feat: add configurable role/permission system

app/models/role_permission.py

@@ -0,0 +1,44 @@
+"""Role and Permission models."""
+from sqlalchemy import Column, Integer, String, Text, DateTime, ForeignKey, Boolean
+from sqlalchemy.orm import relationship
+from sqlalchemy.sql import func
+from app.core.config import Base
+
+
+class Role(Base):
+    """Role definition - configurable roles."""
+    __tablename__ = "roles"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    name = Column(String(50), unique=True, nullable=False)
+    description = Column(String(255), nullable=True)
+    is_global = Column(Boolean, default=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    updated_at = Column(DateTime(timezone=True), onupdate=func.now())
+    
+    permissions = relationship("RolePermission", back_populates="role")
+
+
+class Permission(Base):
+    """Permission definitions - granular permissions."""
+    __tablename__ = "permissions"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    name = Column(String(100), unique=True, nullable=False)
+    description = Column(String(255), nullable=True)
+    category = Column(String(50), nullable=False)
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
+    
+    roles = relationship("RolePermission", back_populates="permission")
+
+
+class RolePermission(Base):
+    """Maps roles to permissions."""
+    __tablename__ = "role_permissions"
+    
+    id = Column(Integer, primary_key=True, index=True)
+    role_id = Column(Integer, ForeignKey("roles.id"), nullable=False)
+    permission_id = Column(Integer, ForeignKey("permissions.id"), nullable=False)
+    
+    role = relationship("Role", back_populates="permissions")
+    permission = relationship("Permission", back_populates="roles")