-- ========================================================= -- 062_dashboard_role_permission_refactor.sql -- Refactor dashboard access menjadi: -- - Main Dashboard -- - Activity Dashboard -- - Contribution Dashboard -- -- Prinsip: -- - akses container dashboard dipisah dari akses widget/panel -- - activity dashboard hanya operasional, non-evaluatif -- - contribution dashboard memuat insight sensitif dan wajib granular -- - role tetap modular: backend harus cek permission, bukan nama role -- ========================================================= START TRANSACTION; -- --------------------------------------------------------- -- 1) Tambah role sistem baru untuk semua tenant aktif: -- admin_gudang -- --------------------------------------------------------- INSERT IGNORE INTO roles (tenant_id, name, code, is_system, created_at) SELECT t.id, 'Admin Gudang', 'admin_gudang', 1, NOW() FROM tenants t; -- --------------------------------------------------------- -- 2) Permission catalog -- Format code: module.resource.action -- --------------------------------------------------------- INSERT IGNORE INTO permissions (code, name, module, created_at) VALUES ('dashboard.activity.view', 'Lihat Activity Dashboard', 'dashboard', NOW()), ('dashboard.contribution.view', 'Lihat Contribution Dashboard', 'dashboard', NOW()), ('activity.spk.view', 'Lihat Ringkasan SPK', 'activity', NOW()), ('activity.invoice.view', 'Lihat Ringkasan Invoice dan Order', 'activity', NOW()), ('activity.production.view', 'Lihat Status Produksi', 'activity', NOW()), ('activity.error_log.view', 'Lihat Error Log Operasional', 'activity', NOW()), ('activity.top_product.view', 'Lihat Produk Terlaris', 'activity', NOW()), ('activity.inventory_movement.view', 'Lihat Pergerakan Inventory', 'activity', NOW()), ('contribution.staff_ranking.view.team', 'Lihat Ranking Staff Tim', 'contribution', NOW()), ('contribution.staff_ranking.view.all', 'Lihat Ranking Staff Semua Lokasi', 'contribution', NOW()), ('contribution.staff_revenue.view.team', 'Lihat Kontribusi Revenue Staff Tim', 'contribution', NOW()), ('contribution.staff_revenue.view.all', 'Lihat Kontribusi Revenue Staff Semua Lokasi', 'contribution', NOW()), ('contribution.department.view.team', 'Lihat Kontribusi Departemen Tim', 'contribution', NOW()), ('contribution.department.view.all', 'Lihat Kontribusi Departemen Semua Lokasi', 'contribution', NOW()), ('contribution.workload.view.team', 'Lihat Analisis Workload Tim', 'contribution', NOW()), ('contribution.workload.view.all', 'Lihat Analisis Workload Semua Lokasi', 'contribution', NOW()), ('contribution.performance.view.team', 'Lihat Performance dan Efficiency Tim', 'contribution', NOW()), ('contribution.performance.view.all', 'Lihat Performance dan Efficiency Semua Lokasi', 'contribution', NOW()), ('contribution.customer_satisfaction.view.team', 'Lihat Customer Satisfaction Staff Tim', 'contribution', NOW()), ('contribution.customer_satisfaction.view.all', 'Lihat Customer Satisfaction Staff Semua Lokasi', 'contribution', NOW()); -- --------------------------------------------------------- -- 3) Default role -> permission mapping -- Owner dan Admin dapat akses penuh melalui permission eksplisit. -- --------------------------------------------------------- INSERT IGNORE INTO role_permissions (role_id, permission_id) SELECT r.id, p.id FROM roles r JOIN permissions p ON p.code IN ( 'dashboard.activity.view', 'dashboard.contribution.view', 'activity.spk.view', 'activity.invoice.view', 'activity.production.view', 'activity.error_log.view', 'activity.top_product.view', 'activity.inventory_movement.view', 'contribution.staff_ranking.view.team', 'contribution.staff_ranking.view.all', 'contribution.staff_revenue.view.team', 'contribution.staff_revenue.view.all', 'contribution.department.view.team', 'contribution.department.view.all', 'contribution.workload.view.team', 'contribution.workload.view.all', 'contribution.performance.view.team', 'contribution.performance.view.all', 'contribution.customer_satisfaction.view.team', 'contribution.customer_satisfaction.view.all' ) WHERE r.code IN ('owner', 'admin'); -- Kepala toko boleh lihat contribution dashboard terbatas ke scope tim. INSERT IGNORE INTO role_permissions (role_id, permission_id) SELECT r.id, p.id FROM roles r JOIN permissions p ON p.code IN ( 'dashboard.activity.view', 'dashboard.contribution.view', 'activity.spk.view', 'activity.invoice.view', 'activity.production.view', 'activity.error_log.view', 'activity.top_product.view', 'activity.inventory_movement.view', 'contribution.staff_ranking.view.team', 'contribution.staff_revenue.view.team', 'contribution.department.view.team', 'contribution.workload.view.team', 'contribution.performance.view.team', 'contribution.customer_satisfaction.view.team' ) WHERE r.code = 'kepala_toko'; -- Kasir fokus ke ringkasan umum dan operasional kasir yang relevan. INSERT IGNORE INTO role_permissions (role_id, permission_id) SELECT r.id, p.id FROM roles r JOIN permissions p ON p.code IN ( 'dashboard.activity.view', 'activity.spk.view', 'activity.invoice.view', 'activity.top_product.view' ) WHERE r.code = 'kasir'; -- Karyawan hanya dapat overview umum dan status operasional yang dibutuhkan. INSERT IGNORE INTO role_permissions (role_id, permission_id) SELECT r.id, p.id FROM roles r JOIN permissions p ON p.code IN ( 'dashboard.activity.view', 'activity.spk.view', 'activity.production.view' ) WHERE r.code = 'karyawan'; -- Admin gudang fokus ke operasional gudang dan pergerakan inventory. INSERT IGNORE INTO role_permissions (role_id, permission_id) SELECT r.id, p.id FROM roles r JOIN permissions p ON p.code IN ( 'dashboard.activity.view', 'activity.spk.view', 'activity.production.view', 'activity.top_product.view', 'activity.inventory_movement.view' ) WHERE r.code = 'admin_gudang'; COMMIT;