Resolve user roles across account hierarchy

You are given: 1. An account hierarchy: ```json accounts = [ {"accountId": "org_1", "parent": null}, {"accountId": "wksp_1", "parent": "org_1"} ] ``` - The hierarchy is a forest. - There are **no cycles**. - Depth is small (e.g., at most grandparent/parent/child), but your solution should not rely on this unless stated. 2. Role assignments: ```json user_role_assignments = [ {"userId": "usr_1", "accountId": "org_1", "role": "admin"} ] ``` Roles are strings. ## Part 1 — Get roles for a user on an account Implement: - `getRoles(userId, accountId) -> set(roles)` based only on direct assignments on that exact account. ## Part 2 — Include ancestor roles Implement: - `getRolesWithAncestors(userId, accountId) -> set(roles)` that returns roles assigned to the user on `accountId` **and** on all ancestor accounts up to the root. ## Part 3 — Get users for an account (including ancestor roles) Implement: - `getUsersForAccount(accountId) -> map(userId -> set(roles))` Return all users who have at least one role effective on `accountId` when considering ancestor inheritance as in Part 2. ## Part 4 — Filter users by required roles Implement: - `getUsersForAccountWithFilter(accountId, rolesFilter) -> list(userId)` Return only users whose effective role set (including ancestors) contains **all** roles in `rolesFilter`. ### Example `getUsersForAccountWithFilter("wksp_1", [])` should return all users effective on `wksp_1`. ## Notes - Define whether duplicate assignments should be deduplicated. - Maintain deterministic ordering if required (e.g., sort userIds).