member/member-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: simplify schema names and remove provider id columns

Browse Source
This commit is contained in:
Chris
2026-04-03 01:49:36 +08:00
parent e91639d6d9
commit 64246984ba
18 changed files with 148 additions and 133 deletions
Download Patch File Download Diff File Expand all files Collapse all files

76
app/api/admin_catalog.py
View File

@@ -74,8 +74,7 @@ def _company_item(company) -> CompanyItem:
return CompanyItem(
id=company.id,
company_key=company.company_key,
display_name=company.display_name,
legal_name=company.legal_name,
name=company.name,
provider_group_id=company.provider_group_id,
status=company.status,
)
@@ -86,7 +85,7 @@ def _site_item(site, company) -> SiteItem:
id=site.id,
site_key=site.site_key,
company_key=company.company_key,
company_display_name=company.display_name,
company_display_name=company.name,
display_name=site.display_name,
domain=site.domain,
provider_group_id=site.provider_group_id,
@@ -99,7 +98,6 @@ def _system_item(system) -> SystemItem:
id=system.id,
system_key=system.system_key,
name=system.name,
provider_client_id=system.provider_client_id,
status=system.status,
)
@@ -117,8 +115,8 @@ def _member_item(user) -> MemberItem:
)
def _company_group_name(display_name: str, company_key: str) -> str:
normalized = display_name.strip() if isinstance(display_name, str) else ""
def _company_group_name(name: str, company_key: str) -> str:
normalized = name.strip() if isinstance(name, str) else ""
if not normalized:
return company_key
return normalized
@@ -148,20 +146,19 @@ def create_company(payload: CompanyCreateRequest, db: Session = Depends(get_db))
repo = CompaniesRepository(db)
idp = ProviderAdminService(get_settings())
company_key = _generate_unique_key("CP", lambda key: repo.get_by_key(key) is not None)
group_name = _company_group_name(payload.display_name, company_key)
group_name = _company_group_name(payload.name, company_key)
group = idp.ensure_group(
name=group_name,
attributes={
"member_entity_type": "company",
"company_key": company_key,
"display_name": payload.display_name,
"name": payload.name,
"status": payload.status,
},
)
item = repo.create(
company_key=company_key,
display_name=payload.display_name,
legal_name=payload.legal_name,
name=payload.name,
provider_group_id=group.group_id,
status=payload.status,
)
@@ -175,24 +172,23 @@ def update_company(company_key: str, payload: CompanyUpdateRequest, db: Session
if not item:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="company_not_found")
idp = ProviderAdminService(get_settings())
resolved_display_name = payload.display_name if payload.display_name is not None else item.display_name
resolved_name = payload.name if payload.name is not None else item.name
resolved_status = payload.status if payload.status is not None else item.status
resolved_group_id = payload.provider_group_id or item.provider_group_id
group_name = _company_group_name(resolved_display_name, company_key)
group_name = _company_group_name(resolved_name, company_key)
group = idp.ensure_group(
group_id=resolved_group_id,
name=group_name,
attributes={
"member_entity_type": "company",
"company_key": company_key,
"display_name": resolved_display_name,
"name": resolved_name,
"status": resolved_status,
},
)
item = repo.update(
item,
display_name=payload.display_name,
legal_name=payload.legal_name,
name=payload.name,
provider_group_id=group.group_id,
status=payload.status,
)
@@ -406,7 +402,6 @@ def list_roles(
system_key=system_map[row.system_id].system_key,
system_name=system_map[row.system_id].name,
name=row.name,
provider_role_name=row.provider_role_name,
description=row.description,
status=row.status,
)
@@ -425,12 +420,9 @@ def create_role(payload: RoleCreateRequest, db: Session = Depends(get_db)) -> Ro
system = systems_repo.get_by_key(payload.system_key)
if not system:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="system_not_found")
if not system.provider_client_id:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_provider_client_id_missing")
idp.ensure_client_role(
provider_client_id=system.provider_client_id,
provider_role_name=payload.provider_role_name,
provider_client_id=system.name,
provider_role_name=payload.name,
description=payload.description,
)
@@ -441,7 +433,6 @@ def create_role(payload: RoleCreateRequest, db: Session = Depends(get_db)) -> Ro
system_id=system.id,
name=payload.name,
description=payload.description,
provider_role_name=payload.provider_role_name,
status=payload.status,
)
except IntegrityError:
@@ -454,7 +445,6 @@ def create_role(payload: RoleCreateRequest, db: Session = Depends(get_db)) -> Ro
system_key=system.system_key,
system_name=system.name,
name=row.name,
provider_role_name=row.provider_role_name,
