permissions2fast-fastapi 0.1.0__tar.gz

permissions2fast_fastapi-0.1.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Angel Daniel Sanchez Castillo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

permissions2fast_fastapi-0.1.0/PKG-INFO

@@ -0,0 +1,141 @@
+Metadata-Version: 2.4
+Name: permissions2fast-fastapi
+Version: 0.1.0
+Summary: Role-based access control (RBAC) and permission management extension for oauth2fast-fastapi
+Author-email: Angel Daniel Sanchez Castillo <angeldaniel.sanchezcastillo@gmail.com>
+License: MIT License
+        
+        Copyright (c) 2026 Angel Daniel Sanchez Castillo
+        
+        Permission is hereby granted, free of charge, to any person obtaining a copy
+        of this software and associated documentation files (the "Software"), to deal
+        in the Software without restriction, including without limitation the rights
+        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+        copies of the Software, and to permit persons to whom the Software is
+        furnished to do so, subject to the following conditions:
+        
+        The above copyright notice and this permission notice shall be included in all
+        copies or substantial portions of the Software.
+        
+        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+        SOFTWARE.
+        
+Project-URL: Homepage, https://github.com/AngelDanielSanchezCastillo/permissions2fast-fastapi
+Project-URL: Repository, https://github.com/AngelDanielSanchezCastillo/permissions2fast-fastapi
+Project-URL: Issues, https://github.com/AngelDanielSanchezCastillo/permissions2fast-fastapi/issues
+Keywords: fastapi,permissions,rbac,oauth2,authorization,sqlmodel
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: MIT License
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Framework :: FastAPI
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Libraries :: Python Modules
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: oauth2fast-fastapi>=0.2.2
+Provides-Extra: dev
+Requires-Dist: pytest>=7.0.0; extra == "dev"
+Requires-Dist: pytest-asyncio>=0.21.0; extra == "dev"
+Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
+Requires-Dist: httpx>=0.24.0; extra == "dev"
+Requires-Dist: mypy>=1.0.0; extra == "dev"
+Requires-Dist: python-dotenv>=1.0.0; extra == "dev"
+Dynamic: license-file
+
+# permissions2fast-fastapi
+
+🔒 Role-Based Access Control (RBAC) extension for `oauth2fast-fastapi`.
+
+Easily manage user roles and permissions in your FastAPI application with support for Multi-Tenancy and High-Performance Redis Caching.
+
+## Features
+
+- 👥 **Role Management**: Create, assign, and manage roles for users.
+- 🔑 **Granular Permissions**: Define specific permissions and assign them to roles or directly to users (polymorphic assignments).
+- 🏢 **Multi-Tenancy (Optional)**: Isolate roles and permissions per tenant context.
+- � **Redis Caching (Optional)**: High-performance permission evaluation using Redis to minimize database lookups.
+- �🛡️ **Route Protection**: Dependencies to protect endpoints based on roles or permissions.
+- ⚡ **Async Support**: Fully async database interactions via `pgsqlasync2fast-fastapi`.
+- 🔌 **Seamless Integration**: Built to extend `oauth2fast-fastapi`.
+
+## Installation
+
+```bash
+pip install permissions2fast-fastapi
+```
+
+## Configuration
+
+This package uses the same database connection logic as `oauth2fast-fastapi`. Configure your environment variables in `.env`.
+
+### Basic Settings
+
+```bash
+# Database Configuration
+DB_CONNECTIONS__AUTH__USERNAME=db_user
+DB_CONNECTIONS__AUTH__PASSWORD=db_password
+DB_CONNECTIONS__AUTH__HOST=localhost
+DB_CONNECTIONS__AUTH__DATABASE=db_name
+DB_CONNECTIONS__AUTH__PORT=5432
+```
+
+### Advanced Features (Multi-Tenancy & Redis)
+
+You can enable multi-tenancy and Redis caching by setting the following environment variables:
+
+```bash
+PERMISSIONS_ENABLE_TENANCY=True
+PERMISSIONS_REDIS_RBAC_ENABLED=True
+
+# Redis connection details (if caching is enabled)
+PERMISSIONS_REDIS__HOST=localhost
+PERMISSIONS_REDIS__PORT=6379
+PERMISSIONS_REDIS__DB=0
+# PERMISSIONS_REDIS__PASSWORD=your_redis_password
+```
+
+## Usage
+
+### 1. Basic Integration
+
+```python
+from fastapi import FastAPI
+from permissions2fast_fastapi import permissions_router, roles_router
+from oauth2fast_fastapi import router as auth_router
+
+app = FastAPI()
+
+app.include_router(auth_router)
+app.include_router(permissions_router)
+app.include_router(roles_router)
+```
+
+### 2. Protecting Routes
+
+Use the provided dependencies to restrict access to endpoints. The system will automatically check Redis cache if enabled, and fallback to database queries if needed. Tenant context is automatically respected if Tenancy is enabled and a Tenant ID is injected in the request context.
+
+```python
+from fastapi import Depends
+from permissions2fast_fastapi.dependencies import has_permission, has_role
+from oauth2fast_fastapi.models import User
+
+# Require a specific role
+@app.get("/admin-dashboard")
+async def admin_dashboard(user: User = Depends(has_role("admin"))):
+    return {"message": "Welcome Admin"}
+
+# Require a specific permission
+@app.get("/edit-post")
+async def edit_post(user: User = Depends(has_permission("posts.edit"))):
+    return {"message": "You can edit posts"}
+```

