Vendor team member management features

2025-11-14 21:08:57 +01:00
parent af23f5b88f
commit 41439eed09
10 changed files with 1786 additions and 85 deletions
--- a/models/database/vendor.py
+++ b/models/database/vendor.py
@@ -5,14 +5,14 @@ Vendor model representing entities that sell products or services.
 This module defines the Vendor model along with its relationships to
 other models such as User (owner), Product, Customer, Order, and MarketplaceImportJob.
 """
-from sqlalchemy import Boolean, Column, ForeignKey, Integer, String, Text, JSON
+from sqlalchemy import Boolean, Column, ForeignKey, Integer, String, Text, JSON, DateTime
 from sqlalchemy.orm import relationship

 # Import Base from the central database module instead of creating a new one
 from app.core.database import Base
 from models.database.base import TimestampMixin
 from app.core.config import settings
-
+import enum

 class Vendor(Base, TimestampMixin):
    """Represents a vendor in the system."""
@@ -177,10 +177,21 @@ class Vendor(Base, TimestampMixin):
        return domains


-class VendorUser(Base, TimestampMixin):
-    """Represents a user's role within a specific vendor."""
+class VendorUserType(str, enum.Enum):
+    """Types of vendor users."""
+    OWNER = "owner"  # Vendor owner (full access to vendor area)
+    TEAM_MEMBER = "member"  # Team member (role-based access to vendor area)

-    __tablename__ = "vendor_users"  # Name of the table in the database
+
+class VendorUser(Base, TimestampMixin):
+    """
+    Represents a user's membership in a vendor.
+
+    - Owner: Created automatically when vendor is created
+    - Team Member: Invited by owner via email
+    """
+
+    __tablename__ = "vendor_users"

    id = Column(Integer, primary_key=True, index=True)
    """Unique identifier for each VendorUser entry."""
@@ -191,15 +202,23 @@ class VendorUser(Base, TimestampMixin):
    user_id = Column(Integer, ForeignKey("users.id"), nullable=False)
    """Foreign key linking to the associated User."""

-    role_id = Column(Integer, ForeignKey("roles.id"), nullable=False)
+    # Distinguish between owner and team member
+    user_type = Column(String, nullable=False, default=VendorUserType.TEAM_MEMBER.value)
+
+    # Role for team members (NULL for owners - they have all permissions)
+    role_id = Column(Integer, ForeignKey("roles.id"), nullable=True)
    """Foreign key linking to the associated Role."""

    invited_by = Column(Integer, ForeignKey("users.id"))
    """Foreign key linking to the user who invited this VendorUser."""
+    invitation_token = Column(String, nullable=True, index=True)  # For email activation
+    invitation_sent_at = Column(DateTime, nullable=True)
+    invitation_accepted_at = Column(DateTime, nullable=True)

-    is_active = Column(Boolean, default=True, nullable=False)
+    is_active = Column(Boolean, default=False, nullable=False)  # False until invitation accepted
    """Indicates whether the VendorUser role is active."""

+    # Relationships
    vendor = relationship("Vendor", back_populates="vendor_users")
    """Relationship to the Vendor model, representing the associated vendor."""

@@ -216,10 +235,57 @@ class VendorUser(Base, TimestampMixin):
        """Return a string representation of the VendorUser instance.

        Returns:
-            str: A string that includes the vendor_id and user_id of the VendorUser instance.
+            str: A string that includes the vendor_id, the user_id and the user_type of the VendorUser instance.
        """
-        return f"<VendorUser(vendor_id={self.vendor_id}, user_id={self.user_id})>"
+        return f"<VendorUser(vendor_id={self.vendor_id}, user_id={self.user_id}, type={self.user_type})>"

+    @property
+    def is_owner(self) -> bool:
+        """Check if this is an owner membership."""
+        return self.user_type == VendorUserType.OWNER.value
+
+    @property
+    def is_team_member(self) -> bool:
+        """Check if this is a team member (not owner)."""
+        return self.user_type == VendorUserType.TEAM_MEMBER.value
+
+    @property
+    def is_invitation_pending(self) -> bool:
+        """Check if invitation is still pending."""
+        return self.invitation_token is not None and self.invitation_accepted_at is None
+
+    def has_permission(self, permission: str) -> bool:
+        """
+        Check if user has a specific permission.
+
+        Owners always have all permissions.
+        Team members check their role's permissions.
+        """
+        # Owners have all permissions
+        if self.is_owner:
+            return True
+
+        # Inactive users have no permissions
+        if not self.is_active:
+            return False
+
+        # Check role permissions
+        if self.role and self.role.permissions:
+            return permission in self.role.permissions
+
+        return False
+
+    def get_all_permissions(self) -> list:
+        """Get all permissions this user has."""
+        if self.is_owner:
+            # Return all possible permissions
+            from app.core.permissions import VendorPermissions
+            return list(VendorPermissions.__members__.values())
+
+        if self.role and self.role.permissions:
+            return self.role.permissions
+
+        return []

 class Role(Base, TimestampMixin):
    """Represents a role within a vendor's system."""