Create auth_system.py

src/auth_system.py

@@ -0,0 +1,128 @@
+import hashlib
+from typing import Dict, Optional
+
+class AuthSystem:
+    """Authentication and role management system"""
+    
+    def __init__(self):
+        # Demo users with hashed passwords
+        # In production, this would be stored in a secure database
+        self.users = {
+            "tony.finance": {
+                "password_hash": self._hash_password("password123"),
+                "role": "Finance",
+                "full_name": "Tony Sharma",
+                "department": "Finance"
+            },
+            "sarah.marketing": {
+                "password_hash": self._hash_password("password123"),
+                "role": "Marketing",
+                "full_name": "Sarah Johnson",
+                "department": "Marketing"
+            },
+            "mike.hr": {
+                "password_hash": self._hash_password("password123"),
+                "role": "HR",
+                "full_name": "Mike Wilson",
+                "department": "Human Resources"
+            },
+            "peter.engineering": {
+                "password_hash": self._hash_password("password123"),
+                "role": "Engineering",
+                "full_name": "Peter Pandey",
+                "department": "Engineering"
+            },
+            "ceo.admin": {
+                "password_hash": self._hash_password("password123"),
+                "role": "C-Level",
+                "full_name": "CEO Admin",
+                "department": "Executive"
+            },
+            "john.employee": {
+                "password_hash": self._hash_password("password123"),
+                "role": "Employee",
+                "full_name": "John Doe",
+                "department": "General"
+            }
+        }
+        
+        # Role-based access permissions - using embedded document content identifiers
+        self.role_permissions = {
+            "Finance": {
+                "documents": ["financial_reports", "expense_data", "budget_info"],
+                "keywords": ["revenue", "financial", "profit", "sales", "budget", "expenses", "cost"],
+                "description": "Access to financial reports, budgets, and expense data"
+            },
+            "Marketing": {
+                "documents": ["marketing_reports", "campaign_data", "customer_metrics"],
+                "keywords": ["marketing", "campaign", "customer", "roi", "acquisition", "conversion"],
+                "description": "Access to marketing campaigns, performance metrics, and customer data"
+            },
+            "HR": {
+                "documents": ["employee_data", "hr_policies", "attendance_records"],
+                "keywords": ["employee", "hr", "policy", "leave", "attendance", "benefits", "payroll"],
+                "description": "Access to employee data, policies, and HR processes"
+            },
+            "Engineering": {
+                "documents": ["technical_docs", "architecture", "development_processes"],
+                "keywords": ["architecture", "technology", "system", "development", "engineering", "technical"],
+                "description": "Access to technical documentation and system architecture"
+            },
+            "C-Level": {
+                "documents": ["financial_reports", "marketing_reports", "employee_data", "technical_docs", "all_data"],
+                "keywords": ["all", "company", "overview", "performance", "metrics", "strategy"],
+                "description": "Full access to all company data and reports"
+            },
+            "Employee": {
+                "documents": ["general_policies", "company_info", "benefits"],
+                "keywords": ["policy", "benefits", "company", "general", "handbook", "leave"],
+                "description": "Access to general company policies and employee information"
+            }
+        }
+    
+    def _hash_password(self, password: str) -> str:
+        """Hash password using SHA-256"""
+        return hashlib.sha256(password.encode()).hexdigest()
+    
+    def authenticate(self, username: str, password: str) -> bool:
+        """Authenticate user credentials"""
+        if username not in self.users:
+            return False
+        
+        password_hash = self._hash_password(password)
+        return self.users[username]["password_hash"] == password_hash
+    
+    def get_user_role(self, username: str) -> Optional[str]:
+        """Get user role"""
+        if username not in self.users:
+            return None
+        return self.users[username]["role"]
+    
+    def get_user_info(self, username: str) -> Optional[Dict]:
+        """Get user information"""
+        if username not in self.users:
+            return None
+        user_info = self.users[username].copy()
+        # Remove password hash for security
+        del user_info["password_hash"]
+        return user_info
+    
+    def get_role_permissions(self, role: str) -> Dict:
+        """Get permissions for a specific role"""
+        return self.role_permissions.get(role, {})
+    
+    def can_access_content(self, role: str, content_type: str) -> bool:
+        """Check if a role can access specific content"""
+        permissions = self.get_role_permissions(role)
+        allowed_docs = permissions.get("documents", [])
+        return content_type in allowed_docs or "all_data" in allowed_docs
+    
+    def get_accessible_documents(self, role: str) -> list:
+        """Get list of documents accessible to a role"""
+        permissions = self.get_role_permissions(role)
+        return permissions.get("documents", [])
+    
+    def get_role_keywords(self, role: str) -> list:
+        """Get keywords relevant to a role for better content filtering"""
+        permissions = self.get_role_permissions(role)
+        return permissions.get("keywords", [])