Skip to content

Commit e4349c7

Browse files
authored
Merge pull request #8 from IDTS-LAB/fix/normalized-database-seed
Fix/normalized database seed
2 parents fc9207a + bc69a64 commit e4349c7

6 files changed

Lines changed: 655 additions & 11 deletions

File tree

.gitignore

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -217,4 +217,7 @@ marimo/_lsp/
217217
__marimo__/
218218

219219
# Streamlit
220-
.streamlit/secrets.toml
220+
.streamlit/secrets.toml
221+
222+
# Isolated development worktrees
223+
.worktrees/

README.md

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -428,13 +428,13 @@ make downgrade
428428

429429
Important: migration autogeneration depends on importing all SQLAlchemy models in `alembic/env.py`, so new module models must be imported there or through a central model registry.
430430

431-
Seed baseline authorization data after applying migrations:
431+
Seed baseline records after applying migrations:
432432

433433
```bash
434434
make seed
435435
```
436436

437-
The seeder is idempotent. It creates default authorization resources, the default `admin` and `user` roles, default permissions, role-permission links, and matching Casbin policies without duplicating existing records.
437+
The seeder runs all changes in one transaction and is idempotent. It creates the default authorization resources, roles (`admin`, `user`, `manager`, and `viewer`), permissions, role-permission links, and matching Casbin policies without duplicating existing records. If any seed operation fails, the transaction is rolled back.
438438

439439
To seed an initial admin user, set these environment variables before running `make seed`:
440440

@@ -445,7 +445,17 @@ SEED_ADMIN_USERNAME=admin
445445
SEED_ADMIN_FULLNAME=System Administrator
446446
```
447447

448-
If `SEED_ADMIN_EMAIL` or `SEED_ADMIN_PASSWORD` is empty, user seeding is skipped. Existing users are not modified.
448+
For each new seeded user, the repository creates records that follow the normalized user schema:
449+
450+
- `users` stores email, username, password hash, authentication provider, and status.
451+
- `user_profiles` stores `SEED_ADMIN_FULLNAME` (or the demo account name) as `display_name`.
452+
- `user_settings` stores the default language, timezone, theme, and notification preferences.
453+
- `user_security` stores the default login-attempt, lockout, password, and two-factor state.
454+
- `user_has_roles` associates the user with its seeded role, with a matching Casbin grouping policy.
455+
456+
`SEED_ADMIN_FULLNAME` is retained for configuration compatibility; it does not refer to a `users.fullname` column. The normalized schema stores this value in `user_profiles.display_name`.
457+
458+
If `SEED_ADMIN_EMAIL` or `SEED_ADMIN_PASSWORD` is empty, admin-user seeding is skipped. If a seeded email already exists, the seeder does not change that user's identity, password, profile, settings, security state, or roles.
449459

450460
When `APP_ENV=development`, the seeder can also create demo users with different roles. Set a shared development password before running `make seed`:
451461

@@ -455,11 +465,11 @@ SEED_DEVELOPMENT_USERS_PASSWORD=
455465

456466
Development demo accounts:
457467

458-
- `user@example.com` with the `user` role
459-
- `manager@example.com` with the `manager` role
460-
- `viewer@example.com` with the `viewer` role
468+
- `user@example.com` with display name `Default User` and the `user` role
469+
- `manager@example.com` with display name `Todo Manager` and the `manager` role
470+
- `viewer@example.com` with display name `Todo Viewer` and the `viewer` role
461471

462-
These users are skipped outside development and are not updated if they already exist.
472+
Demo users are skipped outside development and are not modified when their email already exists.
463473

464474
## Testing and Quality Checks
465475

0 commit comments

Comments
 (0)