fix(auth): use UserRole enum instead of bool

- Replaced isAnonymous and isAdmin
- Used UserRole enum for clarity
- Updated auth checks accordingly

Author: fulleni

lib/src/services/auth_service.dart

@@ -115,8 +115,7 @@ class AuthService {
         user = User(
           id: _uuid.v4(), // Generate new ID
           email: email,
-          isAnonymous: false, // Email verified user is not anonymous
-          isAdmin: false,
+          role: UserRole.standardUser, // Email verified user is standard user
         );
         user = await _userRepository.create(item: user); // Save the new user
         print('Created new user: ${user.id}');
@@ -155,9 +154,8 @@ class AuthService {
     try {
       user = User(
         id: _uuid.v4(), // Generate new ID
-        isAnonymous: true,
+        role: UserRole.guestUser, // Anonymous users are guest users
         email: null, // Anonymous users don't have an email initially
-        isAdmin: false,
       );
       user = await _userRepository.create(item: user);
       print('Created anonymous user: ${user.id}');
@@ -248,7 +246,7 @@ class AuthService {
     required User anonymousUser,
     required String emailToLink,
   }) async {
-    if (!anonymousUser.isAnonymous) {
+    if (anonymousUser.role != UserRole.guestUser) {
       throw const BadRequestException(
         'Account is already permanent. Cannot link email.',
       );
@@ -310,7 +308,7 @@ class AuthService {
     required String codeFromUser,
     required String oldAnonymousToken, // Needed to invalidate it
   }) async {
-    if (!anonymousUser.isAnonymous) {
+    if (anonymousUser.role != UserRole.guestUser) {
       // Should ideally not happen if flow is correct, but good safeguard.
       throw const BadRequestException(
         'Account is already permanent. Cannot complete email linking.',
@@ -335,8 +333,7 @@ class AuthService {
       final updatedUser = User(
         id: anonymousUser.id, // Preserve original ID
         email: linkedEmail,
-        isAnonymous: false, // Now a permanent user
-        isAdmin: false,
+        role: UserRole.standardUser, // Now a permanent standard user
       );
       final permanentUser = await _userRepository.update(
         id: updatedUser.id,

lib/src/services/jwt_auth_token_service.dart

@@ -64,7 +64,7 @@ class JwtAuthTokenService implements AuthTokenService {
 
           // Custom claims (optional, include what's useful)
           'email': user.email,
-          'isAnonymous': user.isAnonymous,
+          'role': user.role, // Include the user's role
         },
         issuer: _issuer,
         subject: user.id,

routes/api/v1/auth/link-email.dart

@@ -22,7 +22,7 @@ Future<Response> onRequest(RequestContext context) async {
     // This should ideally be caught by `authenticationProvider` if route is protected
     throw const UnauthorizedException('Authentication required to link email.');
   }
-  if (!authenticatedUser.isAnonymous) {
+  if (authenticatedUser.role != UserRole.guestUser) {
     throw const BadRequestException(
       'Account is already permanent. Cannot initiate email linking.',
     );

routes/api/v1/auth/verify-link-email.dart

@@ -23,7 +23,7 @@ Future<Response> onRequest(RequestContext context) async {
       'Authentication required to verify email link.',
     );
   }
-  if (!authenticatedUser.isAnonymous) {
+  if (authenticatedUser.role != UserRole.guestUser) {
     throw const BadRequestException(
       'Account is already permanent. Cannot complete email linking.',
     );

routes/api/v1/data/[id].dart

@@ -82,7 +82,7 @@ Future<Response> _handleGet(
 ) async {
   // Apply access control based on ownership type for GET requests
   if (modelConfig.ownership == ModelOwnership.adminOwned &&
-      !authenticatedUser.isAdmin) {
+      authenticatedUser.role != UserRole.admin) {
     throw const ForbiddenException(
       'You do not have permission to read this resource.',
     );
@@ -201,13 +201,13 @@ Future<Response> _handlePut(
   // Apply access control based on ownership type for PUT requests
   if ((modelConfig.ownership == ModelOwnership.adminOwned ||
           modelConfig.ownership == ModelOwnership.adminOwnedReadAllowed) &&
-      !authenticatedUser.isAdmin) {
+      authenticatedUser.role != UserRole.admin) {
     throw const ForbiddenException(
       'Only administrators can update this resource.',
     );
   }
   if (modelConfig.ownership == ModelOwnership.userOwned &&
-      !authenticatedUser.isAdmin) {
+      authenticatedUser.role != UserRole.admin) {
     // For userOwned, non-admins must be the owner.
     // The repository will enforce this check when userIdForRepoCall is passed.
   }
@@ -351,13 +351,13 @@ Future<Response> _handleDelete(
   // Apply access control based on ownership type for DELETE requests
   if ((modelConfig.ownership == ModelOwnership.adminOwned ||
           modelConfig.ownership == ModelOwnership.adminOwnedReadAllowed) &&
-      !authenticatedUser.isAdmin) {
+      authenticatedUser.role != UserRole.admin) {
     throw const ForbiddenException(
       'Only administrators can delete this resource.',
     );
   }
   if (modelConfig.ownership == ModelOwnership.userOwned &&
-      !authenticatedUser.isAdmin) {
+      authenticatedUser.role != UserRole.admin) {
     // For userOwned, non-admins must be the owner.
     // The repository will enforce this check when userIdForRepoCall is passed.
   }

routes/api/v1/data/index.dart

@@ -84,7 +84,7 @@ Future<Response> _handleGet(
 
   // Apply access control based on ownership type for GET requests
   if (modelConfig.ownership == ModelOwnership.adminOwned &&
-      !authenticatedUser.isAdmin) {
+      authenticatedUser.role != UserRole.admin) {
     throw const ForbiddenException(
       'You do not have permission to read this resource.',
     );
@@ -243,7 +243,7 @@ Future<Response> _handlePost(
   // Apply access control based on ownership type for POST requests
   if ((modelConfig.ownership == ModelOwnership.adminOwned ||
           modelConfig.ownership == ModelOwnership.adminOwnedReadAllowed) &&
-      !authenticatedUser.isAdmin) {
+      authenticatedUser.role != UserRole.admin) {
     throw const ForbiddenException(
       'Only administrators can create this resource.',
     );

test/src/services/jwt_auth_token_service_test.dart

@@ -21,15 +21,14 @@ void main() {
     const testUser = User(
       id: 'user-jwt-123',
       email: 'jwt@example.com',
-      isAnonymous: false,
-      isAdmin: false,
+      role: UserRole.standardUser,
     );
     const testUuidValue = 'test-uuid-v4';
 
     setUpAll(() {
       // Register fallback values for argument matchers
       registerFallbackValue(
-        const User(id: 'fallback', isAnonymous: true, isAdmin: false),
+        const User(id: 'fallback', role: UserRole.guestUser),
       );
       // Register fallback for DateTime if needed for blacklist mock
       registerFallbackValue(DateTime(2024));