From f256ee179aaf492fe47bd8527f4e8ad172c36ba5 Mon Sep 17 00:00:00 2001
From: Yared Yemane <yaredyemane1@gmail.com>
Date: Tue, 14 Apr 2026 00:35:10 -0700
Subject: [PATCH] permissions data seed

---
 db/data/001_initial_seed_data.sql | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/db/data/001_initial_seed_data.sql b/db/data/001_initial_seed_data.sql
index da3b7c5..3ec8689 100644
--- a/db/data/001_initial_seed_data.sql
+++ b/db/data/001_initial_seed_data.sql
@@ -292,3 +292,15 @@ ON CONFLICT (id) DO NOTHING;
 UPDATE team_members
 SET permissions = '["*"]'::jsonb
 WHERE id = 2 OR email = 'admin@yimaru.com';
+
+-- ======================================================
+-- RBAC safety seed: ensure ADMIN has permission grants
+-- NOTE: API authorization uses RBAC role_permissions, not
+-- team_members.permissions JSON.
+-- ======================================================
+INSERT INTO role_permissions (role_id, permission_id)
+SELECT r.id, p.id
+FROM roles r
+CROSS JOIN permissions p
+WHERE r.name = 'ADMIN'
+ON CONFLICT (role_id, permission_id) DO NOTHING;
\ No newline at end of file