0
0
mirror of https://github.com/PostHog/posthog.git synced 2024-11-25 11:17:50 +01:00
posthog/ee/models/rbac/access_control.py
2024-11-07 19:45:21 -05:00

54 lines
1.6 KiB
Python

from django.db import models
from posthog.models.utils import UUIDModel
class AccessControl(UUIDModel):
class Meta:
constraints = [
models.UniqueConstraint(
fields=["resource", "resource_id", "team", "organization_member", "role"],
name="unique resource per target",
)
]
team = models.ForeignKey(
"posthog.Team",
on_delete=models.CASCADE,
related_name="access_controls",
related_query_name="access_controls",
)
# Configuration of what we are accessing
access_level: models.CharField = models.CharField(max_length=32)
resource: models.CharField = models.CharField(max_length=32)
resource_id: models.CharField = models.CharField(max_length=36, null=True)
# Optional scope it to a specific member
organization_member = models.ForeignKey(
"posthog.OrganizationMembership",
on_delete=models.CASCADE,
related_name="access_controls",
related_query_name="access_controls",
null=True,
)
# Optional scope it to a specific role
role = models.ForeignKey(
"Role",
on_delete=models.CASCADE,
related_name="access_controls",
related_query_name="access_controls",
null=True,
)
created_by = models.ForeignKey(
"posthog.User",
on_delete=models.SET_NULL,
null=True,
)
created_at: models.DateTimeField = models.DateTimeField(auto_now_add=True)
updated_at: models.DateTimeField = models.DateTimeField(auto_now=True)
# TODO: add model validation for access_level and resource