Added Roles and Permissions. Some minor UI fixes

backend/auth/models.py

@@ -4,11 +4,49 @@ from enum import Enum
 
 
 class Role(str, Enum):
-    superadmin = "superadmin"
-    melody_editor = "melody_editor"
-    device_manager = "device_manager"
-    user_manager = "user_manager"
-    viewer = "viewer"
+    sysadmin = "sysadmin"
+    admin = "admin"
+    editor = "editor"
+    user = "user"
+
+
+class SectionPermissions(BaseModel):
+    view: bool = False
+    add: bool = False
+    edit: bool = False
+    delete: bool = False
+
+
+class StaffPermissions(BaseModel):
+    melodies: SectionPermissions = SectionPermissions()
+    devices: SectionPermissions = SectionPermissions()
+    app_users: SectionPermissions = SectionPermissions()
+    equipment: SectionPermissions = SectionPermissions()
+    mqtt: bool = False
+
+
+# Default permissions per role
+def default_permissions_for_role(role: str) -> Optional[dict]:
+    if role in ("sysadmin", "admin"):
+        return None  # Full access, permissions field not used
+    full = {"view": True, "add": True, "edit": True, "delete": True}
+    view_only = {"view": True, "add": False, "edit": False, "delete": False}
+    if role == "editor":
+        return {
+            "melodies": full,
+            "devices": full,
+            "app_users": full,
+            "equipment": full,
+            "mqtt": True,
+        }
+    # user role - view only
+    return {
+        "melodies": view_only,
+        "devices": view_only,
+        "app_users": view_only,
+        "equipment": view_only,
+        "mqtt": False,
+    }
 
 
 class AdminUserInDB(BaseModel):
@@ -18,6 +56,7 @@ class AdminUserInDB(BaseModel):
     name: str
     role: Role
     is_active: bool = True
+    permissions: Optional[StaffPermissions] = None
 
 
 class LoginRequest(BaseModel):
@@ -30,6 +69,7 @@ class TokenResponse(BaseModel):
     token_type: str = "bearer"
     role: str
     name: str
+    permissions: Optional[dict] = None
 
 
 class TokenPayload(BaseModel):