-- ============================================================================
-- Complete Permission Set (60 permissions from development)
-- Run this to sync production with development permissions
-- ============================================================================

BEGIN;

-- Delete old permissions and mappings
DELETE FROM role_permissions;
DELETE FROM permissions;

-- ============================================================================
-- Create ALL 60 permissions (matching development)
-- ============================================================================

INSERT INTO permissions (id, code, name, description, module, created_at)
VALUES
    -- Users Permissions (11)
    (gen_random_uuid(), 'users.view', 'View Users', 'View user list and profiles', 'users', NOW()),
    (gen_random_uuid(), 'users.create', 'Create Users', 'Create new users', 'users', NOW()),
    (gen_random_uuid(), 'users.edit', 'Edit Users', 'Edit user information', 'users', NOW()),
    (gen_random_uuid(), 'users.delete', 'Delete Users', 'Delete users', 'users', NOW()),
    (gen_random_uuid(), 'users.status', 'Change User Status', 'Update user status', 'users', NOW()),
    (gen_random_uuid(), 'users.approve', 'Approve Users', 'Approve pending memberships', 'users', NOW()),
    (gen_random_uuid(), 'users.export', 'Export Users', 'Export users to CSV', 'users', NOW()),
    (gen_random_uuid(), 'users.import', 'Import Users', 'Import users from CSV', 'users', NOW()),
    (gen_random_uuid(), 'users.reset_password', 'Reset User Password', 'Reset user passwords', 'users', NOW()),
    (gen_random_uuid(), 'users.resend_verification', 'Resend Verification', 'Resend email verification', 'users', NOW()),
    (gen_random_uuid(), 'users.invite', 'Invite Users', 'Send user invitations', 'users', NOW()),

    -- Events Permissions (8)
    (gen_random_uuid(), 'events.view', 'View Events', 'View event list', 'events', NOW()),
    (gen_random_uuid(), 'events.create', 'Create Events', 'Create new events', 'events', NOW()),
    (gen_random_uuid(), 'events.edit', 'Edit Events', 'Edit event information', 'events', NOW()),
    (gen_random_uuid(), 'events.delete', 'Delete Events', 'Delete events', 'events', NOW()),
    (gen_random_uuid(), 'events.publish', 'Publish Events', 'Publish/unpublish events', 'events', NOW()),
    (gen_random_uuid(), 'events.attendance', 'Manage Attendance', 'Mark attendance', 'events', NOW()),
    (gen_random_uuid(), 'events.rsvps', 'View RSVPs', 'View event RSVPs', 'events', NOW()),
    (gen_random_uuid(), 'events.calendar_export', 'Export Calendar', 'Export events to calendar', 'events', NOW()),

    -- Subscriptions Permissions (7)
    (gen_random_uuid(), 'subscriptions.view', 'View Subscriptions', 'View user subscriptions', 'subscriptions', NOW()),
    (gen_random_uuid(), 'subscriptions.create', 'Create Subscriptions', 'Create new subscriptions', 'subscriptions', NOW()),
    (gen_random_uuid(), 'subscriptions.edit', 'Edit Subscriptions', 'Edit user subscriptions', 'subscriptions', NOW()),
    (gen_random_uuid(), 'subscriptions.cancel', 'Cancel Subscriptions', 'Cancel subscriptions', 'subscriptions', NOW()),
    (gen_random_uuid(), 'subscriptions.activate', 'Activate Subscriptions', 'Manually activate subscriptions', 'subscriptions', NOW()),
    (gen_random_uuid(), 'subscriptions.plans', 'Manage Plans', 'Manage subscription plans', 'subscriptions', NOW()),
    (gen_random_uuid(), 'subscriptions.export', 'Export Subscriptions', 'Export subscription data', 'subscriptions', NOW()),

    -- Donations Permissions (2)
    (gen_random_uuid(), 'donations.view', 'View Donations', 'View donation records', 'donations', NOW()),
    (gen_random_uuid(), 'donations.export', 'Export Donations', 'Export donation data', 'donations', NOW()),

