member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(identity): rename authentik_sub to user_sub and authentik_user_id to idp_user_id

Browse Source
This commit is contained in:
Chris
2026-03-31 22:32:48 +08:00
parent ed5679948b
commit 4060ebff70
22 changed files with 208 additions and 165 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
app/repositories/permission_groups_repo.py
View File

@@ -46,43 +46,43 @@ class PermissionGroupsRepository:
self.db.refresh(item)
return item
def add_member_if_not_exists(self, group_id: str, authentik_sub: str) -> PermissionGroupMember:
def add_member_if_not_exists(self, group_id: str, user_sub: str) -> PermissionGroupMember:
existing = self.db.scalar(
select(PermissionGroupMember).where(
PermissionGroupMember.group_id == group_id, PermissionGroupMember.authentik_sub == authentik_sub
PermissionGroupMember.group_id == group_id, PermissionGroupMember.user_sub == user_sub
)
)
if existing:
return existing
row = PermissionGroupMember(group_id=group_id, authentik_sub=authentik_sub)
row = PermissionGroupMember(group_id=group_id, user_sub=user_sub)
self.db.add(row)
self.db.commit()
self.db.refresh(row)
return row
def remove_member(self, group_id: str, authentik_sub: str) -> int:
def remove_member(self, group_id: str, user_sub: str) -> int:
result = self.db.execute(
delete(PermissionGroupMember).where(
PermissionGroupMember.group_id == group_id, PermissionGroupMember.authentik_sub == authentik_sub
PermissionGroupMember.group_id == group_id, PermissionGroupMember.user_sub == user_sub
)
)
self.db.commit()
return int(result.rowcount or 0)
def list_group_keys_by_member_sub(self, authentik_sub: str) -> list[str]:
def list_group_keys_by_member_sub(self, user_sub: str) -> list[str]:
stmt = (
select(PermissionGroup.group_key)
.select_from(PermissionGroupMember)
.join(PermissionGroup, PermissionGroup.id == PermissionGroupMember.group_id)
.where(PermissionGroupMember.authentik_sub == authentik_sub)
.where(PermissionGroupMember.user_sub == user_sub)
.order_by(PermissionGroup.group_key.asc())
)
return [row[0] for row in self.db.execute(stmt).all()]
def replace_member_groups(self, authentik_sub: str, group_ids: list[str]) -> None:
self.db.execute(delete(PermissionGroupMember).where(PermissionGroupMember.authentik_sub == authentik_sub))
def replace_member_groups(self, user_sub: str, group_ids: list[str]) -> None:
self.db.execute(delete(PermissionGroupMember).where(PermissionGroupMember.user_sub == user_sub))
for group_id in group_ids:
self.db.add(PermissionGroupMember(group_id=group_id, authentik_sub=authentik_sub))
self.db.add(PermissionGroupMember(group_id=group_id, user_sub=user_sub))
self.db.commit()
def grant_group_permission(
@@ -155,7 +155,7 @@ class PermissionGroupsRepository:
self.db.execute(delete(PermissionGroupMember).where(PermissionGroupMember.group_id == group_id))
for sub in normalized_member_subs:
self.db.add(PermissionGroupMember(group_id=group_id, authentik_sub=sub))
self.db.add(PermissionGroupMember(group_id=group_id, user_sub=sub))
for site_key in normalized_sites:
for action in normalized_actions:
@@ -199,9 +199,9 @@ class PermissionGroupsRepository:
def list_group_member_subs(self, group_id: str) -> list[str]:
stmt = (
select(PermissionGroupMember.authentik_sub)
select(PermissionGroupMember.user_sub)
.where(PermissionGroupMember.group_id == group_id)
.order_by(PermissionGroupMember.authentik_sub.asc())
.order_by(PermissionGroupMember.user_sub.asc())
)
return [row[0] for row in self.db.execute(stmt).all()]
@@ -218,10 +218,10 @@ class PermissionGroupsRepository:
def list_system_members(self, system_key: str) -> list[User]:
stmt = (
select(User)
.join(PermissionGroupMember, PermissionGroupMember.authentik_sub == User.authentik_sub)
.join(PermissionGroupMember, PermissionGroupMember.user_sub == User.user_sub)
.join(PermissionGroupPermission, PermissionGroupPermission.group_id == PermissionGroupMember.group_id)
.where(PermissionGroupPermission.system == system_key)
.order_by(User.email.asc(), User.authentik_sub.asc())
.order_by(User.email.asc(), User.user_sub.asc())
.distinct()
)
return list(self.db.scalars(stmt).all())
@@ -239,10 +239,10 @@ class PermissionGroupsRepository:
def list_module_members(self, system_key: str, module_name: str) -> list[User]:
stmt = (
select(User)
.join(PermissionGroupMember, PermissionGroupMember.authentik_sub == User.authentik_sub)
.join(PermissionGroupMember, PermissionGroupMember.user_sub == User.user_sub)
.join(PermissionGroupPermission, PermissionGroupPermission.group_id == PermissionGroupMember.group_id)
.where(PermissionGroupPermission.system == system_key, PermissionGroupPermission.module == module_name)
.order_by(User.email.asc(), User.authentik_sub.asc())
.order_by(User.email.asc(), User.user_sub.asc())
.distinct()
)
return list(self.db.scalars(stmt).all())

