esta todo ok

backend/app/main.py

@@ -27,6 +27,19 @@ app.add_middleware(
 
 security = HTTPBearer()
 
+# ============= PERMISSION HELPERS =============
+def require_permission(user: models.User, permission: str):
+    """Verifica que el usuario tenga un permiso específico"""
+    if not hasattr(user.role_obj, permission) or not getattr(user.role_obj, permission):
+        raise HTTPException(
+            status_code=403, 
+            detail=f"No tienes permisos para esta acción (requiere: {permission})"
+        )
+
+def has_permission(user: models.User, permission: str) -> bool:
+    """Verifica si el usuario tiene un permiso específico"""
+    return hasattr(user.role_obj, permission) and getattr(user.role_obj, permission)
+
 # Dependency para obtener usuario actual
 def get_current_user(
     credentials: HTTPAuthorizationCredentials = Depends(security),
@@ -51,8 +64,11 @@ def get_current_user(
         api_token.last_used_at = datetime.utcnow()
         db.commit()
         
-        # Obtener usuario
-        user = db.query(models.User).filter(models.User.id == api_token.user_id).first()
+        # Obtener usuario con rol
+        user = db.query(models.User).options(
+            joinedload(models.User.role_obj)
+        ).filter(models.User.id == api_token.user_id).first()
+        
         if not user or not user.is_active:
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
@@ -72,7 +88,10 @@ def get_current_user(
     
     user_id = int(payload.get("sub"))
     print(f"Looking for user ID: {user_id}")  # Debug
-    user = db.query(models.User).filter(models.User.id == user_id).first()
+    user = db.query(models.User).options(
+        joinedload(models.User.role_obj)
+    ).filter(models.User.id == user_id).first()
+    
     if user is None:
         print(f"User not found with ID: {user_id}")  # Debug
         raise HTTPException(status_code=404, detail="Usuario no encontrado")
@@ -94,13 +113,15 @@ def register(user: schemas.UserCreate, db: Session = Depends(get_db)):
         username=user.username,
         email=user.email,
         full_name=user.full_name,
-        role=user.role,
+        role_id=user.role_id,
         password_hash=hashed_password
     )
     db.add(db_user)
     db.commit()
     db.refresh(db_user)
     return db_user
+    db.refresh(db_user)
+    return db_user
 
 
 @app.post("/api/auth/login", response_model=schemas.Token)

backend/app/models.py

@@ -3,6 +3,26 @@ from sqlalchemy.orm import relationship
 from sqlalchemy.sql import func
 from app.core.database import Base
 
+class Role(Base):
+    __tablename__ = "roles"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    name = Column(String(50), unique=True, nullable=False)  # administrador, asesor, mecanico
+    display_name = Column(String(100), nullable=False)  # Administrador, Asesor, Mecánico
+    description = Column(String(255))
+    # Permisos
+    can_manage_users = Column(Boolean, default=False)
+    can_manage_roles = Column(Boolean, default=False)
+    can_manage_checklists = Column(Boolean, default=False)
+    can_create_inspections = Column(Boolean, default=False)
+    can_view_all_inspections = Column(Boolean, default=False)
+    can_view_reports = Column(Boolean, default=False)
+    can_deactivate_inspections = Column(Boolean, default=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    
+    # Relationships
+    users = relationship("User", back_populates="role_obj")
+
 class User(Base):
     __tablename__ = "users"
     
@@ -10,12 +30,13 @@ class User(Base):
     username = Column(String(50), unique=True, index=True, nullable=False)
     email = Column(String(100), unique=True, index=True)
     password_hash = Column(String(255), nullable=False)
-    role = Column(String(20), nullable=False)  # admin, mechanic
+    role_id = Column(Integer, ForeignKey("roles.id"), nullable=False)
     full_name = Column(String(100))
     is_active = Column(Boolean, default=True)
     created_at = Column(DateTime(timezone=True), server_default=func.now())
     
     # Relationships
+    role_obj = relationship("Role", back_populates="users")
     checklists_created = relationship("Checklist", back_populates="creator")
     inspections = relationship("Inspection", back_populates="mechanic")
     api_tokens = relationship("APIToken", back_populates="user", cascade="all, delete-orphan")

backend/app/schemas.py

@@ -2,12 +2,46 @@ from pydantic import BaseModel, EmailStr, Field
 from typing import Optional, List
 from datetime import datetime
 
+# Role Schemas
+class RoleBase(BaseModel):
+    name: str
+    display_name: str
+    description: Optional[str] = None
+    can_manage_users: bool = False
+    can_manage_roles: bool = False
+    can_manage_checklists: bool = False
+    can_create_inspections: bool = False
+    can_view_all_inspections: bool = False
+    can_view_reports: bool = False
+    can_deactivate_inspections: bool = False
+
+class RoleCreate(RoleBase):
+    pass
+
+class RoleUpdate(BaseModel):
+    display_name: Optional[str] = None
+    description: Optional[str] = None
+    can_manage_users: Optional[bool] = None
+    can_manage_roles: Optional[bool] = None
+    can_manage_checklists: Optional[bool] = None
+    can_create_inspections: Optional[bool] = None
+    can_view_all_inspections: Optional[bool] = None
+    can_view_reports: Optional[bool] = None
+    can_deactivate_inspections: Optional[bool] = None
+
+class Role(RoleBase):
+    id: int
+    created_at: datetime
+    
+    class Config:
+        from_attributes = True
+
 # User Schemas
 class UserBase(BaseModel):
     username: str
     email: Optional[EmailStr] = None
     full_name: Optional[str] = None
-    role: str = "mechanic"
+    role_id: int = 3  # Default: mecanico
 
 class UserCreate(UserBase):
     password: str
@@ -16,7 +50,7 @@ class UserUpdate(BaseModel):
     username: Optional[str] = None
     email: Optional[EmailStr] = None
     full_name: Optional[str] = None
-    role: Optional[str] = None
+    role_id: Optional[int] = None
 
 class UserPasswordUpdate(BaseModel):
     current_password: str
@@ -29,8 +63,13 @@ class UserLogin(BaseModel):
     username: str
     password: str
 
-class User(UserBase):
+class User(BaseModel):
     id: int
+    username: str
+    email: Optional[str] = None
+    full_name: Optional[str] = None
+    role_id: int
+    role: Role  # Role object
     is_active: bool
     created_at: datetime