    -- Financials Permissions (6)
    (gen_random_uuid(), 'financials.view', 'View Financial Reports', 'View financial reports', 'financials', NOW()),
    (gen_random_uuid(), 'financials.create', 'Create Financial Reports', 'Upload financial reports', 'financials', NOW()),
    (gen_random_uuid(), 'financials.edit', 'Edit Financial Reports', 'Edit financial reports', 'financials', NOW()),
    (gen_random_uuid(), 'financials.delete', 'Delete Financial Reports', 'Delete financial reports', 'financials', NOW()),
    (gen_random_uuid(), 'financials.export', 'Export Financial Data', 'Export financial data', 'financials', NOW()),
    (gen_random_uuid(), 'financials.payments', 'Manage Payments', 'Process manual payments', 'financials', NOW()),

    -- Newsletters Permissions (6)
    (gen_random_uuid(), 'newsletters.view', 'View Newsletters', 'View newsletter archives', 'newsletters', NOW()),
    (gen_random_uuid(), 'newsletters.create', 'Create Newsletters', 'Upload newsletter archives', 'newsletters', NOW()),
    (gen_random_uuid(), 'newsletters.edit', 'Edit Newsletters', 'Edit newsletter archives', 'newsletters', NOW()),
    (gen_random_uuid(), 'newsletters.delete', 'Delete Newsletters', 'Delete newsletter archives', 'newsletters', NOW()),
    (gen_random_uuid(), 'newsletters.send', 'Send Newsletters', 'Send newsletters to subscribers', 'newsletters', NOW()),
    (gen_random_uuid(), 'newsletters.subscribers', 'Manage Subscribers', 'Manage newsletter subscribers', 'newsletters', NOW()),

    -- Bylaws Permissions (5)
    (gen_random_uuid(), 'bylaws.view', 'View Bylaws', 'View bylaws documents', 'bylaws', NOW()),
    (gen_random_uuid(), 'bylaws.create', 'Create Bylaws', 'Upload bylaws documents', 'bylaws', NOW()),
    (gen_random_uuid(), 'bylaws.edit', 'Edit Bylaws', 'Edit bylaws documents', 'bylaws', NOW()),
    (gen_random_uuid(), 'bylaws.delete', 'Delete Bylaws', 'Delete bylaws documents', 'bylaws', NOW()),
    (gen_random_uuid(), 'bylaws.publish', 'Publish Bylaws', 'Mark bylaws as current', 'bylaws', NOW()),

    -- Gallery Permissions (5)
    (gen_random_uuid(), 'gallery.view', 'View Gallery', 'View event galleries', 'gallery', NOW()),
    (gen_random_uuid(), 'gallery.upload', 'Upload Photos', 'Upload event photos', 'gallery', NOW()),
    (gen_random_uuid(), 'gallery.edit', 'Edit Gallery', 'Edit photo captions', 'gallery', NOW()),
    (gen_random_uuid(), 'gallery.delete', 'Delete Photos', 'Delete event photos', 'gallery', NOW()),
    (gen_random_uuid(), 'gallery.moderate', 'Moderate Gallery', 'Approve/reject gallery submissions', 'gallery', NOW()),

    -- Settings Permissions (6)
    (gen_random_uuid(), 'settings.view', 'View Settings', 'View system settings', 'settings', NOW()),
    (gen_random_uuid(), 'settings.edit', 'Edit Settings', 'Edit system settings', 'settings', NOW()),
    (gen_random_uuid(), 'settings.email_templates', 'Manage Email Templates', 'Edit email templates', 'settings', NOW()),
    (gen_random_uuid(), 'settings.storage', 'View Storage Usage', 'View storage usage statistics', 'settings', NOW()),
    (gen_random_uuid(), 'settings.backup', 'Backup System', 'Create system backups', 'settings', NOW()),
    (gen_random_uuid(), 'settings.logs', 'View Logs', 'View system logs', 'settings', NOW()),

    -- Permissions Management (4)
    (gen_random_uuid(), 'permissions.view', 'View Permissions', 'View permission list', 'permissions', NOW()),
    (gen_random_uuid(), 'permissions.assign', 'Assign Permissions', 'Assign permissions to roles', 'permissions', NOW()),
    (gen_random_uuid(), 'permissions.manage_roles', 'Manage Roles', 'Create/edit roles', 'permissions', NOW()),
    (gen_random_uuid(), 'permissions.audit', 'View Audit Logs', 'View permission audit logs', 'permissions', NOW())