description=row.description,
status=row.status,
)
@@ -473,8 +463,6 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
old_system = systems_repo.get_by_id(role.system_id)
if not old_system:
raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="system_reference_missing")
if not old_system.provider_client_id:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_provider_client_id_missing")
target_system = old_system
system_id = None
@@ -484,26 +472,23 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="system_not_found")
system_id = system.id
target_system = system
if not target_system.provider_client_id:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_provider_client_id_missing")
next_provider_role_name = payload.provider_role_name if payload.provider_role_name is not None else role.provider_role_name
next_provider_role_name = payload.name if payload.name is not None else role.name
next_description = payload.description if payload.description is not None else role.description
if target_system.id != old_system.id:
idp.ensure_client_role(
provider_client_id=target_system.provider_client_id,
provider_client_id=target_system.name,
provider_role_name=next_provider_role_name,
description=next_description,
)
idp.delete_client_role(
provider_client_id=old_system.provider_client_id,
provider_role_name=role.provider_role_name,
provider_client_id=old_system.name,
provider_role_name=role.name,
)
else:
idp.update_client_role(
provider_client_id=target_system.provider_client_id,
old_provider_role_name=role.provider_role_name,
provider_client_id=target_system.name,
old_provider_role_name=role.name,
new_provider_role_name=next_provider_role_name,
description=next_description,
)
@@ -514,7 +499,6 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
system_id=system_id,
name=payload.name,
description=payload.description,
provider_role_name=payload.provider_role_name,
status=payload.status,
)
except IntegrityError:
@@ -531,7 +515,6 @@ def update_role(role_key: str, payload: RoleUpdateRequest, db: Session = Depends
system_key=system.system_key,
system_name=system.name,
name=role.name,
provider_role_name=role.provider_role_name,
description=role.description,
status=role.status,
)
@@ -549,12 +532,9 @@ def delete_role(role_key: str, db: Session = Depends(get_db)) -> dict[str, str]:
system = systems_repo.get_by_id(role.system_id)
if not system:
raise HTTPException(status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="system_reference_missing")
if not system.provider_client_id:
raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="system_provider_client_id_missing")
idp.delete_client_role(
provider_client_id=system.provider_client_id,
provider_role_name=role.provider_role_name,
provider_client_id=system.name,
provider_role_name=role.name,
)
roles_repo.delete(role)
return {"deleted": role_key}
@@ -579,7 +559,6 @@ def list_system_roles(system_key: str, db: Session = Depends(get_db)) -> SystemR
system_key=system.system_key,
system_name=system.name,
name=row.name,
provider_role_name=row.provider_role_name,
description=row.description,
status=row.status,
)
@@ -659,8 +638,8 @@ def list_role_sites(role_key: str, db: Session = Depends(get_db)) -> RoleSitesRe
id=site.id,
site_key=site.site_key,
site_display_name=site.display_name,
company_key=company.company_key,
company_display_name=company.display_name,
company_key=company.company_key,
company_display_name=company.name,
)
)
@@ -812,7 +791,7 @@ def list_member_sites(user_sub: str, db: Session = Depends(get_db)) -> UserSites
site_key=site.site_key,
site_display_name=site.display_name,
company_key=company.company_key,
company_display_name=company.display_name,
company_display_name=company.name,
)
for user_site, site, company in rows
]
@@ -855,12 +834,11 @@ def list_member_effective_roles(user_sub: str, db: Session = Depends(get_db)) ->
site_key=site.site_key,
site_display_name=site.display_name,
company_key=company.company_key,
company_display_name=company.display_name,
company_display_name=company.name,
system_key=system.system_key,
system_name=system.name,
role_key=role.role_key,
role_name=role.name,
provider_role_name=role.provider_role_name,
)
for site, company, role, system in rows
]
@@ -903,14 +881,14 @@ def sync_provider_group_names(db: Session = Depends(get_db)) -> dict[str, int]:
for company in companies:
if not company.provider_group_id:
continue
group_name = _company_group_name(company.display_name, company.company_key)
group_name = _company_group_name(company.name, company.company_key)
idp.ensure_group(
group_id=company.provider_group_id,
name=group_name,
attributes={
"member_entity_type": "company",
"company_key": company.company_key,
"display_name": company.display_name,
"name": company.name,
"status": company.status,
},
)

