From d2a6bfd2a5486ae9d31b5fb820c452caa9092c43 Mon Sep 17 00:00:00 2001
From: Leo Vasanko <leo@git>
Date: Tue, 12 Aug 2025 13:21:37 -0600
Subject: [PATCH] Add permissions to orgs and roles (in DB-agnostic API).

---
 passkey/db/__init__.py | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/passkey/db/__init__.py b/passkey/db/__init__.py
index 1301e67..0aca94e 100644
--- a/passkey/db/__init__.py
+++ b/passkey/db/__init__.py
@@ -12,8 +12,8 @@ from uuid import UUID
 
 
 @dataclass
-class Org:
-    uuid: UUID
+class Permission:
+    id: str  # String primary key (max 128 chars)
     display_name: str
 
 
@@ -22,6 +22,15 @@ class Role:
     uuid: UUID
     org_uuid: UUID
     display_name: str
+    permissions: list[Permission]
+
+
+@dataclass
+class Org:
+    uuid: UUID
+    display_name: str
+    permissions: list[Permission]  # All that the Org can grant
+    roles: list[Role]
 
 
 @dataclass
@@ -56,12 +65,6 @@ class Session:
     credential_uuid: UUID | None = None
 
 
-@dataclass
-class Permission:
-    id: str  # String primary key (max 128 chars)
-    display_name: str
-
-
 @dataclass
 class SessionContext:
     session: Session