From 0cd5350a7b1a5453c4c3bd496faf4324fec2a727 Mon Sep 17 00:00:00 2001
From: Andika <andika@konceptkit.com>
Date: Mon, 2 Feb 2026 17:06:36 +0700
Subject: [PATCH] no message

---
 add_directory_permissions.py | 141 +++++++++++++++++++++++++++++++++++
 1 file changed, 141 insertions(+)
 create mode 100644 add_directory_permissions.py

diff --git a/add_directory_permissions.py b/add_directory_permissions.py
new file mode 100644
index 0000000..2818bd4
--- /dev/null
+++ b/add_directory_permissions.py
@@ -0,0 +1,141 @@
+#!/usr/bin/env python3
+"""
+Add Directory Permissions Script
+
+This script adds the new directory.view and directory.manage permissions
+without clearing existing permissions.
+
+Usage:
+    python add_directory_permissions.py
+"""
+
+import os
+import sys
+from sqlalchemy import create_engine, text
+from sqlalchemy.orm import sessionmaker
+from database import Base
+from models import Permission, RolePermission, Role, UserRole
+from dotenv import load_dotenv
+
+# Load environment variables
+load_dotenv()
+
+# Database connection
+DATABASE_URL = os.getenv("DATABASE_URL")
+if not DATABASE_URL:
+    print("Error: DATABASE_URL environment variable not set")
+    sys.exit(1)
+
+engine = create_engine(DATABASE_URL)
+SessionLocal = sessionmaker(autocommit=False, autoflush=False, bind=engine)
+
+# New directory permissions
+NEW_PERMISSIONS = [
+    {"code": "directory.view", "name": "View Directory Settings", "description": "View member directory field configuration", "module": "directory"},
+    {"code": "directory.manage", "name": "Manage Directory Fields", "description": "Enable/disable directory fields shown in Profile and Directory pages", "module": "directory"},
+]
+
+# Roles that should have these permissions
+ROLE_PERMISSION_MAP = {
+    "directory.view": ["admin", "superadmin"],
+    "directory.manage": ["admin", "superadmin"],
+}
+
+
+def add_directory_permissions():
+    """Add directory permissions and assign to appropriate roles"""
+    db = SessionLocal()
+
+    try:
+        print("=" * 60)
+        print("Adding Directory Permissions")
+        print("=" * 60)
+
+        # Step 1: Add permissions if they don't exist
+        print("\n1. Adding permissions...")
+        permission_map = {}
+
+        for perm_data in NEW_PERMISSIONS:
+            existing = db.query(Permission).filter(Permission.code == perm_data["code"]).first()
+            if existing:
+                print(f"   - {perm_data['code']}: Already exists")
+                permission_map[perm_data["code"]] = existing
+            else:
+                permission = Permission(
+                    code=perm_data["code"],
+                    name=perm_data["name"],
+                    description=perm_data["description"],
+                    module=perm_data["module"]
+                )
+                db.add(permission)
+                db.flush()  # Get the ID
+                permission_map[perm_data["code"]] = permission
+                print(f"   - {perm_data['code']}: Created")
+
+        db.commit()
+
+        # Step 2: Get roles
+        print("\n2. Fetching roles...")
+        roles = db.query(Role).all()
+        role_map = {role.code: role for role in roles}
+        print(f"   Found {len(roles)} roles: {', '.join(role_map.keys())}")
+
+        # Enum mapping for backward compatibility
+        role_enum_map = {
+            'guest': UserRole.guest,
+            'member': UserRole.member,
+            'admin': UserRole.admin,
+            'superadmin': UserRole.superadmin,
+            'finance': UserRole.finance
+        }
+
+        # Step 3: Assign permissions to roles
+        print("\n3. Assigning permissions to roles...")
+        for perm_code, role_codes in ROLE_PERMISSION_MAP.items():
+            permission = permission_map.get(perm_code)
+            if not permission:
+                print(f"   Warning: Permission {perm_code} not found")
+                continue
+
+            for role_code in role_codes:
+                role = role_map.get(role_code)
+                if not role:
+                    print(f"   Warning: Role {role_code} not found")
+                    continue
+
+                # Check if mapping already exists
+                existing_mapping = db.query(RolePermission).filter(
+                    RolePermission.role_id == role.id,
+                    RolePermission.permission_id == permission.id
+                ).first()
+
+                if existing_mapping:
+                    print(f"   - {role_code} -> {perm_code}: Already assigned")
+                else:
+                    role_enum = role_enum_map.get(role_code, UserRole.guest)
+                    mapping = RolePermission(
+                        role=role_enum,
+                        role_id=role.id,
+                        permission_id=permission.id
+                    )
+                    db.add(mapping)
+                    print(f"   - {role_code} -> {perm_code}: Assigned")
+
+        db.commit()
+
+        print("\n" + "=" * 60)
+        print("Directory permissions added successfully!")
+        print("=" * 60)
+
+    except Exception as e:
+        db.rollback()
+        print(f"\nError: {str(e)}")
+        import traceback
+        traceback.print_exc()
+        raise
+    finally:
+        db.close()
+
+
+if __name__ == "__main__":
+    add_directory_permissions()