o "i@sdZddlmZmZddlmZddlZddlmZddl m Z ddl m Z ddl mZdd lmZmZdd lmZmZdd lmZeeZGd d d ee eefZee ZdS)z! CRUD operations for User model. )OptionalList)SessionN)CRUDBase)User)Role)UserRole) UserCreate UserUpdate)get_password_hashverify_password)RBACBootstrapServicec @sdeZdZdZdddededeedeefdd Z ddded edeedeefd d Z d dddedededede ef ddZ ddddede deededef ddZdedededeefddZdddeded ededef d!d"Zdedefd#d$Zdedefd%d&Zdedefd'd(Zded)ede efd*d+Zded)ed,e eddfd-d.ZdS)/CRUDUserzE CRUD operations for User model with authentication support. N) tenant_iddbemailrreturncC6|ttj|k}|dur|tj|k}|S)z Get user by email. Args: db: Database session email: User email tenant_id: Optional tenant ID for filtering Returns: User instance or None N)queryrfilterrrfirst)selfrrrrr5/lsinfo/ai/hellotax_ai/base_platform/app/crud/user.py get_by_email zCRUDUser.get_by_emailusernamecCr)z Get user by username. Args: db: Database session username: Username tenant_id: Optional tenant ID for filtering Returns: User instance or None N)rrrrrr)rrrrrrrrget_by_username+rzCRUDUser.get_by_usernamerd)skiplimitrr cCs&|ttj|k||S)a Get users by company ID. Args: db: Database session tenant_id: Company (tenant) ID skip: Number of records to skip limit: Maximum number of records to return Returns: List of user instances )rrrroffsetr all)rrrrr rrrget_by_company>s zCRUDUser.get_by_companyT) created_bycommitobj_inr$r%c Cst|j|jt|j|j|jd}|||rE|| |z t ||W|St yD}zt d|WYd}~|Sd}~ww|S)a2 Create a new user with hashed password. Args: db: Database session obj_in: User creation schema created_by: User ID who created this user commit: Whether to commit the transaction Returns: Created user instance )rnamehashed_passwordrrolezFailed to assign role: N)rrr'r passwordrr)addr%refreshr sync_user_role_binding Exceptionloggerwarning)rrr&r$r%db_objerrrcreateVs(  zCRUDUser.creater*cCs*|j||d}|s dSt||jsdS|S)a  Authenticate user by email and password. Args: db: Database session email: User email password: Plain text password Returns: User instance if authentication successful, None otherwise )rN)rr r()rrrr*userrrr authenticates  zCRUDUser.authenticate)r%r4 new_passwordcCs.t||_|||r||||S)a Update user password. Args: db: Database session user: User instance new_password: New plain text password commit: Whether to commit the transaction Returns: Updated user instance )r r(r+r%r,)rrr4r6r%rrrupdate_passwords   zCRUDUser.update_passwordcCs|jS)z Check if user is active. Args: user: User instance Returns: True if user is active ) is_activerr4rrrr8s zCRUDUser.is_activecC |jdkS)z Check if user is platform admin. Args: user: User instance Returns: True if user is platform admin platform_adminr)r9rrris_platform_admin zCRUDUser.is_platform_admincCr:)z Check if user is customer admin. Args: user: User instance Returns: True if user is customer admin customer_adminr<r9rrris_customer_adminr>zCRUDUser.is_customer_adminuser_idcCs\|ttj|ktjdk}dd|D}|sgS|ttj|tjdkS)z Get all roles for a user. Args: db: Database session user_id: User ID Returns: List of Role instances FcSsg|]}|jqSr)role_id).0urrrr sz&CRUDUser.get_roles..) rrrrA is_deletedr"ridin_)rrrA user_rolesrole_idsrrr get_roless   zCRUDUser.get_rolesrJcCs^|ttj|ktjdk}|D]}d|_q|D] }t||d}||q|dS)z Update roles for a user. Args: db: Database session user_id: User ID role_ids: List of role IDs to assign FT)rArBN)rrrrArFr"r+r%)rrrArJexistingrDrB user_rolerrr update_roless    zCRUDUser.update_roles)__name__ __module__ __qualname____doc__rstrrintrrrrr#r boolr3r5r7r8r=r@rrKrNrrrrrsp((  )     "r)rRtypingrrsqlalchemy.ormrlogging app.crud.baserapp.models.userrapp.models.rolerapp.models.user_rolerapp.schemas.userr r app.core.securityr r *app.services.access.rbac_bootstrap_servicer getLoggerrOr/rr4rrrrs        z