cloud-api/src/iam/models.py

"""
Database models for the IAM module

Models:
 - Permission:
  - id[PK], resource[U1], action[U1], service_id[FK][U1]
  - service_rel: ORM relationship over service_id FK
  - group_rel: ORM relationship backpops to Group.permission_rel
  - service_name: Calc property service_rel.name
 - Group:
  - id[PK], name, org_id[FK]
  - user_rel: ORM relationship to User via UserGroups table
  - org_rel: ORM relationship to Organisation using org_id FK
  - permission_rel: ORM relationship to Permission via GroupPermissions table
 - GroupPermissions:
  - group_id[FK][PK], permission_id[FK][PK]
 - UserGroups:
  - org_id[FK][PK], user_id[FK][PK], group_id[FK][PK]
"""

from sqlalchemy import Column, Integer, String, ForeignKey, UniqueConstraint
from sqlalchemy.orm import relationship

from src.database import Base


class Permission(Base):
	__tablename__ = "permission"

	id = Column(Integer, primary_key=True)
	resource = Column(String, nullable=False)
	action = Column(String, nullable=False)

	service_id = Column(Integer, ForeignKey("service.id", ondelete="CASCADE"))

	__table_args__ = (
		UniqueConstraint(
			"service_id",
			"resource",
			"action",
			name="uniq_permission_resource_and_action",
		),
	)

	service_rel = relationship("Service", foreign_keys=[service_id])

	@property
	def service_name(self):
		return self.service_rel.name

	group_rel = relationship(
		"Group", secondary="group_permissions", back_populates="permission_rel"
	)


class Group(Base):
	__tablename__ = "group"
	id = Column(Integer, primary_key=True)
	name = Column(String, nullable=False)

	org_id = Column(Integer, ForeignKey("organisation.id", ondelete="CASCADE"))

	__table_args__ = (
		UniqueConstraint(
			"name",
			"org_id",
			name="uniq_group_name_org_id",
		),
	)

	user_rel = relationship("User", secondary="user_groups", back_populates="group_rel")

	org_rel = relationship("Organisation", back_populates="group_rel")

	permission_rel = relationship(
		"Permission", secondary="group_permissions", back_populates="group_rel"
	)


class GroupPermissions(Base):
	__tablename__ = "group_permissions"
	group_id = Column(
		Integer, ForeignKey("group.id", ondelete="CASCADE"), primary_key=True
	)
	permission_id = Column(
		Integer, ForeignKey("permission.id", ondelete="CASCADE"), primary_key=True
	)


class UserGroups(Base):
	__tablename__ = "user_groups"
	user_id = Column(
		Integer, ForeignKey("user.id", ondelete="CASCADE"), primary_key=True
	)
	group_id = Column(
		Integer, ForeignKey("group.id", ondelete="CASCADE"), primary_key=True
	)