-- =============================================================================
-- 种子数据脚本：预置权限列表、默认角色、角色-权限映射
-- 日期：2026-02-25
-- 目标库：test_zqyy_app（通过 APP_DB_DSN 连接）
-- 说明：在 auth Schema 的 permissions、roles、role_permissions 表中插入种子数据。
--       使用 ON CONFLICT DO NOTHING 幂等语法，重复执行不会产生重复数据。
-- 前提：auth.roles、auth.permissions、auth.role_permissions 表已由
--       2026-02-25__p3_create_auth_tables.sql 创建
-- 需求：2.1, 2.2, 2.3, 2.4
-- =============================================================================

-- ---------------------------------------------------------------------------
-- 1. 插入固定权限（5 条）
-- ---------------------------------------------------------------------------
INSERT INTO auth.permissions (code, name, description) VALUES
    ('view_tasks',           '查看任务',       '允许查看任务列表和任务详情'),
    ('view_board',           '查看看板',       '允许查看数据看板概览'),
    ('view_board_finance',   '查看财务看板',   '允许查看财务相关的数据看板'),
    ('view_board_customer',  '查看客户看板',   '允许查看客户相关的数据看板'),
    ('view_board_coach',     '查看助教看板',   '允许查看助教相关的数据看板')
ON CONFLICT (code) DO NOTHING;

-- ---------------------------------------------------------------------------
-- 2. 插入默认角色（4 条）
-- ---------------------------------------------------------------------------
INSERT INTO auth.roles (code, name, description) VALUES
    ('coach',        '助教',       '球房助教，可查看任务和助教看板'),
    ('staff',        '员工',       '球房员工，可查看任务和数据看板'),
    ('site_admin',   '店铺管理员', '单店管理员，可查看所有看板'),
    ('tenant_admin', '租户管理员', '租户级管理员，拥有全部权限')
ON CONFLICT (code) DO NOTHING;

-- ---------------------------------------------------------------------------
-- 3. 插入角色-权限映射
--    coach:        view_tasks, view_board_coach
--    staff:        view_tasks, view_board
--    site_admin:   view_tasks, view_board, view_board_finance, view_board_customer, view_board_coach
--    tenant_admin: 全部 5 个权限
-- ---------------------------------------------------------------------------
INSERT INTO auth.role_permissions (role_id, permission_id)
SELECT r.id, p.id
FROM auth.roles r
CROSS JOIN auth.permissions p
WHERE (r.code, p.code) IN (
    -- coach: 2 个权限
    ('coach',        'view_tasks'),
    ('coach',        'view_board_coach'),
    -- staff: 2 个权限
    ('staff',        'view_tasks'),
    ('staff',        'view_board'),
    -- site_admin: 5 个权限
    ('site_admin',   'view_tasks'),
    ('site_admin',   'view_board'),
    ('site_admin',   'view_board_finance'),
    ('site_admin',   'view_board_customer'),
    ('site_admin',   'view_board_coach'),
    -- tenant_admin: 5 个权限
    ('tenant_admin', 'view_tasks'),
    ('tenant_admin', 'view_board'),
    ('tenant_admin', 'view_board_finance'),
    ('tenant_admin', 'view_board_customer'),
    ('tenant_admin', 'view_board_coach')
)
ON CONFLICT (role_id, permission_id) DO NOTHING;

-- =============================================================================
-- 回滚脚本（按逆序执行）
-- =============================================================================
-- DELETE FROM auth.role_permissions
-- WHERE role_id IN (SELECT id FROM auth.roles WHERE code IN ('coach', 'staff', 'site_admin', 'tenant_admin'))
--   AND permission_id IN (SELECT id FROM auth.permissions WHERE code IN ('view_tasks', 'view_board', 'view_board_finance', 'view_board_customer', 'view_board_coach'));
--
-- DELETE FROM auth.roles WHERE code IN ('coach', 'staff', 'site_admin', 'tenant_admin');
--
-- DELETE FROM auth.permissions WHERE code IN ('view_tasks', 'view_board', 'view_board_finance', 'view_board_customer', 'view_board_coach');