permissions2fast_fastapi-0.1.0/README.md

@@ -0,0 +1,87 @@
+# permissions2fast-fastapi
+
+🔒 Role-Based Access Control (RBAC) extension for `oauth2fast-fastapi`.
+
+Easily manage user roles and permissions in your FastAPI application with support for Multi-Tenancy and High-Performance Redis Caching.
+
+## Features
+
+- 👥 **Role Management**: Create, assign, and manage roles for users.
+- 🔑 **Granular Permissions**: Define specific permissions and assign them to roles or directly to users (polymorphic assignments).
+- 🏢 **Multi-Tenancy (Optional)**: Isolate roles and permissions per tenant context.
+- � **Redis Caching (Optional)**: High-performance permission evaluation using Redis to minimize database lookups.
+- �🛡️ **Route Protection**: Dependencies to protect endpoints based on roles or permissions.
+- ⚡ **Async Support**: Fully async database interactions via `pgsqlasync2fast-fastapi`.
+- 🔌 **Seamless Integration**: Built to extend `oauth2fast-fastapi`.
+
+## Installation
+
+```bash
+pip install permissions2fast-fastapi
+```
+
+## Configuration
+
+This package uses the same database connection logic as `oauth2fast-fastapi`. Configure your environment variables in `.env`.
+
+### Basic Settings
+
+```bash
+# Database Configuration
+DB_CONNECTIONS__AUTH__USERNAME=db_user
+DB_CONNECTIONS__AUTH__PASSWORD=db_password
+DB_CONNECTIONS__AUTH__HOST=localhost
+DB_CONNECTIONS__AUTH__DATABASE=db_name
+DB_CONNECTIONS__AUTH__PORT=5432
+```
+
+### Advanced Features (Multi-Tenancy & Redis)
+
+You can enable multi-tenancy and Redis caching by setting the following environment variables:
+
+```bash
+PERMISSIONS_ENABLE_TENANCY=True
+PERMISSIONS_REDIS_RBAC_ENABLED=True
+
+# Redis connection details (if caching is enabled)
+PERMISSIONS_REDIS__HOST=localhost
+PERMISSIONS_REDIS__PORT=6379
+PERMISSIONS_REDIS__DB=0
+# PERMISSIONS_REDIS__PASSWORD=your_redis_password
+```
+
+## Usage
+
+### 1. Basic Integration
+
+```python
+from fastapi import FastAPI
+from permissions2fast_fastapi import permissions_router, roles_router
+from oauth2fast_fastapi import router as auth_router
+
+app = FastAPI()
+
+app.include_router(auth_router)
+app.include_router(permissions_router)
+app.include_router(roles_router)
+```
+
+### 2. Protecting Routes
+
+Use the provided dependencies to restrict access to endpoints. The system will automatically check Redis cache if enabled, and fallback to database queries if needed. Tenant context is automatically respected if Tenancy is enabled and a Tenant ID is injected in the request context.
+
+```python
+from fastapi import Depends
+from permissions2fast_fastapi.dependencies import has_permission, has_role
+from oauth2fast_fastapi.models import User
+
+# Require a specific role
+@app.get("/admin-dashboard")
+async def admin_dashboard(user: User = Depends(has_role("admin"))):
+    return {"message": "Welcome Admin"}
+
+# Require a specific permission
+@app.get("/edit-post")
+async def edit_post(user: User = Depends(has_permission("posts.edit"))):
+    return {"message": "You can edit posts"}
+```

