refactor(users): rename Prisma User model to UserDirectoryEntry
Mechanical refactor, prerequisite to ADR-0026 PR 1. Frees the `User` name for the upcoming ADR-0026 model (UUID PK + FK to Person + lastSignInAt), which has materially different semantics from the ADR-0020 user-directory cache. Zero behavioural change. Same columns, same indexes, same constraints, same call sites - just a different identifier on the model, the table, and the corresponding Prisma client field. Two renames in user-directory.service.ts: the Prisma model rename collided with an existing TS interface also called UserDirectoryEntry (which was actually the input shape of recordSignIn). The interface gets renamed to RecordSignInInput at the same time, which is its correct semantic name. Net effect: clearer on both sides. Postgres ALTER TABLE RENAME does NOT cascade to PK constraint / index names; the migration explicitly ALTER INDEXes the three named indexes (pkey + last_seen_at + username). The class name AdminUsersReader, the endpoint URL /api/admin/users, the DTO AdminUserDto and the local interface UserRow are unchanged - these are SPA/HTTP-facing identifiers where the "admin user list" URL semantics hold regardless of the backing table name.
This commit is contained in:
@@ -67,6 +67,12 @@ enum AuditOutcome {
|
||||
// (combined with the salted hash) — never the BFF's primary actor
|
||||
// identifier elsewhere.
|
||||
//
|
||||
// **Distinct from the upcoming ADR-0026 `User` model.** That one
|
||||
// (UUID PK + FK to `Person` + lazy-created at OIDC callback) is the
|
||||
// portal-account overlay on a `Person` golden record. This
|
||||
// `UserDirectoryEntry` is the ADR-0020 sign-in cache — different
|
||||
// semantics, kept apart so neither concept overloads the other.
|
||||
//
|
||||
// **No PII redaction on read.** Per ADR-0013 the audit module
|
||||
// hashes the actor id to defend against an audit-log dump leaking
|
||||
// who-did-what. This table is the *deliberate* PII storage: an
|
||||
@@ -74,7 +80,7 @@ enum AuditOutcome {
|
||||
// usernames. The trust boundary is the admin role gate
|
||||
// (ADR-0020 §"Auth — `admin` role claim").
|
||||
|
||||
model User {
|
||||
model UserDirectoryEntry {
|
||||
// Entra `oid` — stable per-user identifier inside the tenant.
|
||||
// Used as the natural primary key. Per-tenant uniqueness is
|
||||
// sufficient: the dual-audience design (ADR-0008) currently
|
||||
@@ -94,7 +100,7 @@ model User {
|
||||
// without scanning audit.events.
|
||||
lastSeenAt DateTime @default(now()) @map("last_seen_at") @db.Timestamptz(6)
|
||||
|
||||
@@map("users")
|
||||
@@map("user_directory_entries")
|
||||
@@schema("public")
|
||||
@@index([lastSeenAt(sort: Desc)])
|
||||
@@index([username])
|
||||
|
||||
Reference in New Issue
Block a user