alembic/versions/006_rename_is_active.py

@@ -0,0 +1,29 @@
+"""rename_is_active
+
+Revision ID: 006_rename_active
+Revises: 005_fix_subs_storage
+Create Date: 2026-01-04
+
+Fixes:
+- Rename subscription_plans.is_active to active (match models.py)
+"""
+from typing import Sequence, Union
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '006_rename_active'
+down_revision: Union[str, None] = '005_fix_subs_storage'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    """Rename is_active to active"""
+    op.alter_column('subscription_plans', 'is_active', new_column_name='active')
+
+
+def downgrade() -> None:
+    """Rename back to is_active"""
+    op.alter_column('subscription_plans', 'active', new_column_name='is_active')

migrations/005_complete_permissions.sql

@@ -0,0 +1,216 @@
+-- ============================================================================
+-- Complete Permission Set (60 permissions from development)
+-- Run this to sync production with development permissions
+-- ============================================================================
+
+BEGIN;
+
+-- Delete old permissions and mappings
+DELETE FROM role_permissions;
+DELETE FROM permissions;
+
+-- ============================================================================
+-- Create ALL 60 permissions (matching development)
+-- ============================================================================
+
+INSERT INTO permissions (id, code, name, description, module, created_at)
+VALUES
+    -- Users Permissions (11)
+    (gen_random_uuid(), 'users.view', 'View Users', 'View user list and profiles', 'users', NOW()),
+    (gen_random_uuid(), 'users.create', 'Create Users', 'Create new users', 'users', NOW()),
+    (gen_random_uuid(), 'users.edit', 'Edit Users', 'Edit user information', 'users', NOW()),
+    (gen_random_uuid(), 'users.delete', 'Delete Users', 'Delete users', 'users', NOW()),
+    (gen_random_uuid(), 'users.status', 'Change User Status', 'Update user status', 'users', NOW()),
+    (gen_random_uuid(), 'users.approve', 'Approve Users', 'Approve pending memberships', 'users', NOW()),
+    (gen_random_uuid(), 'users.export', 'Export Users', 'Export users to CSV', 'users', NOW()),
+    (gen_random_uuid(), 'users.import', 'Import Users', 'Import users from CSV', 'users', NOW()),
+    (gen_random_uuid(), 'users.reset_password', 'Reset User Password', 'Reset user passwords', 'users', NOW()),
+    (gen_random_uuid(), 'users.resend_verification', 'Resend Verification', 'Resend email verification', 'users', NOW()),
+    (gen_random_uuid(), 'users.invite', 'Invite Users', 'Send user invitations', 'users', NOW()),
+
+    -- Events Permissions (8)
+    (gen_random_uuid(), 'events.view', 'View Events', 'View event list', 'events', NOW()),
+    (gen_random_uuid(), 'events.create', 'Create Events', 'Create new events', 'events', NOW()),
+    (gen_random_uuid(), 'events.edit', 'Edit Events', 'Edit event information', 'events', NOW()),
+    (gen_random_uuid(), 'events.delete', 'Delete Events', 'Delete events', 'events', NOW()),
+    (gen_random_uuid(), 'events.publish', 'Publish Events', 'Publish/unpublish events', 'events', NOW()),
+    (gen_random_uuid(), 'events.attendance', 'Manage Attendance', 'Mark attendance', 'events', NOW()),
+    (gen_random_uuid(), 'events.rsvps', 'View RSVPs', 'View event RSVPs', 'events', NOW()),
+    (gen_random_uuid(), 'events.calendar_export', 'Export Calendar', 'Export events to calendar', 'events', NOW()),
+
+    -- Subscriptions Permissions (7)
+    (gen_random_uuid(), 'subscriptions.view', 'View Subscriptions', 'View user subscriptions', 'subscriptions', NOW()),
+    (gen_random_uuid(), 'subscriptions.create', 'Create Subscriptions', 'Create new subscriptions', 'subscriptions', NOW()),
+    (gen_random_uuid(), 'subscriptions.edit', 'Edit Subscriptions', 'Edit user subscriptions', 'subscriptions', NOW()),
+    (gen_random_uuid(), 'subscriptions.cancel', 'Cancel Subscriptions', 'Cancel subscriptions', 'subscriptions', NOW()),
