feat: Fase 1 – Fondamenta complete (backend FastAPI + auth + permessi)

- docker-compose.yml: PostgreSQL 16, Redis 7, MinIO, Nginx - backend FastAPI: struttura monorepo, config pydantic-settings - modelli SQLAlchemy: tutti i modelli (tenants, users, mailboxes, messages, archival, permissions, labels, audit_log) - migrazione Alembic 0001: schema completo in pure SQL - auth API: login JWT, refresh token rotation, logout, 2FA TOTP (setup/verify/disable) - CRUD utenti: lista, crea, modifica, reset password, soft delete - permessi granulari (Fase 1-A): mailbox_permissions, assegna/revoca/lista - CRUD tenant: gestione super-admin - sicurezza: AES-256-GCM cifratura credenziali IMAP/SMTP, bcrypt password - RLS PostgreSQL: isolamento multi-tenant per request - seed sviluppo: tenant demo + admin + operator - test unit: security (bcrypt, JWT, AES), auth_service - test integration: auth endpoints, users endpoints - CI GitHub Actions: lint (ruff), test (pytest), build Docker, security scan - infra: nginx.conf, redis.conf - Makefile con comandi make dev/test/migrate/seed Definition of Done: ✅ Login, refresh token e TOTP funzionanti ✅ make dev porta in piedi tutto lo stack locale ✅ CI configurata
2026-06-16 12:45:42 +02:00 · 2026-03-18 16:42:01 +01:00
parent 0251c2bbb0
commit 58a233236c
60 changed files with 6942 additions and 0 deletions
@@ -0,0 +1,50 @@
+"""
+Schema Pydantic per permessi granulari casella (Fase 1-A).
+"""
+
+import uuid
+from datetime import datetime
+
+from pydantic import BaseModel
+
+
+class PermissionGrantRequest(BaseModel):
+    can_read: bool = True
+    can_send: bool = False
+    can_manage: bool = False
+
+
+class PermissionResponse(BaseModel):
+    id: uuid.UUID
+    tenant_id: uuid.UUID
+    user_id: uuid.UUID
+    mailbox_id: uuid.UUID
+    can_read: bool
+    can_send: bool
+    can_manage: bool
+    granted_by: uuid.UUID | None
+    granted_at: datetime
+
+    model_config = {"from_attributes": True}
+
+
+class UserMailboxPermissionResponse(BaseModel):
+    """Vista utente: caselle accessibili con relativi permessi."""
+    mailbox_id: uuid.UUID
+    mailbox_email: str
+    mailbox_display_name: str | None
+    can_read: bool
+    can_send: bool
+    can_manage: bool
+
+
+class MailboxUserPermissionResponse(BaseModel):
+    """Vista casella: utenti con accesso."""
+    user_id: uuid.UUID
+    user_email: str
+    user_full_name: str
+    user_role: str
+    can_read: bool
+    can_send: bool
+    can_manage: bool
+    granted_at: datetime