Admin portal only uses first role when member has multiple roles

[rubin110]

Summary

When loading permissions at login, the admin portal only uses the first role returned by DHService (roles[0]). If a member has multiple roles assigned (e.g. both Authorizer and Board), only the first role's permissions are applied — the others are silently ignored.

Affected Code

code/DHAdminPortal/app.py — in the index() route:

role_info = roles_data["roles"][0]  # Get first role
session["user_role"] = role_info.get("role_name", "Unknown")
session["user_permissions"] = role_info.get("permission", {})

Question

Should we:

1. Merge permissions — union the view and change arrays across all assigned roles, giving the member the combined permissions of all their roles?
2. Use highest privilege — pick the role with the broadest permissions?
3. Leave as-is — keep single-role behavior and document that members should only have one admin role assigned?

Context

Currently only three roles exist (Authorizer, Administrator, Board) and it's unclear whether members are expected to hold multiple roles simultaneously. If they are, option 1 (merge) is the most intuitive behavior. If not, the code should validate and warn when multiple roles are found.

[rubin110]

@tachoknight Is the design that the users should only have one role or multiple?