Aegis/backend/app/models/user.py

import uuid
from datetime import datetime

from sqlalchemy import Column, String, Boolean, DateTime
from sqlalchemy.dialects.postgresql import UUID

from app.database import Base


class User(Base):
    """
    User model for authentication and authorization.
    
    Possible roles:
    - admin: Full system access
    - red_tech: Red team technician - can create and edit tests
    - blue_tech: Blue team technician - can create and edit tests
    - red_lead: Red team lead - can validate tests
    - blue_lead: Blue team lead - can validate tests
    - viewer: Read-only access (default)
    """
    __tablename__ = "users"

    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
    username = Column(String, unique=True, nullable=False)
    email = Column(String, nullable=True)
    hashed_password = Column(String, nullable=False)
    role = Column(String, nullable=False, default="viewer")
    is_active = Column(Boolean, default=True)
    created_at = Column(DateTime, default=datetime.utcnow)
    last_login = Column(DateTime, nullable=True)