-- =====================================================
-- 8. Seed CMS permissions for existing roles
-- =====================================================

-- Owner gets ALL CMS permissions
insert into public.role_permissions (role, permission) values
  ('owner', 'modules.read'),
  ('owner', 'modules.write'),
  ('owner', 'modules.delete'),
  ('owner', 'modules.insert'),
  ('owner', 'modules.lock'),
  ('owner', 'modules.import'),
  ('owner', 'modules.export'),
  ('owner', 'modules.print'),
  ('owner', 'modules.manage'),
  ('owner', 'members.read'),
  ('owner', 'members.write'),
  ('owner', 'courses.read'),
  ('owner', 'courses.write'),
  ('owner', 'bookings.read'),
  ('owner', 'bookings.write'),
  ('owner', 'finance.read'),
  ('owner', 'finance.write'),
  ('owner', 'finance.sepa'),
  ('owner', 'documents.generate'),
  ('owner', 'newsletter.send')
on conflict (role, permission) do nothing;

-- Member gets read + basic write permissions
insert into public.role_permissions (role, permission) values
  ('member', 'modules.read'),
  ('member', 'modules.write'),
  ('member', 'modules.insert'),
  ('member', 'modules.export'),
  ('member', 'modules.print'),
  ('member', 'members.read'),
  ('member', 'courses.read'),
  ('member', 'bookings.read'),
  ('member', 'finance.read')
on conflict (role, permission) do nothing;