From eea9921af064295287d26457a047b75d3ff5740f Mon Sep 17 00:00:00 2001
From: Jake Bromberg <jake@funlandresearch.com>
Date: Sun, 1 Feb 2026 12:49:33 -0800
Subject: [PATCH] feat: add admin role with roster permissions

Add roster resource to access control statements. Add roster write
permission to stationManager role. Add new admin role with full
permissions including roster management.
---
 shared/authentication/src/auth.roles.ts | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/shared/authentication/src/auth.roles.ts b/shared/authentication/src/auth.roles.ts
index 386f3e1..9594532 100644
--- a/shared/authentication/src/auth.roles.ts
+++ b/shared/authentication/src/auth.roles.ts
@@ -9,6 +9,7 @@ const statement = {
   catalog: ["read", "write"],
   bin: ["read", "write"],
   flowsheet: ["read", "write"],
+  roster: ["read", "write"],
 } as const;
 
 export type AccessControlStatement = typeof statement;
@@ -38,6 +39,15 @@ export const stationManager = accessControl.newRole({
   bin: ["read", "write"],
   catalog: ["read", "write"],
   flowsheet: ["read", "write"],
+  roster: ["read", "write"],
+});
+
+export const admin = accessControl.newRole({
+  ...adminAc.statements,
+  bin: ["read", "write"],
+  catalog: ["read", "write"],
+  flowsheet: ["read", "write"],
+  roster: ["read", "write"],
 });
 
 export const WXYCRoles = {
@@ -45,6 +55,7 @@ export const WXYCRoles = {
   dj,
   musicDirector,
   stationManager,
+  admin,
 };
 
 export type WXYCRole = keyof typeof WXYCRoles;