feat(auth): introduce explicit planning read permission

2026-03-30 09:15:07 +02:00
parent a50ca09333
commit 93c4374973
11 changed files with 293 additions and 11 deletions
@@ -15,11 +15,28 @@ import { hash } from "@node-rs/argon2";
 import { getHolidayDemoProfileForIndex } from "./holiday-demo-profiles.js";
 import { loadWorkspaceEnv } from "./load-workspace-env.js";
 import { assertSafeSeedTarget } from "./safe-destructive-env.js";
+import { buildSystemRoleConfigSeedData } from "./system-role-config-defaults.js";

 loadWorkspaceEnv();

 const prisma = new PrismaClient();

+async function seedSystemRoleConfigs() {
+  for (const config of buildSystemRoleConfigSeedData()) {
+    await prisma.systemRoleConfig.upsert({
+      where: { role: config.role },
+      update: {
+        label: config.label,
+        description: config.description,
+        defaultPermissions: config.defaultPermissions,
+        color: config.color,
+        sortOrder: config.sortOrder,
+      },
+      create: config,
+    });
+  }
+}
+
 // ─── Skill helpers ─────────────────────────────────────────────────────────────

 interface SkillEntry {
@@ -338,6 +355,7 @@ async function main() {
  });

  console.warn(`Users: admin=${admin.id}, manager=${manager.id}, viewer=${viewer.id}`);
+  await seedSystemRoleConfigs();

  // ── 2b. Create Dispo v2 entities ──────────────────────────────────────────