membership-be/roles_seed.py

"""
Role Seeding Script

This script populates the database with system roles for the dynamic RBAC system.
Creates 4 system roles: Superadmin, Finance, Member, and Guest.

Usage:
    python roles_seed.py

Environment Variables:
    DATABASE_URL - PostgreSQL connection string
"""

import os
import sys
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from database import Base
from models import Role
from dotenv import load_dotenv

# Load environment variables
load_dotenv()

# Database connection
DATABASE_URL = os.getenv("DATABASE_URL")
if not DATABASE_URL:
    print("Error: DATABASE_URL environment variable not set")
    sys.exit(1)

engine = create_engine(DATABASE_URL)
SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)

# ============================================================
# System Role Definitions
# ============================================================

SYSTEM_ROLES = [
    {
        "code": "superadmin",
        "name": "Superadmin",
        "description": "Full system access with all permissions. Can manage roles, permissions, and all platform features.",
        "is_system_role": True
    },
    {
        "code": "admin",
        "name": "Admin",
        "description": "Administrative access to most platform features. Can manage users, events, and content.",
        "is_system_role": True
    },
    {
        "code": "finance",
        "name": "Finance Manager",
        "description": "Access to financial features including subscriptions, payments, and financial reports.",
        "is_system_role": True
    },
    {
        "code": "member",
        "name": "Member",
        "description": "Standard member access. Can view events, manage profile, and participate in community features.",
        "is_system_role": True
    },
    {
        "code": "guest",
        "name": "Guest",
        "description": "Limited access for unverified or pending users. Can view basic information and complete registration.",
        "is_system_role": True
    }
]


def seed_roles():
    """Seed system roles into the database"""
    db = SessionLocal()

    try:
        print("🌱 Starting role seeding...")
        print("="*60)

        # Check if roles already exist
        existing_roles = db.query(Role).filter(Role.is_system_role == True).all()
        if existing_roles:
            print(f"\n⚠️  Found {len(existing_roles)} existing system roles:")
            for role in existing_roles:
                print(f"  • {role.name} ({role.code})")

            response = input("\nDo you want to recreate system roles? This will delete existing system roles. (yes/no): ")
            if response.lower() != 'yes':
                print("\n❌ Seeding cancelled by user")
                return

            print("\n🗑️  Deleting existing system roles...")
            for role in existing_roles:
                db.delete(role)
            db.commit()
            print("✓ Deleted existing system roles")

        # Create system roles
        print(f"\n📝 Creating {len(SYSTEM_ROLES)} system roles...")
        created_roles = []

        for role_data in SYSTEM_ROLES:
            role = Role(
                code=role_data["code"],
                name=role_data["name"],
                description=role_data["description"],
                is_system_role=role_data["is_system_role"],
                created_by=None  # System roles have no creator
            )
            db.add(role)
            created_roles.append(role)
            print(f"  ✓ Created: {role.name} ({role.code})")

        db.commit()
        print(f"\n✅ Created {len(created_roles)} system roles")

        # Display summary
        print("\n" + "="*60)
        print("📊 Seeding Summary:")
        print("="*60)
        print("\nSystem Roles Created:")
        for role in created_roles:
            print(f"\n  • {role.name} ({role.code})")
            print(f"    {role.description}")

        print("\n" + "="*60)
        print("✅ Role seeding completed successfully!")
        print("="*60)

        print("\n📝 Next Steps:")
        print("  1. Migrate existing users to use role_id (Phase 3)")
        print("  2. Migrate role_permissions to use role_id (Phase 3)")
        print("  3. Update authentication logic to use dynamic roles (Phase 3)")
        print("  4. Remove legacy enum columns (Phase 4)")

    except Exception as e:
        db.rollback()
        print(f"\n❌ Error seeding roles: {str(e)}")
        import traceback
        traceback.print_exc()
        raise
    finally:
        db.close()


if __name__ == "__main__":
    seed_roles()