12
app/repositories/permissions_repo.py
View File

@@ -14,7 +14,7 @@ class PermissionsRepository:
def __init__(self, db: Session) -> None:
self.db = db
def list_by_user(self, user_id: str, authentik_sub: str) -> list[tuple[str, str, str | None, str, str]]:
def list_by_user(self, user_id: str, user_sub: str) -> list[tuple[str, str, str | None, str, str]]:
direct_stmt = (
select(
literal("direct"),
@@ -44,7 +44,7 @@ class PermissionsRepository:
)
.select_from(PermissionGroupPermission)
.join(PermissionGroupMember, PermissionGroupMember.group_id == PermissionGroupPermission.group_id)
.where(PermissionGroupMember.authentik_sub == authentik_sub)
.where(PermissionGroupMember.user_sub == user_sub)
.where(PermissionGroupPermission.action.in_(["view", "edit"]))
.where(PermissionGroupPermission.scope_type == "site")
)
@@ -138,7 +138,7 @@ class PermissionsRepository:
stmt = (
select(
UserScopePermission.id,
User.authentik_sub,
User.user_sub,
User.email,
User.display_name,
UserScopePermission.scope_type,
@@ -175,7 +175,7 @@ class PermissionsRepository:
if keyword:
pattern = f"%{keyword}%"
cond = or_(
User.authentik_sub.ilike(pattern),
User.user_sub.ilike(pattern),
User.email.ilike(pattern),
User.display_name.ilike(pattern),
Module.module_key.ilike(pattern),
@@ -193,7 +193,7 @@ class PermissionsRepository:
for row in rows:
(
permission_id,
authentik_sub,
user_sub,
email,
display_name,
row_scope_type,
@@ -211,7 +211,7 @@ class PermissionsRepository:
items.append(
{
"permission_id": permission_id,
"authentik_sub": authentik_sub,
"user_sub": user_sub,
"email": email,
"display_name": display_name,
"scope_type": row_scope_type,

20
app/repositories/users_repo.py
View File

@@ -8,8 +8,8 @@ class UsersRepository:
def __init__(self, db: Session) -> None:
self.db = db
def get_by_sub(self, authentik_sub: str) -> User | None:
stmt = select(User).where(User.authentik_sub == authentik_sub)
def get_by_sub(self, user_sub: str) -> User | None:
stmt = select(User).where(User.user_sub == user_sub)
return self.db.scalar(stmt)
def get_by_id(self, user_id: str) -> User | None:
@@ -29,7 +29,7 @@ class UsersRepository:
if keyword:
pattern = f"%{keyword}%"
cond = or_(
User.authentik_sub.ilike(pattern),
User.user_sub.ilike(pattern),
User.username.ilike(pattern),
User.email.ilike(pattern),
User.display_name.ilike(pattern),
@@ -48,18 +48,18 @@ class UsersRepository:
def upsert_by_sub(
self,
authentik_sub: str,
user_sub: str,
username: str | None,
email: str | None,
display_name: str | None,
is_active: bool,
authentik_user_id: int | None = None,
idp_user_id: int | None = None,
) -> User:
user = self.get_by_sub(authentik_sub)
user = self.get_by_sub(user_sub)
if user is None:
user = User(
authentik_sub=authentik_sub,
authentik_user_id=authentik_user_id,
user_sub=user_sub,
idp_user_id=idp_user_id,
username=username,
email=email,
display_name=display_name,
@@ -67,8 +67,8 @@ class UsersRepository:
)
self.db.add(user)
else:
if authentik_user_id is not None:
user.authentik_user_id = authentik_user_id
if idp_user_id is not None:
user.idp_user_id = idp_user_id
user.username = username
user.email = email
user.display_name = display_name