chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
47ff8ad2b5e3c7ea84738da0653d6e9a15481db6
resolutionflow/backend/app/schemas/user.py
Michael Chihlas 47ff8ad2b5 feat(l1): enforce seat limits on invite, accept-invite, role-change 
For engineer + l1_tech roles, check_seat_available is called at each
mutation point. Returns 402 Payment Required with structured detail
{code: 'seat_limit_exceeded', role, current, limit, upgrade_url} when
seats are full. Grandfathering: existing over-seated accounts keep
existing users; only new mutations are blocked.

Also updates AccountInviteCreate and AccountRoleUpdate schemas to
accept l1_tech as a valid role value.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-28 12:49:59 -04:00

76 lines
2.6 KiB
Python
Raw Blame History

from datetime import datetime
from typing import Literal, Optional
from uuid import UUID
import re
from pydantic import BaseModel, EmailStr, Field, field_validator
class UserBase(BaseModel):
email: EmailStr
name: str = Field(..., min_length=1, max_length=255)
class UserCreate(UserBase):
password: str = Field(..., min_length=10, description="Password must be at least 10 characters")
invite_code: Optional[str] = Field(None, description="Invite code for registration (required when invite system is enabled)")
account_invite_code: Optional[str] = Field(None, description="Account invite code to join an existing account")
@field_validator('password')
@classmethod
def password_complexity(cls, v: str) -> str:
if not re.search(r'[A-Z]', v):
raise ValueError('Password must contain at least one uppercase letter')
if not re.search(r'[a-z]', v):
raise ValueError('Password must contain at least one lowercase letter')
if not re.search(r'[0-9]', v):
raise ValueError('Password must contain at least one digit')
return v
class UserUpdate(BaseModel):
name: Optional[str] = Field(None, min_length=1, max_length=255)
email: Optional[EmailStr] = None
current_password: Optional[str] = Field(None, description="Required when changing email")
phone: Optional[str] = Field(None, max_length=50)
job_title: Optional[str] = Field(None, max_length=255)
timezone: Optional[str] = Field(None, max_length=100)
class UserLogin(BaseModel):
email: EmailStr
password: str
class UserResponse(UserBase):
id: UUID
role: str = "engineer"
account_id: Optional[UUID] = None
account_role: Optional[str] = None
team_id: Optional[UUID] = None
is_super_admin: bool = False
is_active: bool = True
must_change_password: bool = False
created_at: datetime
last_login: Optional[datetime] = None
deleted_at: Optional[datetime] = None
phone: Optional[str] = None
job_title: Optional[str] = None
timezone: str = "UTC"
avatar_url: Optional[str] = None
email_verified_at: Optional[datetime] = None
onboarding_step_completed: Optional[int] = None
onboarding_dismissed: bool = False
class Config:
from_attributes = True
class RoleUpdate(BaseModel):
role: Literal["engineer", "viewer"]
class AccountRoleUpdate(BaseModel):
# Ownership changes must go through the explicit transfer-ownership flow so
# account.owner_id stays consistent with user.account_role.
account_role: str = Field(..., pattern="^(admin|engineer|viewer|l1_tech)$")
Reference in New Issue View Git Blame Copy Permalink