Aegis/backend/app/models/user.py

import uuid

from sqlalchemy import Boolean, Column, DateTime, String, func
from sqlalchemy.dialects.postgresql import UUID

from app.database import Base


class User(Base):
    """
    User model for authentication and authorization.

    Possible roles:
    - admin: Full system access
    - red_tech: Red team technician - can create and edit tests
    - blue_tech: Blue team technician - can create and edit tests
    - red_lead: Red team lead - can validate tests
    - blue_lead: Blue team lead - can validate tests
    - viewer: Read-only access (default)
    """
    __tablename__ = "users"

    id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4)
    username = Column(String, unique=True, nullable=False)
    email = Column(String, nullable=True)
    hashed_password = Column(String, nullable=False)
    role = Column(String, nullable=False, default="viewer")
    is_active = Column(Boolean, default=True)
    must_change_password = Column(Boolean, default=True)
    created_at = Column(DateTime(timezone=True), server_default=func.now())
    last_login = Column(DateTime, nullable=True)