Skip to content

Types

sentinel_auth.types

Types representing authenticated user and workspace context from JWT claims.

These dataclasses are populated by the JWT middleware and made available through FastAPI dependency injection.

AuthenticatedUser(user_id, email, name, workspace_id, workspace_slug, workspace_role, groups=list()) dataclass

Represents an authenticated user extracted from a JWT access token.

This immutable dataclass is set on request.state.user by JWTAuthMiddleware and retrieved via get_current_user().

Attributes:

Name Type Description
user_id UUID

The user's unique identifier (from JWT sub claim).
email str

The user's email address.
name str

The user's display name.
workspace_id UUID

The active workspace ID (from JWT wid claim).
workspace_slug str

The active workspace's URL slug (from JWT wslug claim).
workspace_role str

The user's role in the active workspace — one of 'owner', 'admin', 'editor', or 'viewer'.
groups list[UUID]

List of group UUIDs the user belongs to in the active workspace.
Example 
from sentinel_auth.dependencies import get_current_user
from sentinel_auth.types import AuthenticatedUser

@router.get("/items")
async def list_items(user: AuthenticatedUser = Depends(get_current_user)):
    if user.is_admin:
        return await get_all_items(user.workspace_id)
    return await get_user_items(user.user_id)

is_admin property

Whether the user has admin or owner role in the active workspace.

is_editor property

Whether the user has at least editor role (editor, admin, or owner).

has_role(minimum_role)

Check if the user meets a minimum role requirement.

Parameters:

Name Type Description Default
minimum_role str

The minimum required role — one of 'viewer', 'editor', 'admin', or 'owner'.

 required

Returns:

Type Description
bool

True if the user's workspace role is equal to or higher than
bool

the specified minimum in the hierarchy:
bool

viewer < editor < admin < owner.
Source code in sdk/src/sentinel_auth/types.py 
59
60
61
62
63
64
65
66
67
68
69
70
71
72
def has_role(self, minimum_role: str) -> bool:
    """Check if the user meets a minimum role requirement.

    Args:
        minimum_role: The minimum required role — one of
            ``'viewer'``, ``'editor'``, ``'admin'``, or ``'owner'``.

    Returns:
        True if the user's workspace role is equal to or higher than
        the specified minimum in the hierarchy:
        ``viewer < editor < admin < owner``.
    """
    hierarchy = {"viewer": 0, "editor": 1, "admin": 2, "owner": 3}
    return hierarchy.get(self.workspace_role, -1) >= hierarchy.get(minimum_role, 99)

WorkspaceContext(workspace_id, workspace_slug, user_id, role) dataclass

Lightweight workspace context extracted from the current user's JWT.

A subset of AuthenticatedUser focused on workspace identity, useful when you only need workspace-scoped information.

Attributes:

Name Type Description
workspace_id UUID

The active workspace's unique identifier.
workspace_slug str

The active workspace's URL-friendly slug.
user_id UUID

The authenticated user's unique identifier.
role str

The user's role in this workspace.