cloud-api/src/iam/schemas.py

"""
Pydantic models for the IAM module

Models follow the nomenclature of:
- Sub-models: "<Resource><Opt:>Schema"
- Mixins: "<Attribute>Mixin"
- Models: "<Module><Method><Resource><Opt:Resource><Direction>" ie "IAMGetGroupPermissionsResponse"
"""
from typing import Optional

from pydantic import EmailStr, ConfigDict, Field

from src.organisation.schemas import OrgIDMixin
from src.schemas import CustomBaseModel
from user.schemas import UserIDMixin


class UserSchema(CustomBaseModel):
	id: int
	first_name: str
	last_name: str
	email: EmailStr

class PermissionSchema(CustomBaseModel):
	model_config = ConfigDict(from_attributes=True, extra="ignore")

	service_name: str
	resource: str
	action: str

class GroupSchema(CustomBaseModel):
	id: int
	name: str

class GroupIDMixin(CustomBaseModel):
	group_id: int

class PermIDMixin(CustomBaseModel):
	permission_id: int

class IAMGetGroupPermissionsResponse(CustomBaseModel):
	permissions: list[PermissionSchema]

class IAMGetGroupUsersResponse(CustomBaseModel):
	users : list[UserSchema]

class IAMPostGroupRequest(OrgIDMixin):
	name: str = Field(min_length=3)

class IAMPostGroupResponse(CustomBaseModel):
	group: GroupSchema

class IAMPutGroupPermissionRequest(GroupIDMixin, PermIDMixin):
	pass

class IAMPutGroupPermissionResponse(CustomBaseModel):
	group: GroupSchema
	permissions: list[PermissionSchema]

class IAMPutGroupUserRequest(GroupIDMixin, UserIDMixin):
	pass

class IAMPutGroupUserResponse(CustomBaseModel):
	group: GroupSchema
	users: list[UserSchema]

class IAMDeleteGroupPermissionRequest(GroupIDMixin, PermIDMixin):
	pass

class IAMDeleteGroupPermissionResponse(CustomBaseModel):
	group: GroupSchema
	permissions: list[PermissionSchema]

class IAMDeleteGroupUserRequest(GroupIDMixin, UserIDMixin):
	pass

class IAMDeleteGroupUserResponse(CustomBaseModel):
	group: GroupSchema
	users: list[UserSchema]

class IAMGetPermissionsResponse(CustomBaseModel):
	permissions: list[PermissionSchema]

class IAMPostPermissionRequest(CustomBaseModel):
	service_id: int
	resource: str
	action: str

class IAMPostPermissionResponse(CustomBaseModel):
	permission: PermissionSchema

class IAMDeletePermissionRequest(PermIDMixin):
	pass

class IAMGetPermissionsSearchRequest(CustomBaseModel):
	service_id: Optional[int] = None
	resource: Optional[str] = None
	action: Optional[str] = None

class IAMGetPermissionsSearchResponse(CustomBaseModel):
	permissions: list[PermissionSchema]
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00			`"""`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`Pydantic models for the IAM module`
feat: iam rbac system Endpoints and db architecture to support a role based IAM system. 2026-05-25 09:05:17 +01:00
docs: iam docstrings Issue: #13 2026-05-28 13:22:24 +01:00			`Models follow the nomenclature of:`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`- Sub-models: "<Resource><Opt:>Schema"`
docs: iam docstrings Issue: #13 2026-05-28 13:22:24 +01:00			`- Mixins: "<Attribute>Mixin"`
			`- Models: "<Module><Method><Resource><Opt:Resource><Direction>" ie "IAMGetGroupPermissionsResponse"`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`"""`
			`from typing import Optional`

minor: min length on group name post 2026-06-02 13:37:42 +01:00			`from pydantic import EmailStr, ConfigDict, Field`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
feat: org dependencies Org endpoints use query/body model dependencies to perform initial db lookups. Issue #6 Org ID path params have been replaced with either query params (get endpoints) or body values. Resolves #10 Endpoints in other modules that rely on an org model lookup have also been updated. 2026-05-27 12:21:03 +01:00			`from src.organisation.schemas import OrgIDMixin`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`from src.schemas import CustomBaseModel`
feat: custom exceptions instead of direct fastapi.httpexceptions Resolves #2 2026-05-27 14:58:10 +01:00			`from user.schemas import UserIDMixin`

feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`class UserSchema(CustomBaseModel):`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`id: int`
			`first_name: str`
			`last_name: str`
			`email: EmailStr`

minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`class PermissionSchema(CustomBaseModel):`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`model_config = ConfigDict(from_attributes=True, extra="ignore")`

