[AZ-189] [AZ-190] [AZ-191] [AZ-192] [AZ-193] [AZ-194] [AZ-195] Add e2e blackbox test suite

Made-with: Cursor

_docs/02_document/modules/common_entities_role_enum.md

@@ -0,0 +1,46 @@
+# Module: Azaion.Common.Entities.RoleEnum
+
+## Purpose
+Defines the authorization role hierarchy for the system.
+
+## Public Interface
+
+| Enum Value | Int Value | Description |
+|-----------|-----------|-------------|
+| `None` | 0 | No role assigned |
+| `Operator` | 10 | Annotator access only; can send annotations to queue |
+| `Validator` | 20 | Annotator + dataset explorer; can receive annotations from queue |
+| `CompanionPC` | 30 | Companion PC role |
+| `Admin` | 40 | Admin role |
+| `ResourceUploader` | 50 | Can upload DLLs and AI models |
+| `ApiAdmin` | 1000 | Full access to all operations |
+
+## Internal Logic
+Integer values define a loose hierarchy; higher values don't necessarily imply more permissions — policy-based authorization in `Program.cs` maps specific roles to policies.
+
+## Dependencies
+None.
+
+## Consumers
+- `User.Role` property type
+- `RegisterUserRequest.Role` property type
+- `Program.cs` — authorization policies (`apiAdminPolicy`, `apiUploaderPolicy`)
+- `AuthService.CreateToken` — embeds role as claim
+- `AzaionDbSchemaHolder` — maps Role to/from text in DB
+- `UserService.GetUsers` — filters by role
+- `UserService.ChangeRole` — updates user role
+
+## Data Models
+Part of the `User` entity.
+
+## Configuration
+None.
+
+## External Integrations
+None.
+
+## Security
+Core to the RBAC authorization model. `ApiAdmin` has unrestricted access; `ResourceUploader` can upload resources; other roles have endpoint-level restrictions.
+
+## Tests
+None.