Users & Organization Memberships¶
Files: app/core/models/users.py, app/core/models/organization_memberships.py
User model¶
| Field | Description |
|---|---|
id, name, email |
Identity |
role |
UserRole enum |
enabled |
Boolean activation flag |
organization |
Legacy field (value -1 = unset) |
UserRole enum¶
| Role | Meaning |
|---|---|
| Admin | Unrestricted access (hardcoded @paperrun.ai / @paperrun.com domain check) |
| Editor | Edit permissions |
| Viewer | Read-only access |
Organization Memberships¶
Many-to-many via user_organizations table: user_id, organization_id, role, is_default, last_accessed_at. Each user can belong to multiple organizations.
Auth flow¶
- OTC Login (
/v1/auth/login/otc): One-time code stored in Redis, validated and consumed - Session Loader (
login_client.py): Flask-Login with Redis caching (10-min TTL) - Request Loader: Bearer token from Authorization header; validates against API key or session
- Authorization:
@login_required,@admin_required(domain check),check_current_user_org_permissions()
Key files¶
- Model:
core/models/users.py,core/models/organization_memberships.py - Auth:
core/utils/login_client.py,routes/auth_decorator.py - Routes:
routes/login_routes.py,routes/organization_membership_routes.py - Methods:
methods/users.py