fix(warehouse): add migration for warehouse permissions
The warehouse module v1.8.0 deploy created the warehouse tables via Prisma migration but left the corresponding permissions (warehouse.view/operate/ manage/inventory) and admin role assignments un-inserted, because those rows only existed in prisma/seed.ts, which is dev-only and cannot be run against production. This migration inserts the same 4 permissions seed.ts would (with identical display_name and description) and assigns them to the admin role. INSERT IGNORE makes it idempotent and preserves existing role assignments. No data is modified or deleted. Also strengthens CLAUDE.md: every database change or manipulation must be a tracked Prisma migration. No external SQL, no seed-only data, no manual fixes — reviewable, reversible, reproducible from a fresh checkout.
This commit is contained in:
@@ -0,0 +1,29 @@
|
||||
-- Add warehouse module permissions and assign them to the admin role.
|
||||
-- These rows used to be created by `prisma/seed.ts`, which is dev-only and
|
||||
-- must not be run against production (per CLAUDE.md). This migration is
|
||||
-- idempotent: re-running it is a no-op.
|
||||
--
|
||||
-- The 4 permissions match `prisma/seed.ts` lines 284-308 exactly.
|
||||
|
||||
-- 1. Insert the 4 warehouse permissions (INSERT IGNORE skips on duplicate
|
||||
-- name, so re-running the migration is safe).
|
||||
INSERT IGNORE INTO `permissions` (`name`, `display_name`, `module`, `description`, `created_at`) VALUES
|
||||
('warehouse.view', 'Zobrazit sklad', 'warehouse', 'Prohlížet stav skladu, položky, reporty a historii pohybů', NOW()),
|
||||
('warehouse.operate', 'Příjem a výdej', 'warehouse', 'Vytvářet a potvrzovat příjmy, výdeje a rezervace', NOW()),
|
||||
('warehouse.manage', 'Správa skladu', 'warehouse', 'Spravovat katalog materiálů, dodavatele, lokace a kategorie', NOW()),
|
||||
('warehouse.inventory', 'Inventura', 'warehouse', 'Vytvářet a potvrzovat inventurní sčítkání', NOW());
|
||||
|
||||
-- 2. Assign all 4 permissions to the admin role. INSERT IGNORE on the
|
||||
-- composite primary key (role_id, permission_id) makes this idempotent
|
||||
-- and preserves any other role assignments that already exist.
|
||||
INSERT IGNORE INTO `role_permissions` (`role_id`, `permission_id`)
|
||||
SELECT r.id, p.id
|
||||
FROM `roles` r
|
||||
CROSS JOIN `permissions` p
|
||||
WHERE r.name = 'admin'
|
||||
AND p.name IN (
|
||||
'warehouse.view',
|
||||
'warehouse.operate',
|
||||
'warehouse.manage',
|
||||
'warehouse.inventory'
|
||||
);
|
||||
Reference in New Issue
Block a user