Fascicoli+Tassonomia+permessi

2026-06-17 21:47:46 +02:00
parent e31676d22e
commit 3fd3c72f06
42 changed files with 4554 additions and 99 deletions
@@ -0,0 +1,72 @@
+"""
+Modello PermissionPreset – template riutilizzabili di permessi per casella.
+
+Permette ad admin e supervisor di creare sottoruoli nominati (es. "Operatore Archivio")
+con combinazioni predefinite di can_read/can_send/can_manage/can_conserve.
+I preset sono per-tenant e vengono applicati opzionalmente al momento
+dell'assegnazione di un operatore a una casella.
+"""
+
+import uuid
+from datetime import datetime
+
+from sqlalchemy import (
+    Boolean,
+    DateTime,
+    ForeignKey,
+    Index,
+    String,
+    Text,
+    UniqueConstraint,
+    func,
+)
+from sqlalchemy.dialects.postgresql import UUID
+from sqlalchemy.orm import Mapped, mapped_column, relationship
+
+from app.database import Base
+
+
+class PermissionPreset(Base):
+    __tablename__ = "permission_presets"
+
+    id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True), primary_key=True, default=uuid.uuid4
+    )
+    tenant_id: Mapped[uuid.UUID] = mapped_column(
+        UUID(as_uuid=True), ForeignKey("tenants.id", ondelete="CASCADE"), nullable=False
+    )
+    name: Mapped[str] = mapped_column(String(100), nullable=False)
+    description: Mapped[str | None] = mapped_column(Text, nullable=True)
+
+    can_read: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True)
+    can_send: Mapped[bool] = mapped_column(Boolean, nullable=False, default=False)
+    can_manage: Mapped[bool] = mapped_column(Boolean, nullable=False, default=False)
+    can_conserve: Mapped[bool] = mapped_column(Boolean, nullable=False, default=False)
+
+    created_by: Mapped[uuid.UUID | None] = mapped_column(
+        UUID(as_uuid=True), ForeignKey("users.id", ondelete="SET NULL"), nullable=True
+    )
+    created_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), nullable=False, server_default=func.now()
+    )
+    updated_at: Mapped[datetime] = mapped_column(
+        DateTime(timezone=True), nullable=False, server_default=func.now(), onupdate=func.now()
+    )
+
+    # Relazioni
+    creator: Mapped["User"] = relationship(  # noqa: F821
+        "User", foreign_keys=[created_by]
+    )
+
+    __table_args__ = (
+        UniqueConstraint("tenant_id", "name", name="uq_preset_name_tenant"),
+        Index("idx_preset_tenant", "tenant_id"),
+        Index("idx_preset_created_by", "created_by"),
+    )
+
+    def __repr__(self) -> str:
+        return (
+            f"<PermissionPreset name={self.name!r} tenant={self.tenant_id} "
+            f"read={self.can_read} send={self.can_send} "
+            f"manage={self.can_manage} conserve={self.can_conserve}>"
+        )