From 37d165522776acc12418531f33c8a9be2cc4ad84 Mon Sep 17 00:00:00 2001
From: Moritz <moritz.m@local-it.org>
Date: Tue, 6 Jan 2026 17:18:29 +0100
Subject: [PATCH] feat: add PermissionSets stub module for role validation

Add minimal PermissionSets module with all_permission_sets/0 function
to support permission_set_name validation in Role resource.
---
 lib/mv/authorization/permission_sets.ex | 34 +++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 lib/mv/authorization/permission_sets.ex

diff --git a/lib/mv/authorization/permission_sets.ex b/lib/mv/authorization/permission_sets.ex
new file mode 100644
index 0000000..fb9d249
--- /dev/null
+++ b/lib/mv/authorization/permission_sets.ex
@@ -0,0 +1,34 @@
+defmodule Mv.Authorization.PermissionSets do
+  @moduledoc """
+  Defines the four hardcoded permission sets for the application.
+
+  This is a minimal stub implementation for Issue #1. The full implementation
+  with all permission details will be added in Issue #2.
+
+  ## Permission Sets
+
+  1. **own_data** - Default for "Mitglied" role
+  2. **read_only** - For "Vorstand" and "Buchhaltung" roles
+  3. **normal_user** - For "Kassenwart" role
+  4. **admin** - For "Admin" role
+
+  ## Usage
+
+      # Get list of all valid permission set names
+      PermissionSets.all_permission_sets()
+      # => [:own_data, :read_only, :normal_user, :admin]
+  """
+
+  @doc """
+  Returns the list of all valid permission set names.
+
+  ## Examples
+
+      iex> PermissionSets.all_permission_sets()
+      [:own_data, :read_only, :normal_user, :admin]
+  """
+  @spec all_permission_sets() :: [atom()]
+  def all_permission_sets do
+    [:own_data, :read_only, :normal_user, :admin]
+  end
+end