permissions2fast_fastapi-0.1.0/pyproject.toml

@@ -0,0 +1,68 @@
+[build-system]
+requires = ["setuptools>=61.0", "wheel"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "permissions2fast-fastapi"
+version = "0.1.0"
+description = "Role-based access control (RBAC) and permission management extension for oauth2fast-fastapi"
+readme = "README.md"
+requires-python = ">=3.10"
+license = {file = "LICENSE"}
+authors = [
+    {name = "Angel Daniel Sanchez Castillo", email = "angeldaniel.sanchezcastillo@gmail.com"}
+]
+keywords = ["fastapi", "permissions", "rbac", "oauth2", "authorization", "sqlmodel"]
+classifiers = [
+    "Development Status :: 3 - Alpha",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Framework :: FastAPI",
+    "Topic :: Security",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+]
+
+dependencies = [
+    "oauth2fast-fastapi>=0.2.2",
+]
+
+[project.optional-dependencies]
+dev = [
+    "pytest>=7.0.0",
+    "pytest-asyncio>=0.21.0",
+    "pytest-cov>=4.0.0",
+    "httpx>=0.24.0",
+    "mypy>=1.0.0",
+    "python-dotenv>=1.0.0",
+]
+
+[project.urls]
+Homepage = "https://github.com/AngelDanielSanchezCastillo/permissions2fast-fastapi"
+Repository = "https://github.com/AngelDanielSanchezCastillo/permissions2fast-fastapi"
+Issues = "https://github.com/AngelDanielSanchezCastillo/permissions2fast-fastapi/issues"
+
+[tool.setuptools]
+package-dir = {"" = "src"}
+
+[tool.setuptools.packages.find]
+where = ["src"]
+include = ["permissions2fast_fastapi*"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+python_files = ["test_*.py"]
+python_classes = ["Test*"]
+python_functions = ["test_*"]
+asyncio_mode = "auto"
+asyncio_default_fixture_loop_scope = "session"
+asyncio_default_test_loop_scope = "session"
+
+[tool.mypy]
+python_version = "3.10"
+warn_return_any = true
+warn_unused_configs = true
+disallow_untyped_defs = false

permissions2fast_fastapi-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/__init__.py

@@ -0,0 +1,26 @@
+"""
+permissions2fast-fastapi
+
+Complete RBAC (Role-Based Access Control) system for FastAPI applications.
+Provides role management, permission checking, and user-role assignments.
+"""
+
+__version__ = "0.1.0"
+
+from .models.role_model import Role
+from .models.permission_model import Permission
+from .models.permission_category_model import PermissionCategory
+from .models.route_model import Route
+from .models.user_role_model import UserRole
+from .models.permission_assignment_model import PermissionAssignment
+from .models.permission_route_model import PermissionRoute
+
+__all__ = [
+    "Role",
+    "Permission",
+    "PermissionCategory",
+    "Route",
+    "UserRole",
+    "PermissionAssignment",
+    "PermissionRoute",
+]

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/__version__.py

@@ -0,0 +1 @@
+__version__ = "0.1.0"