7
app/api/internal.py
View File

@@ -42,7 +42,7 @@ def upsert_user_by_sub(
)
def _build_user_role_rows(db: Session, user_sub: str) -> list[tuple[str, str, str, str, str, str, str, str, str]]:
def _build_user_role_rows(db: Session, user_sub: str) -> list[tuple[str, str, str, str, str, str, str, str]]:
users_repo = UsersRepository(db)
user_sites_repo = UserSitesRepository(db)
@@ -56,12 +56,11 @@ def _build_user_role_rows(db: Session, user_sub: str) -> list[tuple[str, str, st
site.site_key,
site.display_name,
company.company_key,
company.display_name,
company.name,
system.system_key,
system.name,
role.role_key,
role.name,
role.provider_role_name,
)
for site, company, role, system in rows
]
@@ -82,7 +81,6 @@ def get_user_roles(user_sub: str, db: Session = Depends(get_db)) -> InternalUser
system_name=system_name,
role_key=role_key,
role_name=role_name,
provider_role_name=provider_role_name,
)
for (
site_key,
@@ -93,7 +91,6 @@ def get_user_roles(user_sub: str, db: Session = Depends(get_db)) -> InternalUser
system_name,
role_key,
role_name,
provider_role_name,
) in rows
],
)

7
app/api/internal_catalog.py
View File

@@ -34,7 +34,6 @@ def internal_list_systems(
"id": i.id,
"system_key": i.system_key,
"name": i.name,
"provider_client_id": i.provider_client_id,
"status": i.status,
}
for i in items
@@ -72,7 +71,6 @@ def internal_list_roles(
system_key=system_map[i.system_id].system_key,
system_name=system_map[i.system_id].name,
name=i.name,
provider_role_name=i.provider_role_name,
description=i.description,
status=i.status,
)
@@ -96,8 +94,7 @@ def internal_list_companies(
{
"id": i.id,
"company_key": i.company_key,
"display_name": i.display_name,
"legal_name": i.legal_name,
"name": i.name,
"status": i.status,
}
for i in items
@@ -131,7 +128,7 @@ def internal_list_sites(
"id": i.id,
"site_key": i.site_key,
"company_key": mapping[i.company_id].company_key,
"company_display_name": mapping[i.company_id].display_name,
"company_display_name": mapping[i.company_id].name,
"display_name": i.display_name,
"domain": i.domain,
"status": i.status,

3
app/api/me.py
View File

@@ -60,12 +60,11 @@ def get_my_permission_snapshot(
site.site_key,
site.display_name,
company.company_key,
company.display_name,
company.name,
system.system_key,
system.name,
role.role_key,
role.name,
role.provider_role_name,
)
for site, company, role, system in rows
]