feat: add configurable role/permission system

2026-03-12 11:41:55 +00:00
parent 2f659e1430
commit 74177915df
5 changed files with 323 additions and 35 deletions
--- a/app/models/models.py
+++ b/app/models/models.py
@@ -2,6 +2,7 @@ from sqlalchemy import Column, Integer, String, Text, DateTime, ForeignKey, Enum
 from sqlalchemy.orm import relationship
 from sqlalchemy.sql import func
 from app.core.config import Base
+from app.models.role_permission import Role
 import enum


@@ -131,7 +132,8 @@ class ProjectMember(Base):
    id = Column(Integer, primary_key=True, index=True)
    project_id = Column(Integer, ForeignKey("projects.id"), nullable=False)
    user_id = Column(Integer, ForeignKey("users.id"), nullable=False)
-    role = Column(String(20), default="dev")  # admin, dev, mgr, ops
+    role_id = Column(Integer, ForeignKey("roles.id"), nullable=False)
+    role = relationship("Role")
    
    project = relationship("Project", back_populates="members")
    user = relationship("User", back_populates="project_memberships")
--- a/app/models/role_permission.py
+++ b/app/models/role_permission.py
@@ -0,0 +1,44 @@
+"""Role and Permission models."""
+from sqlalchemy import Column, Integer, String, Text, DateTime, ForeignKey, Boolean
+from sqlalchemy.orm import relationship
+from sqlalchemy.sql import func
+from app.core.config import Base
+
+
+class Role(Base):
+    """Role definition - configurable roles."""
+    __tablename__ = "roles"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    name = Column(String(50), unique=True, nullable=False)
+    description = Column(String(255), nullable=True)
+    is_global = Column(Boolean, default=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    permissions = relationship("RolePermission", back_populates="role")
+
+
+class Permission(Base):
+    """Permission definitions - granular permissions."""
+    __tablename__ = "permissions"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    name = Column(String(100), unique=True, nullable=False)
+    description = Column(String(255), nullable=True)
+    category = Column(String(50), nullable=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    
+    roles = relationship("RolePermission", back_populates="permission")
+
+
+class RolePermission(Base):
+    """Maps roles to permissions."""
+    __tablename__ = "role_permissions"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    role_id = Column(Integer, ForeignKey("roles.id"), nullable=False)
+    permission_id = Column(Integer, ForeignKey("permissions.id"), nullable=False)
+    
+    role = relationship("Role", back_populates="permissions")
+    permission = relationship("Permission", back_populates="roles")