Add UserProjectPermission table + Alembic migration #249

New issue

Open

opened 2026-03-30 22:10:09 +00:00 by forgejo_admin · 0 comments

forgejo_admin commented

2026-03-30 22:10:09 +00:00

Contributor

Type

Feature

Lineage

Standalone — scoped from pal-e-app project.

Repo

forgejo_admin/pal-e-api

User Story

As an admin (Lucas)
I want a UserProjectPermission table mapping Keycloak users to projects with read/write permissions
So that I can control what each stakeholder sees

Context

pal-e-app needs project-scoped permissions for stakeholders (Marcus, Mom). The domain model (arch-domain-pal-e-app) defines a UserProjectPermission table with columns: id, keycloak_sub, project_id, permission (read|write), created_at. No local user table — keycloak_sub references the JWT sub claim.

File Targets

Files to modify or create:

src/pal_e_docs/models/ — new UserProjectPermission SQLAlchemy model
alembic/versions/ — new migration for the table

Files NOT to touch:

Existing note/board/project models

Acceptance Criteria

UserProjectPermission table exists with columns: id, keycloak_sub, project_id, permission, created_at
Alembic migration creates the table cleanly
Unique constraint on (keycloak_sub, project_id)
Foreign key to projects table on project_id

Test Expectations

Unit test: model creation and constraints
Run command: pytest tests/ -k test_permission

Constraints

Follow existing SQLAlchemy model patterns
Permission values: "read" or "write" only

Checklist

PR opened
Tests pass
No unrelated changes

project-pal-e-app
arch-domain-pal-e-app

### Type Feature ### Lineage Standalone — scoped from pal-e-app project. ### Repo `forgejo_admin/pal-e-api` ### User Story As an admin (Lucas) I want a UserProjectPermission table mapping Keycloak users to projects with read/write permissions So that I can control what each stakeholder sees ### Context pal-e-app needs project-scoped permissions for stakeholders (Marcus, Mom). The domain model (arch-domain-pal-e-app) defines a UserProjectPermission table with columns: id, keycloak_sub, project_id, permission (read|write), created_at. No local user table — keycloak_sub references the JWT sub claim. ### File Targets Files to modify or create: - `src/pal_e_docs/models/` — new UserProjectPermission SQLAlchemy model - `alembic/versions/` — new migration for the table Files NOT to touch: - Existing note/board/project models ### Acceptance Criteria - [ ] UserProjectPermission table exists with columns: id, keycloak_sub, project_id, permission, created_at - [ ] Alembic migration creates the table cleanly - [ ] Unique constraint on (keycloak_sub, project_id) - [ ] Foreign key to projects table on project_id ### Test Expectations - [ ] Unit test: model creation and constraints - Run command: `pytest tests/ -k test_permission` ### Constraints - Follow existing SQLAlchemy model patterns - Permission values: "read" or "write" only ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `project-pal-e-app` - `arch-domain-pal-e-app`

Commenting is not possible because the repository is archived.