chore(model)!: move user authentication data to new ExternalUser model

2024-02-09 18:17:43 +01:00 · 2024-02-09 18:17:43 +01:00 · 12fe58fc81
commit 12fe58fc81
parent ac045fdc70
1 changed files with 14 additions and 10 deletions
--- a/models/users.model
+++ b/models/users.model
@ -1,8 +1,8 @@
-- SPDX-FileCopyrightText: 2022 Gregor Kleen <gregor.kleen@ifi.lmu.de>,Sarah Vaupel <sarah.vaupel@ifi.lmu.de>,Steffen Jost <jost@cip.ifi.lmu.de>,Steffen Jost <jost@tcs.ifi.lmu.de>
+-- SPDX-FileCopyrightText: 2022-2024 Sarah Vaupel <sarah.vaupel@uniworx.de>, Gregor Kleen <gregor.kleen@ifi.lmu.de>, Sarah Vaupel <sarah.vaupel@ifi.lmu.de>, Steffen Jost <jost@cip.ifi.lmu.de>, Steffen Jost <jost@tcs.ifi.lmu.de>
 --
 -- SPDX-License-Identifier: AGPL-3.0-or-later

-- The files in /models determine t he database scheme.
+-- The files in /models determine the database scheme.
 -- The organisational split into several files has no operational effects.
 -- White-space and case matters: Each SQL table is named in 1st column of this file
 -- Indendent lower-case lines describe the SQL-columns of the table with name, type and options
@ -11,19 +11,16 @@
 -- Indendent upper-case lines usually impose Uniqueness constraints for rows by some columns.
 -- Each table will also have an column storing a unique numeric row key, unless there is a row Primary columnname
 --
+
 User json    -- Each Uni2work user has a corresponding row in this table; created upon first login.
    surname        UserSurname              -- Display user names always through 'nameWidget displayName surname'
    displayName    UserDisplayName
    displayEmail   UserEmail
    email          UserEmail                -- Case-insensitive eMail address, used for sending  TODO: make this nullable
    ident          UserIdent                -- Case-insensitive user-identifier
-    authentication AuthenticationMode       -- 'AuthLDAP' or ('AuthPWHash'+password-hash)
+    authentication AuthenticationMode       -- 'AuthLDAP' or ('AuthPWHash'+password-hash) -- TODO: redo (add InternalUser table for password hash)
    lastAuthentication UTCTime Maybe        -- last login date
    created        UTCTime default=now()
-    lastLdapSynchronisation UTCTime Maybe
-    lastAzureSynchronisation UTCTime Maybe
-    ldapPrimaryKey UserEduPersonPrincipalName Maybe
-    azurePrimaryKey UUID Maybe
    tokensIssuedAfter  UTCTime Maybe        -- do not accept bearer tokens issued before this time (accept all tokens if null)
    matrikelnummer UserMatriculation Maybe  -- usually a number; AVS Personalnummer; nicht Fraport Personalnummer!
    firstName      Text                     -- For export in tables, pre-split firstName from displayName
@ -54,10 +51,18 @@ User json    -- Each Uni2work user has a corresponding row in this table; create
    examOfficeGetLabels   Bool default=true     -- whether labels should be displayed for exam results by default
    UniqueAuthentication ident                  -- Column 'ident' can be used as a row-key in this table
    UniqueEmail email                           -- Column 'email' can be used as a row-key in this table
-    UniqueLdapPrimaryKey ldapPrimaryKey !force  -- Column 'ldapPrimaryKey' is either empty or contains a unique value
-    UniqueAzurePrimaryKey azurePrimaryKey !force  -- Column 'azurePrimaryKey' is either empty or contains a unique value
    deriving Show Eq Ord Generic                -- Haskell-specific settings for runtime-value representing a row in memory

+-- User authentication data fetched from external sources
+ExternalUser
+    source            Text                 -- External source ID
+    ident             UserIdent            -- External user ID
+    data              Value "default='{}'::jsonb"  -- Raw user data from external source
+    lastSourceSync    UTCTime              -- When was the entry last synced with the external source?
+    lastUserSync      UTCTime Maybe        -- When was the corresponding User entry last synced with this entry? TODO: maybe move to User instead
+    UniqueExternalUser source ident
+    deriving Show Eq Ord Generic
+
 UserFunction -- Administratively assigned functions (lecturer, admin, evaluation, ...)
    user     UserId
    school   SchoolId
@ -102,4 +107,3 @@ UserSupervisor
    rerouteNotifications  Bool   -- User can be his own supervisor to receive notifications as well
    UniqueUserSupervisor supervisor user -- each supervisor/user combination is unique (same supervisor can superviser the same user only once)
    deriving Generic
-