From 59d4d442b2a2b9a95332337806de5d59dc5ff1a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=BC=D0=B8=D1=82=D1=80=D0=B8=D0=B9?=
 <lendry@MacBook-Pro-Dmitrij.local>
Date: Thu, 9 Apr 2026 17:04:13 +0300
Subject: [PATCH] upgrede: add asign role and manege roles and permissions

---
 proto/sso/account.proto | 19 +++++++++++++++
 proto/sso/rbac.proto    | 51 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)

diff --git a/proto/sso/account.proto b/proto/sso/account.proto
index 30ea193..fb4d2e8 100644
--- a/proto/sso/account.proto
+++ b/proto/sso/account.proto
@@ -11,6 +11,8 @@ service AccountService {
   rpc CreateUser(CreateUserRequest) returns (CreateUserResponse);
   rpc DeleteUser(DeleteUserRequest) returns (DeleteUserResponse);
   rpc ChangeData(ChangeDataRequest) returns (ChangeDataResponse);
+  rpc AssignRole (AssignRoleRequest) returns (AssignRoleResponse);
+  rpc RevokeRole (RevokeRoleRequest) returns (RevokeRoleResponse);
   rpc SetPin (SetPinRequest) returns (SetPinResponse);
   rpc UnlockPin (UnlockPinRequest) returns (UnlockPinResponse);
   rpc GetPinStatus (GetPinStatusRequest) returns (GetPinStatusResponse);
@@ -93,6 +95,23 @@ message ChangeDataResponse {
   string message = 2;
 }
 
+message AssignRoleRequest {
+  string user_id = 1;
+  string role_id = 2; // В gRPC передаем как string, внутри преобразуем в Int
+}
+message AssignRoleResponse {
+  bool success = 1;
+  string message = 2;
+}
+message RevokeRoleRequest {
+  string user_id = 1;
+  string role_id = 2;
+}
+message RevokeRoleResponse {
+  bool success = 1;
+  string message = 2;
+}
+
 message AdminResetPasswordRequest {
   string user_id = 1;
   string new_password = 2;
diff --git a/proto/sso/rbac.proto b/proto/sso/rbac.proto
index d7353a2..f6c4166 100644
--- a/proto/sso/rbac.proto
+++ b/proto/sso/rbac.proto
@@ -7,6 +7,13 @@ option go_package = "git.lendry.ru/lendry-erp/proto.git/go;pb";
 
 
 service RbacService {
+  rpc CreateRole(CreateRoleRequest) returns (ModifyRoleResponse);
+  rpc UpdateRole(UpdateRoleRequest) returns (ModifyRoleResponse);
+  rpc DeleteRole(DeleteRoleRequest) returns (DeleteRoleResponse);
+  
+  rpc CreatePermission(CreatePermissionRequest) returns (ModifyPermissionResponse);
+  rpc UpdatePermission(UpdatePermissionRequest) returns (ModifyPermissionResponse);
+
   rpc GetAllPermissions (GetAllPermissionsRequest) returns (GetAllPermissionsResponse);
   rpc GetAllRoles(GetAllRolesRequest) returns (GetAllRolesResponse);
 }
@@ -37,6 +44,50 @@ message GetAllRolesResponse {
     repeated Roles roles = 1;
 }
 
+message CreateRoleRequest {
+    string name = 1;
+    int32 level = 2;
+    repeated string permission_codes = 3;
+}
+
+message UpdateRoleRequest {
+    string id = 1;
+    optional string name = 2;
+    optional int32 level = 3;
+    repeated string permission_codes = 4;
+}
+
+message ModifyRoleResponse {
+    bool success = 1;
+    string message = 2;
+}
+
+message DeleteRoleRequest {
+    string id = 1;
+}
+
+message DeleteRoleResponse {
+    bool success = 1;
+    string message = 2;
+    optional string fallback_role_name = 3;
+}
+
+message CreatePermissionRequest {
+    string code = 1;
+    string description = 2;
+    string module = 3;
+}
+
+message UpdatePermissionRequest {
+    string id = 1;
+    repeated string role_ids = 2; // Привязка к конкретным ролям
+}
+
+message ModifyPermissionResponse {
+    bool success = 1;
+    string message = 2;
+}
+
 message Roles {
     string id = 1;
     string name = 2;