113 lines
2.9 KiB
Python
113 lines
2.9 KiB
Python
"""
|
|
Database models for the IAM module
|
|
|
|
Models:
|
|
- Permission:
|
|
- id[PK], resource[U1], action[U1], service_id[FK][U1]
|
|
- service_rel: ORM relationship over service_id FK
|
|
- group_rel: ORM relationship backpops to Group.permission_rel
|
|
- service_name: Calc property service_rel.name
|
|
- Group:
|
|
- id[PK], name, org_id[FK]
|
|
- user_rel: ORM relationship to User via UserGroups table
|
|
- org_rel: ORM relationship to Organisation using org_id FK
|
|
- permission_rel: ORM relationship to Permission via GroupPermissions table
|
|
- GroupPermissions:
|
|
- group_id[FK][PK], permission_id[FK][PK]
|
|
- UserGroups:
|
|
- org_id[FK][PK], user_id[FK][PK], group_id[FK][PK]
|
|
"""
|
|
|
|
from sqlalchemy import Column, Integer, String, ForeignKey, UniqueConstraint
|
|
from sqlalchemy.orm import relationship
|
|
|
|
from src.database import Base
|
|
|
|
|
|
class Permission(Base):
|
|
__tablename__ = "permission"
|
|
|
|
id = Column(Integer, primary_key=True)
|
|
resource = Column(String, nullable=False)
|
|
action = Column(String, nullable=False)
|
|
|
|
service_id = Column(Integer, ForeignKey("service.id", ondelete="CASCADE"))
|
|
|
|
__table_args__ = (
|
|
UniqueConstraint(
|
|
"service_id",
|
|
"resource",
|
|
"action",
|
|
name="uniq_permission_resource_and_action",
|
|
),
|
|
)
|
|
|
|
service_rel = relationship(
|
|
"Service", back_populates="permission_rel", foreign_keys="Permission.service_id"
|
|
)
|
|
|
|
@property
|
|
def service_name(self):
|
|
return self.service_rel.name
|
|
|
|
group_rel = relationship(
|
|
"Group", secondary="group_permissions", back_populates="permission_rel"
|
|
)
|
|
|
|
org_rel = relationship(
|
|
"Organisation", secondary="org_permissions", back_populates="permission_rel"
|
|
)
|
|
|
|
|
|
class Group(Base):
|
|
__tablename__ = "group"
|
|
id = Column(Integer, primary_key=True)
|
|
name = Column(String, nullable=False)
|
|
|
|
org_id = Column(Integer, ForeignKey("organisation.id", ondelete="CASCADE"))
|
|
|
|
__table_args__ = (
|
|
UniqueConstraint(
|
|
"name",
|
|
"org_id",
|
|
name="uniq_group_name_org_id",
|
|
),
|
|
)
|
|
|
|
user_rel = relationship("User", secondary="user_groups", back_populates="group_rel")
|
|
|
|
org_rel = relationship("Organisation", back_populates="group_rel")
|
|
|
|
permission_rel = relationship(
|
|
"Permission", secondary="group_permissions", back_populates="group_rel"
|
|
)
|
|
|
|
|
|
class GroupPermissions(Base):
|
|
__tablename__ = "group_permissions"
|
|
group_id = Column(
|
|
Integer, ForeignKey("group.id", ondelete="CASCADE"), primary_key=True
|
|
)
|
|
permission_id = Column(
|
|
Integer, ForeignKey("permission.id", ondelete="CASCADE"), primary_key=True
|
|
)
|
|
|
|
|
|
class UserGroups(Base):
|
|
__tablename__ = "user_groups"
|
|
user_id = Column(
|
|
Integer, ForeignKey("user.id", ondelete="CASCADE"), primary_key=True
|
|
)
|
|
group_id = Column(
|
|
Integer, ForeignKey("group.id", ondelete="CASCADE"), primary_key=True
|
|
)
|
|
|
|
|
|
class OrgPermissions(Base):
|
|
__tablename__ = "org_permissions"
|
|
org_id = Column(
|
|
Integer, ForeignKey("organisation.id", ondelete="CASCADE"), primary_key=True
|
|
)
|
|
permission_id = Column(
|
|
Integer, ForeignKey("permission.id", ondelete="CASCADE"), primary_key=True
|
|
)
|