generator client {
  provider = "prisma-client-js"
}

datasource db {
  provider = "sqlite"
  url      = "file:../../data/core.db"
}

//
//  Namespace: System
//
model SystemSetting {
  hashKey       String @id
  hashValueType String
  hashValue     String
}

model SystemPostMigration {
  name      String   @id
  createdAt DateTime @default(now())
}

//
// Namespace: Auth
//
model AuthRealm {
  id        Int      @id @default(autoincrement())
  name      String   @unique
  createdAt DateTime @default(now())

  oauth2Clients         AuthOauth2Client[]
  groups                IdentityGroup[]
  users                 IdentityUser[]
  profileAttributeNames IdentityProfileAttributeName[]
  roles                 AuthRole[]
}

model AuthOauth2Client {
  id Int @id @default(autoincrement())

  realmId Int
  realm   AuthRealm @relation(fields: [realmId], references: [id])

  clientId     String
  clientSecret String?

  consentRequired                             Boolean @default(false)
  authorizationCodeFlowEnabled                Boolean @default(false)
  resourceOwnerPasswordCredentialsFlowEnabled Boolean @default(false)
  clientCredentialsFlowEnabled                Boolean @default(false)
  idTokenEnabled                              Boolean @default(false)
  refreshTokenEnabled                         Boolean @default(false)

  scopeMappings AuthOauth2ClientToAuthOauth2Scope[]

  @@unique([realmId, clientId])
}

model AuthOauth2Scope {
  id      Int    @id @default(autoincrement())
  realmId Int
  scope   String

  profileAttributeMappings AuthOauth2ScopeToIdentityProfileAttributeName[]
  clientMappings           AuthOauth2ClientToAuthOauth2Scope[]

  @@unique([realmId, scope])
}

model AuthOauth2ClientToAuthOauth2Scope {
  clientId     Int
  oauth2Client AuthOauth2Client @relation(fields: [clientId], references: [id])

  scopeId Int
  scope   AuthOauth2Scope @relation(fields: [scopeId], references: [id])

  @@id([clientId, scopeId])
}

model AuthOauth2ScopeToIdentityProfileAttributeName {
  scopeId Int
  scope   AuthOauth2Scope @relation(fields: [scopeId], references: [id])

  claimName String

  attributeId Int
  attributes  IdentityProfileAttributeName @relation(fields: [attributeId], references: [id])

  @@id([scopeId, attributeId])
  @@unique([scopeId, claimName])
}

model AuthRole {
  realmId Int
  realm   AuthRealm @relation(fields: [realmId], references: [id])

  roleName String

  @@id([realmId, roleName])
}

model AuthAccessAttempt {
  id          String   @id @default(uuid())
  username    String
  ip          String
  userAgent   String
  requestPath String
  valid       Boolean
  attemptedOn DateTime @default(now())
}

//
//  Namespace: Identity
//
model EnumIdentityGroupRole {
  enumValue String @id

  groups IdentityGroup[]
}

model IdentityGroup {
  id Int @id @default(autoincrement())

  realmId Int
  realm   AuthRealm @relation(fields: [realmId], references: [id])

  role         String
  roleRelation EnumIdentityGroupRole @relation(fields: [role], references: [enumValue])

  name String?

  users        IdentityGroupToIdentityUser[]
  davResources CloudDavResource[]
}

model IdentityGroupToIdentityUser {
  groupId Int
  group   IdentityGroup @relation(fields: [groupId], references: [id])

  userId Int
  user   IdentityUser @relation(fields: [userId], references: [id])

  userIsGroupAdmin Boolean @default(false)

  @@id([groupId, userId])
}

model IdentityUser {
  id         Int    @id @default(autoincrement())
  externalId String @unique @default(uuid())
  username   String @unique

  realmId Int
  realm   AuthRealm @relation(fields: [realmId], references: [id])

  groups              IdentityGroupToIdentityUser[]
  profileHashMapPairs IdentityProfileNonNormalized[]
  emails              IdentityUserEmails[]
  authDevices         IdentityAuthDevice[]
}

model IdentityProfileAttributeName {
  id Int @id @default(autoincrement())

  realmId Int
  realm   AuthRealm @relation(fields: [realmId], references: [id])

  name String

  attributeUses IdentityProfileNonNormalized[]
  scopeMappings AuthOauth2ScopeToIdentityProfileAttributeName[]
}

model IdentityProfileNonNormalized {
  userId Int
  user   IdentityUser @relation(fields: [userId], references: [id])

  attributeNameId Int
  attributeName   IdentityProfileAttributeName @relation(fields: [attributeNameId], references: [id])

  attributeValue String
  createdAt      DateTime @default(now())

  @@id([userId, attributeNameId])
}

model IdentityUserEmails {
  email String @id

  userId Int
  user   IdentityUser @relation(fields: [userId], references: [id])

  verified Boolean @default(false)
  default  Boolean @default(false)
}

model EnumIdentityAuthDeviceType {
  enumValue String @id

  authDevices IdentityAuthDevice[]
}

model IdentityAuthDevice {
  id String @id @default(uuid())

  userId Int
  user   IdentityUser @relation(fields: [userId], references: [id])

  deviceType         String
  deviceTypeRelation EnumIdentityAuthDeviceType @relation(fields: [deviceType], references: [enumValue])

  attributes String
  preferred  Boolean
  twoFactorPreferred Boolean
  createdAt  DateTime @default(now())

  @@index([userId])
  @@index([userId, deviceType])
}

//
//  Namespace: cloud-dav
//
model EnumCloudDavResourceType {
  enumValue String @id

  davResources CloudDavResource[]
}

model CloudDavResource {
  id String @id @default(uuid())

  identityGroupId Int
  IdentityGroup   IdentityGroup @relation(fields: [identityGroupId], references: [id])

  resourceType         String
  resourceTypeRelation EnumCloudDavResourceType @relation(fields: [resourceType], references: [enumValue])

  attributes String

  @@index([identityGroupId])
}