GitAddRemote · GitAddRemote · May 16, 2026
diff --git a/backend/src/database/seeds/database-seeder.service.ts b/backend/src/database/seeds/database-seeder.service.ts
@@ -93,7 +93,9 @@ export class DatabaseSeederService {
         await this.rolesRepository.save(role);
         this.logger.info(`  ✓ Created role: ${role.name}`);
       } else {
-        this.logger.info(`  ⊙ Role already exists: ${roleData.name}`);
+        existingRole.permissions = roleData.permissions ?? {};
+        await this.rolesRepository.save(existingRole);
+        this.logger.info(`  ✓ Updated permissions for role: ${roleData.name}`);
       }
     }
   }

diff --git a/backend/src/database/seeds/roles.seed.ts b/backend/src/database/seeds/roles.seed.ts
@@ -1,84 +1,46 @@
 import { Role } from '../../modules/roles/role.entity';
+import { OrgPermission } from '../../modules/permissions/permissions.constants';
 
 export const defaultRoles: Partial<Role>[] = [
   {
     name: 'Owner',
     description:
       'Full access to organization. Can delete organization and manage all settings.',
     permissions: {
-      // Organization management
-      canDeleteOrganization: true,
-      canEditOrganization: true,
-      canViewOrganization: true,
-
-      // User management
-      canInviteUsers: true,
-      canRemoveUsers: true,
-      canEditUserRoles: true,
-      canViewUsers: true,
-
-      // Role management
-      canCreateRoles: true,
-      canEditRoles: true,
-      canDeleteRoles: true,
-      canViewRoles: true,
-
-      // Settings
-      canManageSettings: true,
-      canViewSettings: true,
+      [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_EDIT_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: true,
     },
   },
   {
     name: 'Admin',
     description: 'Administrative access. Can manage users and settings.',
     permissions: {
-      // Organization management
-      canEditOrganization: true,
-      canViewOrganization: true,
-
-      // User management
-      canInviteUsers: true,
-      canRemoveUsers: true,
-      canEditUserRoles: true,
-      canViewUsers: true,
-
-      // Role management
-      canViewRoles: true,
-
-      // Settings
-      canManageSettings: true,
-      canViewSettings: true,
+      [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_EDIT_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: true,
     },
   },
   {
     name: 'Member',
     description: 'Standard member access. Can view and participate.',
     permissions: {
-      // Organization management
-      canViewOrganization: true,
-
-      // User management
-      canViewUsers: true,
-
-      // Role management
-      canViewRoles: true,
-
-      // Settings
-      canViewSettings: true,
+      [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_EDIT_ORG_INVENTORY]: false,
+      [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: false,
+      [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: true,
     },
   },
   {
     name: 'Viewer',
     description: 'Read-only access. Can only view information.',
     permissions: {
-      // Organization management
-      canViewOrganization: true,
-
-      // User management
-      canViewUsers: true,
-
-      // Settings
-      canViewSettings: true,
+      [OrgPermission.CAN_VIEW_ORG_INVENTORY]: true,
+      [OrgPermission.CAN_EDIT_ORG_INVENTORY]: false,
+      [OrgPermission.CAN_ADMIN_ORG_INVENTORY]: false,
+      [OrgPermission.CAN_VIEW_MEMBER_SHARED_ITEMS]: false,
     },
   },
 ];