ishenwei
9a7d06b34e
Phase 1 scaffolding: config/, core/, base models, AES-256-GCM phone encryption, enums mirror apps.tenant: Tenant + Domain (django-tenants) apps.org: 11 models (OrgUnit hierarchy, Staff, audit logs) apps.account: 4 models (UserAccount as AUTH_USER_MODEL, login/password tracking) apps.permission: 7 models (RBAC + overrides + datascope + append-only changelog) apps.region: 5 models (District, BusinessArea, MetroLine, MetroStation, School) All migrations generated, manage.py check passes
92 lines
2.7 KiB
Python
92 lines
2.7 KiB
Python
from django.db import models
|
|
|
|
from core.enums import PermissionRoleCategory
|
|
from core.models.base import SoftDeleteModel, TimeStampedModel
|
|
|
|
|
|
class Role(SoftDeleteModel):
|
|
name = models.CharField(max_length=100)
|
|
category = models.CharField(max_length=30, choices=PermissionRoleCategory.choices)
|
|
description = models.TextField(blank=True, default="")
|
|
template_role = models.ForeignKey(
|
|
"fonrey_permission.Role",
|
|
null=True,
|
|
blank=True,
|
|
on_delete=models.SET_NULL,
|
|
related_name="derived_roles",
|
|
)
|
|
is_system_builtin = models.BooleanField(default=False)
|
|
is_active = models.BooleanField(default=True)
|
|
created_by = models.ForeignKey(
|
|
"org.Staff",
|
|
null=True,
|
|
blank=True,
|
|
on_delete=models.SET_NULL,
|
|
related_name="permission_roles_created",
|
|
)
|
|
updated_by = models.ForeignKey(
|
|
"org.Staff",
|
|
null=True,
|
|
blank=True,
|
|
on_delete=models.SET_NULL,
|
|
related_name="permission_roles_updated",
|
|
)
|
|
|
|
class Meta:
|
|
db_table = "roles"
|
|
constraints = [
|
|
models.UniqueConstraint(
|
|
fields=["name"],
|
|
name="uq_roles_name_active",
|
|
condition=models.Q(deleted_at__isnull=True),
|
|
),
|
|
]
|
|
indexes = [
|
|
models.Index(
|
|
fields=["category"],
|
|
name="idx_roles_category",
|
|
condition=models.Q(deleted_at__isnull=True),
|
|
),
|
|
models.Index(fields=["template_role"], name="idx_roles_template"),
|
|
]
|
|
|
|
def __str__(self) -> str:
|
|
return f"{self.name} ({self.category})"
|
|
|
|
|
|
class RolePermission(TimeStampedModel):
|
|
role = models.ForeignKey(
|
|
"fonrey_permission.Role",
|
|
on_delete=models.CASCADE,
|
|
related_name="permissions",
|
|
)
|
|
permission_def = models.ForeignKey(
|
|
"fonrey_permission.PermissionDef",
|
|
on_delete=models.PROTECT,
|
|
related_name="role_assignments",
|
|
)
|
|
value = models.JSONField()
|
|
updated_by = models.ForeignKey(
|
|
"org.Staff",
|
|
null=True,
|
|
blank=True,
|
|
on_delete=models.SET_NULL,
|
|
related_name="role_permissions_updated",
|
|
)
|
|
|
|
class Meta:
|
|
db_table = "role_permissions"
|
|
constraints = [
|
|
models.UniqueConstraint(
|
|
fields=["role", "permission_def"],
|
|
name="uq_role_permissions",
|
|
),
|
|
]
|
|
indexes = [
|
|
models.Index(fields=["role"], name="idx_role_permissions_role"),
|
|
models.Index(fields=["permission_def"], name="idx_role_permissions_def"),
|
|
]
|
|
|
|
def __str__(self) -> str:
|
|
return f"{self.role.name} → {self.permission_def.code}"
|