Skip to content

LocalUser

SQL-backed user for Indie mode (Mode A).

Stores credentials and profile information locally.
Default implementation for rapid development.
Attributes:
email: Unique email address (login identifier)
password_hash: Argon2 hash of password (excluded from serialization)
full_name: Optional display name
is_active: Whether user can log in (default True)
roles: List of assigned roles used for RBAC checks
Security:
- password_hash is excluded from model_dump() and model_dump_json()
- Never store plaintext passwords
- Use argon2 for hashing (see LocalIdentityAdapter)
Example:
user = LocalUser(
email="john@example.com",
password_hash="$argon2id$v=19$...",
full_name="John Doe",
)

Source: user.py

Field Type Required Description Validators
email str Unique email address -
password_hash str password hash -
full_name None User’s display name -
is_active bool Whether user can log in -
roles list[str] Assigned RBAC roles -
tenants list[str] (
"Tenant binds this user may access. Empty means unscoped: combined with "
"the 'System' role it yields a trustee/back-office view across every "
"registered tenant; without 'System' an empty list grants no tenant data."
) | - |
Setting Value
Submittable False
Track Changes True

Controller hooks are implemented in *_controller.py files. Available lifecycle hooks:

  • validate() - Called before save, raise exceptions for validation errors
  • before_insert() - Called before inserting a new document
  • after_insert() - Called after successfully inserting
  • before_save() - Called before saving (insert or update)
  • after_save() - Called after saving
  • before_delete() - Called before deleting
  • after_delete() - Called after deleting