34 lines
925 B
Python
34 lines
925 B
Python
"""User entity.
|
|
|
|
Admin is a single ``is_superuser`` flag — no role system in Phase 1 (kept
|
|
deliberately minimal; granular permissions are deferred, see plan §3.5).
|
|
``User`` is the outward-facing entity and never carries the password hash;
|
|
the hash lives on :class:`Credentials`, used only inside the auth service.
|
|
"""
|
|
|
|
import datetime as dt
|
|
import uuid
|
|
from dataclasses import dataclass
|
|
|
|
|
|
@dataclass(frozen=True, slots=True)
|
|
class User:
|
|
"""A person with access to the instance. The password hash is intentionally
|
|
absent — see :class:`Credentials`."""
|
|
|
|
id: uuid.UUID
|
|
username: str
|
|
is_superuser: bool
|
|
is_active: bool
|
|
created_at: dt.datetime
|
|
updated_at: dt.datetime
|
|
|
|
|
|
@dataclass(frozen=True, slots=True)
|
|
class Credentials:
|
|
"""A user paired with their stored password hash. Stays inside the
|
|
application layer — never serialized to clients."""
|
|
|
|
user: User
|
|
password_hash: str
|