diff --git a/backend/src/database/seeds/database-seeder.service.ts b/backend/src/database/seeds/database-seeder.service.ts index 1446a99..2ab7ae6 100644 --- a/backend/src/database/seeds/database-seeder.service.ts +++ b/backend/src/database/seeds/database-seeder.service.ts @@ -93,7 +93,9 @@ export class DatabaseSeederService { await this.rolesRepository.save(role); this.logger.info(` ✓ Created role: ${role.name}`); } else { - this.logger.info(` ⊙ Role already exists: ${roleData.name}`); + existingRole.permissions = roleData.permissions ?? {}; + await this.rolesRepository.save(existingRole); + this.logger.info(` ✓ Updated permissions for role: ${roleData.name}`); } } } diff --git a/backend/src/database/seeds/roles.seed.ts b/backend/src/database/seeds/roles.seed.ts index cee4f53..5e50092 100644 --- a/backend/src/database/seeds/roles.seed.ts +++ b/backend/src/database/seeds/roles.seed.ts @@ -1,4 +1,5 @@ import { Role } from '../../modules/roles/role.entity'; +import { OrgPermission } from '../../modules/permissions/permissions.constants'; export const defaultRoles: Partial[] = [ { @@ -6,79 +7,40 @@ export const defaultRoles: Partial[] = [ description: 'Full access to organization. Can delete organization and manage all settings.', permissions: { - // Organization management - canDeleteOrganization: true, - canEditOrganization: true, - canViewOrganization: true, - - // User management - canInviteUsers: true, - canRemoveUsers: true, - canEditUserRoles: true, - canViewUsers: true, - - // Role management - canCreateRoles: true, - canEditRoles: true, - canDeleteRoles: true, - canViewRoles: true, - - // Settings - canManageSettings: true, - canViewSettings: true, + [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true, + [OrgPermission.CAN_EDIT_ORG_INVENTORY]: true, + [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: true, + [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: true, }, }, { name: 'Admin', description: 'Administrative access. Can manage users and settings.', permissions: { - // Organization management - canEditOrganization: true, - canViewOrganization: true, - - // User management - canInviteUsers: true, - canRemoveUsers: true, - canEditUserRoles: true, - canViewUsers: true, - - // Role management - canViewRoles: true, - - // Settings - canManageSettings: true, - canViewSettings: true, + [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true, + [OrgPermission.CAN_EDIT_ORG_INVENTORY]: true, + [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: true, + [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: true, }, }, { name: 'Member', description: 'Standard member access. Can view and participate.', permissions: { - // Organization management - canViewOrganization: true, - - // User management - canViewUsers: true, - - // Role management - canViewRoles: true, - - // Settings - canViewSettings: true, + [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true, + [OrgPermission.CAN_EDIT_ORG_INVENTORY]: false, + [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: false, + [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: true, }, }, { name: 'Viewer', description: 'Read-only access. Can only view information.', permissions: { - // Organization management - canViewOrganization: true, - - // User management - canViewUsers: true, - - // Settings - canViewSettings: true, + [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true, + [OrgPermission.CAN_EDIT_ORG_INVENTORY]: false, + [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: false, + [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: false, }, }, ];