# Copyright (c) 2025 Patrick Motsch # All rights reserved. """UAM models: User, Mandate, UserConnection.""" import uuid from typing import Optional, List from enum import Enum from pydantic import BaseModel, Field, EmailStr from modules.shared.attributeUtils import registerModelLabels from modules.shared.timeUtils import getUtcTimestamp class AuthAuthority(str, Enum): LOCAL = "local" GOOGLE = "google" MSFT = "msft" class ConnectionStatus(str, Enum): ACTIVE = "active" EXPIRED = "expired" REVOKED = "revoked" PENDING = "pending" class AccessLevel(str, Enum): """Access level enumeration for RBAC""" ALL = "a" # All records MY = "m" # My records (created by me) GROUP = "g" # Group records (group context is the mandate) NONE = "n" # No access class UserPermissions(BaseModel): """User permissions model for RBAC""" view: bool = Field( default=False, description="View permission: if true, item is visible/enabled" ) read: AccessLevel = Field( default=AccessLevel.NONE, description="Read permission level" ) create: AccessLevel = Field( default=AccessLevel.NONE, description="Create permission level" ) update: AccessLevel = Field( default=AccessLevel.NONE, description="Update permission level" ) delete: AccessLevel = Field( default=AccessLevel.NONE, description="Delete permission level" ) class Mandate(BaseModel): id: str = Field( default_factory=lambda: str(uuid.uuid4()), description="Unique ID of the mandate", json_schema_extra={"frontend_type": "text", "frontend_readonly": True, "frontend_required": False} ) name: str = Field( description="Name of the mandate", json_schema_extra={"frontend_type": "text", "frontend_readonly": False, "frontend_required": True} ) language: str = Field( default="en", description="Default language of the mandate", json_schema_extra={ "frontend_type": "select", "frontend_readonly": False, "frontend_required": True, "frontend_options": [ {"value": "de", "label": {"en": "Deutsch", "fr": "Allemand"}}, {"value": "en", "label": {"en": "English", "fr": "Anglais"}}, {"value": "fr", "label": {"en": "Français", "fr": "Français"}}, {"value": "it", "label": {"en": "Italiano", "fr": "Italien"}}, ] } ) enabled: bool = Field( default=True, description="Indicates whether the mandate is enabled", json_schema_extra={"frontend_type": "checkbox", "frontend_readonly": False, "frontend_required": False} ) registerModelLabels( "Mandate", {"en": "Mandate", "fr": "Mandat"}, { "id": {"en": "ID", "fr": "ID"}, "name": {"en": "Name", "fr": "Nom"}, "language": {"en": "Language", "fr": "Langue"}, "enabled": {"en": "Enabled", "fr": "Activé"}, }, ) class UserConnection(BaseModel): id: str = Field(default_factory=lambda: str(uuid.uuid4()), description="Unique ID of the connection", json_schema_extra={"frontend_type": "text", "frontend_readonly": True, "frontend_required": False}) userId: str = Field(description="ID of the user this connection belongs to", json_schema_extra={"frontend_type": "text", "frontend_readonly": True, "frontend_required": False}) authority: AuthAuthority = Field(description="Authentication authority", json_schema_extra={"frontend_type": "select", "frontend_readonly": True, "frontend_required": False, "frontend_options": "auth.authority"}) externalId: str = Field(description="User ID in the external system", json_schema_extra={"frontend_type": "text", "frontend_readonly": True, "frontend_required": False}) externalUsername: str = Field(description="Username in the external system", json_schema_extra={"frontend_type": "text", "frontend_readonly": False, "frontend_required": False}) externalEmail: Optional[EmailStr] = Field(None, description="Email in the external system", json_schema_extra={"frontend_type": "email", "frontend_readonly": False, "frontend_required": False}) status: ConnectionStatus = Field(default=ConnectionStatus.ACTIVE, description="Connection status", json_schema_extra={"frontend_type": "select", "frontend_readonly": False, "frontend_required": False, "frontend_options": "connection.status"}) connectedAt: float = Field(default_factory=getUtcTimestamp, description="When the connection was established (UTC timestamp in seconds)", json_schema_extra={"frontend_type": "timestamp", "frontend_readonly": True, "frontend_required": False}) lastChecked: float = Field(default_factory=getUtcTimestamp, description="When the connection was last verified (UTC timestamp in seconds)", json_schema_extra={"frontend_type": "timestamp", "frontend_readonly": True, "frontend_required": False}) expiresAt: Optional[float] = Field(None, description="When the connection expires (UTC timestamp in