			`service_name: str`
			`resource: str`
			`action: str`

minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`class GroupSchema(CustomBaseModel):`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`id: int`
			`name: str`

feat: iam dependencies IAM endpoints now use dependencies to perform most initial database get requests. Issue #6 2026-05-27 11:11:19 +01:00			`class GroupIDMixin(CustomBaseModel):`
			`group_id: int`

			`class PermIDMixin(CustomBaseModel):`
			`permission_id: int`

feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00			`class IAMGetGroupPermissionsResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`permissions: list[PermissionSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
			`class IAMGetGroupUsersResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`users : list[UserSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
feat: org dependencies Org endpoints use query/body model dependencies to perform initial db lookups. Issue #6 Org ID path params have been replaced with either query params (get endpoints) or body values. Resolves #10 Endpoints in other modules that rely on an org model lookup have also been updated. 2026-05-27 12:21:03 +01:00			`class IAMPostGroupRequest(OrgIDMixin):`
minor: min length on group name post 2026-06-02 13:37:42 +01:00			`name: str = Field(min_length=3)`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
			`class IAMPostGroupResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`group: GroupSchema`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
feat: iam dependencies IAM endpoints now use dependencies to perform most initial database get requests. Issue #6 2026-05-27 11:11:19 +01:00			`class IAMPutGroupPermissionRequest(GroupIDMixin, PermIDMixin):`
			`pass`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
			`class IAMPutGroupPermissionResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`group: GroupSchema`
			`permissions: list[PermissionSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
feat: custom exceptions instead of direct fastapi.httpexceptions Resolves #2 2026-05-27 14:58:10 +01:00			`class IAMPutGroupUserRequest(GroupIDMixin, UserIDMixin):`
			`pass`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
			`class IAMPutGroupUserResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`group: GroupSchema`
			`users: list[UserSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
feat: iam dependencies IAM endpoints now use dependencies to perform most initial database get requests. Issue #6 2026-05-27 11:11:19 +01:00			`class IAMDeleteGroupPermissionRequest(GroupIDMixin, PermIDMixin):`
			`pass`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
			`class IAMDeleteGroupPermissionResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`group: GroupSchema`
			`permissions: list[PermissionSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
feat: custom exceptions instead of direct fastapi.httpexceptions Resolves #2 2026-05-27 14:58:10 +01:00			`class IAMDeleteGroupUserRequest(GroupIDMixin, UserIDMixin):`
			`pass`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
			`class IAMDeleteGroupUserResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`group: GroupSchema`
			`users: list[UserSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
			`class IAMGetPermissionsResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`permissions: list[PermissionSchema]`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
			`class IAMPostPermissionRequest(CustomBaseModel):`
			`service_id: int`
			`resource: str`
			`action: str`

			`class IAMPostPermissionResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`permission: PermissionSchema`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
feat: iam dependencies IAM endpoints now use dependencies to perform most initial database get requests. Issue #6 2026-05-27 11:11:19 +01:00			`class IAMDeletePermissionRequest(PermIDMixin):`
			`pass`
feat: iam endpoint req/res models 2026-05-26 16:25:14 +01:00
			`class IAMGetPermissionsSearchRequest(CustomBaseModel):`
			`service_id: Optional[int] = None`
			`resource: Optional[str] = None`
			`action: Optional[str] = None`

			`class IAMGetPermissionsSearchResponse(CustomBaseModel):`
minor: iam schema nomenclature 2026-05-28 13:37:32 +01:00			`permissions: list[PermissionSchema]`