Lifts both per-property and per-property-set RBAC tables from fewo-webapp
into oatpp-authkit. Combined into one commit because they share a
DbClient and the cross-table effective-permission resolver — the resolver
itself stays in fewo since it joins property_set_members (a fewo-side
concept).
New files (all in oatpp-authkit):
- dto/UserPermissionDto.hpp — UserPropertyPermissionDto +
UserGroupPermissionDto, both registered as temporal.
EffectivePermissionDto stays in fewo (it's the result shape of fewo's
property_set_members JOIN).
- db/UserPermissionDb.hpp — DbClient with CRUD for both tables. Each
table also has a *Schema struct exposing kSchema for SchemaBuilder
composition. Natural-key UNIQUE indexes carried explicitly:
ux_..._user_property_until, ux_..._user_set_until.
- repo/ConcreteUserPermissionRepository.hpp — two concrete repos +
makeUserPropertyPermissionRepository / makeUserGroupPermissionRepository
factories that wrap each in TemporalRepository.
- test/test_user_permission_schema.cpp — verifies both schemas compose
with TemporalRepository to produce the expected 5 DDL statements each
(entity table + 3 schema indexes + 1 temporal composite index).
12 of 12 tests pass. Bumped 0.10.0 → 0.11.0.
Per-row natural-key UNIQUE prevents duplicate live grants for the same
(user_id, property_id) or (user_id, set_id) pair while still allowing
historical rows for the same key (their valid_until differs).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