seconds)", json_schema_extra={"frontend_type": "timestamp", "frontend_readonly": True, "frontend_required": False}) tokenStatus: Optional[str] = Field(None, description="Current token status: active, expired, none", json_schema_extra={"frontend_type": "select", "frontend_readonly": True, "frontend_required": False, "frontend_options": [ {"value": "active", "label": {"en": "Active", "fr": "Actif"}}, {"value": "expired", "label": {"en": "Expired", "fr": "Expiré"}}, {"value": "none", "label": {"en": "None", "fr": "Aucun"}}, ]}) tokenExpiresAt: Optional[float] = Field(None, description="When the current token expires (UTC timestamp in seconds)", json_schema_extra={"frontend_type": "timestamp", "frontend_readonly": True, "frontend_required": False}) registerModelLabels( "UserConnection", {"en": "User Connection", "fr": "Connexion utilisateur"}, { "id": {"en": "ID", "fr": "ID"}, "userId": {"en": "User ID", "fr": "ID utilisateur"}, "authority": {"en": "Authority", "fr": "Autorité"}, "externalId": {"en": "External ID", "fr": "ID externe"}, "externalUsername": {"en": "External Username", "fr": "Nom d'utilisateur externe"}, "externalEmail": {"en": "External Email", "fr": "Email externe"}, "status": {"en": "Status", "fr": "Statut"}, "connectedAt": {"en": "Connected At", "fr": "Connecté le"}, "lastChecked": {"en": "Last Checked", "fr": "Dernière vérification"}, "expiresAt": {"en": "Expires At", "fr": "Expire le"}, "tokenStatus": {"en": "Connection Status", "fr": "Statut de connexion"}, "tokenExpiresAt": {"en": "Expires At", "fr": "Expire le"}, }, ) class User(BaseModel): id: str = Field(default_factory=lambda: str(uuid.uuid4()), description="Unique ID of the user", json_schema_extra={"frontend_type": "text", "frontend_readonly": True, "frontend_required": False}) username: str = Field(description="Username for login", json_schema_extra={"frontend_type": "text", "frontend_readonly": False, "frontend_required": True}) email: Optional[EmailStr] = Field(None, description="Email address of the user", json_schema_extra={"frontend_type": "email", "frontend_readonly": False, "frontend_required": True}) fullName: Optional[str] = Field(None, description="Full name of the user", json_schema_extra={"frontend_type": "text", "frontend_readonly": False, "frontend_required": False}) language: str = Field(default="en", description="Preferred language of the user", json_schema_extra={"frontend_type": "select", "frontend_readonly": False, "frontend_required": True, "frontend_options": [ {"value": "de", "label": {"en": "Deutsch", "fr": "Allemand"}}, {"value": "en", "label": {"en": "English", "fr": "Anglais"}}, {"value": "fr", "label": {"en": "Français", "fr": "Français"}}, {"value": "it", "label": {"en": "Italiano", "fr": "Italien"}}, ]}) enabled: bool = Field(default=True, description="Indicates whether the user is enabled", json_schema_extra={"frontend_type": "checkbox", "frontend_readonly": False, "frontend_required": False}) roleLabels: List[str] = Field( default_factory=list, description="List of role labels assigned to this user. All roles are opening roles (union) - if one role enables something, it is enabled.", json_schema_extra={"frontend_type": "multiselect", "frontend_readonly": False, "frontend_required": True, "frontend_options": "user.role"} ) authenticationAuthority: AuthAuthority = Field(default=AuthAuthority.LOCAL, description="Primary authentication authority", json_schema_extra={"frontend_type": "select", "frontend_readonly": True, "frontend_required": False, "frontend_options": "auth.authority"}) mandateId: Optional[str] = Field(None, description="ID of the mandate this user belongs to", json_schema_extra={"frontend_type": "text", "frontend_readonly": True, "frontend_required": False}) registerModelLabels( "User", {"en": "User", "fr": "Utilisateur"}, { "id": {"en": "ID", "fr": "ID"}, "username": {"en": "Username", "fr": "Nom d'utilisateur"}, "email": {"en": "Email", "fr": "Email"}, "fullName": {"en": "Full Name", "fr": "Nom complet"}, "language": {"en": "Language", "fr": "Langue"}, "enabled": {"en": "Enabled", "fr": "Activé"}, "roleLabels": {"en": "Role Labels", "fr": "Labels de rôle"}, "authenticationAuthority": {"en": "Auth Authority", "fr": "Autorité d'authentification"}, "mandateId": {"en": "Mandate ID", "fr": "ID de mandat"}, }, ) class UserInDB(User): hashedPassword: Optional[str] = Field(None, description="Hash of the user password") registerModelLabels( "UserInDB", {"en": "User Access", "fr": "Accès de l'utilisateur"}, {"hashedPassword": {"en": "Password hash", "fr": "Hachage de mot de passe"}}, )