esta todo ok

backend/app/main.py

@@ -27,6 +27,19 @@ app.add_middleware(
 
 security = HTTPBearer()
 
+# ============= PERMISSION HELPERS =============
+def require_permission(user: models.User, permission: str):
+    """Verifica que el usuario tenga un permiso específico"""
+    if not hasattr(user.role_obj, permission) or not getattr(user.role_obj, permission):
+        raise HTTPException(
+            status_code=403, 
+            detail=f"No tienes permisos para esta acción (requiere: {permission})"
+        )
+
+def has_permission(user: models.User, permission: str) -> bool:
+    """Verifica si el usuario tiene un permiso específico"""
+    return hasattr(user.role_obj, permission) and getattr(user.role_obj, permission)
+
 # Dependency para obtener usuario actual
 def get_current_user(
     credentials: HTTPAuthorizationCredentials = Depends(security),
@@ -51,8 +64,11 @@ def get_current_user(
         api_token.last_used_at = datetime.utcnow()
         db.commit()
         
-        # Obtener usuario
-        user = db.query(models.User).filter(models.User.id == api_token.user_id).first()
+        # Obtener usuario con rol
+        user = db.query(models.User).options(
+            joinedload(models.User.role_obj)
+        ).filter(models.User.id == api_token.user_id).first()
+        
         if not user or not user.is_active:
             raise HTTPException(
                 status_code=status.HTTP_401_UNAUTHORIZED,
@@ -72,7 +88,10 @@ def get_current_user(
     
     user_id = int(payload.get("sub"))
     print(f"Looking for user ID: {user_id}")  # Debug
-    user = db.query(models.User).filter(models.User.id == user_id).first()
+    user = db.query(models.User).options(
+        joinedload(models.User.role_obj)
+    ).filter(models.User.id == user_id).first()
+    
     if user is None:
         print(f"User not found with ID: {user_id}")  # Debug
         raise HTTPException(status_code=404, detail="Usuario no encontrado")
@@ -94,13 +113,15 @@ def register(user: schemas.UserCreate, db: Session = Depends(get_db)):
         username=user.username,
         email=user.email,
         full_name=user.full_name,
-        role=user.role,
+        role_id=user.role_id,
         password_hash=hashed_password
     )
     db.add(db_user)
     db.commit()
     db.refresh(db_user)
     return db_user
+    db.refresh(db_user)
+    return db_user
 
 
 @app.post("/api/auth/login", response_model=schemas.Token)