import { sequelize } from "../src/models"; import { Permission } from "../src/models/Permission"; import { Role } from "../src/models/Role"; export async function seedRBAC() { const transaction = await sequelize.transaction(); try { /** * PERMISSIONS */ const permissionsList = [ "VIEW_APPLICANTS", "CREATE_APPLICANT", "EDIT_APPLICANT", "DELETE_APPLICANT", "EXPORT_APPLICANTS", "VIEW_USERS", "CREATE_USER", "EDIT_USER", "DELETE_USER", "VIEW_ROLES", "MANAGE_ROLES", "SYSTEM_SETTINGS" ]; const permissions: any = {}; for (const perm of permissionsList) { const [permission] = await Permission.findOrCreate({ where: { name: perm }, defaults: { name: perm }, transaction }); permissions[perm] = permission; } /** * ROLES */ const rolesData = [ { name: "SUPER_ADMIN", description: "دسترسی کامل به کل سیستم" }, { name: "ADMIN", description: "مدیریت کاربران و رزومه‌ها" }, { name: "HR", description: "کارشناس منابع انسانی" }, { name: "VIEWER", description: "فقط مشاهده رزومه‌ها" } ]; const roles: any = {}; for (const roleData of rolesData) { const [role] = await Role.findOrCreate({ where: { name: roleData.name }, defaults: roleData, transaction }); roles[roleData.name] = role; } /** * ROLE PERMISSIONS */ await roles.SUPER_ADMIN.setPermissions(Object.values(permissions), { transaction }); await roles.ADMIN.setPermissions( [ permissions.VIEW_APPLICANTS, permissions.CREATE_APPLICANT, permissions.EDIT_APPLICANT, permissions.DELETE_APPLICANT, permissions.EXPORT_APPLICANTS, permissions.VIEW_USERS, permissions.CREATE_USER, permissions.EDIT_USER, permissions.VIEW_ROLES ], { transaction } ); await roles.HR.setPermissions( [ permissions.VIEW_APPLICANTS, permissions.CREATE_APPLICANT, permissions.EDIT_APPLICANT, permissions.EXPORT_APPLICANTS ], { transaction } ); await roles.VIEWER.setPermissions( [ permissions.VIEW_APPLICANTS ], { transaction } ); await transaction.commit(); console.log("✅ RBAC seed completed"); } catch (error) { await transaction.rollback(); console.error("❌ RBAC seed failed:", error); throw error; } }