feat: role-based permissions — owner/partner/associate/paralegal/secretary (P0)

backend/internal/auth/context.go

@@ -9,10 +9,19 @@ import (
 type contextKey string
 
 const (
+<<<<<<< HEAD
 	userIDKey    contextKey = "user_id"
 	tenantIDKey  contextKey = "tenant_id"
 	ipKey        contextKey = "ip_address"
 	userAgentKey contextKey = "user_agent"
+||||||| 82878df
+	userIDKey   contextKey = "user_id"
+	tenantIDKey contextKey = "tenant_id"
+=======
+	userIDKey   contextKey = "user_id"
+	tenantIDKey contextKey = "tenant_id"
+	userRoleKey contextKey = "user_role"
+>>>>>>> mai/pike/p0-role-based
 )
 
 func ContextWithUserID(ctx context.Context, userID uuid.UUID) context.Context {
@@ -32,6 +41,7 @@ func TenantFromContext(ctx context.Context) (uuid.UUID, bool) {
 	id, ok := ctx.Value(tenantIDKey).(uuid.UUID)
 	return id, ok
 }
+<<<<<<< HEAD
 
 func ContextWithRequestInfo(ctx context.Context, ip, userAgent string) context.Context {
 	ctx = context.WithValue(ctx, ipKey, ip)
@@ -52,3 +62,15 @@ func UserAgentFromContext(ctx context.Context) *string {
 	}
 	return nil
 }
+||||||| 82878df
+=======
+
+func ContextWithUserRole(ctx context.Context, role string) context.Context {
+	return context.WithValue(ctx, userRoleKey, role)
+}
+
+func UserRoleFromContext(ctx context.Context) string {
+	role, _ := ctx.Value(userRoleKey).(string)
+	return role
+}
+>>>>>>> mai/pike/p0-role-based