Data Models
Auto-generated from Mongoose schemas. Every
@Schema()class is a collection in theponddatabase.
Role
Role document model. A named permission bundle that User documents reference by id. Does not enforce referential integrity — deleting a Role leaves orphaned references in User.roleIds.
Source: api/src/roles/schemas/role.schema.ts
| Field | Type | Required | Description |
|---|---|---|---|
name | string | yes | Unique, trimmed role name. Required. |
description | string | no | Human-readable description. Defaults to the empty string. |
permissions | string[] | no | Permission tokens granted by this role. Free-form strings; not validated against any canonical list. |
User
User document model. Represents an authenticated principal in the Pond sandbox. References Role via roleIds but does not enforce referential integrity at the database layer — see docs/ARCHITECTURE.md §4.5.
Source: api/src/users/schemas/user.schema.ts
| Field | Type | Required | Description |
|---|---|---|---|
email | string | yes | Unique, lowercased, trimmed email address. Required. |
username | string | yes | Unique, trimmed username. Required. Min 3 chars enforced at DTO level. |
passwordHash | string | yes | Placeholder for a future password hash. Stored verbatim for now because auth is deliberately out of scope in this pass. Never returned to clients once auth lands. |
roleIds | Types.ObjectId[] | no | References to Role documents. Not cascaded on role deletion — stale ids are possible and must be handled at the application layer if referential integrity becomes important. |
isActive | boolean | no | Soft-delete / disable flag. Defaults to true on create. |