refactor: rebuild backend around role-site authorization model

2026-04-02 23:58:13 +08:00
parent e2dd3ce106
commit 1e1d913103
46 changed files with 1645 additions and 2289 deletions
--- a/backend/app/repositories/users_repo.py
+++ b/backend/app/repositories/users_repo.py
@@ -9,15 +9,14 @@ class UsersRepository:
        self.db = db

    def get_by_sub(self, user_sub: str) -> User | None:
-        stmt = select(User).where(User.user_sub == user_sub)
-        return self.db.scalar(stmt)
+        return self.db.scalar(select(User).where(User.user_sub == user_sub))

    def get_by_id(self, user_id: str) -> User | None:
-        stmt = select(User).where(User.id == user_id)
-        return self.db.scalar(stmt)
+        return self.db.scalar(select(User).where(User.id == user_id))

    def list(
        self,
+        *,
        keyword: str | None = None,
        is_active: bool | None = None,
        limit: int = 50,
@@ -48,11 +47,13 @@ class UsersRepository:

    def upsert_by_sub(
        self,
+        *,
        user_sub: str,
        username: str | None,
        email: str | None,
        display_name: str | None,
        is_active: bool,
+        status: str = "active",
        idp_user_id: str | None = None,
    ) -> User:
        user = self.get_by_sub(user_sub)
@@ -64,6 +65,7 @@ class UsersRepository:
                email=email,
                display_name=display_name,
                is_active=is_active,
+                status=status,
            )
            self.db.add(user)
        else:
@@ -73,6 +75,7 @@ class UsersRepository:
            user.email = email
            user.display_name = display_name
            user.is_active = is_active
+            user.status = status

        self.db.commit()
        self.db.refresh(user)
@@ -86,6 +89,7 @@ class UsersRepository:
        email: str | None = None,
        display_name: str | None = None,
        is_active: bool | None = None,
+        status: str | None = None,
    ) -> User:
        if username is not None:
            user.username = username
@@ -95,6 +99,13 @@ class UsersRepository:
            user.display_name = display_name
        if is_active is not None:
            user.is_active = is_active
+        if status is not None:
+            user.status = status
+
        self.db.commit()
        self.db.refresh(user)
        return user
+
+    def delete(self, user: User) -> None:
+        self.db.delete(user)
+        self.db.commit()