+    (gen_random_uuid(), 'subscriptions.activate', 'Activate Subscriptions', 'Manually activate subscriptions', 'subscriptions', NOW()),
+    (gen_random_uuid(), 'subscriptions.plans', 'Manage Plans', 'Manage subscription plans', 'subscriptions', NOW()),
+    (gen_random_uuid(), 'subscriptions.export', 'Export Subscriptions', 'Export subscription data', 'subscriptions', NOW()),
+
+    -- Donations Permissions (2)
+    (gen_random_uuid(), 'donations.view', 'View Donations', 'View donation records', 'donations', NOW()),
+    (gen_random_uuid(), 'donations.export', 'Export Donations', 'Export donation data', 'donations', NOW()),
+
+    -- Financials Permissions (6)
+    (gen_random_uuid(), 'financials.view', 'View Financial Reports', 'View financial reports', 'financials', NOW()),
+    (gen_random_uuid(), 'financials.create', 'Create Financial Reports', 'Upload financial reports', 'financials', NOW()),
+    (gen_random_uuid(), 'financials.edit', 'Edit Financial Reports', 'Edit financial reports', 'financials', NOW()),
+    (gen_random_uuid(), 'financials.delete', 'Delete Financial Reports', 'Delete financial reports', 'financials', NOW()),
+    (gen_random_uuid(), 'financials.export', 'Export Financial Data', 'Export financial data', 'financials', NOW()),
+    (gen_random_uuid(), 'financials.payments', 'Manage Payments', 'Process manual payments', 'financials', NOW()),
+
+    -- Newsletters Permissions (6)
+    (gen_random_uuid(), 'newsletters.view', 'View Newsletters', 'View newsletter archives', 'newsletters', NOW()),
+    (gen_random_uuid(), 'newsletters.create', 'Create Newsletters', 'Upload newsletter archives', 'newsletters', NOW()),
+    (gen_random_uuid(), 'newsletters.edit', 'Edit Newsletters', 'Edit newsletter archives', 'newsletters', NOW()),
+    (gen_random_uuid(), 'newsletters.delete', 'Delete Newsletters', 'Delete newsletter archives', 'newsletters', NOW()),
+    (gen_random_uuid(), 'newsletters.send', 'Send Newsletters', 'Send newsletters to subscribers', 'newsletters', NOW()),
+    (gen_random_uuid(), 'newsletters.subscribers', 'Manage Subscribers', 'Manage newsletter subscribers', 'newsletters', NOW()),
+
+    -- Bylaws Permissions (5)
+    (gen_random_uuid(), 'bylaws.view', 'View Bylaws', 'View bylaws documents', 'bylaws', NOW()),
+    (gen_random_uuid(), 'bylaws.create', 'Create Bylaws', 'Upload bylaws documents', 'bylaws', NOW()),
+    (gen_random_uuid(), 'bylaws.edit', 'Edit Bylaws', 'Edit bylaws documents', 'bylaws', NOW()),
+    (gen_random_uuid(), 'bylaws.delete', 'Delete Bylaws', 'Delete bylaws documents', 'bylaws', NOW()),
+    (gen_random_uuid(), 'bylaws.publish', 'Publish Bylaws', 'Mark bylaws as current', 'bylaws', NOW()),
+
+    -- Gallery Permissions (5)
+    (gen_random_uuid(), 'gallery.view', 'View Gallery', 'View event galleries', 'gallery', NOW()),
+    (gen_random_uuid(), 'gallery.upload', 'Upload Photos', 'Upload event photos', 'gallery', NOW()),
+    (gen_random_uuid(), 'gallery.edit', 'Edit Gallery', 'Edit photo captions', 'gallery', NOW()),
+    (gen_random_uuid(), 'gallery.delete', 'Delete Photos', 'Delete event photos', 'gallery', NOW()),
+    (gen_random_uuid(), 'gallery.moderate', 'Moderate Gallery', 'Approve/reject gallery submissions', 'gallery', NOW()),
+
+    -- Settings Permissions (6)
+    (gen_random_uuid(), 'settings.view', 'View Settings', 'View system settings', 'settings', NOW()),
+    (gen_random_uuid(), 'settings.edit', 'Edit Settings', 'Edit system settings', 'settings', NOW()),
+    (gen_random_uuid(), 'settings.email_templates', 'Manage Email Templates', 'Edit email templates', 'settings', NOW()),
+    (gen_random_uuid(), 'settings.storage', 'View Storage Usage', 'View storage usage statistics', 'settings', NOW()),
+    (gen_random_uuid(), 'settings.backup', 'Backup System', 'Create system backups', 'settings', NOW()),
+    (gen_random_uuid(), 'settings.logs', 'View Logs', 'View system logs', 'settings', NOW()),
+
+    -- Permissions Management (4)
