Initial commit: enterprise digital platform with portal SSO, DigiServer, IT Assets, NetworkView, Server Monitor

portal/app/models/user.py

@@ -0,0 +1,38 @@
+from datetime import datetime
+from flask_login import UserMixin
+from app.extensions import db, login_manager
+
+
+class PortalUser(UserMixin, db.Model):
+    __tablename__ = 'portal_users'
+
+    id = db.Column(db.Integer, primary_key=True)
+    username = db.Column(db.String(80), unique=True, nullable=False, index=True)
+    email = db.Column(db.String(200), unique=True, nullable=False)
+    password_hash = db.Column(db.String(256), nullable=False)
+    is_admin = db.Column(db.Boolean, default=False)
+    is_active = db.Column(db.Boolean, default=True)
+    created_at = db.Column(db.DateTime, default=datetime.utcnow)
+    last_login = db.Column(db.DateTime, nullable=True)
+
+    app_accesses = db.relationship('AppAccess', backref='user', lazy='dynamic', cascade='all, delete-orphan')
+    api_keys = db.relationship('ApiKey', backref='user', lazy='dynamic', cascade='all, delete-orphan')
+
+    def get_accessible_apps(self):
+        return [a.app_name for a in self.app_accesses.filter_by(is_active=True).all()]
+
+    def can_access(self, app_name):
+        return self.app_accesses.filter_by(app_name=app_name, is_active=True).first() is not None
+
+    def app_role(self, app_name):
+        """Return the per-app role override ('admin'|'user'), or None if not set."""
+        access = self.app_accesses.filter_by(app_name=app_name, is_active=True).first()
+        return access.app_role if access else None
+
+    def __repr__(self):
+        return f'<PortalUser {self.username}>'
+
+
+@login_manager.user_loader
+def load_user(user_id):
+    return PortalUser.query.get(int(user_id))