Relay/RelayServer/Models/Server/Roles.cs

using SurrealDb.Net.Models;

namespace RelayServer.Models;

/// <summary>
/// The permission bitfield. The whole permission model is just:
///
///   ServerMembers.IsOwner = true                 → unconditional Administrator
///   roles.Permissions has Administrator flag     → unconditional everything
///   channel_permissions.Deny has a specific flag → that permission denied here
///   channel_permissions.Allow has a specific flag → that permission allowed here
///   roles.Permissions has the flag               → fallback (channel-independent)
///
/// PermissionService.HasPermissionAsync walks that ladder in order. See that class for the
/// authoritative implementation.
/// </summary>
[Flags]
public enum PermissionFlags
{
    None              = 0,
    ReadMessages      = 1 << 0,
    SendMessages      = 1 << 1,
    ManageMessages    = 1 << 2,  // Edit / delete others' messages
    ManageChannels    = 1 << 3,  // Create channels (umbrella manage permission)
    ManageMembers     = 1 << 4,  // Kick / ban members
    Administrator     = 1 << 5,  // All permissions, bypasses channel overrides
    ViewChannel       = 1 << 6,  // "Visibility" — can see the channel at all
    Speak             = 1 << 7,  // Can transmit in a voice channel
    EditChannel       = 1 << 8,  // Rename / reconfigure a channel
    DeleteChannel     = 1 << 9   // Delete a channel
}

/// <summary>
/// Surreal record for the `roles` table. Defines a named permission bundle that can be
/// assigned to users via UserRoles.
/// </summary>
public class Roles : Record
{
    /// <summary>Display name ("Admin", "Moderator", "Member").</summary>
    public required string Name { get; set; }

    /// <summary>Base permission bitfield. Channel-level overrides in ChannelPermissions can add or remove.</summary>
    public required PermissionFlags Permissions { get; set; }

    /// <summary>When the role was seeded.</summary>
    public required DateTime CreatedAt { get; set; }

    /// <summary>Tie-breaker for future multi-role-per-user scenarios. Lower = higher priority. Not used by the current ladder.</summary>
    public int Priority { get; set; }
}