3.5 KiB
3.5 KiB
Data Model: Auth Structure
This document defines the database schema changes for the 064-auth-structure feature.
New Tables
platform_users
This table stores the authentication and profile information for Platform Operators. These users are managed locally and are entirely separate from the tenant-facing users table.
Purpose: To provide a dedicated identity store for system administrators and operators, enabling secure access to the /system panel.
Laravel Migration Definition:
Schema::create('platform_users', function (Blueprint $table) {
$table->id();
$table->string('name');
$table->string('email')->unique();
$table->string('password');
$table->jsonb('capabilities')->default('[]');
$table->boolean('is_active')->default(true);
$table->timestamp('last_login_at')->nullable();
$table->rememberToken();
$table->timestamps();
});
Field Definitions
| Column | Type | Description | Notes |
|---|---|---|---|
id |
bigint, unsigned |
Primary key. | Auto-incrementing. |
name |
string |
The full name of the platform operator. | Required. |
email |
string |
The unique email address used for login. | Must be unique across the table. |
password |
string |
The hashed password for the user. | Never stored in plain text. |
capabilities |
jsonb |
A list of string identifiers for permissions (e.g., ["platform.use_break_glass"]). |
Defaults to an empty array ([]). |
is_active |
boolean |
Flag to enable or disable the account. Inactive users cannot log in. | Defaults to true. |
last_login_at |
timestamp |
Records the timestamp of the user's last successful login. | Nullable. |
remember_token |
string |
Used by Laravel's "Remember Me" functionality. | Nullable. |
created_at |
timestamp |
Timestamp of when the record was created. | Managed by Eloquent. |
updated_at |
timestamp |
Timestamp of when the record was last updated. | Managed by Eloquent. |
Modified Tables
No existing tables will be modified as part of the core data model changes.
Deprecations
users.is_platform_superadmin: This column in theuserstable is now considered deprecated. No new code should rely on it for authorization. A separate, future migration will be responsible for its removal after a backfill process is complete.