feat: add account-based subscription model with migrations

Transition from team-based to account-based multi-tenancy (Free/Pro/Team). Migrations 016-020 create accounts, subscriptions, plan_limits, and account_invites tables, then migrate existing users and content FKs. New models: Account, Subscription, PlanLimits, AccountInvite. Updated models add account_id alongside existing team_id (coexistence for safe two-PR deployment). Permissions and deps refactored for account_role instead of is_team_admin. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-07 02:38:47 -05:00
parent fb84bd8144
commit 4ccb93ee31
22 changed files with 933 additions and 47 deletions
--- a/backend/app/models/user.py
+++ b/backend/app/models/user.py
@@ -8,6 +8,7 @@ from app.core.database import Base

 if TYPE_CHECKING:
    from app.models.team import Team
+    from app.models.account import Account
    from app.models.tree import Tree
    from app.models.session import Session
    from app.models.folder import UserFolder
@@ -20,6 +21,10 @@ class User(Base):
            "role IN ('engineer', 'viewer')",
            name='ck_users_role_enum'
        ),
+        CheckConstraint(
+            "account_role IN ('owner', 'admin', 'engineer', 'viewer')",
+            name='ck_users_account_role_enum'
+        ),
    )

    id: Mapped[uuid.UUID] = mapped_column(
@@ -34,6 +39,17 @@ class User(Base):
    is_super_admin: Mapped[bool] = mapped_column(Boolean, nullable=False, default=False)
    is_team_admin: Mapped[bool] = mapped_column(Boolean, nullable=False, default=False)
    is_active: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True, server_default="true")
+
+    # Account-based multi-tenancy (new)
+    account_id: Mapped[Optional[uuid.UUID]] = mapped_column(
+        UUID(as_uuid=True),
+        ForeignKey("accounts.id", ondelete="RESTRICT"),
+        nullable=True,
+        index=True
+    )
+    account_role: Mapped[str] = mapped_column(String(50), nullable=False, default="engineer")
+
+    # Legacy team columns (kept for PR A coexistence)
    team_id: Mapped[Optional[uuid.UUID]] = mapped_column(
        UUID(as_uuid=True),
        ForeignKey("teams.id"),
@@ -51,6 +67,8 @@ class User(Base):
    last_login: Mapped[Optional[datetime]] = mapped_column(DateTime(timezone=True), nullable=True)

    # Relationships
+    account: Mapped[Optional["Account"]] = relationship("Account", foreign_keys=[account_id], back_populates="users")
+    owned_account: Mapped[Optional["Account"]] = relationship("Account", foreign_keys="[Account.owner_id]", back_populates="owner", uselist=False)
    team: Mapped[Optional["Team"]] = relationship("Team", back_populates="users")
    trees: Mapped[list["Tree"]] = relationship("Tree", foreign_keys="[Tree.author_id]", back_populates="author")
    sessions: Mapped[list["Session"]] = relationship("Session", back_populates="user")
@@ -62,6 +80,11 @@ class User(Base):
        return self.is_super_admin

    @property
-    def can_manage_team(self) -> bool:
-        """Returns True if user can manage their team (team admin or super admin)."""
-        return self.is_super_admin or (self.is_team_admin and self.team_id is not None)
+    def is_account_owner(self) -> bool:
+        """Returns True if user owns their account."""
+        return self.account_role == "owner"
+
+    @property
+    def can_manage_account(self) -> bool:
+        """Returns True if user can manage their account (owner, admin, or super admin)."""
+        return self.is_super_admin or self.account_role in ("owner", "admin")