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/dependencies.py

@@ -0,0 +1,123 @@
+"""
+FastAPI Dependencies
+
+Dependencies for protecting routes based on roles and permissions.
+"""
+
+from typing import Annotated
+
+from fastapi import Depends, HTTPException, Request, status
+from sqlalchemy.ext.asyncio import AsyncSession
+
+# Import from oauth2fast-fastapi directly
+from oauth2fast_fastapi.dependencies import get_current_verified_user, get_auth_session
+from oauth2fast_fastapi import User
+
+from .services import access_service, role_service
+
+
+def has_role(
+    role_name: str,
+):
+    """
+    Dependency to require a specific role.
+    
+    Usage:
+        @app.get("/admin")
+        def admin_route(user: User = Depends(has_role("admin"))):
+            ...
+    """
+    async def _has_role(
+        request: Request,
+        user: Annotated[User, Depends(get_current_verified_user)],
+        session: Annotated[AsyncSession, Depends(get_auth_session)],
+    ) -> User:
+        tenant_id = get_tenant_id(request)
+        user_roles = await role_service.list_user_roles(user.id, session, tenant_id=tenant_id)
+        
+        has_required = any(r.name == role_name for r in user_roles)
+        
+        if not has_required:
+             raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail=f"Missing required role: {role_name}",
+            )
+        
+        return user
+
+    return _has_role
+
+
+def get_tenant_id(request: Request) -> int | None:
+    """
+    Extract tenant_id from request.
+    Priority:
+    1. request.state.tenant_id (injected by external middleware)
+    2. X-Tenant-ID header
+    """
+    from .settings import settings
+    if not settings.enable_tenancy:
+        return None
+
+    # First check state (injected by middleware)
+    if hasattr(request.state, "tenant_id") and request.state.tenant_id:
+        try:
+            return int(request.state.tenant_id)
+        except ValueError:
+            pass
+
+    # Fallback to header
+    header_tenant = request.headers.get("X-Tenant-ID")
+    if header_tenant:
+         try:
+             return int(header_tenant)
+         except ValueError:
+             pass
+             
+    return None
+
+
+def has_permission(
+    permission_route: str | None = None,
+    method: str | None = None,
+):
+    """
+    Dependency to require permission for a route.
+    
+    If params are None, verifies access to the *current* request path and method.
+    
+    Usage:
+        @app.get("/items")
+        def items(user: User = Depends(has_permission())): 
+            # Checks if user can GET /items
+            ...
+            
+        @app.get("/items")
+        def items(user: User = Depends(has_permission(permission_route="/api/items", method="GET"))):
+            ...
+    """
+    async def _has_permission(
+        request: Request,
+        user: Annotated[User, Depends(get_current_verified_user)],
+        session: Annotated[AsyncSession, Depends(get_auth_session)],
+    ) -> User:
+        # Determine what to check
+        route_to_check = permission_route or request.url.path
+        method_to_check = method or request.method
+        
+        # Extract tenant context
+        tenant_id = get_tenant_id(request)
+        
+        is_allowed = await access_service.check_user_access(
+            user.id, route_to_check, method_to_check, session, tenant_id=tenant_id
+        )
+        
+        if not is_allowed:
+            raise HTTPException(
+                status_code=status.HTTP_403_FORBIDDEN,
+                detail="Not enough permissions to access this resource",
+            )
+            
+        return user
+
+    return _has_permission

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/__init__.py

@@ -0,0 +1,21 @@
+from .role_model import Role
+from .permission_model import Permission
+from .permission_category_model import PermissionCategory
+from .route_model import Route
+from .user_role_model import UserRole
+from .permission_assignment_model import PermissionAssignment
+from .permission_route_model import PermissionRoute
+from .tenant_model import Tenant
+from .user_tenant_role_model import UserTenantRole
+
+__all__ = [
+    "Role",
+    "Permission",
+    "PermissionCategory",
+    "Route",
+    "UserRole",
+    "PermissionAssignment",
+    "PermissionRoute",
+    "Tenant",
+    "UserTenantRole",
+]

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/permission_assignment_model.py

@@ -0,0 +1,13 @@
+from sqlmodel import Field, SQLModel
+from oauth2fast_fastapi.models import AuthModel
+
+class PermissionAssignment(AuthModel, table=True):
+    """
+    Polymorphic Permission Assignment for RBAC.
+    Description: Assigns a permission directly to an entity (e.g. User or Role).
+    """
+    __tablename__ = "permission_assignments"
+
+    permission_id: int = Field(primary_key=True, foreign_key="permissions.id")
+    entity_type: str = Field(primary_key=True, index=True) # e.g., "User", "Team"
+    entity_id: int = Field(primary_key=True, index=True)

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/permission_category_model.py

@@ -0,0 +1,18 @@
+from sqlmodel import Field, SQLModel, Relationship
+from typing import Optional, List
+
+# Forward reference for relationship
+from oauth2fast_fastapi.models import AuthModel
+
+class PermissionCategory(AuthModel, table=True):
+    """
+    Permission Category definition for RBAC.
+    Description: Groups related permissions together.
+    """
+    __tablename__ = "permission_categories"
+
+    id: Optional[int] = Field(default=None, primary_key=True)
+    name: str = Field(index=True, unique=True)
+    
+    # Relationships
+    # permissions: List["Permission"] = Relationship(back_populates="category")

