Add events to make it posible to do some basic admin and rights

backend/app/models/apikey.py

@@ -1,17 +1,14 @@
 import random
-from typing import TYPE_CHECKING
 
-from sqlmodel import Session, Field, Relationship, select
+from sqlmodel import Field, Relationship, Session, select
 
-from .base import (
-    RowId,
-    BaseSQLModel,
-)
 from . import mixin
-
+from .base import (
+    BaseSQLModel,
+    RowId,
+)
 from .user import User
 
-
 # region # API Keys for access ###################################################
 
 
@@ -21,6 +18,7 @@ class ApiKeyBase(mixin.IsActive, mixin.Name, BaseSQLModel):
         foreign_key="user.id", nullable=False, ondelete="CASCADE"
     )
 
+
 # Properties to receive via API on creation
 class ApiKeyCreate(ApiKeyBase):
     pass

backend/app/models/base.py

@@ -1,10 +1,9 @@
-from enum import IntFlag, Enum  # Python 3.11 >= StrEnum
+from enum import Enum, IntFlag  # Python 3.11 >= StrEnum
 from enum import auto as auto_enum
+from uuid import UUID as RowId
 
 from sqlmodel import SQLModel
 
-from uuid import UUID as RowId
-
 __all__ = [
     "RowId",
     "DocumentedStrEnum",

backend/app/models/event.py

@@ -0,0 +1,161 @@
+from sqlmodel import (
+    Field,
+    Relationship,
+    Session,
+    select,
+)
+
+from . import mixin
+from .base import (
+    BaseSQLModel,
+    RowId,
+)
+from .user import (
+    PermissionRight,
+    User,
+)
+
+# region # Event ###############################################################
+
+
+# Event auth
+class EventUserLink(BaseSQLModel, table=True):
+    event_id: RowId = Field(
+        foreign_key="event.id",
+        primary_key=True,
+        nullable=False,
+        ondelete="CASCADE",
+    )
+
+    user_id: RowId = Field(
+        foreign_key="user.id",
+        primary_key=True,
+        nullable=False,
+        ondelete="CASCADE",
+    )
+
+    rights: PermissionRight = Field(default=PermissionRight.READ, nullable=False)
+
+    event: "Event" = Relationship(back_populates="user_links")
+    user: "User" = Relationship(back_populates="event_links")
+
+
+# ##############################################################################
+
+
+# Shared properties
+class EventBase(
+    mixin.Name,
+    mixin.Contact,
+    mixin.StartEndDate,
+    mixin.IsActive,
+    mixin.Contact,
+    BaseSQLModel,
+):
+    pass
+
+
+# Properties to receive via API on creation
+class EventCreate(EventBase):
+    pass
+
+
+# Properties to receive via API on update, all are optional
+class EventUpdate(EventBase):
+    pass
+
+
+# Database model, database table inferred from class name
+class Event(mixin.RowId, EventBase, table=True):
+    # --- database only items --------------------------------------------------
+
+    # --- back_populates links -------------------------------------------------
+
+    # --- many-to-many links ---------------------------------------------------
+    user_links: list[EventUserLink] = Relationship(back_populates="event")
+
+    # --- CRUD actions ---------------------------------------------------------
+    @classmethod
+    def create(cls, *, session: Session, create_obj: EventCreate) -> "Event":
+        data_obj = create_obj.model_dump(exclude_unset=True)
+
+        db_obj = cls.model_validate(data_obj)
+        session.add(db_obj)
+        session.commit()
+        session.refresh(db_obj)
+        return db_obj
+
+    @classmethod
+    def update(
+        cls, *, session: Session, db_obj: "Event", in_obj: EventUpdate
+    ) -> "Event":
+        data_obj = in_obj.model_dump(exclude_unset=True)
+
+        db_obj.sqlmodel_update(data_obj)
+        session.add(db_obj)
+        session.commit()
+        session.refresh(db_obj)
+        return db_obj
+
+    def add_user(
+        self,
+        user: User,
+        rights: PermissionRight = PermissionRight.READ,
+        *,
+        session: Session,
+    ) -> "Event":
+        to_add = next((add for add in self.user_links if add.user == user), None)
+
+        if to_add:
+            to_add.rights = rights
+            session.add(to_add)
+        else:
+            self.user_links.append(EventUserLink(event=self, user=user, rights=rights))
+            session.add(self.user_links[-1])
+
+        session.commit()
+
+        return self
+
+    def remove_user(self, user: User, *, session: Session) -> "Event":
+        to_remove = next(
+            (remove for remove in self.user_links if remove.user == user), None
+        )
+        if to_remove:
+            statement = select(EventUserLink).where(
+                EventUserLink.event_id == self.id, EventUserLink.user_id == user.id
+            )
+            link_to_remove = session.exec(statement).first()
+
+            if link_to_remove:
+                session.delete(link_to_remove)
+                session.commit()
+
+        return self
+
+    def user_has_rights(
+        self,
+        user: User,
+        rights: PermissionRight | None = None,
+    ) -> bool:
+        return any(
+            (
+                link.user == user
+                and link.rights
+                and (not rights or (link.rights & rights) == rights)
+            )
+            for link in self.user_links
+        )
+
+
+# Properties to return via API, id is always required
+class EventPublic(mixin.RowIdPublic, EventBase):
+    pass
+
+
+class EventsPublic(BaseSQLModel):
+    data: list[EventPublic]
+    count: int
+
+
+# endregion

backend/app/models/mixin.py

@@ -1,7 +1,10 @@
 import uuid
+from datetime import datetime
 
-from pydantic import EmailStr, BaseModel
-from sqlmodel import Field
+from pydantic import BaseModel, EmailStr
+from sqlmodel import (
+    Field,
+)
 
 from .base import RowId as RowIdType
 
@@ -14,6 +17,10 @@ class FullName(BaseModel):
     full_name: str | None = Field(default=None, nullable=True, max_length=255)
 
