"""Auth models for Navi user identity."""

from pydantic import BaseModel

from ._ddl import _ensure_auth_tables


class User(BaseModel):
    """Authenticated Navi user, resolved from gnexus-auth."""

    id: str
    email: str
    display_name: str | None = None
    role: str = "user"  # "user" | "admin"
    permissions: list[str] = []

    def has_permission(self, permission: str) -> bool:
        """Check if user has a specific permission.

        Admin role implies all permissions.
        """
        return self.role == "admin" or permission in self.permissions