ON CONFLICT (code) DO NOTHING;

-- ============================================================================
-- Assign Permissions to Roles
-- ============================================================================

-- Guest Role: No permissions

-- Member Role: Basic viewing only
INSERT INTO role_permissions (id, role, role_id, permission_id, created_at)
SELECT
    gen_random_uuid(),
    'member',
    (SELECT id FROM roles WHERE code = 'member'),
    p.id,
    NOW()
FROM permissions p
WHERE p.code IN (
    'events.view',
    'gallery.view',
    'bylaws.view',
    'newsletters.view'
)
ON CONFLICT DO NOTHING;

-- Admin Role: Most permissions except financials and permissions management
INSERT INTO role_permissions (id, role, role_id, permission_id, created_at)
SELECT
    gen_random_uuid(),
    'admin',
    (SELECT id FROM roles WHERE code = 'admin'),
    p.id,
    NOW()
FROM permissions p
WHERE p.code IN (
    -- User Management
    'users.view', 'users.create', 'users.edit', 'users.approve', 'users.import',
    'users.export', 'users.status', 'users.reset_password', 'users.resend_verification', 'users.invite',

    -- Event Management
    'events.view', 'events.create', 'events.edit', 'events.delete', 'events.publish',
    'events.rsvps', 'events.attendance', 'events.calendar_export',

    -- Gallery
    'gallery.view', 'gallery.upload', 'gallery.edit', 'gallery.delete', 'gallery.moderate',

    -- Content
    'newsletters.view', 'newsletters.create', 'newsletters.edit', 'newsletters.delete',
    'newsletters.send', 'newsletters.subscribers',
    'bylaws.view', 'bylaws.create', 'bylaws.edit', 'bylaws.delete', 'bylaws.publish',

    -- Settings (limited)
    'settings.view', 'settings.storage', 'settings.logs'
)
ON CONFLICT DO NOTHING;

-- Finance Role: Financial permissions + basic viewing
INSERT INTO role_permissions (id, role, role_id, permission_id, created_at)
SELECT
    gen_random_uuid(),
    'finance',
    (SELECT id FROM roles WHERE code = 'finance'),
    p.id,
    NOW()
FROM permissions p
WHERE p.code IN (
    -- Subscriptions & Donations
    'subscriptions.view', 'subscriptions.create', 'subscriptions.plans', 'subscriptions.edit',
    'subscriptions.cancel', 'subscriptions.activate', 'subscriptions.export',
    'donations.view', 'donations.export',

    -- Financial Reports
    'financials.view', 'financials.create', 'financials.edit', 'financials.delete',
    'financials.export', 'financials.payments',

    -- Basic Access
    'users.view',
    'events.view',
    'bylaws.view',
    'newsletters.view'
)
ON CONFLICT DO NOTHING;

-- Superadmin Role: ALL 60 permissions
INSERT INTO role_permissions (id, role, role_id, permission_id, created_at)
SELECT
    gen_random_uuid(),
    'superadmin',
    (SELECT id FROM roles WHERE code = 'superadmin'),
    p.id,
    NOW()
FROM permissions p
ON CONFLICT DO NOTHING;

COMMIT;

\echo '✅ Complete permission set created!'
\echo ''
\echo 'Permission counts:'
\echo '  Total permissions: 60'
\echo '  - users: 11'
\echo '  - events: 8'
\echo '  - subscriptions: 7'
\echo '  - donations: 2'
\echo '  - financials: 6'
\echo '  - newsletters: 6'
\echo '  - bylaws: 5'
\echo '  - gallery: 5'
\echo '  - settings: 6'
\echo '  - permissions: 4'
\echo ''
\echo 'Role assignments:'
\echo '  - Guest: 0'
\echo '  - Member: 4 (view only)'
\echo '  - Admin: ~40'
\echo '  - Finance: ~20'
\echo '  - Superadmin: 60 (all)'
\echo ''
\echo 'Next: Restart backend with: pm2 restart membership-backend'