From 4043f3bd6cacf6c2e9170720b8be33efd4c1a281 Mon Sep 17 00:00:00 2001
From: Talal Sharabi <code14devops@gmail.com>
Date: Thu, 26 Mar 2026 11:07:03 +0400
Subject: [PATCH] chore(db): add idempotent SQL to backfill tenders
 position_permissions

Made-with: Cursor
---
 backend/prisma/add-tenders-permissions.sql | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 backend/prisma/add-tenders-permissions.sql

diff --git a/backend/prisma/add-tenders-permissions.sql b/backend/prisma/add-tenders-permissions.sql
new file mode 100644
index 0000000..2019c26
--- /dev/null
+++ b/backend/prisma/add-tenders-permissions.sql
@@ -0,0 +1,28 @@
+-- Add tenders module permissions to all positions that have crm or admin access.
+-- Safe to run multiple times (skips if already exists).
+-- Run on server: docker-compose exec -T postgres psql -U postgres -d mind14_crm -f - < backend/prisma/add-tenders-permissions.sql
+-- Or from backend: npx prisma db execute --file prisma/add-tenders-permissions.sql
+
+-- Tenders resource: read, create, update, delete
+INSERT INTO position_permissions (id, "positionId", module, resource, actions, "createdAt", "updatedAt")
+SELECT gen_random_uuid(), sub."positionId", 'tenders', 'tenders', '["read","create","update","delete"]'::jsonb, NOW(), NOW()
+FROM (
+  SELECT DISTINCT pp."positionId" FROM position_permissions pp
+  WHERE pp.module IN ('crm', 'admin')
+) sub
+WHERE NOT EXISTS (
+  SELECT 1 FROM position_permissions pp2
+  WHERE pp2."positionId" = sub."positionId" AND pp2.module = 'tenders' AND pp2.resource = 'tenders'
+);
+
+-- Directives resource: read, create, update
+INSERT INTO position_permissions (id, "positionId", module, resource, actions, "createdAt", "updatedAt")
+SELECT gen_random_uuid(), sub."positionId", 'tenders', 'directives', '["read","create","update"]'::jsonb, NOW(), NOW()
+FROM (
+  SELECT DISTINCT pp."positionId" FROM position_permissions pp
+  WHERE pp.module IN ('crm', 'admin')
+) sub
+WHERE NOT EXISTS (
+  SELECT 1 FROM position_permissions pp2
+  WHERE pp2."positionId" = sub."positionId" AND pp2.module = 'tenders' AND pp2.resource = 'directives'
+);