"""RBAC 002 - Create permissions table and seed 33 permission slugs PRD-008 RBAC — Migration 2 of 7 Creates the permissions table and seeds all platform permission slugs that map to discrete module/operation pairs. Revision ID: rbac002b3c4d5e Revises: rbac001a2b3c4d Create Date: 2026-03-19 00:00:02.000000 """ from typing import Sequence, Union from alembic import op import sqlalchemy as sa # revision identifiers, used by Alembic. revision: str = 'rbac002b3c4d5e' down_revision: Union[str, Sequence[str], None] = 'rbac001a2b3c4d' branch_labels: Union[str, Sequence[str], None] = None depends_on: Union[str, Sequence[str], None] = None def upgrade() -> None: # ── 1. Create permissions table ─────────────────────────────────────────── op.create_table( 'permissions', sa.Column('id', sa.Integer(), autoincrement=True, nullable=False), sa.Column('module', sa.String(length=100), nullable=False), sa.Column('submodule', sa.String(length=100), nullable=True), sa.Column('operation', sa.String(length=100), nullable=False), sa.Column('slug', sa.String(length=200), nullable=False), sa.Column('operation_label', sa.String(length=200), nullable=True), sa.Column('display_order', sa.Integer(), nullable=True), sa.Column( 'is_system', sa.Boolean(), nullable=False, server_default=sa.text('true'), ), sa.PrimaryKeyConstraint('id'), ) op.create_index(op.f('ix_permissions_id'), 'permissions', ['id'], unique=False) op.create_index('ix_permissions_slug', 'permissions', ['slug'], unique=True) # ── 2. Create roles_permissions junction table ──────────────────────────── op.create_table( 'roles_permissions', sa.Column('role_id', sa.Integer(), sa.ForeignKey('roles.id', onupdate='CASCADE', ondelete='CASCADE'), nullable=False), sa.Column('permission_id', sa.Integer(), sa.ForeignKey('permissions.id', onupdate='CASCADE', ondelete='CASCADE'), nullable=False), ) # ── 3. Seed all 33 permission slugs ─────────────────────────────────────── op.execute( """ INSERT INTO permissions (module, submodule, operation, slug, operation_label, display_order, is_system) VALUES -- transactions (100-series) ('transactions', NULL, 'view', 'transactions:view', 'View Transactions', 101, true), ('transactions', NULL, 'create', 'transactions:create', 'Create Transactions', 102, true), ('transactions', NULL, 'refund', 'transactions:refund', 'Refund Transactions', 103, true), ('transactions', NULL, 'void', 'transactions:void', 'Void Transactions', 104, true), ('transactions', NULL, 'export', 'transactions:export', 'Export Transactions', 105, true), -- invoices (200-series) ('invoices', NULL, 'view', 'invoices:view', 'View Invoices', 201, true), ('invoices', NULL, 'create', 'invoices:create', 'Create Invoices', 202, true), ('invoices', NULL, 'send', 'invoices:send', 'Send Invoices', 203, true), ('invoices', NULL, 'delete', 'invoices:delete', 'Delete Invoices', 204, true), -- customers (300-series) ('customers', NULL, 'view', 'customers:view', 'View Customers', 301, true), ('customers', NULL, 'create', 'customers:create', 'Create Customers', 302, true), ('customers', NULL, 'edit', 'customers:edit', 'Edit Customers', 303, true), ('customers', NULL, 'delete', 'customers:delete', 'Delete Customers', 304, true), -- items (400-series) ('items', NULL, 'view', 'items:view', 'View Items', 401, true), ('items', NULL, 'create', 'items:create', 'Create Items', 402, true), ('items', NULL, 'edit', 'items:edit', 'Edit Items', 403, true), ('items', NULL, 'delete', 'items:delete', 'Delete Items', 404, true), -- reports (500-series) ('reports', NULL, 'view', 'reports:view', 'View Reports', 501, true), ('reports', NULL, 'export', 'reports:export', 'Export Reports', 502, true), -- payments (600-series) ('payments', NULL, 'virtual_terminal', 'payments:virtual_terminal', 'Use Virtual Terminal', 601, true), ('payments', NULL, 'hpp', 'payments:hpp', 'Use Hosted Payment Page', 602, true), -- users (700-series) ('users', NULL, 'view', 'users:view', 'View Team Members', 701, true), ('users', NULL, 'invite', 'users:invite', 'Invite Team Members', 702, true), ('users', NULL, 'remove', 'users:remove', 'Remove Team Members', 703, true), ('users', NULL, 'manage_admins', 'users:manage_admins', 'Manage Admins & Roles', 704, true), ('users', NULL, 'transfer_ownership','users:transfer_ownership','Transfer Ownership', 705, true), -- settings (800-series) ('settings', NULL, 'view', 'settings:view', 'View Settings', 801, true), ('settings', NULL, 'manage', 'settings:manage', 'Manage Settings', 802, true), -- billing (900-series) ('billing', NULL, 'manage', 'billing:manage', 'Manage Billing', 901, true), -- subscriptions (1000-series) ('subscriptions', NULL, 'view', 'subscriptions:view', 'View Subscriptions', 1001, true), ('subscriptions', NULL, 'create', 'subscriptions:create', 'Create Subscriptions', 1002, true), ('subscriptions', NULL, 'cancel', 'subscriptions:cancel', 'Cancel Subscriptions', 1003, true) """ ) def downgrade() -> None: op.drop_table('roles_permissions') op.drop_index('ix_permissions_slug', table_name='permissions') op.drop_index(op.f('ix_permissions_id'), table_name='permissions') op.drop_table('permissions')