Add permissions to orgs and roles (in DB-agnostic API).

passkey/bootstrap.py

@@ -19,7 +19,8 @@ from .util import passphrase, tokens
 logger = logging.getLogger(__name__)
 
 # Shared log message template for admin reset links
-ADMIN_RESET_MESSAGE = """%s
+ADMIN_RESET_MESSAGE = """\
+%s
 
 👤 Admin  %s
    - Use this link to register a Passkey for the admin user!

passkey/db/__init__.py

@@ -12,8 +12,8 @@ from uuid import UUID
 
 
 @dataclass
-class Org:
+class Permission:
-    uuid: UUID
+    id: str  # String primary key (max 128 chars)
     display_name: str
 
 
@@ -22,6 +22,15 @@ class Role:
     uuid: UUID
     org_uuid: UUID
     display_name: str
+    permissions: list[Permission]
+
+
+@dataclass
+class Org:
+    uuid: UUID
+    display_name: str
+    permissions: list[Permission]  # All that the Org can grant
+    roles: list[Role]
 
 
 @dataclass
@@ -56,12 +65,6 @@ class Session:
     credential_uuid: UUID | None = None
 
 
-@dataclass
-class Permission:
-    id: str  # String primary key (max 128 chars)
-    display_name: str
-
-
 @dataclass
 class SessionContext:
     session: Session