From 952c8f21594365e86ecb57844172ba1fb284827a Mon Sep 17 00:00:00 2001
From: gitaddremote <demian@gitaddremote.com>
Date: Sat, 16 May 2026 12:33:11 -0400
Subject: [PATCH] fix: replace dead camelCase permission keys with
 OrgPermission enum in role seed (ISSUE-162)

- Replace all camelCase permission keys in roles.seed.ts with correct
  OrgPermission enum values (can_view_org_inventory, etc.)
- Import OrgPermission from permissions.constants.ts as single source of truth
- Make seedRoles() upsert permissions on existing roles so re-running
  the seeder heals a broken database rather than silently skipping
- Owner and Admin get full inventory access; Member gets view+shared;
  Viewer gets view-only
---
 .../database/seeds/database-seeder.service.ts |  4 +-
 backend/src/database/seeds/roles.seed.ts      | 72 +++++--------------
 2 files changed, 20 insertions(+), 56 deletions(-)

diff --git a/backend/src/database/seeds/database-seeder.service.ts b/backend/src/database/seeds/database-seeder.service.ts
index 1446a99..2ab7ae6 100644
--- a/backend/src/database/seeds/database-seeder.service.ts
+++ b/backend/src/database/seeds/database-seeder.service.ts
@@ -93,7 +93,9 @@ export class DatabaseSeederService {
         await this.rolesRepository.save(role);
         this.logger.info(`  ✓ Created role: ${role.name}`);
       } else {
-        this.logger.info(`  ⊙ Role already exists: ${roleData.name}`);
+        existingRole.permissions = roleData.permissions ?? {};
+        await this.rolesRepository.save(existingRole);
+        this.logger.info(`  ✓ Updated permissions for role: ${roleData.name}`);
       }
     }
   }
diff --git a/backend/src/database/seeds/roles.seed.ts b/backend/src/database/seeds/roles.seed.ts
index cee4f53..5e50092 100644
--- a/backend/src/database/seeds/roles.seed.ts
+++ b/backend/src/database/seeds/roles.seed.ts
@@ -1,4 +1,5 @@
 import { Role } from '../../modules/roles/role.entity';
+import { OrgPermission } from '../../modules/permissions/permissions.constants';
 
 export const defaultRoles: Partial<Role>[] = [
   {
@@ -6,79 +7,40 @@ export const defaultRoles: Partial<Role>[] = [
     description:
       'Full access to organization. Can delete organization and manage all settings.',
     permissions: {
-      // Organization management
-      canDeleteOrganization: true,
-      canEditOrganization: true,
-      canViewOrganization: true,
-
-      // User management
-      canInviteUsers: true,
-      canRemoveUsers: true,
-      canEditUserRoles: true,
-      canViewUsers: true,
-
-      // Role management
-      canCreateRoles: true,
-      canEditRoles: true,
-      canDeleteRoles: true,
-      canViewRoles: true,
-
-      // Settings
-      canManageSettings: true,
-      canViewSettings: true,
+      [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_EDIT_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: true,
     },
   },
   {
     name: 'Admin',
     description: 'Administrative access. Can manage users and settings.',
     permissions: {
-      // Organization management
-      canEditOrganization: true,
-      canViewOrganization: true,
-
-      // User management
-      canInviteUsers: true,
-      canRemoveUsers: true,
-      canEditUserRoles: true,
-      canViewUsers: true,
-
-      // Role management
-      canViewRoles: true,
-
-      // Settings
-      canManageSettings: true,
-      canViewSettings: true,
+      [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_EDIT_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: true,
     },
   },
   {
     name: 'Member',
     description: 'Standard member access. Can view and participate.',
     permissions: {
-      // Organization management
-      canViewOrganization: true,
-
-      // User management
-      canViewUsers: true,
-
-      // Role management
-      canViewRoles: true,
-
-      // Settings
-      canViewSettings: true,
+      [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_EDIT_ORG_INVENTORY]: false,
+      [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: false,
+      [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: true,
     },
   },
   {
     name: 'Viewer',
     description: 'Read-only access. Can only view information.',
     permissions: {
-      // Organization management
-      canViewOrganization: true,
-
-      // User management
-      canViewUsers: true,
-
-      // Settings
-      canViewSettings: true,
+      [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_EDIT_ORG_INVENTORY]: false,
+      [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: false,
+      [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: false,
     },
   },
 ];