permissions data seed

2026-04-14 00:35:10 -07:00 · 2026-04-14 00:35:10 -07:00 · f256ee179a
commit f256ee179a
parent f7499cb41a
1 changed files with 12 additions and 0 deletions
--- a/db/data/001_initial_seed_data.sql
+++ b/db/data/001_initial_seed_data.sql
@ -292,3 +292,15 @@ ON CONFLICT (id) DO NOTHING;
 UPDATE team_members
 SET permissions = '["*"]'::jsonb
 WHERE id = 2 OR email = 'admin@yimaru.com';
+
+-- ======================================================
+-- RBAC safety seed: ensure ADMIN has permission grants
+-- NOTE: API authorization uses RBAC role_permissions, not
+-- team_members.permissions JSON.
+-- ======================================================
+INSERT INTO role_permissions (role_id, permission_id)
+SELECT r.id, p.id
+FROM roles r
+CROSS JOIN permissions p
+WHERE r.name = 'ADMIN'
+ON CONFLICT (role_id, permission_id) DO NOTHING;