push

app/models/user.py

@@ -0,0 +1,40 @@
+from flask_login import UserMixin
+from werkzeug.security import check_password_hash
+from app.extensions import db, login_manager
+from app.models.base import TimestampMixin
+
+
+class User(UserMixin, TimestampMixin, db.Model):
+    id = db.Column(db.Integer, primary_key=True)
+    email = db.Column(db.String(255), unique=True, nullable=False, index=True)
+    name = db.Column(db.String(255), nullable=False)
+    password_hash = db.Column(db.String(255), nullable=False)
+    role = db.Column(db.String(50), default='operator', nullable=False)
+    theme_preference = db.Column(db.String(20), default='light', nullable=False)
+    is_blocked = db.Column(db.Boolean, default=False, nullable=False)
+    force_password_change = db.Column(db.Boolean, default=False, nullable=False)
+    last_login_at = db.Column(db.DateTime)
+    company_access = db.relationship('UserCompanyAccess', back_populates='user', cascade='all, delete-orphan')
+
+    def check_password(self, password):
+        return check_password_hash(self.password_hash, password)
+
+    def companies(self):
+        return [item.company for item in self.company_access if item.company and item.company.is_active]
+
+    def can_access_company(self, company_id):
+        return any(item.company_id == company_id for item in self.company_access)
+
+    def company_access_level(self, company_id):
+        for item in self.company_access:
+            if item.company_id == company_id:
+                return item.access_level
+        return None
+
+    def is_company_readonly(self, company_id):
+        return self.company_access_level(company_id) == 'readonly' or self.role == 'readonly'
+
+
+@login_manager.user_loader
+def load_user(user_id):
+    return db.session.get(User, int(user_id))