Add user role

services/auth/app/api/auth.py

@@ -32,7 +32,7 @@ async def register(
     
     # ✅ DEBUG: Log incoming registration data (without password)
     logger.info(f"Registration attempt for email: {user_data.email}")
-    logger.debug(f"Registration data - email: {user_data.email}, full_name: {user_data.full_name}")
+    logger.debug(f"Registration data - email: {user_data.email}, full_name: {user_data.full_name}, role: {user_data.role}")
     
     try:
         # ✅ DEBUG: Validate input data

services/auth/app/api/users.py

@@ -21,8 +21,7 @@ from app.services.admin_delete import AdminUserDeleteService
 # Import unified authentication from shared library
 from shared.auth.decorators import (
     get_current_user_dep,
-    get_current_tenant_id_dep,
-    require_role  # For admin-only endpoints
+    require_admin_role
 )
 
 logger = structlog.get_logger()
@@ -126,7 +125,7 @@ async def delete_admin_user(
     user_id: str,
     background_tasks: BackgroundTasks,
     current_user = Depends(get_current_user_dep),
-    #_admin_check = Depends(require_admin_role),
+    _admin_check = Depends(require_admin_role),
     db: AsyncSession = Depends(get_db)
 ):
     """
@@ -191,7 +190,7 @@ async def delete_admin_user(
 async def preview_user_deletion(
     user_id: str,
     current_user = Depends(get_current_user_dep),
-    #_admin_check = Depends(require_admin_role),
+    _admin_check = Depends(require_admin_role),
     db: AsyncSession = Depends(get_db)
 ):
     """

services/auth/app/models/users.py

@@ -31,6 +31,7 @@ class User(Base):
     phone = Column(String(20))
     language = Column(String(10), default="es")
     timezone = Column(String(50), default="Europe/Madrid")
+    role = Column(String(20), default="user")
 
     # REMOVED: All tenant relationships - these are handled by tenant service
     # No tenant_memberships, tenants relationships

services/auth/app/schemas/auth.py

@@ -18,6 +18,7 @@ class UserRegistration(BaseModel):
     password: str = Field(..., min_length=8, max_length=128)
     full_name: str = Field(..., min_length=1, max_length=255)
     tenant_name: Optional[str] = Field(None, max_length=255)
+    role: Optional[str] = Field("user", pattern=r'^(user|admin|manager)$')
 
 class UserLogin(BaseModel):
     """User login request"""

services/auth/app/services/auth_service.py

@@ -48,7 +48,8 @@ class AuthService:
                 is_active=True,
                 is_verified=False,
                 created_at=datetime.now(timezone.utc),
-                updated_at=datetime.now(timezone.utc)
+                updated_at=datetime.now(timezone.utc),
+                role=user_data.role
             )
             
             db.add(new_user)
@@ -115,7 +116,8 @@ class AuthService:
                     "full_name": new_user.full_name,
                     "is_active": new_user.is_active,
                     "is_verified": new_user.is_verified,
-                    "created_at": new_user.created_at.isoformat()
+                    "created_at": new_user.created_at.isoformat(),
+                    "role": new_user.role
                 }
             }
             
@@ -242,7 +244,8 @@ class AuthService:
                     "full_name": user.full_name,
                     "is_active": user.is_active,
                     "is_verified": user.is_verified,
-                    "created_at": user.created_at.isoformat()
+                    "created_at": user.created_at.isoformat(),
+                    "role": user.role
                 }
             }