Add role control

API/ROLAC.API/Services/IAuthService.cs

@@ -1,4 +1,5 @@
 using ROLAC.API.DTOs.Auth;
+using ROLAC.API.Entities;
 
 namespace ROLAC.API.Services;
 
@@ -28,4 +29,11 @@ public interface IAuthService
     /// Silently succeeds if the token is not found.
     /// </summary>
     Task LogoutAsync(string rawRefreshToken);
+
+    /// <summary>
+    /// Builds the UserInfo payload (identity, roles, and effective permissions) for an
+    /// already-authenticated user. Used by GET /api/auth/me to refresh permissions
+    /// after an admin edits the matrix, without forcing a re-login.
+    /// </summary>
+    Task<UserInfo> BuildUserInfoAsync(AppUser user, IList<string> roles);
 }