feat: Evotor user lifecycle, RBAC, admin panel
- Receive Evotor webhooks: POST /user/create, /user/verify, /user/token
- Create users in pending status; match to existing users by email/phone
- Send invite link via Celery notification task; user sets password at /invite
- Abstract EmailProvider/SMSProvider with ConsoleEmailProvider default
- Role-based access control: role enum on users + roles/permissions tables
- Admin panel: /admin/users (list, filter, search, paginate), user detail card
with activate/suspend/reset-password/send-invite/edit/delete actions
- Admin roles management: /admin/roles with per-role permission assignment
- Extend user profile card: role, status, Evotor ID, email confirmation badge
- Auth routes: register, login, logout, confirm-email, forgot/reset password
- Alembic migrations 0002 (full schema + new fields) and 0003 (RBAC + seeds)
- Port Pico CSS + Bootstrap Icons UI from Node.js commit (854c912)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
mguschin
50
web/models/user.py
Normal file
50
web/models/user.py
Normal file
@@ -0,0 +1,50 @@
|
||||
import enum
|
||||
|
||||
from sqlalchemy import Boolean, Column, DateTime, Enum, Index, Integer, JSON, String, UniqueConstraint, func
|
||||
|
||||
from web.database import Base
|
||||
|
||||
|
||||
class UserRoleEnum(str, enum.Enum):
|
||||
system = "system"
|
||||
admin = "admin"
|
||||
user = "user"
|
||||
|
||||
|
||||
class UserStatusEnum(str, enum.Enum):
|
||||
pending = "pending"
|
||||
active = "active"
|
||||
suspended = "suspended"
|
||||
|
||||
|
||||
class User(Base):
|
||||
__tablename__ = "users"
|
||||
|
||||
id = Column(Integer, primary_key=True, autoincrement=True)
|
||||
first_name = Column(String(100), nullable=False)
|
||||
last_name = Column(String(100), nullable=False)
|
||||
email = Column(String(255), nullable=False)
|
||||
phone = Column(String(20), nullable=False)
|
||||
password_hash = Column(String(255), nullable=True)
|
||||
is_email_confirmed = Column(Boolean, nullable=False, default=False)
|
||||
email_confirm_token = Column(String(255), nullable=True)
|
||||
password_reset_token = Column(String(255), nullable=True)
|
||||
password_reset_expires = Column(DateTime, nullable=True)
|
||||
role = Column(Enum(UserRoleEnum), nullable=False, default=UserRoleEnum.user)
|
||||
status = Column(Enum(UserStatusEnum), nullable=False, default=UserStatusEnum.pending)
|
||||
evotor_user_id = Column(String(255), nullable=True)
|
||||
evotor_meta = Column(JSON, nullable=True)
|
||||
invite_token = Column(String(255), nullable=True)
|
||||
invite_expires = Column(DateTime, nullable=True)
|
||||
phone_otp = Column(String(10), nullable=True)
|
||||
phone_otp_expires = Column(DateTime, nullable=True)
|
||||
created_at = Column(DateTime, nullable=False, server_default=func.now())
|
||||
updated_at = Column(DateTime, nullable=False, server_default=func.now(), onupdate=func.now())
|
||||
|
||||
__table_args__ = (
|
||||
UniqueConstraint("email", name="ix_users_email"),
|
||||
UniqueConstraint("phone", name="ix_users_phone"),
|
||||
UniqueConstraint("evotor_user_id", name="ix_users_evotor_user_id"),
|
||||
Index("ix_users_role", "role"),
|
||||
Index("ix_users_status", "status"),
|
||||
)
|
||||
Reference in New Issue
Block a user