""" Database models for the IAM module Models: - Permission: - id[PK], resource[U1], action[U1], service_id[FK][U1] - service_rel: ORM relationship over service_id FK - group_rel: ORM relationship backpops to Group.permission_rel - service_name: Calc property service_rel.name """ from sqlalchemy import Column, Integer, String, ForeignKey, UniqueConstraint from sqlalchemy.orm import relationship from src.database import Base class Permission(Base): __tablename__ = "permission" id = Column(Integer, primary_key=True) resource = Column(String, nullable=False) action = Column(String, nullable=False) service_id = Column(Integer, ForeignKey("service.id", ondelete="CASCADE")) UniqueConstraint("service_id", "resource", "action", name="uniq_permission_resource_and_action") service_rel = relationship("Service", foreign_keys=[service_id]) @property def service_name(self): return self.service_rel.name group_rel = relationship( "Group", secondary="group_permissions", back_populates="permission_rel" ) class Group(Base): __tablename__ = "group" id = Column(Integer, primary_key=True) name = Column(String, nullable=False, unique=True) org_id = Column(Integer, ForeignKey("organisation.id", ondelete="CASCADE")) user_rel = relationship( "User", secondary="user_groups", back_populates="group_rel" ) org_rel = relationship("Organisation", back_populates="group_rel") permission_rel = relationship( "Permission", secondary="group_permissions", back_populates="group_rel" ) class GroupPermissions(Base): __tablename__ = "group_permissions" group_id = Column(Integer, ForeignKey("group.id", ondelete="CASCADE"), primary_key=True) permission_id = Column(Integer, ForeignKey("permission.id", ondelete="CASCADE"), primary_key=True) class UserGroups(Base): __tablename__ = "user_groups" org_id = Column(Integer, ForeignKey("organisation.id", ondelete="CASCADE"), primary_key=True) user_id = Column(Integer, ForeignKey("user.id", ondelete="CASCADE"), primary_key=True) group_id = Column(Integer, ForeignKey("group.id", ondelete="CASCADE"), primary_key=True)