> For the complete documentation index, see [llms.txt](https://gramhal.gitbook.io/matar/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://gramhal.gitbook.io/matar/developer-reference/backend-code/org-based-code.md).

# Org Based Code

{% hint style="info" %}
This page describes code related to organization creation and authentication in matar app.
{% endhint %}

***

### Organization Schema

Here is the organization database schema and its attributes:

```python
class Organization(Base):
    __tablename__ = 'organization'

    _id = db.Column(db.String, primary_key=True)
    title = db.Column(db.String)
    language = db.Column(db.String)
    is_chatgpt_enabled = db.Column(db.Boolean, default=True)
    max_post_duration = db.Column(db.Integer, default=15)  # in seconds
    org_type = db.Column(db.Integer, default=0)  # 0 - public, 1 - private
    is_active = db.Column(db.Boolean, default=True)
    description = db.Column(db.String)
    code = db.Column(db.String)
    

    sort_order = db.Column(db.Integer)
```

**Describing Code:** A SQLAlchemy model class named **Organization** defines a table named 'organization' with several columns. Here's an explanation of each column:

1. **\_id**: This is the primary key column of the table. It's of type **String**, which suggests it to store string values. Primary keys are typically used for uniquely identifying each row in the table.
2. **title**: This column appears to store the title of an organization
3. **language**: This column stores the language of the organization
4. **is\_chatgpt\_enabled**: This is a boolean column (True/False) indicating whether chat gpt functionality is enabled for the organization. It has a default value of True.
5. **max\_post\_duration**: This column appears to store the maximum post duration in seconds. It is of type integer and has a default value of 15 seconds.
6. **org\_type**: This column is used to define the type of organization, with 0 representing public and 1 representing private. It is of type **Integer** and has a default value of 0.
7. **is\_active**: This is another boolean column indicating whether the organization is active. It has a default value of True.
8. **description**: This column is used to store organization description.
9. **code**: This column appears to store a code related to the organization.
10. **sort\_order**: This column does not have a default value specified but depending on application it will have a value when inserting data into the table.

***

### Organization Authentication

Here is a code snippet of how org authentication is protected with JWT functions below:

```python
def authentication_required_organization(func):
    @jwt_required()
    def inner(*args, **kwargs):
        user_id = get_jwt_identity()
        user = User.query.get(user_id)
        organization_id = request.args.get("organization_id")
        organization = Organization.query.get(organization_id)
        if(not user):
            return {"error": "no such user"}, 403
        if(not organization):
            return {"error": "no such organization"}, 400
        default_organizations = user.roles.get("default") or []
        if(organization_id not in default_organizations and not user.roles.get("superadmin")):
            return {"error": "User doesnt have permission for this organization"}, 400

        return func(user=user, organization=organization, *args, **kwargs)

    inner.__name__ = func.__name__
    return inner
```

**Describing Code:**

* When it comes to org-level authentication a JSON Web Token is required for authentication if valid you will be able to retrieve the authenticated user information using the [get\_jwt\_identity()](https://flask-jwt-extended.readthedocs.io/en/3.0.0_release/api/#flask_jwt_extended.get_jwt_identity) function . The [jwt\_required()](https://flask-jwt-extended.readthedocs.io/en/3.0.0_release/api/#flask_jwt_extended.jwt_required) is used to protect all the routes by requiring authentication via JSON Web Tokens (JWT) and checking the user's permissions within an organization.
* **@jwt\_required()** decorator requires a valid JWT token to access. If a request doesn't include a valid token, it won't proceed further.
* The **inner** function is defined inside the **@jwt\_required() decorator which receives the same arguments as the decorated function (\*args** and **\*\*kwargs**) along with two additional arguments: **user** and **organization**. These two additional arguments will receive information based on the user's JWT identity and the **organization\_id** from the request.
* First the **user\_id** is extracted from the JWT token's identity using **get\_jwt\_identity()** and fetches the corresponding **User** object from the database. The **organization\_id** is also retrieved from the request's query parameters and fetches the **Organization** object from db.
* The code also checks whether the user and organization exist. If either the user or the organization doesn't exist, it returns an appropriate error response with a 403 or 400 status code, respectively.
* The user's permissions. are also checked to determine the user's roles whether they have permission for the specified organization. A user can have a superadmin role (admin of all orgs) or can have a default role (admin of a particular organization.
* If the user is not super admin or not part of default org app will return <mark style="background-color:blue;">`User doesn't have permission for this organization.`</mark>
* If all checks pass, it calls the original function (**func**) with the **user** and **organization** arguments along with any other arguments and keyword arguments passed to the decorated route.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gramhal.gitbook.io/matar/developer-reference/backend-code/org-based-code.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.