Fork: 0
root / navi-1
Transfer to URL with SHA Find file
Newer
Older
navi-1 / navi / auth / __init__.py
@Eugene Sukhodolskiy Eugene Sukhodolskiy on 3 May 574 bytes Multi-user auth via gnexus-auth OAuth + hybrid role/permission model
Raw Blame History 
"""Auth models for Navi user identity."""

from pydantic import BaseModel

from ._ddl import _ensure_auth_tables


class User(BaseModel):
    """Authenticated Navi user, resolved from gnexus-auth."""

    id: str
    email: str
    display_name: str | None = None
    role: str = "user"  # "user" | "admin"
    permissions: list[str] = []

    def has_permission(self, permission: str) -> bool:
        """Check if user has a specific permission.

        Admin role implies all permissions.
        """
        return self.role == "admin" or permission in self.permissions