Skip to content

Sysadmin

System configuration and users.

Entity Relationship Diagram

Sysadmin ERD

Entities

iris.domain.sysadmin.entities

Sysadmin domain entities: User and Role.

User

A system user with authentication credentials and admin status.

user_id is the stable immutable identifier (e.g. a UUID or SSO subject). is_active controls login access; is_admin grants elevated privileges. Authentication secrets (passwords, tokens) are not stored here — this entity models identity, not credentials.

Role

An authorization role that can be assigned to users.

Roles group permissions under a named label (role_name). role_description documents the intended scope of access. is_active allows a role to be retired without deleting it from historical assignment records.

Objects

iris.domain.sysadmin.objects

Sysadmin domain value objects (currently empty).

Repositories

iris.domain.sysadmin.repositories

Repository interfaces for the sysadmin domain.

UserRepository

Bases: CrudRepository[User]

CRUD repository for User entities.

find_by_email abstractmethod

find_by_email(email)

Return the user with the given email address, or None if not found.

Source code in src/iris/domain/sysadmin/repositories.py
@abstractmethod
def find_by_email(self, email: str) -> User | None:
    """Return the user with the given email address, or None if not found."""

find_active abstractmethod

find_active()

Return all active users.

Source code in src/iris/domain/sysadmin/repositories.py
@abstractmethod
def find_active(self) -> Sequence[User]:
    """Return all active users."""

find_by_role abstractmethod

find_by_role(role_id)

Return all users assigned the given role.

Source code in src/iris/domain/sysadmin/repositories.py
@abstractmethod
def find_by_role(self, role_id: str) -> Sequence[User]:
    """Return all users assigned the given role."""

get abstractmethod

get(identifier)

Return the entity matching identifier, or None if not found.

Source code in src/iris/domain/generic/repositories.py
@abstractmethod
def get(self, identifier: str) -> T | None:
    """Return the entity matching `identifier`, or None if not found."""

save abstractmethod

save(entity)

Persist entity and return the saved version.

Source code in src/iris/domain/generic/repositories.py
@abstractmethod
def save(self, entity: T) -> T:
    """Persist `entity` and return the saved version."""

delete abstractmethod

delete(identifier)

Remove the entity identified by identifier.

Source code in src/iris/domain/generic/repositories.py
@abstractmethod
def delete(self, identifier: str) -> None:
    """Remove the entity identified by `identifier`."""

find_all abstractmethod

find_all()

Return all entities in the repository.

Source code in src/iris/domain/generic/repositories.py
@abstractmethod
def find_all(self) -> Sequence[T]:
    """Return all entities in the repository."""

RoleRepository

Bases: CrudRepository[Role]

CRUD repository for Role entities.

find_active abstractmethod

find_active()

Return all active roles.

Source code in src/iris/domain/sysadmin/repositories.py
@abstractmethod
def find_active(self) -> Sequence[Role]:
    """Return all active roles."""

get abstractmethod

get(identifier)

Return the entity matching identifier, or None if not found.

Source code in src/iris/domain/generic/repositories.py
@abstractmethod
def get(self, identifier: str) -> T | None:
    """Return the entity matching `identifier`, or None if not found."""

save abstractmethod

save(entity)

Persist entity and return the saved version.

Source code in src/iris/domain/generic/repositories.py
@abstractmethod
def save(self, entity: T) -> T:
    """Persist `entity` and return the saved version."""

delete abstractmethod

delete(identifier)

Remove the entity identified by identifier.

Source code in src/iris/domain/generic/repositories.py
@abstractmethod
def delete(self, identifier: str) -> None:
    """Remove the entity identified by `identifier`."""

find_all abstractmethod

find_all()

Return all entities in the repository.

Source code in src/iris/domain/generic/repositories.py
@abstractmethod
def find_all(self) -> Sequence[T]:
    """Return all entities in the repository."""

Events

iris.domain.sysadmin.events

Domain events for the sysadmin bounded context.

UserCreated

Emitted when a new user account is created in the system.

UserDeactivated

Emitted when a user account is deactivated.

UserPasswordChanged

Emitted when a user's password is changed.

RoleCreated

Emitted when a new authorization role is created.

RoleAssignedToUser

Emitted when a role is assigned to a user.

RoleRevokedFromUser

Emitted when a role is revoked from a user.

Exceptions

iris.domain.sysadmin.exceptions

Exceptions for the sysadmin domain.

SysadminError

Bases: Exception

Base exception for the sysadmin domain.

UserNotFoundError

Bases: SysadminError

Raised when a user cannot be found by the given identifier.

RoleNotFoundError

Bases: SysadminError

Raised when a role cannot be found by the given identifier.

DuplicateUserEmailError

Bases: SysadminError

Raised when registering a user with an email that already exists.

UserAlreadyDeactivatedError

Bases: SysadminError

Raised when attempting to deactivate a user who is already inactive.

RoleAlreadyAssignedError

Bases: SysadminError

Raised when assigning a role to a user who already has that role.