RBAC: Phase 1-3, Total Salary fix, employee creation fix, permission groups, backup script

Made-with: Cursor
2026-03-04 19:31:08 +04:00
parent 6034f774ed
commit 8edeaf10f5
46 changed files with 2751 additions and 598 deletions
--- a/backend/prisma/seed.js
+++ b/backend/prisma/seed.js
@@ -0,0 +1,146 @@
+/**
+ * Minimal seed - System Administrator only.
+ * Run with: node prisma/seed.js
+ */
+const { PrismaClient } = require('@prisma/client');
+const bcrypt = require('bcryptjs');
+
+const prisma = new PrismaClient();
+
+async function main() {
+  console.log('🌱 Starting database seeding (minimal - System Administrator only)...');
+
+  const adminDept = await prisma.department.create({
+    data: {
+      name: 'Administration',
+      nameAr: 'الإدارة',
+      code: 'ADMIN',
+      description: 'System administration and configuration',
+    },
+  });
+
+  const sysAdminPosition = await prisma.position.create({
+    data: {
+      title: 'System Administrator',
+      titleAr: 'مدير النظام',
+      code: 'SYS_ADMIN',
+      departmentId: adminDept.id,
+      level: 1,
+      description: 'Full system access - configure and manage all modules',
+    },
+  });
+
+  const modules = ['contacts', 'crm', 'inventory', 'projects', 'hr', 'marketing', 'admin'];
+  for (const module of modules) {
+    await prisma.positionPermission.create({
+      data: {
+        positionId: sysAdminPosition.id,
+        module,
+        resource: '*',
+        actions: ['*'],
+      },
+    });
+  }
+
+  // Create Sales Department and restricted positions
+  const salesDept = await prisma.department.create({
+    data: {
+      name: 'Sales',
+      nameAr: 'المبيعات',
+      code: 'SALES',
+      description: 'Sales and business development',
+    },
+  });
+
+  const salesRepPosition = await prisma.position.create({
+    data: {
+      title: 'Sales Representative',
+      titleAr: 'مندوب مبيعات',
+      code: 'SALES_REP',
+      departmentId: salesDept.id,
+      level: 3,
+      description: 'Limited access - Contacts and CRM deals',
+    },
+  });
+
+  await prisma.positionPermission.createMany({
+    data: [
+      { positionId: salesRepPosition.id, module: 'contacts', resource: '*', actions: ['read', 'create', 'update'] },
+      { positionId: salesRepPosition.id, module: 'crm', resource: 'deals', actions: ['read', 'create', 'update'] },
+    ],
+  });
+
+  const accountantPosition = await prisma.position.create({
+    data: {
+      title: 'Accountant',
+      titleAr: 'محاسب',
+      code: 'ACCOUNTANT',
+      departmentId: adminDept.id,
+      level: 2,
+      description: 'HR read, inventory read, contacts read',
+    },
+  });
+
+  await prisma.positionPermission.createMany({
+    data: [
+      { positionId: accountantPosition.id, module: 'contacts', resource: '*', actions: ['read'] },
+      { positionId: accountantPosition.id, module: 'crm', resource: '*', actions: ['read'] },
+      { positionId: accountantPosition.id, module: 'inventory', resource: '*', actions: ['read'] },
+      { positionId: accountantPosition.id, module: 'hr', resource: '*', actions: ['read'] },
+    ],
+  });
+
+  console.log('✅ Created position and permissions');
+
+  const sysAdminEmployee = await prisma.employee.create({
+    data: {
+      uniqueEmployeeId: 'SYS-001',
+      firstName: 'System',
+      lastName: 'Administrator',
+      firstNameAr: 'مدير',
+      lastNameAr: 'النظام',
+      email: 'admin@system.local',
+      mobile: '+966500000000',
+      dateOfBirth: new Date('1990-01-01'),
+      gender: 'MALE',
+      nationality: 'Saudi',
+      employmentType: 'Full-time',
+      contractType: 'Unlimited',
+      hireDate: new Date(),
+      departmentId: adminDept.id,
+      positionId: sysAdminPosition.id,
+      basicSalary: 0,
+      status: 'ACTIVE',
+    },
+  });
+
+  const hashedPassword = await bcrypt.hash('Admin@123', 10);
+  await prisma.user.create({
+    data: {
+      email: 'admin@system.local',
+      username: 'admin',
+      password: hashedPassword,
+      employeeId: sysAdminEmployee.id,
+      isActive: true,
+    },
+  });
+
+  console.log('✅ Created System Administrator');
+  console.log('\n🎉 Database seeding completed!\n');
+  console.log('📋 System Administrator:');
+  console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━');
+  console.log('   Email: admin@system.local');
+  console.log('   Username: admin');
+  console.log('   Password: Admin@123');
+  console.log('   Access: Full system access (all modules)');
+  console.log('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n');
+}
+
+main()
+  .catch((e) => {
+    console.error('❌ Error seeding database:', e);
+    process.exit(1);
+  })
+  .finally(async () => {
+    await prisma.$disconnect();
+  });