Add role/permission checks to restrict operations based on user roles

[erseco]

It would be useful to introduce a mechanism to check the role or permissions of the currently logged-in Moodle user before allowing certain operations to execute.

Use case

For example, some commands (like courses create or users delete) should only be allowed if the logged-in user has an appropriate role (e.g., site administrator or manager). Right now, the tool assumes full access and fails only when Moodle rejects the operation server-side. Adding this verification client-side would make the behavior clearer and more robust.

Proposed solution

Introduce a decorator (e.g. @requires_role("admin")) that can be applied to any CLI command or internal function. The decorator would:

1. Fetch the current user role from the session (if not already cached).
2. Compare it against the required minimum role.
3. Raise an informative error or abort the CLI command if the role is insufficient.

Ideas

• The role could be retrieved using a lightweight endpoint (e.g. the dashboard or user profile page).
• A mapping of roles to permission levels could be configured or hardcoded.
• CLI commands could be annotated with a required role (or list of accepted roles).

Example

@requires_role("manager")
def create_course(...):
    ...

This would prevent non-manager users from executing the command.