+    (gen_random_uuid(), 'permissions.view', 'View Permissions', 'View permission list', 'permissions', NOW()),
+    (gen_random_uuid(), 'permissions.assign', 'Assign Permissions', 'Assign permissions to roles', 'permissions', NOW()),
+    (gen_random_uuid(), 'permissions.manage_roles', 'Manage Roles', 'Create/edit roles', 'permissions', NOW()),
+    (gen_random_uuid(), 'permissions.audit', 'View Audit Logs', 'View permission audit logs', 'permissions', NOW())
+
+ON CONFLICT (code) DO NOTHING;
+
+-- ============================================================================
+-- Assign Permissions to Roles
+-- ============================================================================
+
+-- Guest Role: No permissions
+
+-- Member Role: Basic viewing only
+INSERT INTO role_permissions (id, role, role_id, permission_id, created_at)
+SELECT
+    gen_random_uuid(),
+    'member',
+    (SELECT id FROM roles WHERE code = 'member'),
+    p.id,
+    NOW()
+FROM permissions p
+WHERE p.code IN (
+    'events.view',
+    'gallery.view',
+    'bylaws.view',
+    'newsletters.view'
+)
+ON CONFLICT DO NOTHING;
+
+-- Admin Role: Most permissions except financials and permissions management
+INSERT INTO role_permissions (id, role, role_id, permission_id, created_at)
+SELECT
+    gen_random_uuid(),
+    'admin',
+    (SELECT id FROM roles WHERE code = 'admin'),
+    p.id,
+    NOW()
+FROM permissions p
+WHERE p.code IN (
+    -- User Management
+    'users.view', 'users.create', 'users.edit', 'users.approve', 'users.import',
+    'users.export', 'users.status', 'users.reset_password', 'users.resend_verification', 'users.invite',
+
+    -- Event Management
+    'events.view', 'events.create', 'events.edit', 'events.delete', 'events.publish',
+    'events.rsvps', 'events.attendance', 'events.calendar_export',
+
+    -- Gallery
+    'gallery.view', 'gallery.upload', 'gallery.edit', 'gallery.delete', 'gallery.moderate',
+
+    -- Content
+    'newsletters.view', 'newsletters.create', 'newsletters.edit', 'newsletters.delete',
+    'newsletters.send', 'newsletters.subscribers',
+    'bylaws.view', 'bylaws.create', 'bylaws.edit', 'bylaws.delete', 'bylaws.publish',
+
+    -- Settings (limited)
+    'settings.view', 'settings.storage', 'settings.logs'
+)
+ON CONFLICT DO NOTHING;
+
+-- Finance Role: Financial permissions + basic viewing
+INSERT INTO role_permissions (id, role, role_id, permission_id, created_at)
+SELECT
+    gen_random_uuid(),
+    'finance',
+    (SELECT id FROM roles WHERE code = 'finance'),
+    p.id,
+    NOW()
+FROM permissions p
+WHERE p.code IN (
+    -- Subscriptions & Donations
+    'subscriptions.view', 'subscriptions.create', 'subscriptions.plans', 'subscriptions.edit',
+    'subscriptions.cancel', 'subscriptions.activate', 'subscriptions.export',
+    'donations.view', 'donations.export',
+
+    -- Financial Reports
+    'financials.view', 'financials.create', 'financials.edit', 'financials.delete',
+    'financials.export', 'financials.payments',
+
+    -- Basic Access
+    'users.view',
+    'events.view',
+    'bylaws.view',
+    'newsletters.view'
+)
+ON CONFLICT DO NOTHING;
+
+-- Superadmin Role: ALL 60 permissions
+INSERT INTO role_permissions (id, role, role_id, permission_id, created_at)
+SELECT
+    gen_random_uuid(),
+    'superadmin',
+    (SELECT id FROM roles WHERE code = 'superadmin'),
+    p.id,
+    NOW()
+FROM permissions p
+ON CONFLICT DO NOTHING;
+
+COMMIT;
+
+\echo '✅ Complete permission set created!'
+\echo ''
+\echo 'Permission counts:'
+\echo '  Total permissions: 60'
+\echo '  - users: 11'
+\echo '  - events: 8'
+\echo '  - subscriptions: 7'
+\echo '  - donations: 2'
+\echo '  - financials: 6'
+\echo '  - newsletters: 6'
+\echo '  - bylaws: 5'
+\echo '  - gallery: 5'
+\echo '  - settings: 6'
+\echo '  - permissions: 4'
+\echo ''
+\echo 'Role assignments:'
+\echo '  - Guest: 0'
+\echo '  - Member: 4 (view only)'
+\echo '  - Admin: ~40'
+\echo '  - Finance: ~20'
+\echo '  - Superadmin: 60 (all)'
+\echo ''
+\echo 'Next: Restart backend with: pm2 restart membership-backend'