package models import "time" // Role represents user roles type Role string const ( RoleAdmin Role = "admin" RoleEditor Role = "editor" RoleAnalyst Role = "analyst" RoleViewer Role = "viewer" ) // Permission represents a specific permission type Permission string const ( PermViewLogs Permission = "logs:view" PermExportLogs Permission = "logs:export" PermManageAlerts Permission = "alerts:manage" PermViewAlerts Permission = "alerts:view" PermManagePatterns Permission = "patterns:manage" PermRunML Permission = "patterns:ml" PermManageReports Permission = "reports:manage" PermManageUsers Permission = "users:manage" ) // RolePermissions maps roles to their permissions var RolePermissions = map[Role][]Permission{ RoleAdmin: { PermViewLogs, PermExportLogs, PermManageAlerts, PermViewAlerts, PermManagePatterns, PermRunML, PermManageReports, PermManageUsers, }, RoleEditor: { PermViewLogs, PermExportLogs, PermManageAlerts, PermViewAlerts, PermManagePatterns, PermManageReports, }, RoleAnalyst: { PermViewLogs, PermViewAlerts, PermManagePatterns, PermRunML, }, RoleViewer: { PermViewLogs, PermViewAlerts, }, } // User represents a user in the system type User struct { ID string `json:"id" db:"id"` Username string `json:"username" db:"username"` Email string `json:"email" db:"email"` PasswordHash string `json:"-" db:"password_hash"` Role Role `json:"role" db:"role"` IsActive bool `json:"is_active" db:"is_active"` CreatedAt time.Time `json:"created_at" db:"created_at"` UpdatedAt time.Time `json:"updated_at" db:"updated_at"` } // HasPermission checks if the user has a specific permission func (u *User) HasPermission(perm Permission) bool { permissions, ok := RolePermissions[u.Role] if !ok { return false } for _, p := range permissions { if p == perm { return true } } return false } // GetPermissions returns all permissions for the user's role func (u *User) GetPermissions() []Permission { return RolePermissions[u.Role] }