPermissionResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`group: GroupSchema`
			`permissions: list[PermissionSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMDeleteGroupUserResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`group: GroupSchema`
			`users: list[UserSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMGetPermissionsResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`permissions: list[PermissionSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
fix: create permission endpoint Verifies service exists before attaching permission. Response built manually because calculated properties are not handled by .__dict()__ Request model uses Service ID mixin. Service ID mixin verifies ID > 0 2026-06-02 15:36:05 +01:00			`class IAMPostPermissionRequest(ServiceIDMixin):`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`resource: str`
			`action: str`

minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMPostPermissionResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`permission: PermissionSchema`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
fix: permission search changed to post Get requests cannot have bodies. 2026-06-02 15:13:00 +01:00			`class IAMGetPermissionsSearchRequest(OrgIDMixin):`
fix: permission search typing 2026-06-02 15:55:50 +01:00			`service_id: Annotated[int \| None, Field(gt=0)] = None`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`resource: Optional[str] = None`
			`action: Optional[str] = None`

minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMGetPermissionsSearchResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`permissions: list[PermissionSchema]`
feat: sua added to group invitations Issue: #23 2026-06-09 16:52:22 +01:00

			`class IAMPutGroupInvitationRequest(OrgIDMixin, GroupIDMixin):`
			`user_email: EmailStr`


			`class IAMPutGroupInvitationAcceptRequest(CustomBaseModel):`
			`jwt: str`