 
+class Contact(BaseModel):
+    contact: str | None = Field(default=None, nullable=True, max_length=255)
+
+
 class IsActive(BaseModel):
     is_active: bool | None = Field(default=True, nullable=False)
 
@@ -64,3 +71,8 @@ class RowIdPublic(RowId):
 
 class Description(BaseModel):
     description: str | None = Field(default=None, nullable=True, max_length=512)
+
+
+class StartEndDate:
+    start_at: datetime | None = Field(default=None, nullable=True)
+    end_at: datetime | None = Field(default=None, nullable=True)

backend/app/models/user.py

@@ -1,21 +1,22 @@
 from typing import TYPE_CHECKING
 
 from pydantic import EmailStr
-from sqlmodel import Session, Field, Relationship, select
+from sqlmodel import Field, Relationship, Session, select
 
 from app.core.security import get_password_hash, verify_password
 
-from .base import (
-    RowId,
-    DocumentedStrEnum,
-    DocumentedIntFlag,
-    auto_enum,
-    BaseSQLModel,
-)
 from . import mixin
+from .base import (
+    BaseSQLModel,
+    DocumentedIntFlag,
+    DocumentedStrEnum,
+    RowId,
+    auto_enum,
+)
 
 if TYPE_CHECKING:
     from .apikey import ApiKey
+    from .event import EventUserLink
 
 
 # region # User ################################################################
@@ -24,6 +25,7 @@ if TYPE_CHECKING:
 class PermissionModule(DocumentedStrEnum):
     SYSTEM = auto_enum()
     USER = auto_enum()
+    EVENT = auto_enum()
 
 
 class PermissionPart(DocumentedStrEnum):
@@ -37,7 +39,13 @@ class PermissionRight(DocumentedIntFlag):
     UPDATE = auto_enum()
     DELETE = auto_enum()
 
-    ADMIN = CREATE | READ | UPDATE | DELETE
+    MANAGE_USERS = auto_enum()
+
+    ADMIN = CREATE | READ | UPDATE | DELETE | MANAGE_USERS
+
+
+class PermissionRightObject(BaseSQLModel):
+    rights: PermissionRight | None = Field(default=PermissionRight.READ, nullable=False)
 
 
 # ##############################################################################
@@ -108,6 +116,7 @@ class User(mixin.RowId, UserBase, table=True):
 
     # --- many-to-many links ---------------------------------------------------
     roles: list["Role"] = Relationship(back_populates="users", link_model=UserRoleLink)
+    event_links: list["EventUserLink"] = Relationship(back_populates="user")
 
     # --- CRUD actions ---------------------------------------------------------
     @classmethod
@@ -155,26 +164,40 @@ class User(mixin.RowId, UserBase, table=True):
             return None
         return db_obj
 
-    def add_role(self, *, name: str = None, id: RowId = None, db_obj: "Role" = None, session: Session) -> "User":
+    def add_role(
+        self,
+        *,
+        name: str = None,
+        id: RowId = None,
+        db_obj: "Role" = None,
+        session: Session,
+    ) -> "User":
         db_obj = Role.get(name=name, id=id, db_obj=db_obj, session=session)
 
         to_add = next((add for add in self.roles if add == db_obj), None)
 
         if not to_add:
             self.roles.append(db_obj)
+            session.add(self)
             session.commit()
 
         return self
 
-    def remove_role(self, *, name: str = None, id: RowId = None, db_obj: "Role" = None, session: Session) -> "User":
+    def remove_role(
+        self,
+        *,
+        name: str = None,
+        id: RowId = None,
+        db_obj: "Role" = None,
+        session: Session,
+    ) -> "User":
         db_obj = Role.get(name=name, id=id, db_obj=db_obj, session=session)
 
         to_remove = next((remove for remove in self.roles if remove == db_obj), None)
         if to_remove:
             statement = select(UserRoleLink).where(
-                    UserRoleLink.user_id == self.id,
-                    UserRoleLink.role_id == db_obj.id
-                )
+                UserRoleLink.user_id == self.id, UserRoleLink.role_id == db_obj.id
+            )
             link_to_remove = session.exec(statement).first()
 
             if link_to_remove:
@@ -290,7 +313,14 @@ class Role(
         return db_obj
 
     @classmethod
-    def get(cls, *, name: str = None, id: RowId = None, db_obj: "Role" = None, session: Session) -> "Role":
+    def get(
+        cls,
+        *,
+        name: str = None,
+        id: RowId = None,
+        db_obj: "Role" = None,
+        session: Session,
+    ) -> "Role":
         if db_obj:
             pass
         elif name: