diff --git a/alembic/versions/006_rename_is_active.py b/alembic/versions/006_rename_is_active.py new file mode 100644 index 0000000..dd90a9a --- /dev/null +++ b/alembic/versions/006_rename_is_active.py @@ -0,0 +1,29 @@ +"""rename_is_active + +Revision ID: 006_rename_active +Revises: 005_fix_subs_storage +Create Date: 2026-01-04 + +Fixes: +- Rename subscription_plans.is_active to active (match models.py) +""" +from typing import Sequence, Union +from alembic import op +import sqlalchemy as sa + + +# revision identifiers, used by Alembic. +revision: str = '006_rename_active' +down_revision: Union[str, None] = '005_fix_subs_storage' +branch_labels: Union[str, Sequence[str], None] = None +depends_on: Union[str, Sequence[str], None] = None + + +def upgrade() -> None: + """Rename is_active to active""" + op.alter_column('subscription_plans', 'is_active', new_column_name='active') + + +def downgrade() -> None: + """Rename back to is_active""" + op.alter_column('subscription_plans', 'active', new_column_name='is_active') diff --git a/migrations/005_complete_permissions.sql b/migrations/005_complete_permissions.sql new file mode 100644 index 0000000..b55605c --- /dev/null +++ b/migrations/005_complete_permissions.sql @@ -0,0 +1,216 @@ +-- ============================================================================ +-- Complete Permission Set (60 permissions from development) +-- Run this to sync production with development permissions +-- ============================================================================ + +BEGIN; + +-- Delete old permissions and mappings +DELETE FROM role_permissions; +DELETE FROM permissions; + +-- ============================================================================ +-- Create ALL 60 permissions (matching development) +-- ============================================================================ + +INSERT INTO permissions (id, code, name, description, module, created_at) +VALUES + -- Users Permissions (11) + (gen_random_uuid(), 'users.view', 'View Users', 'View user list and profiles', 'users', NOW()), + (gen_random_uuid(), 'users.create', 'Create Users', 'Create new users', 'users', NOW()), + (gen_random_uuid(), 'users.edit', 'Edit Users', 'Edit user information', 'users', NOW()), + (gen_random_uuid(), 'users.delete', 'Delete Users', 'Delete users', 'users', NOW()), + (gen_random_uuid(), 'users.status', 'Change User Status', 'Update user status', 'users', NOW()), + (gen_random_uuid(), 'users.approve', 'Approve Users', 'Approve pending memberships', 'users', NOW()), + (gen_random_uuid(), 'users.export', 'Export Users', 'Export users to CSV', 'users', NOW()), + (gen_random_uuid(), 'users.import', 'Import Users', 'Import users from CSV', 'users', NOW()), + (gen_random_uuid(), 'users.reset_password', 'Reset User Password', 'Reset user passwords', 'users', NOW()), + (gen_random_uuid(), 'users.resend_verification', 'Resend Verification', 'Resend email verification', 'users', NOW()), + (gen_random_uuid(), 'users.invite', 'Invite Users', 'Send user invitations', 'users', NOW()), + + -- Events Permissions (8) + (gen_random_uuid(), 'events.view', 'View Events', 'View event list', 'events', NOW()), + (gen_random_uuid(), 'events.create', 'Create Events', 'Create new events', 'events', NOW()), + (gen_random_uuid(), 'events.edit', 'Edit Events', 'Edit event information', 'events', NOW()), + (gen_random_uuid(), 'events.delete', 'Delete Events', 'Delete events', 'events', NOW()), + (gen_random_uuid(), 'events.publish', 'Publish Events', 'Publish/unpublish events', 'events', NOW()), + (gen_random_uuid(), 'events.attendance', 'Manage Attendance', 'Mark attendance', 'events', NOW()), + (gen_random_uuid(), 'events.rsvps', 'View RSVPs', 'View event RSVPs', 'events', NOW()), + (gen_random_uuid(), 'events.calendar_export', 'Export Calendar', 'Export events to calendar', 'events', NOW()), + + -- Subscriptions Permissions (7) + (gen_random_uuid(), 'subscriptions.view', 'View Subscriptions', 'View user subscriptions', 'subscriptions', NOW()), + (gen_random_uuid(), 'subscriptions.create', 'Create Subscriptions', 'Create new subscriptions', 'subscriptions', NOW()), + (gen_random_uuid(), 'subscriptions.edit', 'Edit Subscriptions', 'Edit user subscriptions', 'subscriptions', NOW()), + (gen_random_uuid(), 'subscriptions.cancel', 'Cancel Subscriptions', 'Cancel subscriptions', 'subscriptions', NOW()), + (gen_random_uuid(), 'subscriptions.activate', 'Activate Subscriptions', 'Manually activate subscriptions', 'subscriptions', NOW()), + (gen_random_uuid(), 'subscriptions.plans', 'Manage Plans', 'Manage subscription plans', 'subscriptions', NOW()), + (gen_random_uuid(), 'subscriptions.export', 'Export Subscriptions', 'Export subscription data', 'subscriptions', NOW()), + + -- Donations Permissions (2) + (gen_random_uuid(), 'donations.view', 'View Donations', 'View donation records', 'donations', NOW()), + (gen_random_uuid(), 'donations.export', 'Export Donations', 'Export donation data', 'donations', NOW()), + + -- Financials Permissions (6) + (gen_random_uuid(), 'financials.view', 'View Financial Reports', 'View financial reports', 'financials', NOW()), + (gen_random_uuid(), 'financials.create', 'Create Financial Reports', 'Upload financial reports', 'financials', NOW()), + (gen_random_uuid(), 'financials.edit', 'Edit Financial Reports', 'Edit financial reports', 'financials', NOW()), + (gen_random_uuid(), 'financials.delete', 'Delete Financial Reports', 'Delete financial reports', 'financials', NOW()), + (gen_random_uuid(), 'financials.export', 'Export Financial Data', 'Export financial data', 'financials', NOW()), + (gen_random_uuid(), 'financials.payments', 'Manage Payments', 'Process manual payments', 'financials', NOW()), + + -- Newsletters Permissions (6) + (gen_random_uuid(), 'newsletters.view', 'View Newsletters', 'View newsletter archives', 'newsletters', NOW()), + (gen_random_uuid(), 'newsletters.create', 'Create Newsletters', 'Upload newsletter archives', 'newsletters', NOW()), + (gen_random_uuid(), 'newsletters.edit', 'Edit Newsletters', 'Edit newsletter archives', 'newsletters', NOW()), + (gen_random_uuid(), 'newsletters.delete', 'Delete Newsletters', 'Delete newsletter archives', 'newsletters', NOW()), + (gen_random_uuid(), 'newsletters.send', 'Send Newsletters', 'Send newsletters to subscribers', 'newsletters', NOW()), + (gen_random_uuid(), 'newsletters.subscribers', 'Manage Subscribers', 'Manage newsletter subscribers', 'newsletters', NOW()), + + -- Bylaws Permissions (5) + (gen_random_uuid(), 'bylaws.view', 'View Bylaws', 'View bylaws documents', 'bylaws', NOW()), + (gen_random_uuid(), 'bylaws.create', 'Create Bylaws', 'Upload bylaws documents', 'bylaws', NOW()), + (gen_random_uuid(), 'bylaws.edit', 'Edit Bylaws', 'Edit bylaws documents', 'bylaws', NOW()), + (gen_random_uuid(), 'bylaws.delete', 'Delete Bylaws', 'Delete bylaws documents', 'bylaws', NOW()), + (gen_random_uuid(), 'bylaws.publish', 'Publish Bylaws', 'Mark bylaws as current', 'bylaws', NOW()), + + -- Gallery Permissions (5) + (gen_random_uuid(), 'gallery.view', 'View Gallery', 'View event galleries', 'gallery', NOW()), + (gen_random_uuid(), 'gallery.upload', 'Upload Photos', 'Upload event photos', 'gallery', NOW()), + (gen_random_uuid(), 'gallery.edit', 'Edit Gallery', 'Edit photo captions', 'gallery', NOW()), + (gen_random_uuid(), 'gallery.delete', 'Delete Photos', 'Delete event photos', 'gallery', NOW()), + (gen_random_uuid(), 'gallery.moderate', 'Moderate Gallery', 'Approve/reject gallery submissions', 'gallery', NOW()), + + -- Settings Permissions (6) + (gen_random_uuid(), 'settings.view', 'View Settings', 'View system settings', 'settings', NOW()), + (gen_random_uuid(), 'settings.edit', 'Edit Settings', 'Edit system settings', 'settings', NOW()), + (gen_random_uuid(), 'settings.email_templates', 'Manage Email Templates', 'Edit email templates', 'settings', NOW()), + (gen_random_uuid(), 'settings.storage', 'View Storage Usage', 'View storage usage statistics', 'settings', NOW()), + (gen_random_uuid(), 'settings.backup', 'Backup System', 'Create system backups', 'settings', NOW()), + (gen_random_uuid(), 'settings.logs', 'View Logs', 'View system logs', 'settings', NOW()), + + -- Permissions Management (4) + (gen_random_uuid(), 'permissions.view', 'View Permissions', 'View permission list', 'permissions', NOW()), + (gen_random_uuid(), 'permissions.assign', 'Assign Permissions', 'Assign permissions to roles', 'permissions', NOW()), + (gen_random_uuid(), 'permissions.manage_roles', 'Manage Roles', 'Create/edit roles', 'permissions', NOW()), + (gen_random_uuid(), 'permissions.audit', 'View Audit Logs', 'View permission audit logs', 'permissions', NOW()) + +ON CONFLICT (code) DO NOTHING; + +-- ============================================================================ +-- Assign Permissions to Roles +-- ============================================================================ + +-- Guest Role: No permissions + +-- Member Role: Basic viewing only +INSERT INTO role_permissions (id, role, role_id, permission_id, created_at) +SELECT + gen_random_uuid(), + 'member', + (SELECT id FROM roles WHERE code = 'member'), + p.id, + NOW() +FROM permissions p +WHERE p.code IN ( + 'events.view', + 'gallery.view', + 'bylaws.view', + 'newsletters.view' +) +ON CONFLICT DO NOTHING; + +-- Admin Role: Most permissions except financials and permissions management +INSERT INTO role_permissions (id, role, role_id, permission_id, created_at) +SELECT + gen_random_uuid(), + 'admin', + (SELECT id FROM roles WHERE code = 'admin'), + p.id, + NOW() +FROM permissions p +WHERE p.code IN ( + -- User Management + 'users.view', 'users.create', 'users.edit', 'users.approve', 'users.import', + 'users.export', 'users.status', 'users.reset_password', 'users.resend_verification', 'users.invite', + + -- Event Management + 'events.view', 'events.create', 'events.edit', 'events.delete', 'events.publish', + 'events.rsvps', 'events.attendance', 'events.calendar_export', + + -- Gallery + 'gallery.view', 'gallery.upload', 'gallery.edit', 'gallery.delete', 'gallery.moderate', + + -- Content + 'newsletters.view', 'newsletters.create', 'newsletters.edit', 'newsletters.delete', + 'newsletters.send', 'newsletters.subscribers', + 'bylaws.view', 'bylaws.create', 'bylaws.edit', 'bylaws.delete', 'bylaws.publish', + + -- Settings (limited) + 'settings.view', 'settings.storage', 'settings.logs' +) +ON CONFLICT DO NOTHING; + +-- Finance Role: Financial permissions + basic viewing +INSERT INTO role_permissions (id, role, role_id, permission_id, created_at) +SELECT + gen_random_uuid(), + 'finance', + (SELECT id FROM roles WHERE code = 'finance'), + p.id, + NOW() +FROM permissions p +WHERE p.code IN ( + -- Subscriptions & Donations + 'subscriptions.view', 'subscriptions.create', 'subscriptions.plans', 'subscriptions.edit', + 'subscriptions.cancel', 'subscriptions.activate', 'subscriptions.export', + 'donations.view', 'donations.export', + + -- Financial Reports + 'financials.view', 'financials.create', 'financials.edit', 'financials.delete', + 'financials.export', 'financials.payments', + + -- Basic Access + 'users.view', + 'events.view', + 'bylaws.view', + 'newsletters.view' +) +ON CONFLICT DO NOTHING; + +-- Superadmin Role: ALL 60 permissions +INSERT INTO role_permissions (id, role, role_id, permission_id, created_at) +SELECT + gen_random_uuid(), + 'superadmin', + (SELECT id FROM roles WHERE code = 'superadmin'), + p.id, + NOW() +FROM permissions p +ON CONFLICT DO NOTHING; + +COMMIT; + +\echo '✅ Complete permission set created!' +\echo '' +\echo 'Permission counts:' +\echo ' Total permissions: 60' +\echo ' - users: 11' +\echo ' - events: 8' +\echo ' - subscriptions: 7' +\echo ' - donations: 2' +\echo ' - financials: 6' +\echo ' - newsletters: 6' +\echo ' - bylaws: 5' +\echo ' - gallery: 5' +\echo ' - settings: 6' +\echo ' - permissions: 4' +\echo '' +\echo 'Role assignments:' +\echo ' - Guest: 0' +\echo ' - Member: 4 (view only)' +\echo ' - Admin: ~40' +\echo ' - Finance: ~20' +\echo ' - Superadmin: 60 (all)' +\echo '' +\echo 'Next: Restart backend with: pm2 restart membership-backend'