Story 2.4: Role Management API

Metadata

Story ID: 2.4
Title: Role Management API
Epic: 2 - Authentication & Authorization
Status: Pending
Priority: High
Estimated Time: 5-6 hours
Dependencies: 1.2, 2.3

Goal

Provide complete API for managing roles, assigning permissions to roles, and assigning roles to users.

Description

This story implements the complete role management API allowing administrators to create, update, and delete roles, assign permissions to roles, and assign roles to users.

Deliverables

1. Role Repository (`internal/identity/role_repo.go`)

CRUD operations for roles
Assign permissions to roles (many-to-many)
Assign roles to users (many-to-many)
List roles with permissions
List users with roles

2. Role Management API Endpoints

POST /api/v1/roles - Create new role
GET /api/v1/roles - List all roles (with pagination)
GET /api/v1/roles/:id - Get role details with permissions
PUT /api/v1/roles/:id - Update role
DELETE /api/v1/roles/:id - Delete role
POST /api/v1/roles/:id/permissions - Assign permissions to role
DELETE /api/v1/roles/:id/permissions/:permId - Remove permission from role
POST /api/v1/users/:id/roles - Assign roles to user
DELETE /api/v1/users/:id/roles/:roleId - Remove role from user

3. Authorization and Validation

All endpoints protected (admin only)
Input validation
Error handling

4. gRPC Server (Microservices)

Expose role management via existing Authz service gRPC server
Role management methods in api/proto/authz.proto
Service registration in service registry

Acceptance Criteria

Admin users can create and manage roles
Permissions can be assigned to roles
Roles can be assigned to users
Role changes affect user permissions immediately
All role operations are audited
API endpoints are protected with proper permissions

Files to Create/Modify

internal/identity/role_repo.go - Role repository
internal/identity/role_handler.go - Role handlers
internal/server/routes.go - Add role routes

2.3 KiB Raw Blame History