Initial commit: enterprise digital platform with portal SSO, DigiServer, IT Assets, NetworkView, Server Monitor
This commit is contained in:
ske087
@@ -0,0 +1,6 @@
|
||||
from app.models.user import PortalUser
|
||||
from app.models.app_access import AppAccess
|
||||
from app.models.api_key import ApiKey
|
||||
from app.models.module_config import ModuleConfig
|
||||
|
||||
__all__ = ['PortalUser', 'AppAccess', 'ApiKey', 'ModuleConfig']
|
||||
@@ -0,0 +1,24 @@
|
||||
import secrets
|
||||
from datetime import datetime
|
||||
from app.extensions import db
|
||||
|
||||
|
||||
class ApiKey(db.Model):
|
||||
"""Per-user API keys for programmatic access to sub-applications."""
|
||||
__tablename__ = 'api_keys'
|
||||
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
user_id = db.Column(db.Integer, db.ForeignKey('portal_users.id'), nullable=False)
|
||||
key = db.Column(db.String(64), unique=True, nullable=False, index=True)
|
||||
app_name = db.Column(db.String(50), nullable=False)
|
||||
description = db.Column(db.String(200), nullable=True)
|
||||
is_active = db.Column(db.Boolean, default=True)
|
||||
created_at = db.Column(db.DateTime, default=datetime.utcnow)
|
||||
last_used_at = db.Column(db.DateTime, nullable=True)
|
||||
|
||||
@staticmethod
|
||||
def generate_key():
|
||||
return secrets.token_hex(32)
|
||||
|
||||
def __repr__(self):
|
||||
return f'<ApiKey user={self.user_id} app={self.app_name}>'
|
||||
@@ -0,0 +1,20 @@
|
||||
from datetime import datetime
|
||||
from app.extensions import db
|
||||
|
||||
|
||||
class AppAccess(db.Model):
|
||||
"""Controls which portal users have access to which sub-applications."""
|
||||
__tablename__ = 'app_access'
|
||||
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
user_id = db.Column(db.Integer, db.ForeignKey('portal_users.id'), nullable=False)
|
||||
app_name = db.Column(db.String(50), nullable=False) # 'digiserver' | 'networkview' | 'itassets'
|
||||
is_active = db.Column(db.Boolean, default=True)
|
||||
# Per-app role override: 'admin' | 'user' | None (None = inherit the portal-level role)
|
||||
app_role = db.Column(db.String(20), nullable=True)
|
||||
granted_at = db.Column(db.DateTime, default=datetime.utcnow)
|
||||
|
||||
__table_args__ = (db.UniqueConstraint('user_id', 'app_name', name='uq_user_app'),)
|
||||
|
||||
def __repr__(self):
|
||||
return f'<AppAccess user={self.user_id} app={self.app_name} role={self.app_role}>'
|
||||
@@ -0,0 +1,15 @@
|
||||
from datetime import datetime
|
||||
from app.extensions import db
|
||||
|
||||
|
||||
class ModuleConfig(db.Model):
|
||||
"""Tracks whether each sub-application is enabled at the platform level."""
|
||||
__tablename__ = 'module_config'
|
||||
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
app_id = db.Column(db.String(50), unique=True, nullable=False)
|
||||
enabled = db.Column(db.Boolean, default=True, nullable=False)
|
||||
updated_at = db.Column(db.DateTime, default=datetime.utcnow, onupdate=datetime.utcnow)
|
||||
|
||||
def __repr__(self):
|
||||
return f'<ModuleConfig {self.app_id}={self.enabled}>'
|
||||
@@ -0,0 +1,38 @@
|
||||
from datetime import datetime
|
||||
from flask_login import UserMixin
|
||||
from app.extensions import db, login_manager
|
||||
|
||||
|
||||
class PortalUser(UserMixin, db.Model):
|
||||
__tablename__ = 'portal_users'
|
||||
|
||||
id = db.Column(db.Integer, primary_key=True)
|
||||
username = db.Column(db.String(80), unique=True, nullable=False, index=True)
|
||||
email = db.Column(db.String(200), unique=True, nullable=False)
|
||||
password_hash = db.Column(db.String(256), nullable=False)
|
||||
is_admin = db.Column(db.Boolean, default=False)
|
||||
is_active = db.Column(db.Boolean, default=True)
|
||||
created_at = db.Column(db.DateTime, default=datetime.utcnow)
|
||||
last_login = db.Column(db.DateTime, nullable=True)
|
||||
|
||||
app_accesses = db.relationship('AppAccess', backref='user', lazy='dynamic', cascade='all, delete-orphan')
|
||||
api_keys = db.relationship('ApiKey', backref='user', lazy='dynamic', cascade='all, delete-orphan')
|
||||
|
||||
def get_accessible_apps(self):
|
||||
return [a.app_name for a in self.app_accesses.filter_by(is_active=True).all()]
|
||||
|
||||
def can_access(self, app_name):
|
||||
return self.app_accesses.filter_by(app_name=app_name, is_active=True).first() is not None
|
||||
|
||||
def app_role(self, app_name):
|
||||
"""Return the per-app role override ('admin'|'user'), or None if not set."""
|
||||
access = self.app_accesses.filter_by(app_name=app_name, is_active=True).first()
|
||||
return access.app_role if access else None
|
||||
|
||||
def __repr__(self):
|
||||
return f'<PortalUser {self.username}>'
|
||||
|
||||
|
||||
@login_manager.user_loader
|
||||
def load_user(user_id):
|
||||
return PortalUser.query.get(int(user_id))
|
||||
Reference in New Issue
Block a user