feat: add cerbos access control

api/stores/event-store/aggregates/account.ts

@@ -1,4 +1,5 @@
 import { toAccountDocument } from "@spec/schemas/account/account.ts";
+import { Role } from "@spec/schemas/account/role.ts";
 import { Strategy } from "@spec/schemas/account/strategies.ts";
 import { Avatar } from "@spec/schemas/avatar.ts";
 import { Contact } from "@spec/schemas/contact.ts";
@@ -22,6 +23,7 @@ export class Account extends AggregateRoot<EventStoreFactory> {
     emails: [],
   };
   strategies: Strategy[] = [];
+  roles: Role[] = [];
 
   createdAt!: Date;
   updatedAt!: Date;
@@ -51,6 +53,11 @@ export class Account extends AggregateRoot<EventStoreFactory> {
         this.updatedAt = getDate(event.created);
         break;
       }
+      case "account:role:added": {
+        this.roles.push(event.data);
+        this.updatedAt = getDate(event.created);
+        break;
+      }
       case "strategy:email:added": {
         this.strategies.push({ type: "email", value: event.data });
         this.updatedAt = getDate(event.created);
@@ -103,11 +110,11 @@ export class Account extends AggregateRoot<EventStoreFactory> {
     });
   }
 
-  addRole(roleId: string, meta: Auditor = systemAuditor): this {
+  addRole(role: Role, meta: Auditor = systemAuditor): this {
     return this.push({
       stream: this.id,
       type: "account:role:added",
-      data: roleId,
+      data: role,
       meta,
     });
   }
@@ -194,8 +201,8 @@ projector.on("account:email:added", async ({ stream: id, data: email }) => {
   await db.collection("accounts").updateOne({ id }, { $push: { "contact.emails": email } });
 });
 
-projector.on("account:role:added", async ({ stream: id, data: roleId }) => {
-  await db.collection("accounts").updateOne({ id }, { $push: { roles: roleId } });
+projector.on("account:role:added", async ({ stream: id, data: role }) => {
+  await db.collection("accounts").updateOne({ id }, { $push: { roles: role } });
 });
 
 projector.on("strategy:email:added", async ({ stream: id, data: email }) => {