51 lines
3.5 KiB
Markdown
51 lines
3.5 KiB
Markdown
# Data Model: Auth Structure
|
|
|
|
This document defines the database schema changes for the `064-auth-structure` feature.
|
|
|
|
## New Tables
|
|
|
|
### `platform_users`
|
|
|
|
This table stores the authentication and profile information for Platform Operators. These users are managed locally and are entirely separate from the tenant-facing `users` table.
|
|
|
|
**Purpose**: To provide a dedicated identity store for system administrators and operators, enabling secure access to the `/system` panel.
|
|
|
|
**Laravel Migration Definition**:
|
|
|
|
```php
|
|
Schema::create('platform_users', function (Blueprint $table) {
|
|
$table->id();
|
|
$table->string('name');
|
|
$table->string('email')->unique();
|
|
$table->string('password');
|
|
$table->jsonb('capabilities')->default('[]');
|
|
$table->boolean('is_active')->default(true);
|
|
$table->timestamp('last_login_at')->nullable();
|
|
$table->rememberToken();
|
|
$table->timestamps();
|
|
});
|
|
```
|
|
|
|
### Field Definitions
|
|
|
|
| Column | Type | Description | Notes |
|
|
|----------------|----------------------|-----------------------------------------------------------------------------------------------------------|----------------------------------------|
|
|
| `id` | `bigint`, `unsigned` | Primary key. | Auto-incrementing. |
|
|
| `name` | `string` | The full name of the platform operator. | Required. |
|
|
| `email` | `string` | The unique email address used for login. | Must be unique across the table. |
|
|
| `password` | `string` | The hashed password for the user. | Never stored in plain text. |
|
|
| `capabilities` | `jsonb` | A list of string identifiers for permissions (e.g., `["platform.use_break_glass"]`). | Defaults to an empty array (`[]`). |
|
|
| `is_active` | `boolean` | Flag to enable or disable the account. Inactive users cannot log in. | Defaults to `true`. |
|
|
| `last_login_at`| `timestamp` | Records the timestamp of the user's last successful login. | Nullable. |
|
|
| `remember_token` | `string` | Used by Laravel's "Remember Me" functionality. | Nullable. |
|
|
| `created_at` | `timestamp` | Timestamp of when the record was created. | Managed by Eloquent. |
|
|
| `updated_at` | `timestamp` | Timestamp of when the record was last updated. | Managed by Eloquent. |
|
|
|
|
## Modified Tables
|
|
|
|
No existing tables will be modified as part of the core data model changes.
|
|
|
|
## Deprecations
|
|
|
|
- **`users.is_platform_superadmin`**: This column in the `users` table is now considered deprecated. No new code should rely on it for authorization. A separate, future migration will be responsible for its removal after a backfill process is complete.
|