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/permission_model.py

@@ -0,0 +1,17 @@
+from sqlmodel import Field, SQLModel, Relationship
+from typing import Optional
+from oauth2fast_fastapi.models import AuthModel
+
+class Permission(AuthModel, table=True):
+    """
+    Permission definition for RBAC.
+    Description: Represents a specific action or access right.
+    """
+    __tablename__ = "permissions"
+
+    id: Optional[int] = Field(default=None, primary_key=True)
+    name: str = Field(index=True, unique=True)
+    permission_category_id: int = Field(foreign_key="permission_categories.id")
+    
+    # Relationships
+    # category: "PermissionCategory" = Relationship(back_populates="permissions")

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/permission_route_model.py

@@ -0,0 +1,13 @@
+from sqlmodel import Field, SQLModel
+from oauth2fast_fastapi.models import AuthModel
+
+class PermissionRoute(AuthModel, table=True):
+    """
+    Permission Route mapping for RBAC.
+    Description: Maps permissions to specific API routes.
+    """
+    __tablename__ = "permission_routes"
+
+    id: int | None = Field(default=None, primary_key=True)
+    permission_id: int = Field(foreign_key="permissions.id")
+    route_id: int = Field(foreign_key="routes.id")

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/role_model.py

@@ -0,0 +1,21 @@
+from sqlmodel import BigInteger, Column, Field
+from sqlmodel import BigInteger, Column, Field, SQLModel
+
+from oauth2fast_fastapi.models import AuthModel
+
+
+class Role(AuthModel, table=True):
+    """
+    Role definition for RBAC.
+    Description: Role model
+    """
+
+    __tablename__ = "roles"
+
+    id: int = Field(
+        default=None, sa_column=Column(BigInteger, index=True, primary_key=True)
+    )
+    name: str = Field(index=True, unique=True)
+    description: str | None = Field(default=None)
+    is_active: bool = Field(default=True)
+

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/route_model.py

@@ -0,0 +1,14 @@
+from sqlmodel import Field, SQLModel
+from typing import Optional
+from oauth2fast_fastapi.models import AuthModel
+
+class Route(AuthModel, table=True):
+    """
+    Route definition for RBAC.
+    Description: Represents an API endpoint or accessible resource path.
+    """
+    __tablename__ = "routes"
+
+    id: Optional[int] = Field(default=None, primary_key=True)
+    name: str = Field(index=True, unique=True) # The path
+    is_active: bool = Field(default=True)

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/tenant_model.py

@@ -0,0 +1,16 @@
+from sqlmodel import Field, SQLModel
+from oauth2fast_fastapi.models import AuthModel
+
+
+class Tenant(AuthModel, table=True):
+    """
+    Tenant definition for Multi-tenant RBAC.
+    Description: Represents an isolated organization or tenant.
+    """
+    __tablename__ = "tenants"
+
+    id: int | None = Field(default=None, primary_key=True)
+    name: str = Field(index=True)
+    schema_name: str | None = Field(default=None, description="DB Schema name if applicable")
+    db_url: str | None = Field(default=None, description="External DB URL if applicable")
+    is_active: bool = Field(default=True)

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/user_role_model.py

@@ -0,0 +1,12 @@
+from sqlmodel import Field, SQLModel
+from oauth2fast_fastapi.models import AuthModel
+
+class UserRole(AuthModel, table=True):
+    """
+    User Role mapping for RBAC.
+    Description: Maps users to their assigned roles.
+    """
+    __tablename__ = "user_role"
+
+    role_id: int = Field(primary_key=True, foreign_key="roles.id")
+    user_id: int = Field(primary_key=True, index=True, foreign_key="users.id")

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/models/user_tenant_role_model.py

@@ -0,0 +1,15 @@
+from sqlmodel import Field, SQLModel
+from oauth2fast_fastapi.models import AuthModel
+
+
+class UserTenantRole(AuthModel, table=True):
+    """
+    Tenant-specific Role mapping for RBAC.
+    Description: Maps users to roles within a specific tenant context.
+    """
+    __tablename__ = "user_tenant_roles"
+
+    id: int | None = Field(default=None, primary_key=True)
+    user_id: int = Field(index=True, foreign_key="users.id")
+    tenant_id: int = Field(foreign_key="tenants.id", index=True)
+    role_id: int = Field(foreign_key="roles.id", index=True)

permissions2fast_fastapi-0.1.0/src/permissions2fast_fastapi/routers/__init__.py

@@ -0,0 +1,5 @@
+from .permissions_router import router as permissions_router
+from .roles_router import router as roles_router
+from .routes_router import router as routes_router
+
+__all__ = ["permissions_router", "roles_router", "routes_router"]