backend/old-setup-scripts/setup-user-roles.sql

-- Create roles table
CREATE TABLE IF NOT EXISTS roles (
  id VARCHAR(50) PRIMARY KEY,
  name VARCHAR(100) NOT NULL UNIQUE,
  description TEXT,
  permissions JSONB DEFAULT '{}',
  createdat TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

-- Insert default roles
INSERT INTO roles (id, name, description, permissions) VALUES
  ('role-admin', 'Admin', 'Full system access and management', '{"manage_users": true, "manage_products": true, "manage_orders": true, "manage_content": true, "view_reports": true, "manage_settings": true}'),
  ('role-accountant', 'Accountant', 'Financial and reporting access', '{"view_orders": true, "view_reports": true, "manage_products": false, "manage_users": false}'),
  ('role-sales', 'Sales', 'Product and order management', '{"manage_products": true, "manage_orders": true, "view_reports": true, "manage_users": false}'),
  ('role-cashier', 'Cashier', 'Basic order processing', '{"process_orders": true, "view_products": true, "manage_products": false, "manage_users": false}')
ON CONFLICT (id) DO NOTHING;

-- Update adminusers table to add role and password expiry fields
ALTER TABLE adminusers 
ADD COLUMN IF NOT EXISTS role_id VARCHAR(50) DEFAULT 'role-admin',
ADD COLUMN IF NOT EXISTS password_expires_at TIMESTAMP,
ADD COLUMN IF NOT EXISTS password_never_expires BOOLEAN DEFAULT false,
ADD COLUMN IF NOT EXISTS last_password_change TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
ADD COLUMN IF NOT EXISTS isactive BOOLEAN DEFAULT true,
ADD COLUMN IF NOT EXISTS last_login TIMESTAMP,
ADD COLUMN IF NOT EXISTS created_by VARCHAR(255),
ADD COLUMN IF NOT EXISTS updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP;

-- Add foreign key constraint
ALTER TABLE adminusers
ADD CONSTRAINT fk_role
FOREIGN KEY (role_id) REFERENCES roles(id)
ON DELETE SET NULL;

-- Update existing admin user
UPDATE adminusers 
SET role_id = 'role-admin', 
    password_never_expires = true,
    isactive = true
WHERE email = 'admin@example.com';

-- Create index for better performance
CREATE INDEX IF NOT EXISTS idx_adminusers_role ON adminusers(role_id);
CREATE INDEX IF NOT EXISTS idx_adminusers_email ON adminusers(email);

SELECT 'User roles setup complete' as status;
Fix admin route access and backend configuration - Added /admin redirect to login page in nginx config - Fixed backend server.js route ordering for proper admin handling - Updated authentication middleware and routes - Added user management routes - Configured PostgreSQL integration - Updated environment configuration 2025-12-13 22:34:11 -06:00			`-- Create roles table`
			`CREATE TABLE IF NOT EXISTS roles (`
			`id VARCHAR(50) PRIMARY KEY,`
			`name VARCHAR(100) NOT NULL UNIQUE,`
			`description TEXT,`
			`permissions JSONB DEFAULT '{}',`
			`createdat TIMESTAMP DEFAULT CURRENT_TIMESTAMP`
			`);`

			`-- Insert default roles`
			`INSERT INTO roles (id, name, description, permissions) VALUES`
			`('role-admin', 'Admin', 'Full system access and management', '{"manage_users": true, "manage_products": true, "manage_orders": true, "manage_content": true, "view_reports": true, "manage_settings": true}'),`
			`('role-accountant', 'Accountant', 'Financial and reporting access', '{"view_orders": true, "view_reports": true, "manage_products": false, "manage_users": false}'),`
			`('role-sales', 'Sales', 'Product and order management', '{"manage_products": true, "manage_orders": true, "view_reports": true, "manage_users": false}'),`
			`('role-cashier', 'Cashier', 'Basic order processing', '{"process_orders": true, "view_products": true, "manage_products": false, "manage_users": false}')`
			`ON CONFLICT (id) DO NOTHING;`

			`-- Update adminusers table to add role and password expiry fields`
			`ALTER TABLE adminusers`
			`ADD COLUMN IF NOT EXISTS role_id VARCHAR(50) DEFAULT 'role-admin',`
			`ADD COLUMN IF NOT EXISTS password_expires_at TIMESTAMP,`
			`ADD COLUMN IF NOT EXISTS password_never_expires BOOLEAN DEFAULT false,`
			`ADD COLUMN IF NOT EXISTS last_password_change TIMESTAMP DEFAULT CURRENT_TIMESTAMP,`
			`ADD COLUMN IF NOT EXISTS isactive BOOLEAN DEFAULT true,`
			`ADD COLUMN IF NOT EXISTS last_login TIMESTAMP,`
			`ADD COLUMN IF NOT EXISTS created_by VARCHAR(255),`
			`ADD COLUMN IF NOT EXISTS updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP;`

			`-- Add foreign key constraint`
			`ALTER TABLE adminusers`
			`ADD CONSTRAINT fk_role`
			`FOREIGN KEY (role_id) REFERENCES roles(id)`
			`ON DELETE SET NULL;`

			`-- Update existing admin user`
			`UPDATE adminusers`
			`SET role_id = 'role-admin',`
			`password_never_expires = true,`
			`isactive = true`
			`WHERE email = 'admin@example.com';`

			`-- Create index for better performance`
			`CREATE INDEX IF NOT EXISTS idx_adminusers_role ON adminusers(role_id);`
			`CREATE INDEX IF NOT EXISTS idx_adminusers_email ON adminusers(email);`

			`SELECT 'User roles setup complete' as status;`