You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+17-7Lines changed: 17 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -428,13 +428,13 @@ make downgrade
428
428
429
429
Important: migration autogeneration depends on importing all SQLAlchemy models in `alembic/env.py`, so new module models must be imported there or through a central model registry.
430
430
431
-
Seed baseline authorization data after applying migrations:
431
+
Seed baseline records after applying migrations:
432
432
433
433
```bash
434
434
make seed
435
435
```
436
436
437
-
The seeder is idempotent. It creates default authorization resources, the default `admin` and `user` roles, default permissions, role-permission links, and matching Casbin policies without duplicating existing records.
437
+
The seeder runs all changes in one transaction and is idempotent. It creates the default authorization resources, roles (`admin`, `user`, `manager`, and `viewer`), permissions, role-permission links, and matching Casbin policies without duplicating existing records. If any seed operation fails, the transaction is rolled back.
438
438
439
439
To seed an initial admin user, set these environment variables before running `make seed`:
440
440
@@ -445,7 +445,17 @@ SEED_ADMIN_USERNAME=admin
445
445
SEED_ADMIN_FULLNAME=System Administrator
446
446
```
447
447
448
-
If `SEED_ADMIN_EMAIL` or `SEED_ADMIN_PASSWORD` is empty, user seeding is skipped. Existing users are not modified.
448
+
For each new seeded user, the repository creates records that follow the normalized user schema:
449
+
450
+
-`users` stores email, username, password hash, authentication provider, and status.
451
+
-`user_profiles` stores `SEED_ADMIN_FULLNAME` (or the demo account name) as `display_name`.
452
+
-`user_settings` stores the default language, timezone, theme, and notification preferences.
453
+
-`user_security` stores the default login-attempt, lockout, password, and two-factor state.
454
+
-`user_has_roles` associates the user with its seeded role, with a matching Casbin grouping policy.
455
+
456
+
`SEED_ADMIN_FULLNAME` is retained for configuration compatibility; it does not refer to a `users.fullname` column. The normalized schema stores this value in `user_profiles.display_name`.
457
+
458
+
If `SEED_ADMIN_EMAIL` or `SEED_ADMIN_PASSWORD` is empty, admin-user seeding is skipped. If a seeded email already exists, the seeder does not change that user's identity, password, profile, settings, security state, or roles.
449
459
450
460
When `APP_ENV=development`, the seeder can also create demo users with different roles. Set a shared development password before running `make seed`:
0 commit comments