feat: RBAC Phase 1 — consolidate user roles into 4-value enum

Consolidate User.role (2-value: admin/store) + User.is_super_admin (boolean)
into a single 4-value UserRole enum: super_admin, platform_admin,
merchant_owner, store_member. Drop stale StoreUser.user_type column.
Fix role="user" bug in merchant creation.

Key changes:
- Expand UserRole enum from 2 to 4 values with computed properties
  (is_admin, is_super_admin, is_platform_admin, is_merchant_owner, is_store_user)
- Add Alembic migration (tenancy_003) for data migration + column drops
- Remove is_super_admin from JWT token payload
- Update all auth dependencies, services, routes, templates, JS, and tests
- Update all RBAC documentation

66 files changed, 1219 unit tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

app/modules/tenancy/services/admin_platform_service.py

@@ -344,7 +344,7 @@ class AdminPlatformService:
                 reason="User must be an admin to be promoted to super admin",
             )
 
-        user.is_super_admin = is_super_admin
+        user.role = "super_admin" if is_super_admin else "platform_admin"
         user.updated_at = datetime.now(UTC)
         db.flush()
         db.refresh(user)
@@ -402,9 +402,8 @@ class AdminPlatformService:
             hashed_password=auth_manager.hash_password(password),
             first_name=first_name,
             last_name=last_name,
-            role="admin",
+            role="platform_admin",
             is_active=True,
-            is_super_admin=False,  # Platform admin, not super admin
         )
         db.add(user)
         db.flush()
@@ -459,10 +458,12 @@ class AdminPlatformService:
         Returns:
             Tuple of (list of User objects, total count)
         """
-        query = db.query(User).filter(User.role == "admin")
+        query = db.query(User).filter(
+            User.role.in_(["super_admin", "platform_admin"])
+        )
 
         if not include_super_admins:
-            query = query.filter(User.is_super_admin == False)
+            query = query.filter(User.role == "platform_admin")
 
         if is_active is not None:
             query = query.filter(User.is_active == is_active)
@@ -508,7 +509,10 @@ class AdminPlatformService:
         admin = (
             db.query(User)
             .options(joinedload(User.admin_platforms))
-            .filter(User.id == user_id, User.role == "admin")
+            .filter(
+                User.id == user_id,
+                User.role.in_(["super_admin", "platform_admin"]),
+            )
             .first()
         )
 
@@ -560,8 +564,7 @@ class AdminPlatformService:
             hashed_password=get_password_hash(password),
             first_name=first_name,
             last_name=last_name,
-            role="admin",
-            is_super_admin=True,
+            role="super_admin",
             is_active=True,
         )
         db.add(user)
@@ -601,7 +604,10 @@ class AdminPlatformService:
                 operation="deactivate own account",
             )
 
-        admin = db.query(User).filter(User.id == user_id, User.role == "admin").first()
+        admin = db.query(User).filter(
+            User.id == user_id,
+            User.role.in_(["super_admin", "platform_admin"]),
+        ).first()
 
         if not admin:
             raise UserNotFoundException(str(user_id))
@@ -642,7 +648,10 @@ class AdminPlatformService:
                 operation="delete own account",
             )
 
-        admin = db.query(User).filter(User.id == user_id, User.role == "admin").first()
+        admin = db.query(User).filter(
+            User.id == user_id,
+            User.role.in_(["super_admin", "platform_admin"]),
+        ).first()
 
         if not admin:
             raise UserNotFoundException(str(user_id))