feat: Add user role entity and integrate with user model, including migration updates and a new Makefile target.

backend/src/db.rs

@@ -5,7 +5,7 @@ use sea_orm::sea_query::SqliteQueryBuilder;
 
 use crate::config::Config;
 use crate::models::bio::{biomarker_entry, biomarker_type};
-use crate::models::user::{session, user};
+use crate::models::user::{role, session, user};
 
 /// Connect to the SQLite database.
 pub async fn connect(config: &Config) -> Result<DatabaseConnection, DbErr> {
@@ -24,9 +24,10 @@ pub async fn connect(config: &Config) -> Result<DatabaseConnection, DbErr> {
 pub async fn run_migrations(db: &DatabaseConnection) -> Result<(), DbErr> {
     let schema = Schema::new(DbBackend::Sqlite);
 
-    // Create table statements
+    // Create table statements (order matters for foreign keys)
     let statements = vec![
-        schema.create_table_from_entity(user::Entity),
+        schema.create_table_from_entity(role::Entity),        // roles first
+        schema.create_table_from_entity(user::Entity),        // users references roles
         schema.create_table_from_entity(session::Entity),
         schema.create_table_from_entity(biomarker_type::Entity),
         schema.create_table_from_entity(biomarker_entry::Entity),

backend/src/models/user/mod.rs

@@ -1,7 +1,9 @@
 //! User and session entities for authentication.
 
+pub mod role;
 pub mod session;
 pub mod user;
 
+pub use role::Entity as Role;
 pub use session::Entity as Session;
 pub use user::Entity as User;

backend/src/models/user/role.rs

@@ -0,0 +1,33 @@
+//! Role entity for RBAC.
+
+use sea_orm::entity::prelude::*;
+use serde::{Deserialize, Serialize};
+
+#[derive(Clone, Debug, PartialEq, Eq, DeriveEntityModel, Serialize, Deserialize)]
+#[sea_orm(table_name = "roles")]
+pub struct Model {
+    #[sea_orm(primary_key)]
+    pub id: i32,
+
+    /// Role name: admin, user, reader
+    #[sea_orm(unique)]
+    pub name: String,
+
+    /// Human-readable description
+    #[sea_orm(column_type = "Text", nullable)]
+    pub description: Option<String>,
+}
+
+#[derive(Copy, Clone, Debug, EnumIter, DeriveRelation)]
+pub enum Relation {
+    #[sea_orm(has_many = "super::user::Entity")]
+    Users,
+}
+
+impl Related<super::user::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::Users.def()
+    }
+}
+
+impl ActiveModelBehavior for ActiveModel {}

backend/src/models/user/user.rs

@@ -18,6 +18,9 @@ pub struct Model {
     #[sea_orm(unique)]
     pub email: String,
 
+    /// Foreign key to roles table
+    pub role_id: i32,
+
     pub created_at: DateTime,
     pub updated_at: DateTime,
 }
@@ -26,6 +29,13 @@ pub struct Model {
 pub enum Relation {
     #[sea_orm(has_many = "super::session::Entity")]
     Sessions,
+
+    #[sea_orm(
+        belongs_to = "super::role::Entity",
+        from = "Column::RoleId",
+        to = "super::role::Column::Id"
+    )]
+    Role,
 }
 
 impl Related<super::session::Entity> for Entity {
@@ -34,4 +44,11 @@ impl Related<super::session::Entity> for Entity {
     }
 }
 
+impl Related<super::role::Entity> for Entity {
+    fn to() -> RelationDef {
+        Relation::Role.def()
+    }
+}
+
 impl ActiveModelBehavior for ActiveModel {}
+