pokemon/nuzlocke-tracker
1
1
Fork 0
Code Issues Pull Requests 10 Actions Packages Projects Releases Wiki Activity
Files
1af2e37a7fa5c7a46a8e3916f49d9e77ba776f9c
nuzlocke-tracker/.beans/archive/nuzlocke-tracker-bnhh--user-model-run-ownership-and-visibility-migration.md
Julian Tabel a6cb309b8b
All checks were successful
CI / backend-tests (push) Successful in 28s
Details
CI / frontend-tests (push) Successful in 28s
Details
chore: archive 42 completed/scrapped beans 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 21:31:23 +01:00

38 lines
2.0 KiB
Markdown
Raw Blame History

---
# nuzlocke-tracker-bnhh
title: User model, run ownership, and visibility migration
status: completed
type: task
priority: normal
created_at: 2026-03-20T15:28:18Z
updated_at: 2026-03-20T20:16:39Z
parent: nuzlocke-tracker-d98o
blocked_by:
- nuzlocke-tracker-2561
---
Create a User model synced from Supabase Auth. Add owner_id FK to runs table. Add visibility column (public/private) to runs with default public. Existing runs will have NULL owner_id (unowned).
## Checklist
- [x] Create User model (id matches Supabase user UUID, email, display_name, created_at)
- [x] Alembic migration: create users table
- [x] Alembic migration: add owner_id (nullable FK to users) and visibility (enum: public/private, default public) to runs table
- [x] Update Run model with owner relationship and visibility field
- [x] Create user sync endpoint or webhook (on first login, upsert user record from Supabase JWT claims)
- [x] Update RunResponse schema to include owner and visibility
- [x] Add visibility enforcement: private runs return 403 unless requester is owner
## Summary of Changes
- Created `User` model in `backend/src/app/models/user.py` with UUID primary key (matching Supabase), email, display_name, and created_at fields
- Added Alembic migrations: `n5c6d7e8f9a0_create_users_table.py` and `o6d7e8f9a0b1_add_owner_and_visibility_to_runs.py`
- Updated `NuzlockeRun` model with `owner_id` FK, `visibility` enum (public/private), and `owner` relationship
- Created `POST /users/me` endpoint for user sync on first login (upserts from JWT claims)
- Added `GET /users/me` and `PATCH /users/me` for user profile management
- Updated `RunResponse` and `RunDetailResponse` schemas with `owner` and `visibility` fields
- Implemented visibility enforcement in `list_runs`, `get_run`, `update_run`, and `delete_run`
- Private runs return 403 unless requester is owner
- Unowned runs (legacy) remain accessible to all
- Run list filters to show only public runs + user's own private runs
Reference in New Issue View Git Blame Copy Permalink